These are legally enforceable rights under GDPR that Consensys must honor within one month — knowing them means you can take direct action if you believe your data is being misused.
This provision confirms that EU users have GDPR rights, including the right to access, correct, delete, or object to processing of their personal data, though the policy does not enumerate these rights explicitly or provide a clear mechanism to exercise them beyond a contact email.
The right to delete your data is meaningful only if deletion is complete and prompt — the delay and safety-review exception create ambiguity about how long your data truly persists after you request deletion, which matters for legal rights under GDPR and CCPA.
RunPod
· RunPod Privacy Policy
The presence of region-specific consent scripts indicates that your cookie and tracking rights may differ depending on where you are located, with potentially stronger rights available to EU and California users.
GLBA protects your nonpublic personal financial information with specific opt-out rights for sharing with nonaffiliated third parties, but notably does not require opt-in consent — meaning some sharing happens by default unless you act.
GLBA notice rights are weaker than CCPA rights — they only allow you to opt out of certain non-affiliate sharing, not affiliate sharing — so most users have fewer protections than they may expect.
GLBA protections apply to all US customers of Robinhood's financial services entities, not just California residents, and establish a baseline for how your nonpublic personal financial information must be handled.
SoFi
· SoFi Privacy Notice
GLBA requires SoFi to give customers the right to opt out of sharing their nonpublic personal financial information with non-affiliated third parties for certain purposes, and joint marketing arrangements with other financial institutions must be disclosed in the GLBA notice.
Venmo
· Venmo Privacy Policy
The GLBA notice defines the scope of your federal opt-out rights regarding financial data sharing; it also discloses that several categories of sharing, including sharing for joint marketing and everyday business purposes, cannot be opted out of under federal law.
Stash
· Stash Privacy Policy
The GLBA Privacy Notice contains legally required disclosures about financial data sharing with nonaffiliated third parties and your right to opt out of certain sharing arrangements that are separate from and additional to the rights described in the main privacy policy.
Hulu
· Hulu Privacy Policy
The GPC signal requirement under California law means that technically savvy users can set a browser-level control that automatically opts them out of data sharing across all CPRA-covered businesses, including Hulu — this is a meaningful and underutilized consumer protection tool.
GPC recognition provides a technical mechanism for California residents to opt out of data sharing for advertising without navigating the privacy choices portal, but the policy limits this recognition to California residents only.
Target
· Target Privacy Policy
While GPC recognition is a legally required feature under California law, its limitation to a single browser or device means consumers must enable it on every device they use to fully opt out, which may not be intuitive and reduces its practical effectiveness.
This is a meaningful consumer protection that allows automatic opt-out without navigating privacy menus — but it applies only to the specific browser or device where GPC is enabled, not across all your Verizon services.
GPC is a privacy tool built into some browsers that automatically tells websites not to sell your data. NBCUniversal only honors it where legally required, meaning it may not be effective for users in states without specific GPC mandates.
Shein
· Shein Terms and Conditions
GPC signal honoring is required for businesses covered by the California Privacy Rights Act, and whether detection translates to operational suppression of data sharing is a material compliance question that this document does not resolve.
SoFi
· SoFi Privacy Notice
Recognition of the Global Privacy Control signal is a CCPA/CPRA compliance requirement in California, and this implementation means customers can opt out of behavioral advertising data sharing at the browser level without visiting a preference center.
The requirement to renew opt-out preferences after clearing cookies or switching devices introduces friction that may undermine the practical effectiveness of the GPC signal as an opt-out mechanism, which is a concern regulators have flagged in enforcement actions.
The policy identifies government-issued identification and signatures as potentially sensitive personal information and states that consent will be obtained where legally required, but does not specify in detail how consent is obtained or how long this data is retained.
Users must review two separate documents — this policy and Microsoft's master privacy statement — to understand their full privacy rights, which reduces transparency and may not satisfy GDPR's requirement for clear, accessible disclosure.
By deferring key data processing details to an external document, Minecraft makes it harder for users to understand the full scope of data collection without reading multiple lengthy legal documents across different websites.
This provision confirms that individuals whose professional data is held by D&B can formally exercise rights including access, correction, and deletion, which is particularly significant given D&B's data broker status and the scale of its database.
EA
· EA Privacy and Cookie Policy
EU, UK, and Swiss users' data is processed in the US under the DPF framework, which provides specific rights including access to a free dispute resolution mechanism and, as a last resort, binding arbitration.
Egnyte
· Egnyte Privacy Policy
The legal mechanism used for international data transfers affects whether your data is protected under EU standards when it is processed in the United States, and the DPF's long-term legal stability has been subject to ongoing political and legal scrutiny.
The adequacy of international transfer mechanisms is a live regulatory issue; if Zendesk's reliance on the Data Privacy Framework or SCCs is found insufficient, EU and UK users' data could be transferred in ways that regulators consider unlawful, though the DPF is currently an operative adequacy mechanism.
Most of WhatsApp's global user base has significantly fewer enforceable rights over their personal data than European users, creating a two-tier privacy system.
These rights are legally enforceable, and exercising them — especially the right to delete and opt out of data sharing — can meaningfully limit how broadly your financial and identity data is used.
These rights give qualifying users meaningful legal tools to control how their data is used, but exercising them typically requires submitting a formal request and verifying your identity.
Ledger
· Ledger Privacy Policy
The legal basis used for each processing activity determines what rights users can exercise and whether they can object to or stop that processing; reliance on legitimate interests rather than consent means some processing may occur without an active opt-in.
Legitimate interests is the most contested GDPR lawful basis because it requires a balancing test between monday.com's interests and your rights, which you can challenge by exercising your right to object under GDPR Article 21.