The provision operationalizes GDPR compliance by explicitly stating the legal bases for data collection and processing activities. This framing establishes which regulatory framework applies to each category of data processing and clarifies the procedural grounds under which Uniswap conducts personal data handling.
Figma
· Figma Privacy Policy
EU, UK, and Swiss users have meaningful legal rights over their personal data under GDPR, including the ability to request deletion or a copy of their data, and Figma is required to respond to such requests within regulatory timeframes.
Medium
· Medium Privacy Policy
This provision establishes the claimed legal bases for EEA data processing, but the absence of a processing activity-level mapping to specific legal bases may present a compliance gap relative to GDPR accountability and transparency requirements enforced by EU supervisory authorities.
This provision establishes that EU/EEA visitors to twilio.com are covered by GDPR protections, and that Twilio asserts multiple legal bases for processing, including legitimate interests, which under GDPR requires a documented balancing test for each processing activity so claimed.
The provision operationalizes GDPR Article 6 transparency requirements by identifying the lawful bases under which the entity processes personal data. This disclosure framework establishes the institutional foundation for data processing activities across multiple operational categories.
Runway
· Runway Privacy Policy
Legitimate interests is one of the broadest GDPR legal bases and is used here to cover analytics, service improvement, security, and fraud prevention. EU and UK users have the right to object to processing carried out under legitimate interests, which could limit how Runway processes their data.
OpenAI
· OpenAI Privacy Policy
The provision creates an operational framework for OpenAI to comply with GDPR obligations applicable to EU residents. This establishes formal procedures and institutional responsibilities for data subject access requests and related regulatory requirements.
The clause creates a dual framework: it recognizes statutory data protection rights in specified jurisdictions while simultaneously authorizing cross-border data transfers under an EU-approved contractual standard, establishing the operational conditions under which personal data flows outside protected regions.
Writer
· Writer Privacy Policy
The clause confirms the applicability of statutory data protection rights in these jurisdictions and establishes Writer's obligation to honor GDPR-mandated individual rights mechanisms, which function as operational requirements for data processing activities.
These rights are enforceable under GDPR and UK GDPR, and Smartsheet's acknowledgment of them means EEA and UK users have formal legal mechanisms to challenge or limit data processing, including the right to file complaints with national regulators.
Square
· Square Privacy Notice
GDPR provides some of the strongest personal data protections in the world, and EU and UK users have enforceable rights against Square that go beyond what is available to users in most other jurisdictions.
This provision establishes that Audible recognizes GDPR and UK GDPR rights for EEA and UK users, which creates operational obligations to respond to data subject requests within statutory timeframes and to maintain records of processing activities. The legal basis for each processing purpose, including advertising and affiliate sharing, must be independently established under GDPR.
The provision establishes Shopify's recognition of data subject rights across jurisdictions and creates a procedural framework through which users in regulated territories can exercise statutory privacy controls and administrative remedies.
This provision establishes the GDPR rights framework applicable to EEA and UK users, including the right to object to processing based on legitimate interests, which is operationally relevant given Coursera's reliance on legitimate interests as a lawful basis for certain data uses. The right to lodge supervisory authority complaints is a direct regulatory escalation path that compliance teams should account for.
Replit
· Replit Privacy Policy
This provision discloses GDPR and UK GDPR rights for EEA and UK users, which are legally enforceable; the practical availability of these rights depends on whether Replit has established adequate data transfer mechanisms and appointed a representative in the EU or UK as required by GDPR for non-EU controllers.
Waze
· Waze Privacy Policy
This clause operationalizes Waze's obligation to recognize and facilitate statutory data subject rights under GDPR and UK data protection frameworks. The provision establishes the procedural foundation for users to exercise legally mandated individual rights regarding their personal data processing.
This provision operationalizes GDPR data subject rights by establishing the procedural mechanisms through which users exercise access, rectification, erasure, and portability rights. It specifies both self-service channels (account settings) and formal request procedures that establish Dropbox's operational obligations regarding personal data management.
This clause operationalizes statutory data protection rights under GDPR and equivalent regulations by explicitly confirming Midjourney's obligation to honor these requests and establishing the procedural channels through which users may exercise these rights.
Visa
· Visa Privacy Notice
These rights are legally enforceable under GDPR and EU national implementing laws, meaning Visa must respond to valid requests within defined timeframes and cannot simply decline without a lawful basis.
StockX
· StockX Privacy Policy
GDPR rights are among the strongest data protection entitlements in the world and EU/UK users who exercise them can obtain meaningful visibility into and control over their personal data held by StockX.
This provision operationalizes Peloton's compliance obligations under GDPR and comparable regional data protection regimes by explicitly acknowledging the statutory rights holders may exercise. The clause establishes the framework through which users can exercise affirmative controls over their personal data processing.
Airbnb
· Airbnb Privacy Policy
GDPR rights are among the strongest personal data protections globally, and EU and UK Airbnb users can exercise these rights against Airbnb Ireland UC or Airbnb UK Limited as the designated data controllers, with regulatory escalation available to national data protection authorities.
These rights are legally binding on Activision for EU and UK users and provide meaningful tools to challenge, limit, or delete the personal data Activision holds, including data used for advertising profiling.
These rights, enforceable under GDPR, give EU and UK users meaningful control over their personal data held by WhatsApp, including the ability to object to data processing for purposes beyond core service delivery.
The clause establishes Uniswap's acknowledgment of GDPR-mandated rights as applicable to EU users. These rights create procedural mechanisms through which data subjects can exercise control over their personal data held by the entity.
Square
· Square Privacy Notice
This clause operationalizes Square's compliance with mandatory data protection obligations under EU and UK law by documenting the statutory rights available to a defined user population and the mechanisms through which those rights may be exercised.
Medium
· Medium Privacy Policy
These rights are legally enforceable under GDPR and give EU users meaningful control over their personal data held by Medium, including the ability to request full deletion of their account data.
EU users have enforceable rights under GDPR with regulatory backing from national data protection authorities, giving them stronger practical recourse than users in many other jurisdictions.
The clause operationally implements statutory data protection obligations applicable to those jurisdictions by confirming users' ability to invoke individual rights and establishing a contact mechanism for rights requests. This provision establishes the procedural framework through which Perplexity acknowledges and facilitates compliance with GDPR and equivalent regional requirements.
Yelp
· Yelp Privacy Policy
This provision operationalizes Yelp's compliance obligations under GDPR by establishing specific data subject rights that European residents may invoke. The clause establishes procedural pathways through which residents can exercise statutory rights regarding their personal data.