The provision establishes user-initiated control mechanisms for personal data management and advertising preferences. These controls operate as self-service administrative functions that allow users to exercise data subject rights without requiring formal requests to Google support.
GitHub
· GitHub Privacy Statement
The policy confirms data subject rights for users in applicable jurisdictions including GDPR rights for EU users and CCPA rights for California residents, with GitHub committing to respond in accordance with applicable law, though the specific timelines and scope of each right are not fully described in this provision.
Zoom
· Zoom Privacy Statement
This provision operationalizes legal obligations arising from privacy regulations in different jurisdictions (such as GDPR, CCPA, and similar frameworks) by recognizing that users may initiate requests for control over their personal data. The jurisdiction-dependent framing establishes that Zoom's obligations vary based on applicable law rather than being uniformly granted.
Hinge
· Hinge Privacy Policy
The provision operationalizes data subject rights that vary by jurisdiction, establishing Hinge's obligation to implement mechanisms through which users can exercise control over their personal data and compliance authority. These rights create procedural pathways for users to manage their data relationship with the service.
The clause creates operational mechanisms for data subject rights compliance, establishing that users retain control over their stored personal data and can retrieve it in portable format independent of Google's systems.
Steam
· Steam Privacy Policy
Exercising your right to access or delete your data gives you visibility into and some control over the personal information Valve holds and shares about you across the platform.
The availability and practical accessibility of these rights varies significantly by region, and the actual mechanisms for exercising them, such as submitting deletion requests or objecting to processing, require users to actively navigate Meta's settings.
The geographic conditionality of user rights means that your entitlements depend significantly on your jurisdiction. EU and UK users have strong GDPR-based rights, California users have CCPA and CPRA protections, but users in many other countries rely primarily on Apple's voluntary commitments rather than legally enforceable rights.
Chegg
· Chegg Privacy Policy
These rights are meaningful protections, but they are conditioned on the user's location, meaning their availability varies and users must proactively exercise them rather than being protected by default.
The policy discloses user data rights including access, rectification, portability, erasure, and objection to processing, which align with GDPR and CCPA statutory rights. Users can exercise these rights through the Meta Privacy Center.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision establishes the operational framework for data subject rights and specifies the tools and mechanisms through which users exercise those rights. It also delineates the scope of those rights by identifying circumstances where Microsoft may decline requests based on legal requirements or third-party privacy concerns.
The provision operationalizes GDPR and CCPA compliance by establishing the procedural mechanisms through which users can exercise statutory data rights and clarifies the responsible entity for data control purposes across different regulatory jurisdictions. This structure allocates legal responsibility for data handling obligations based on user location.
These rights give users meaningful control over their personal data, but the policy qualifies them as dependent on location and applicable law, meaning not all users have the same rights.
User rights provisions establish the procedural mechanisms through which individuals may access, correct, delete, or port their personal information; these mechanisms are operationally significant for enterprise customers managing employee and end-user data on CoreWeave's infrastructure.
This provision establishes the data retention and deletion procedures that govern how WhatsApp handles user information lifecycle management. The distinction between active deletion and backup retention periods defines the operational timeframe for information removal across WhatsApp's systems.
Steam
· Steam Privacy Policy
This provision operationalizes the principle of purpose limitation by creating a linkage between stated collection purposes and downstream data governance practices (retention, access, user rights). It establishes that the policy's subsequent sections on storage duration, access controls, and user remedies are all constrained by the documented purposes for collection.
Cursor
· Cursor Privacy Policy
The policy identifies a single contact email for all data subject rights requests and appeals, and states that exercising these rights will not result in discriminatory treatment, which is a requirement under CCPA and aligned with GDPR rights provisions.
Upwork
· Upwork Privacy Policy
These rights are legally enforceable in the EU, UK, and California, meaning Upwork is obligated to respond to valid requests within statutory timeframes and cannot simply ignore them.
Figma
· Figma Privacy Policy
The clause operationalizes statutory data subject rights under GDPR and related frameworks by explicitly confirming Figma's obligation to provide mechanisms through which eligible users can exercise these rights. This establishes the procedural framework for individual data requests and establishes Figma's acknowledgment of regional regulatory requirements.
Cursor
· Cursor Privacy Policy
The clause creates a defined operational procedure for processing user-initiated privacy requests and establishes verification requirements that condition processing on identity confirmation. It also provides a secondary appeal mechanism for denied requests.
Roblox
· Roblox Privacy Policy
The policy discloses a range of data subject rights applicable depending on user jurisdiction, including access, correction, deletion, portability, restriction, objection, and consent withdrawal; the scope of rights available to a given user depends on their jurisdiction, and the identity verification requirement is an operational step that affects how easily users can exercise these rights.
The scope of your privacy rights depends significantly on where you live, with EU and UK users having the strongest protections under GDPR and UK GDPR, followed by California residents under CCPA/CPRA.
The policy states that data subject rights are available on a jurisdiction-dependent basis, meaning not all users have the same rights and the policy does not enumerate which rights apply in which jurisdictions beyond broad references to applicable law.
Tinder
· Tinder Privacy Policy
The availability and scope of these rights depends on where you live, meaning users in some jurisdictions have significantly more control over their data than others, and knowing your rights is the first step to exercising them.
Reddit
· Reddit Privacy Policy
This clause operationalizes statutory requirements under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) by explicitly acknowledging the specific rights California residents may exercise. The provision establishes the framework through which users can invoke these legally-mandated protections regarding personal information handling.
EU users have legally enforceable rights under GDPR, and California users have rights under CCPA/CPRA, but the notice frames these as conditional on location and applicable law, which is accurate but requires users to proactively assert their rights.
These rights give EU and California users meaningful control over their personal data including voice recordings, but they only apply if users actively exercise them by contacting ElevenLabs.
These rights give you meaningful control over your personal data, but they are only available to users in specific jurisdictions and typically require you to actively submit a request to exercise them.
Noom
· Noom Privacy Policy
This provision operationalizes statutory GDPR rights by designating a specific contact mechanism and establishing procedures through which residents can exercise data access, correction, deletion, portability, consent withdrawal, and processing objection rights. The clause creates an institutional framework for responding to data subject requests.
BeReal
· BeReal Privacy Policy
These rights give users in covered jurisdictions meaningful control over their personal data, but they are only valuable if users know they exist and how to exercise them.