Hulu
· Hulu Privacy Policy
GDPR grants EU and UK users substantially stronger data rights than US users, including the right to object to profiling and to request erasure; these rights are directly enforceable against Disney's EU/UK operations.
ADP
· ADP Privacy Statement
BCR approval is a regulatory authorization mechanism under GDPR Chapter V that requires ongoing supervisory authority oversight; this provision identifies the specific transfer mechanism ADP relies on for intra-group international data flows, which is operationally significant for client organizations evaluating the legality of their cross-border HR data transfers through ADP.
The clause operationalizes EU Data Act compliance mechanisms, establishing procedural requirements for data access, portability, and customer control rights that affect how Salesforce manages and provides access to customer-generated data within its systems.
This provision signals that EU/EEA Salesforce customers have expanded data rights that Salesforce has acknowledged, and that the underlying customer agreements may have been updated to reflect these obligations.
The provision creates transparency regarding data handling mechanisms across CoreWeave's service ecosystem. It establishes the procedural basis for understanding what personal information CoreWeave processes and through what operational channels.
This clause establishes RapidAPI's recognition of GDPR-mandated data subject rights as operational requirements for EEA users. The provision clarifies that these statutory rights apply to the processing of personal data within the RapidAPI service.
RunPod
· RunPod Privacy Policy
This clause operationalizes RunPod's compliance obligations under EU data protection law by explicitly recognizing the statutory rights that apply to residents of these jurisdictions and establishing RunPod's obligation to facilitate the exercise of those rights upon request.
This provision operationalizes regulatory compliance frameworks by creating structured pathways for users to contest content removal and account suspension decisions. The clause establishes that X recognizes jurisdiction-specific statutory rights and makes available internal and external dispute resolution channels alongside court access.
Fly.io
· Fly.io Privacy Policy
The clause operationalizes GDPR compliance by explicitly recognizing specific statutory rights that EEA-based users may exercise against the service provider regarding their personal data holdings and processing activities.
EU users interacting with CoreWeave's cloud platform need to know whether their data is processed lawfully and whether adequate safeguards exist for any transfers of their data outside the EU/EEA.
Lime
· Lime Privacy Policy
These GDPR-based rights give European users strong legal tools to control their data, including the ability to object to processing based on legitimate interest and to demand deletion of their information from Lime's systems.
Fiverr
· Fiverr Privacy Policy
The inclusion of GDPR rights acknowledgment establishes the legal framework applicable to EU/EEA user data and defines Fiverr's obligations under European data protection law. This provision signals compliance with mandatory regional regulations that impose specific requirements on data collection, processing, and user access rights.
This provision establishes GDPR data subject rights for EU/EEA, UK, and Swiss users and references the right to complain to supervisory authorities, which is a mandatory GDPR transparency requirement. The operational implementation of these rights, including response mechanisms and lawful basis documentation, is a primary compliance focus for GDPR-regulated operations.
This provision operationalizes Duolingo's compliance obligations under GDPR and related data protection regimes by explicitly acknowledging and authorizing the exercise of statutory rights by a defined user population, establishing the procedural basis for data subject requests and regulatory complaints.
GDPR provides strong legal protections for EU users, particularly relevant when a company processes sensitive health data, and these rights are enforceable through national data protection authorities with the power to impose significant fines.
This provision establishes the legal bases Pinecone relies on to process European users' personal data under GDPR and UK GDPR, and identifies the data subject rights available, including the right to object to processing based on legitimate interests.
EU and UK data protection law provides some of the strongest privacy rights globally, and the use of Standard Contractual Clauses for transfers to the US means those rights travel with your data, though the practical enforceability depends on the transfer mechanism's ongoing validity.
The provision operationalizes Calendly's compliance obligation to recognize statutory data protection rights in specified jurisdictions and establishes the procedural mechanism (email contact) through which users can initiate rights requests. This establishes the contractual framework for honoring legally-mandated data subject access requests.
The use of legitimate interests as a legal basis for some processing activities means Amplitude may process your data without your explicit consent, though you have the right to object to such processing.
These rights are legally enforceable under GDPR and UK GDPR, and Zendesk is bound to respond within statutory timeframes; failure to honor them can be reported to the Irish DPC (for EU) or the ICO (for UK).
The provision operationalizes GDPR/UK GDPR compliance by specifying the lawful bases under which data processing occurs and enumerating the data subject rights that Eventbrite must facilitate upon request. This framework structures how personal data handling is justified and what procedural mechanisms users can invoke.
The Data Privacy Framework certification provides the lawful basis for international data transfers from European and Swiss jurisdictions to U.S. operations. This framework establishes specific principles and oversight mechanisms that govern how personal data received from these regions must be processed, including requirements for transparency, individual rights, and accountability to the Department of Commerce.
EU, UK, and Swiss users' personal data is transferred to the United States under the DPF; if the DPF is ever invalidated by courts (as prior mechanisms were), alternative transfer protections would need to be evaluated.
This provision is the stated legal basis for Mixpanel's cross-border transfer of EU, UK, and Swiss personal data to the U.S.; if Mixpanel's certification lapses or the framework is invalidated, the lawfulness of these transfers could be affected.
This provision establishes the legal mechanism Substack relies on for transferring personal data from the EU, UK, and Switzerland to the US. DPF certification is subject to FTC enforcement, and the policy provides a tiered dispute resolution process for DPF-related complaints, including binding arbitration as a final recourse mechanism.
EU, UK, and Swiss users have a formal mechanism to raise privacy disputes through VeraSafe's dispute resolution process and ultimately through binding arbitration if PlanetScale and VeraSafe cannot resolve a complaint, providing a meaningful enforcement pathway not available in many commercial privacy policies.
This provision establishes PlanetScale's regulatory compliance framework for cross-border data transfers and specifies the enforcement mechanism that governs the company's obligations. It clarifies that FTC enforcement authority applies to the company's handling of personal data from these jurisdictions.
Asana
· Asana Privacy Statement
The legal mechanism used for international data transfers affects the protections your data receives when it moves to US servers. If the framework is challenged or invalidated, the basis for your data transfer could be affected.
This provision establishes the stated legal transfer mechanism for personal data flows from EU, UK, and Swiss data subjects to Anyscale's U.S. operations. Enterprise customers and their legal teams conducting transfer impact assessments should independently verify Anyscale's current DPF certification status through the official U.S. Department of Commerce DPF list.
The self-certification establishes the legal mechanism by which Anyscale processes and transfers personal data from EU, UK, and Swiss users to U.S. operations in compliance with EU and Swiss regulatory requirements. This framework provides the contractual and regulatory basis for lawful international data flows and subjects Anyscale to oversight by relevant data protection authorities.