Fastly
· Fastly Privacy Policy
These rights give EU and UK residents significant control over their personal data and create corresponding legal obligations for Fastly to respond within statutory timeframes. They can be exercised against Fastly in its capacity as a data controller for website and marketing data.
Egnyte
· Egnyte Privacy Policy
These rights are legally enforceable in the EU/UK and Switzerland, and Egnyte is required to respond to requests and provide data portability in machine-readable formats within regulatory timeframes.
EEA and UK users have legally backed rights to control their personal data held by Luma, including the right to request deletion and to lodge a regulatory complaint if those rights are not respected.
Yelp
· Yelp Privacy Policy
European Residents have more extensive statutory data rights than most other users, including the right to object to processing for legitimate interests purposes and the right to data portability, which are directly enforceable against Yelp Ireland Ltd.
EA
· EA Privacy and Cookie Policy
The certification establishes the legal basis for EA to process and transfer EU residents' personal data to U.S. servers and systems. This framework provision determines the regulatory compliance structure under which EA operates data transfers and defines the procedural requirements for data handling across jurisdictions.
Steam
· Steam Privacy Policy
EU, UK, and Swiss users' data transferred to the U.S. is covered by the DPF certification, and the Principles supersede this policy in cases of conflict, providing a meaningful legal backstop for cross-border data transfers.
For EU, UK, and Swiss users, DPF certification means Substack is committed to a set of data protection principles that govern how their data is handled in the US, and they have access to a structured dispute resolution process independent of Substack if those principles are violated.
SoFi
· SoFi Privacy Notice
Reliance on the EU-US Data Privacy Framework as a transfer mechanism requires SoFi to maintain active certification, comply with framework principles including data minimization and onward transfer obligations, and provide EU residents with access to a dispute resolution mechanism.
The clause establishes uniform privacy rights administration across the user base rather than limiting rights applicability to specific states. This operational approach simplifies compliance by applying state-law protections uniformly rather than implementing state-by-state variations.
A single feedback action such as clicking thumbs up or down on any message triggers retention and storage of the full conversation, which may include personal data shared throughout the session beyond the specific message rated.
Calm
· Calm Privacy Policy
This clause establishes the operational framework for Calm's incentive-based data collection practices, specifying that personal information gathered through such programs is valued in proportion to the offered compensation. The provision also creates explicit opt-in and opt-out mechanisms, defining how users can control participation in these programs.
Zoom
· Zoom Privacy Statement
This provision establishes the range of data subject rights Zoom recognizes under applicable law and the mechanism by which users can exercise them. For enterprise customers, understanding which rights apply to employee or customer data processed through Zoom is relevant to their own data subject access request workflows.
Noom
· Noom Privacy Policy
GDPR provides some of the strongest personal data protections globally; EU and UK users of Noom can exercise these rights to control how their sensitive health data is processed.
The policy explicitly enumerates GDPR and UK GDPR data subject rights and provides a mechanism for exercising them through account settings, giving EEA and UK users enforceable controls over their personal data.
These rights are enforceable under GDPR and UK GDPR and provide EU, UK, and Swiss users with meaningful legal recourse if Dropbox does not respond adequately to data requests, including the ability to escalate to a national regulator.
This provision describes the procedural mechanism through which EU/EEA users may exercise statutory data rights. Organizations deploying Tabnine for EU-based employees should confirm that Tabnine's response processes meet GDPR's one-month response requirement.
The clause operationalizes GDPR compliance as an integrated component of Anyscale's data handling framework for affected jurisdictions, establishing that EU/UK users have access to statutory data subject rights alongside the company's stated privacy practices.
This provision establishes the procedural mechanism through which EU, UK, and Swiss users may exercise their statutory data rights under GDPR and equivalent frameworks. The enforceability and response timelines for these rights are governed by applicable law rather than solely by the policy terms.
Okta
· Okta Privacy Policy
These rights give EU, UK, and Swiss residents meaningful control over their personal data held by Okta in its capacity as controller, including the ability to request deletion of marketing profiles or opt out of data processing based on legitimate interests.
These are enforceable legal rights under GDPR, not just policy commitments, meaning you can compel Vercel to comply with these requests and escalate to your national data protection authority if they do not.
Roblox
· Roblox Privacy and Cookie Policy
The provision creates a procedural framework for regulatory compliance in jurisdictions requiring organizations to designate representatives for data subject inquiries and supervisory authority communications. Designating these contacts fulfills mandatory GDPR requirements and establishes the formal channels through which regulatory and individual data protection requests must be routed.
Canva
· Canva Privacy Policy
This clause operationalizes statutory obligations under GDPR and equivalent data protection frameworks by identifying the rights holders are entitled to invoke and establishing the procedural mechanism (email contact) through which Canva processes such requests. The provision ensures the terms acknowledge and facilitate compliance with regional data protection law requirements.
The provision establishes Datadog's recognition of statutory data subject rights applicable to EU and UK residents under GDPR and UK GDPR frameworks. This acknowledgment creates operational obligations for Datadog to implement mechanisms enabling individuals to exercise these enumerated rights.
GDPR provides the strongest set of consumer data rights of any applicable framework in this policy. EU and UK users have enforceable rights including the right to erasure and data portability, backed by regulatory authority.
EU and UK users have enforceable rights under GDPR and UK GDPR including data access, erasure, portability, and the right to object to processing, and the policy provides a contact mechanism and acknowledges the right to complain to a supervisory authority.
This clause establishes Midjourney's obligation to recognize and facilitate statutory data subject rights mandated by EU and UK data protection regulations. The provision operationalizes compliance with GDPR requirements that apply to the controller's processing activities.
These are legally enforceable rights under GDPR and equivalent laws, and knowing how to exercise them is important for users who want to control their personal data held by Ideogram.
Workday
· Workday Privacy Statement
This declaration may signal that Workday applies a higher baseline of privacy protections to all users rather than limiting enhanced rights only to EU or California residents, though the practical implementation of this commitment depends on the specific terms detailed in the full document.
The provision establishes that Instacart's privacy policy incorporates a framework of consumer choice mechanisms and opt-out procedures. This structure creates an operational requirement for the entity to provide consumers with access to choice and opt-out mechanisms as a component of its privacy governance.
Zelle
· Zelle Privacy Policy
The clause establishes Zelle's procedural framework for honoring user opt-out choices regarding certain online tracking practices. By accepting GPC signals and maintaining a Cookie Preference Center, Zelle creates operational pathways for users to exercise opt-out rights where state law defines certain tracking as 'sharing' requiring consumer consent or opt-out mechanisms.