This provision operationalizes Mixpanel's compliance obligations under GDPR and UK data protection law by explicitly recognizing and establishing a procedural mechanism (designated contact email) through which affected users can assert statutory data subject rights. The enumeration of specific rights and contact method establishes the framework through which Mixpanel processes and responds to rights requests from its EEA and UK user base.
Twilio
· Twilio Privacy Notice
This provision operationalizes Twilio's compliance obligations under EU and UK data protection regulations by explicitly recognizing and enumerating the statutory rights that apply to users in those jurisdictions, thereby establishing the framework under which data subject requests must be processed.
The designation of local representatives in the UK and EU is a GDPR requirement for non-EU controllers processing personal data of EU and UK residents. This structure enables compliance with Articles 27 and 28 of the GDPR by establishing points of contact for supervisory authorities and individuals to exercise data rights without requiring direct engagement with Glassdoor's primary operating entity.
Twilio
· Twilio Privacy Notice
The notice asserts legitimate interests as one lawful basis for processing, which is subject to data subject objection rights under GDPR; EU and UK residents can formally object to certain types of processing, including marketing, at any time.
The provision operationalizes GDPR compliance by explicitly stating the legal bases for data collection and processing activities. This framing establishes which regulatory framework applies to each category of data processing and clarifies the procedural grounds under which Uniswap conducts personal data handling.
Figma
· Figma Privacy Policy
EU, UK, and Swiss users have meaningful legal rights over their personal data under GDPR, including the ability to request deletion or a copy of their data, and Figma is required to respond to such requests within regulatory timeframes.
Runway
· Runway Privacy Policy
The provision establishes the institutional framework for Runway's data processing authority under EEA and UK law by declaring controller status and transparency obligations. It identifies the specific legal grounds Runway asserts justify its collection, use, and disclosure of personal data without separate user consent requirements.
Medium
· Medium Privacy Policy
This provision establishes the claimed legal bases for EEA data processing, but the absence of a processing activity-level mapping to specific legal bases may present a compliance gap relative to GDPR accountability and transparency requirements enforced by EU supervisory authorities.
This provision establishes that EU/EEA visitors to twilio.com are covered by GDPR protections, and that Twilio asserts multiple legal bases for processing, including legitimate interests, which under GDPR requires a documented balancing test for each processing activity so claimed.
The provision operationalizes GDPR Article 6 transparency requirements by identifying the lawful bases under which the entity processes personal data. This disclosure framework establishes the institutional foundation for data processing activities across multiple operational categories.
Runway
· Runway Privacy Policy
Legitimate interests is one of the broadest GDPR legal bases and is used here to cover analytics, service improvement, security, and fraud prevention. EU and UK users have the right to object to processing carried out under legitimate interests, which could limit how Runway processes their data.
OpenAI
· OpenAI Privacy Policy
The provision creates an operational framework for OpenAI to comply with GDPR obligations applicable to EU residents. This establishes formal procedures and institutional responsibilities for data subject access requests and related regulatory requirements.
The designation of jurisdiction-specific representatives establishes the procedural framework for data subject requests and regulatory compliance under GDPR. These representatives provide a mechanism for individuals to exercise data protection rights and for regulators to conduct oversight in their respective territories.
The clause creates a dual framework: it recognizes statutory data protection rights in specified jurisdictions while simultaneously authorizing cross-border data transfers under an EU-approved contractual standard, establishing the operational conditions under which personal data flows outside protected regions.
Waze
· Waze Privacy Policy
This clause operationalizes Waze's obligation to recognize and facilitate statutory data subject rights under GDPR and UK data protection frameworks. The provision establishes the procedural foundation for users to exercise legally mandated individual rights regarding their personal data processing.
This provision establishes the GDPR rights framework applicable to EEA and UK users, including the right to object to processing based on legitimate interests, which is operationally relevant given Coursera's reliance on legitimate interests as a lawful basis for certain data uses. The right to lodge supervisory authority complaints is a direct regulatory escalation path that compliance teams should account for.
This provision operationalizes GDPR data subject rights by establishing the procedural mechanisms through which users exercise access, rectification, erasure, and portability rights. It specifies both self-service channels (account settings) and formal request procedures that establish Dropbox's operational obligations regarding personal data management.
This provision establishes that Audible recognizes GDPR and UK GDPR rights for EEA and UK users, which creates operational obligations to respond to data subject requests within statutory timeframes and to maintain records of processing activities. The legal basis for each processing purpose, including advertising and affiliate sharing, must be independently established under GDPR.
Writer
· Writer Privacy Policy
The clause confirms the applicability of statutory data protection rights in these jurisdictions and establishes Writer's obligation to honor GDPR-mandated individual rights mechanisms, which function as operational requirements for data processing activities.
These rights are enforceable under GDPR and UK GDPR, and Smartsheet's acknowledgment of them means EEA and UK users have formal legal mechanisms to challenge or limit data processing, including the right to file complaints with national regulators.
The provision establishes Shopify's recognition of data subject rights across jurisdictions and creates a procedural framework through which users in regulated territories can exercise statutory privacy controls and administrative remedies.
Square
· Square Privacy Notice
GDPR provides some of the strongest personal data protections in the world, and EU and UK users have enforceable rights against Square that go beyond what is available to users in most other jurisdictions.
Replit
· Replit Privacy Policy
This provision discloses GDPR and UK GDPR rights for EEA and UK users, which are legally enforceable; the practical availability of these rights depends on whether Replit has established adequate data transfer mechanisms and appointed a representative in the EU or UK as required by GDPR for non-EU controllers.
This clause operationalizes statutory data protection rights under GDPR and equivalent regulations by explicitly confirming Midjourney's obligation to honor these requests and establishing the procedural channels through which users may exercise these rights.
Visa
· Visa Privacy Notice
These rights are legally enforceable under GDPR and EU national implementing laws, meaning Visa must respond to valid requests within defined timeframes and cannot simply decline without a lawful basis.
This provision operationalizes Peloton's compliance obligations under GDPR and comparable regional data protection regimes by explicitly acknowledging the statutory rights holders may exercise. The clause establishes the framework through which users can exercise affirmative controls over their personal data processing.
These rights are legally binding on Activision for EU and UK users and provide meaningful tools to challenge, limit, or delete the personal data Activision holds, including data used for advertising profiling.
These rights, enforceable under GDPR, give EU and UK users meaningful control over their personal data held by WhatsApp, including the ability to object to data processing for purposes beyond core service delivery.
Airbnb
· Airbnb Privacy Policy
GDPR rights are among the strongest personal data protections globally, and EU and UK Airbnb users can exercise these rights against Airbnb Ireland UC or Airbnb UK Limited as the designated data controllers, with regulatory escalation available to national data protection authorities.
StockX
· StockX Privacy Policy
GDPR rights are among the strongest data protection entitlements in the world and EU/UK users who exercise them can obtain meaningful visibility into and control over their personal data held by StockX.