Midjourney
· Midjourney Data Retention & Privacy FAQ
The policy explicitly grants EU and UK users a defined set of GDPR data subject rights, including the right to erasure and the right to object to processing, which are enforceable under GDPR against Midjourney as a data controller.
Brex
· Brex Privacy Policy
This provision establishes Brex's GDPR and UK GDPR compliance framework for EU and UK users, requiring the company to maintain lawful bases for all processing activities, respond to data subject requests within statutory timeframes, and support cross-border transfer mechanisms for data flows outside the EEA and UK.
Plaid
· Plaid Terms of Use
This provision establishes the legal framework and consumer rights applicable to EU and UK users whose financial data is processed by Plaid, including the lawful basis asserted for processing and the mechanisms through which data subject rights can be exercised.
Chegg
· Chegg Privacy Policy
The operational significance is that Chegg's data handling practices for EU and UK users are governed by mandatory regulatory requirements under GDPR and UK GDPR, which establish specific requirements for lawful processing, user consent, data access, and deletion rights independent of the company's standard terms.
GDPR provides some of the strongest data protection rights globally, and EU and UK Peloton users can exercise these rights to control health and fitness data collected through their equipment and app.
This provision establishes that Equifax processes personal data of EU and UK residents subject to GDPR and UK GDPR obligations, including the requirement to document and disclose lawful bases for each processing activity and to respond to data subject rights requests within statutory timeframes.
GOAT
· GOAT Privacy Policy
These rights provide EU and UK users with substantially more control over their personal data than users in most other jurisdictions, including the ability to compel deletion or restriction of processing in specific circumstances.
The provision operationalizes regulatory obligations under GDPR and CCPA by establishing a documented mechanism for rights exercise and identifying the specific jurisdictional triggers and available remedies. This creates a procedural pathway for data subject rights management across different regulatory frameworks.
OpenAI
· OpenAI API Data Usage Policies
This provision establishes the contractual mechanism for GDPR Article 28 processor compliance and cross-border data transfer requirements for EU/EEA customers, and is the operative instrument for organizations with EU data protection obligations using OpenAI services.
Naming specific GDPR representatives means EU and UK users have clear entities to contact with data rights requests, complaints, or regulatory concerns, which is a meaningful compliance commitment.
Adobe
· Adobe Terms of Use
The GDPR Data Processing Agreement creates binding obligations for Adobe as a data controller or processor, establishing lawful bases for data processing, data subject rights procedures, and cross-border transfer mechanisms. This framework determines the legal structure under which Adobe handles personal data and the conditions users can invoke for data access, correction, deletion, or portability.
Ledger
· Ledger Privacy Policy
This provision operationalizes Ledger's compliance obligations under GDPR by explicitly acknowledging specific data subject rights and establishing a mechanism through which users may exercise those rights by contacting the organization. The clause creates a procedural pathway for rights assertion rather than requiring automatic implementation.
This provision establishes Hugging Face's operational compliance framework for GDPR-regulated data processing. It creates enforceable procedures and response obligations when individuals exercise statutory rights, thereby structuring the organization's data governance obligations across GDPR-jurisdictional contexts.
This provision operationalizes ClickUp's compliance obligations under GDPR and related data protection regimes by establishing a formal mechanism for users to exercise statutory rights and defining the company's response procedures. The clause establishes the administrative process through which data subject rights claims are processed and establishes response timelines tied to regulatory requirements.
Cohere
· Cohere Privacy Policy
This clause operationalizes GDPR and related regulatory requirements by specifying the individual data subject rights that Cohere recognizes and the mechanisms through which users may exercise them. The provision establishes Cohere's procedural obligations to respond to formal requests from users in designated jurisdictions regarding their personal data.
Slack
· Slack Privacy Policy
The clause operationalizes compliance with statutory data subject rights frameworks by confirming Slack's recognition of these rights and establishing built-in mechanisms for users to manage their personal information without requiring separate external requests.
This clause implements statutory rights requirements under GDPR and equivalent regional data protection frameworks. The provision establishes Databricks' procedural mechanism for receiving and processing data subject rights requests from individuals in these jurisdictions.
Notion
· Notion Privacy Policy
The clause operationalizes Notion's compliance obligations under GDPR and related regional data protection frameworks by explicitly recognizing and documenting the statutory rights available to users in those jurisdictions, establishing a baseline of user control over personal data processing.
OpenAI
· OpenAI EU Terms of Use
GDPR data subject rights are legally mandated protections that exist independently of what the contract states; the document's disclosure of these rights and the mechanism for exercising them is operationally significant for users who wish to manage their personal data.
GDPR gives EU users meaningful control over their personal data, including the right to have it deleted entirely, which is a stronger protection than most US users receive by default.
This clause operationalizes Amplitude's compliance obligations under GDPR and equivalent regional frameworks by explicitly acknowledging and establishing mechanisms for data subject rights exercise. The provision creates a procedural pathway through which individuals can assert their statutory entitlements regarding personal information processing.
These rights are enforceable under GDPR and UK GDPR, and ElevenLabs is obligated to respond to valid requests within statutory timeframes; failure to honor these rights can be reported to national data protection authorities.
OpenAI
· OpenAI Privacy Policy
The clause operationalizes statutory obligations under GDPR and UK data protection law by explicitly enumerating the mechanisms through which EEA and UK users may exercise their rights against the controller, thereby establishing OpenAI's procedural framework for handling data subject requests.
Unity
· Unity Privacy Policy
These rights give EU and UK users meaningful legal tools to control their data held by Unity, including the ability to object to profiling for advertising purposes, which can stop Unity from building or using a behavioral ad profile on you.
Garmin
· Garmin Privacy Statement
GDPR rights are among the strongest data protection rights globally and are legally enforceable; identifying Garmin Ltd. in Switzerland as the data controller clarifies which entity is legally accountable for data collected outside the U.S.
Garmin
· Garmin Privacy Statement
This clause operationalizes statutory data subject rights under GDPR and UK data protection frameworks by explicitly acknowledging their applicability to Garmin users in those jurisdictions, establishing the legal basis for users to exercise these rights against the controller.
This provision operationalizes Mixpanel's compliance obligations under GDPR and UK data protection law by explicitly recognizing and establishing a procedural mechanism (designated contact email) through which affected users can assert statutory data subject rights. The enumeration of specific rights and contact method establishes the framework through which Mixpanel processes and responds to rights requests from its EEA and UK user base.
Twilio
· Twilio Privacy Notice
This provision operationalizes Twilio's compliance obligations under EU and UK data protection regulations by explicitly recognizing and enumerating the statutory rights that apply to users in those jurisdictions, thereby establishing the framework under which data subject requests must be processed.
The designation of local representatives in the UK and EU is a GDPR requirement for non-EU controllers processing personal data of EU and UK residents. This structure enables compliance with Articles 27 and 28 of the GDPR by establishing points of contact for supervisory authorities and individuals to exercise data rights without requiring direct engagement with Glassdoor's primary operating entity.
Twilio
· Twilio Privacy Notice
The notice asserts legitimate interests as one lawful basis for processing, which is subject to data subject objection rights under GDPR; EU and UK residents can formally object to certain types of processing, including marketing, at any time.