This clause establishes that the advertiser's documented instructions govern the scope of Google's processing activities. It places on the advertiser the obligation to provide clear, complete, and lawful instructions, and any processing outside those instructions would constitute a potential breach of the agreement.
Suno
· Suno Privacy Policy
Chat-based prompts may reveal personal preferences, creative intent, or sensitive information, and this data is not only used to generate music but is also linked to your broader user profile and may be used for AI training and personalization.
This provision authorizes cross-site and cross-app tracking by third-party advertising companies using persistent identifiers, which is subject to Digital Advertising Alliance and Network Advertising Initiative opt-out mechanisms as well as CPRA opt-out of sharing rights for California residents.
Pika
· Pika Privacy Policy
This process is your primary internal recourse if Pika rejects a privacy rights request, and knowing the 30-day deadline is critical because missing it may limit your options.
Windsurf
· Windsurf Security & Data Handling
The document states that code snippet logs for users without zero-data retention enabled may be accessible to internal communications platforms and analytics tools used by Windsurf staff, meaning data is not restricted to a single system but may be distributed across multiple internal environments.
The policy authorizes international data transfers and asserts that policy acceptance constitutes consent to such transfers; this approach may not satisfy GDPR requirements for lawful transfer mechanisms, which generally require Standard Contractual Clauses, adequacy decisions, or other specified safeguards rather than relying on broad consent through policy acceptance.
Runway
· Runway Privacy Policy
For EU and UK users, international data transfers to the United States require a lawful transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses. The policy's reliance on user acknowledgment through service use as a consent mechanism for transfers may not satisfy GDPR transfer requirements.
Users outside the US, particularly in the EU and UK, have stronger data protection rights under local law, and transferring data to the US without a specific legal mechanism may not satisfy those legal requirements.
For users in the EU, UK, and other jurisdictions with strong data protection laws, international transfers require specific legal safeguards; this provision acknowledges the transfer risk but does not specify which transfer mechanisms Supabase relies on.
Calm
· Calm Privacy Policy
For EU, UK, and Swiss users, the lawfulness of data transfers to the US depends on these mechanisms being properly implemented and maintained.
OpenAI
· OpenAI Data Processing Addendum
This provision establishes the legal mechanism for transferring EU/EEA, UK, and Swiss personal data to OpenAI in the United States, which is a mandatory requirement under GDPR Chapter V. Operators relying on this mechanism should verify the SCCs are properly incorporated and that the associated transfer impact assessment is adequate.
Writer
· Writer Privacy Policy
This provision discloses cross-border data transfers to the United States but does not specify which transfer mechanism (such as standard contractual clauses or the EU-U.S. Data Privacy Framework) applies, which may require evaluation under current GDPR transfer adequacy requirements.
EU and UK users' data is processed under US law once transferred, and the adequacy of Standard Contractual Clauses as a transfer mechanism is subject to ongoing regulatory and legal scrutiny.
This provision establishes the legal basis Zendesk asserts for international personal data transfers, engaging GDPR Chapter V requirements and equivalent national frameworks, and is material for EU, UK, and other regulated-jurisdiction customers assessing adequacy of transfer protections.
EU/EEA users' data transferred to the US must be protected by an adequate transfer mechanism under GDPR; relying on consent as the basis for international transfers may not fully satisfy GDPR requirements in practice.
This provision discloses that personal data may be transferred internationally without specifying the transfer mechanisms used to ensure adequate protection for EU or other regulated transfers. This language is relevant to GDPR Chapter V compliance and may require evaluation of whether Standard Contractual Clauses, adequacy decisions, or other safeguards are in place.
Data transferred internationally may be subject to different legal protections. The use of SCCs is a recognized GDPR transfer mechanism, but transfers to the US remain subject to ongoing legal scrutiny following the Schrems II ruling and evolving EU-US data privacy framework developments.
Your personal data may be processed in countries outside the UK with different levels of data protection, and the adequacy of the safeguards in place determines how well your data is protected internationally.
This provision addresses cross-border data transfers, which for EU and UK users require specific transfer mechanisms under GDPR and UK GDPR; the policy's reference to 'appropriate safeguards' without specifying the mechanism (such as standard contractual clauses or adequacy decisions) leaves the specific legal basis for transfers unspecified in the publicly available policy text.
International data transfers mean personal financial and identity data may be processed in countries with different privacy laws, and the adequacy of protection depends on the specific mechanisms used and whether they remain legally valid under current rulings.
For EU and UK users, data transferred to the US must be protected by appropriate legal mechanisms; while SCCs are an accepted GDPR transfer tool, their adequacy in practice depends on the specific supplementary measures implemented alongside them.
For EU and UK users, data transfers to the US require legally valid safeguards under GDPR, and the policy's reliance on consent as a transfer mechanism may not satisfy GDPR requirements in all circumstances.
International data transfers mean your personal information may be subject to legal frameworks offering different levels of protection than your home country, particularly relevant for EU users whose data is transferred to the US.
Miro
· Miro Privacy Policy
This provision establishes the legal mechanism for cross-border data transfers, which is a material compliance consideration for EU and UK enterprise customers following Schrems II and the EU-US Data Privacy Framework.
This provision acknowledges that cross-border data transfers may involve jurisdictions with lower data protection standards, a disclosure that directly implicates GDPR Chapter V transfer requirements and UK adequacy framework obligations. The policy does not specify in this section what transfer mechanisms (such as Standard Contractual Clauses) are used, though the EEA/UK section may address this.
The policy identifies Standard Contractual Clauses as the primary transfer mechanism for EEA personal data, which requires Datadog to conduct transfer impact assessments where required and to maintain compliant SCC documentation; APEC CBPR participation provides a separate framework for Asia-Pacific transfers.
Data transferred to the US is subject to US surveillance laws and may not receive the same legal protections as in the EU or UK, making the adequacy of transfer mechanisms a material compliance question for European organizations.
Gemini
· Gemini Privacy Policy
International data transfers from the EU and UK are subject to GDPR transfer restrictions, and Gemini's compliance with these requirements affects the legal basis for processing EU and UK user data.
Data transferred outside the EU or UK may be subject to different legal protections, and the adequacy of Standard Contractual Clauses as a transfer mechanism depends on whether supplementary measures are in place given the privacy laws of the recipient country.
If you are in the EU, UK, or Switzerland, your data is transferred to the U.S. under Standard Contractual Clauses, a mechanism whose adequacy has been subject to ongoing legal scrutiny, and you may have fewer legal protections in the destination country.