This provision establishes that conversation data and associated user information collected through Gemini may be shared with Google's affiliated entities and external service providers, with the full scope of sharing governed by the broader Google Privacy Policy rather than solely the Gemini-specific notice.
Your personal data flows to multiple third-party organisations including credit reference agencies, which can affect your credit profile at other institutions, and to counterparties in your transactions.
While the policy limits direct named data sharing with advertisers, it acknowledges that ad providers can identify users through technical mechanisms such as cookies when ads are viewed or clicked, which may in practice enable advertiser-level identification even without formal data transfer.
The provision establishes the operational scope of data sharing for advertising purposes, specifying both the categories of recipients (advertising networks, social media platforms, advertising technology providers) and the types of data subject to sharing (identifiers, device information, interaction data). This defines how user information flows beyond Riot Games' direct control.
Uber
· Uber Privacy Notice
The breadth of third-party sharing, which includes analytics and advertising partners in addition to operationally necessary recipients like insurers, means driver data may be used for purposes beyond direct service delivery, with implications for GDPR purpose limitation and CCPA data sale or sharing opt-out rights.
The policy authorizes data flows to and from multiple categories of third parties, including advertising partners who may share audience data with Spotify to enable targeted advertising; the scope of these flows determines what data about you is available to external parties and for what purposes.
The policy authorizes sharing personal information including identifiers, usage data, and potentially AI trace data with advertising and analytics partners, which may implicate opt-out rights under CCPA and lawful basis requirements under GDPR.
This provision defines the operational boundaries for data sharing and establishes that Google uses service providers and affiliated entities to process personal information under contractual obligations. The clause conditions external sharing on specific authorization mechanisms rather than permitting unrestricted sharing.
Groq
· Groq Privacy Policy
This clause establishes the scope of third-party data recipients within Groq's operational framework. It defines categories of entities with authorized access to user information as part of standard service delivery, vendor relationships, and potential corporate restructuring events.
This clause establishes the operational mechanism by which Amazon facilitates third-party seller fulfillment by disclosing customer identifying and transactional information. The provision clarifies that data sharing with sellers is a standard practice integrated into the marketplace transaction process.
The clause establishes the operational framework for data distribution across Shopify's service infrastructure. Identifying these categories of recipients clarifies the scope of permitted data transfers necessary to execute payment processing, order fulfillment, platform security, and analytics functions.
Target
· Target Privacy Policy
This clause establishes the operational scope of data sharing within Target's service delivery ecosystem. It creates a contractual framework governing how third-party vendors access and use personal information in the course of providing specified business functions.
The use of third-party analytics and service providers means user data travels beyond Khan Academy's own systems, and the strength of protection depends on the contractual terms and technical controls in place with each subprocessor.
23andMe
· 23andMe Privacy Statement
This provision establishes the operational framework for data distribution across the service delivery ecosystem. It creates contractual obligations binding third-party recipients to limited use restrictions, defining the scope of data access necessary for platform operations.
Your personal data, potentially including family history and account information, is shared with multiple third-party vendors and business partners. The scope of business partner sharing for marketing purposes is broader than operational service provider sharing.
Sharing personal data with advertising partners in particular expands the number of organizations that may have access to your information, which increases privacy risk and may involve cross-context behavioral advertising.
Data shared in connection with a business transaction such as a merger or acquisition may reach new parties under different privacy frameworks, and users typically have limited ability to prevent this type of transfer.
TikTok
· TikTok Privacy Policy
The explicit reference to Executive Order 14352 as a legal constraint on data sharing with TT Commerce and Global Services is operationally significant given ongoing US government national security scrutiny of TikTok's data flows to entities connected to ByteDance.
TikTok
· TikTok Privacy Policy
The clause establishes the operational basis for data sharing between TikTok and its commerce-related subsidiaries, conditioning such sharing on compliance with Executive Order 14352 requirements rather than on user consent or opt-in mechanisms.
Pinecone
· Pinecone Data Processing Addendum
This clause establishes that data subjects seeking to exercise rights such as access, deletion, or correction under GDPR or CCPA must work through the business customer, not directly with Pinecone. Business customers must therefore have operational processes in place to handle these requests within regulatory deadlines.
Egnyte
· Egnyte Privacy Policy
The provision operationalizes data subject protections by establishing the mechanism through which users can request Egnyte to perform specific data handling actions. The availability and scope of these rights are contingent upon the user's location, which determines which regulatory frameworks apply to the data processing.
Stripe
· Stripe Privacy Policy
The clause conditions data subject rights on jurisdictional applicability, meaning the availability and scope of these rights depends on the user's location and governing legal framework. The operational mechanism requires users to initiate rights requests through designated channels rather than rights being automatically applied.
The provision operationalizes Salesforce's compliance obligations under jurisdictional data protection frameworks by enumerating the mechanisms through which data subjects may exercise control over their personal data and establishing procedural pathways for rights assertion and dispute resolution.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision establishes operational mechanisms for users to exercise data subject rights under privacy frameworks. It obligates Microsoft to provide access, deletion, and portability tools or assistance, and to honor withdrawal of consent and objections to data processing.
This provision establishes the procedural mechanism through which data subjects can exercise GDPR, UK GDPR, CCPA/CPRA, and equivalent regional privacy rights against Zendesk as a controller, and specifies that rights requests relating to Service Data must be directed to the relevant Zendesk business customer.
The provision operationalizes jurisdiction-specific data protection requirements by establishing a procedural mechanism for users to request access to, modification of, or removal of their personal data held by the entity. This establishes the framework through which Vercel AI acknowledges and facilitates compliance with applicable data protection regulations.
This provision establishes the mechanisms through which individuals can exercise statutory data rights; the availability of specific rights depends on the user's jurisdiction, so not all rights listed apply to all users.
The provision establishes a procedural mechanism for users to exercise legal rights that vary by jurisdiction, requiring the entity to maintain a defined request process. The clause operationalizes compliance with data protection regulations that grant individuals control over their personal information through a specified contact pathway.
Microsoft
· Microsoft Privacy Statement (Legacy)
The clause operationalizes data subject rights by designating a specific mechanism through which individuals can manage personal data retention and use. This establishes Microsoft's procedural obligation to provide access and control functionality rather than requiring separate formal requests for each data governance action.
This provision establishes the operational mechanism by which users exercise data subject rights under applicable privacy regulations. It designates a specific platform interface (Your Account) as the primary channel for exercising these rights and acknowledges enhanced rights obligations for users in regulated jurisdictions.