Microsoft
· Microsoft Privacy Statement (Legacy)
The provision creates operational mechanisms through which data subjects may exercise statutory rights under data protection regulations. It designates account.microsoft.com/privacy as a primary control interface and establishes a contact procedure for rights requests not available through automated tools.
Workday
· Workday Privacy Statement
Knowing how to exercise your data rights with Workday, and whether your request should go to Workday directly or to your employer, is essential for anyone whose personal information is held within the Workday ecosystem.
ADP
· ADP Privacy Statement
This provision establishes that the procedural mechanism for exercising GDPR, CCPA, and other data subject rights is distributed across jurisdiction-specific supplements rather than centralized, which requires individuals to identify and access the correct regional notice before initiating a rights request.
Knowing how to exercise your data rights is practically important, especially if you have uploaded personal likeness or voice data, since deletion of avatar data may require a specific request.
The availability and enforceability of these rights varies significantly by jurisdiction, meaning not all users have the same level of protection or ability to control their data.
The provision creates operational pathways for data subject rights requests and preference management, establishing the procedures through which individuals can exercise control over their information processing and data collection mechanisms within the Epic Games ecosystem and connected third-party platforms.
Uber
· Uber Privacy Notice
This clause operationalizes statutory data protection obligations by establishing a procedural mechanism for rights exercise. The provision's scope and applicability depend on the user's location and the applicable legal framework governing personal data protection.
Okta
· Okta Privacy Policy
This clause creates a procedural framework for privacy request submission and establishes Okta's obligation to honor rights that vary by jurisdiction. The provision operationalizes compliance with data protection regulations by specifying available rights and the designated submission mechanism.
This clause addresses the GDPR Article 28(3)(e) requirement that processors assist controllers with data subject rights obligations; the 'insofar as this is possible' qualification may limit the scope of assistance available for AI-processed data where individual-level data retrieval or deletion is technically constrained.
OpenAI
· OpenAI Data Processing Addendum
This provision establishes that the operator, not OpenAI, is the primary party responsible for responding to data subject rights requests, and that OpenAI's assistance is conditional on what is technically and organizationally feasible. Operators must have their own workflows to handle requests that involve personal data processed through the API.
This clause establishes the mechanism by which advertisers can obtain Google's technical assistance when processing data subject rights requests such as access, erasure, restriction, or portability. The scope of assistance is qualified by what is technically possible given the processing involved, which may limit the practical assistance available for certain request types.
Roblox
· Roblox Privacy and Cookie Policy
This provision consolidates the data rights available to users under GDPR, CCPA, and other applicable laws into a single framework and provides the mechanism for exercising them.
Glean
· Glean Privacy Policy
This shapes whether individual employees can effectively exercise GDPR, UK GDPR, or CCPA rights in practice, since Glean inserts an intermediary that controls the response process.
These rights are legally enforceable under GDPR and CCPA, meaning AWS is required to respond to valid requests within defined timeframes, giving you meaningful control over your personal information if you choose to exercise these rights.
Fiverr
· Fiverr Privacy Policy
These rights give users in the EU, UK, and California meaningful control over their personal data held by Fiverr, including the ability to request deletion or opt out of data sharing for advertising.
The provision operationalizes Riot Games' obligation to recognize and facilitate statutory data subject rights across multiple regulatory regimes, establishing the framework through which users may exercise jurisdiction-specific protections regarding their personal data.
Cohere
· Cohere Privacy Policy
The clause operationalizes legal rights granted under GDPR, UK GDPR, and CCPA by establishing a procedural mechanism for data subjects to request exercise of those rights. The designation of a specific contact point creates an administrative structure for processing rights requests.
The clause operationalizes compliance with data subject rights under data protection regulations by creating a defined submission channel (privacy@synthesia.io) and establishing response timelines that align with standard regulatory requirements for handling such requests.
The clause operationalizes data subject rights required under data protection regulations by specifying the submission mechanism (privacy@checkout.com), response timeline, and conditions for fulfillment. It establishes procedural obligations for handling rights requests and permits identity verification as a verification control.
This provision establishes the mechanism and scope of data subject rights available under CCPA, CPRA, GDPR, and UK GDPR, and the operational availability of these rights depends on Whatnot's implementation of request intake, verification, and response workflows.
This provision establishes the mechanism and contact point for exercising data subject rights for the two largest regulated user populations. The notice's acknowledgment of these rights is a compliance disclosure; the practical effectiveness of these rights depends on AWS's operational response processes, which are not described in detail in the notice.
This provision establishes the data subject rights framework applicable to EU, UK, and California users, determining the procedural mechanisms and timelines through which users may exercise rights under GDPR, UK GDPR, and CCPA, and the obligations Smartsheet bears in responding to those requests.
This provision establishes the mechanism through which data subjects exercise statutory rights under GDPR, UK GDPR, and CCPA/CPRA; the policy routes all such requests through a single email contact, and compliance teams should verify that response processes meet applicable statutory timeframes.
The provision operationalizes Cash App's obligation to comply with state privacy laws that grant residents rights such as access, deletion, and opt-out capabilities. This section signals the existence of differentiated obligations based on jurisdictional residence rather than a uniform global privacy standard.
These rights are meaningful but are qualified by the phrase 'subject to local data protection laws,' meaning the rights you actually have depend on your jurisdiction. EU and California residents have the broadest statutory rights.
The clause operationalizes GDPR and equivalent regional regulatory requirements by explicitly recognizing data subject rights that create enforceable obligations on Zendesk to respond to individual requests and provide mechanisms for exercising these rights within regulatory timeframes.
This clause establishes Cloudflare's recognition of statutory data subject rights under GDPR and UK data protection frameworks. The provision operationalizes Cloudflare's obligation to facilitate exercise of these rights as required under European data protection regulations.
This provision operationalizes HubSpot's compliance obligations under GDPR by explicitly acknowledging enforceable individual rights and establishing a mechanism (contact process) through which data subjects may exercise those rights. The clause creates a procedural framework for handling data access, rectification, and deletion requests.
Cohere
· Cohere Privacy Policy
This provision establishes the mechanism for users to exercise their privacy rights and names the contact point for submitting data requests, which is the primary action channel for consumers wanting to manage their personal data held by Cohere.
These rights give you meaningful control over your personal data held by AI21, including the ability to request deletion or restrict use of your data for advertising purposes, but exercising them requires you to proactively contact AI21.