Workday
· Workday Privacy Statement
Enterprise customers and individuals whose data is held by Workday need to understand which third parties may receive their personal information, whether as sub-processors in the platform context or as marketing partners in the controller context.
Credit checks and identity verification create data footprints with credit reference agencies that could affect your credit file and ability to access financial products elsewhere. The full scope of data sharing is governed by a separate document, meaning consumers must review two documents to understand their data rights.
Uber
· Uber Privacy Notice
The breadth of third-party sharing, which includes analytics and advertising partners in addition to operationally necessary recipients like insurers, means driver data may be used for purposes beyond direct service delivery, with implications for GDPR purpose limitation and CCPA data sale or sharing opt-out rights.
Sharing personal data with advertising partners in particular expands the number of organizations that may have access to your information, which increases privacy risk and may involve cross-context behavioral advertising.
TikTok
· TikTok Privacy Policy
The explicit reference to Executive Order 14352 as a legal constraint on data sharing with TT Commerce and Global Services is operationally significant given ongoing US government national security scrutiny of TikTok's data flows to entities connected to ByteDance.
Pinecone
· Pinecone Data Processing Addendum
This clause establishes that data subjects seeking to exercise rights such as access, deletion, or correction under GDPR or CCPA must work through the business customer, not directly with Pinecone. Business customers must therefore have operational processes in place to handle these requests within regulatory deadlines.
This provision establishes the procedural mechanism through which data subjects can exercise GDPR, UK GDPR, CCPA/CPRA, and equivalent regional privacy rights against Zendesk as a controller, and specifies that rights requests relating to Service Data must be directed to the relevant Zendesk business customer.
Microsoft
· Microsoft Privacy Statement (Legacy)
The provision establishes operational mechanisms for users to exercise data subject rights under privacy frameworks. It obligates Microsoft to provide access, deletion, and portability tools or assistance, and to honor withdrawal of consent and objections to data processing.
Egnyte
· Egnyte Privacy Policy
The provision operationalizes data subject protections by establishing the mechanism through which users can request Egnyte to perform specific data handling actions. The availability and scope of these rights are contingent upon the user's location, which determines which regulatory frameworks apply to the data processing.
The provision operationalizes Salesforce's compliance obligations under jurisdictional data protection frameworks by enumerating the mechanisms through which data subjects may exercise control over their personal data and establishing procedural pathways for rights assertion and dispute resolution.
Stripe
· Stripe Privacy Policy
The clause conditions data subject rights on jurisdictional applicability, meaning the availability and scope of these rights depends on the user's location and governing legal framework. The operational mechanism requires users to initiate rights requests through designated channels rather than rights being automatically applied.
The provision operationalizes jurisdiction-specific data protection requirements by establishing a procedural mechanism for users to request access to, modification of, or removal of their personal data held by the entity. This establishes the framework through which Vercel AI acknowledges and facilitates compliance with applicable data protection regulations.
This provision establishes the mechanisms through which individuals can exercise statutory data rights; the availability of specific rights depends on the user's jurisdiction, so not all rights listed apply to all users.
Microsoft
· Microsoft Privacy Statement (Legacy)
The clause operationalizes data subject rights by designating a specific mechanism through which individuals can manage personal data retention and use. This establishes Microsoft's procedural obligation to provide access and control functionality rather than requiring separate formal requests for each data governance action.
The provision establishes a procedural mechanism for users to exercise legal rights that vary by jurisdiction, requiring the entity to maintain a defined request process. The clause operationalizes compliance with data protection regulations that grant individuals control over their personal information through a specified contact pathway.
The provision operationally links data retention to service functionality, establishing that certain data categories are designated as essential to service delivery. This framework conditions continued access to specific features on the provision or retention of identified information types.
The provision establishes mechanisms for users to exercise data subject rights under privacy regulations, allowing direct access to personal data holdings and the ability to request modifications to inaccurate information. This creates an operational framework for data access and correction requests that aligns with regulatory requirements.
This provision operationalizes data subject rights commonly required under privacy regulations such as GDPR and CCPA by establishing a mechanism through which users can submit requests and specifying that AWS will not apply adverse treatment in response to such requests.
The provision operationalizes compliance with data protection regulations that vary by jurisdiction, establishing a defined request mechanism and acknowledging specific data subject entitlements. This creates an institutional obligation for Databricks to process and respond to privacy rights requests according to applicable legal requirements.
Workday
· Workday Privacy Statement
This clause operationalizes Workday's legal obligations under various privacy regimes by specifying the mechanisms through which data subjects can exercise statutory privacy rights. The jurisdiction-dependent framing establishes that Workday's obligation to honor requests is conditioned on applicable legal requirements in the user's location.
This clause operationalizes jurisdictional data protection obligations by establishing a defined contact mechanism and acknowledging that rights availability depends on applicable law in the individual's location. The provision creates a procedural pathway for individuals to initiate data subject requests rather than establishing rights independent of jurisdiction.
The provision operationalizes data subject rights that arise under data protection regulations in specific jurisdictions, establishing the mechanism and contact point through which users can exercise these statutory rights against the entity.
The provision operationalizes statutory data subject rights under applicable privacy regulations by establishing a documented process for individuals to retrieve, correct, or delete their personal information. This creates an administrative mechanism through which Shopify processes and responds to data requests according to jurisdictional requirements.
Neon
· Neon Privacy Policy
The provision establishes a procedural mechanism for users to exercise data rights that may be mandated under applicable privacy laws in their jurisdiction. The authorization to submit requests creates an operational obligation for the entity to respond to and process such requests according to applicable legal requirements.
Twilio
· Twilio Privacy Notice
The provision operationalizes compliance with data protection regulations by establishing procedural mechanisms through which Twilio acknowledges and facilitates individual rights requests regarding personal data under its control as a data controller.
This provision operationalizes jurisdictional data protection requirements by establishing a request mechanism through which users can exercise legally-recognized data subject rights. The clause creates a procedural pathway for users to manage their personal data held by Stability AI.
Loom
· Loom Privacy Policy
This provision operationalizes regulatory requirements under data protection frameworks by establishing the company's obligation to process data subject access requests and honor deletion, correction, and portability requests within applicable legal timeframes and exemptions.
Medium
· Medium Privacy Policy
The provision establishes a procedural framework for exercising data subject rights and acknowledges regulatory obligations under EEA data protection law. The use of "reasonable steps" rather than absolute commitments establishes a standard of care for fulfilling access and deletion requests.
This provision operationalizes statutory data protection obligations under GDPR and UK data protection law by establishing a procedural mechanism for data subjects to exercise legally-mandated rights. The clause defines Wix's obligation to respond to and process individual requests regarding personal data held in its systems.
Uber
· Uber Privacy Notice
This provision establishes the operational mechanisms through which users may exercise data subject rights under applicable privacy regulations. It specifies the channels and processes Uber has designated for handling access, modification, deletion, and processing restriction requests.