This provision establishes the operational framework through which Duolingo acknowledges and implements statutory data subject rights mandated by GDPR and UK data protection law, creating documented procedures for users to exercise legal entitlements regarding their personal data.
Providing your email address to get a quote or manage your policy may also result in promotional emails unless you opt out, which is relevant if you want to limit unsolicited marketing contact.
Calm
· Calm Privacy Policy
Employees using an employer-sponsored Calm subscription should be aware that their employer may receive confirmation that they have enrolled, which could have workplace implications depending on context.
While end-to-end encryption protects your message privacy, it also means Revolut cannot assist you if you need to retrieve messages for a dispute or legal purpose, and your messages will be permanently lost if you reinstall the app or change devices.
Signal
· Signal Privacy Policy
This is the core privacy protection Signal offers: unlike most messaging services, even Signal itself cannot access your communications, significantly reducing the risk of your messages being read by third parties, including in response to legal requests.
Marketing claims about security and compliance do not carry the same legal weight as contractual commitments in a privacy policy or data processing agreement. Businesses and consumers should verify these claims against Writer's actual legal documents.
These rights are among the strongest data protection rights globally and are legally enforceable, meaning Squarespace is obligated to respond to valid requests within specific regulatory timeframes.
Auth0
· Auth0 Privacy Policy
Having a named DPO contact and a specific email address provides EU, UK, and Swiss residents with a clear channel to exercise meaningful data rights that are legally enforceable, including the right to object to processing and request erasure.
These are legally enforceable rights that ClickUp must respond to within statutory timeframes, giving EU and UK users significantly stronger protections than users in many other regions.
International data transfers of sensitive financial data are subject to ongoing regulatory scrutiny in the EU, and the adequacy and implementation of transfer mechanisms is a live compliance area following the Schrems II ruling.
Bumble
· Bumble Terms and Conditions
The clause operationalizes statutory protections under EU Digital Services Act requirements by explicitly recognizing and confirming user access to multiple dispute resolution pathways and regulatory complaint mechanisms. This establishes the institutional framework through which users may exercise rights granted under EU law.
Fastly
· Fastly Privacy Policy
These rights give EU and UK residents significant control over their personal data and create corresponding legal obligations for Fastly to respond within statutory timeframes. They can be exercised against Fastly in its capacity as a data controller for website and marketing data.
Egnyte
· Egnyte Privacy Policy
These rights are legally enforceable in the EU/UK and Switzerland, and Egnyte is required to respond to requests and provide data portability in machine-readable formats within regulatory timeframes.
EEA and UK users have legally backed rights to control their personal data held by Luma, including the right to request deletion and to lodge a regulatory complaint if those rights are not respected.
Yelp
· Yelp Privacy Policy
European Residents have more extensive statutory data rights than most other users, including the right to object to processing for legitimate interests purposes and the right to data portability, which are directly enforceable against Yelp Ireland Ltd.
Steam
· Steam Privacy Policy
EU, UK, and Swiss users' data transferred to the U.S. is covered by the DPF certification, and the Principles supersede this policy in cases of conflict, providing a meaningful legal backstop for cross-border data transfers.
EA
· EA Privacy and Cookie Policy
The certification establishes the legal basis for EA to process and transfer EU residents' personal data to U.S. servers and systems. This framework provision determines the regulatory compliance structure under which EA operates data transfers and defines the procedural requirements for data handling across jurisdictions.
For EU, UK, and Swiss users, DPF certification means Substack is committed to a set of data protection principles that govern how their data is handled in the US, and they have access to a structured dispute resolution process independent of Substack if those principles are violated.
SoFi
· SoFi Privacy Notice
Reliance on the EU-US Data Privacy Framework as a transfer mechanism requires SoFi to maintain active certification, comply with framework principles including data minimization and onward transfer obligations, and provide EU residents with access to a dispute resolution mechanism.
The clause establishes uniform privacy rights administration across the user base rather than limiting rights applicability to specific states. This operational approach simplifies compliance by applying state-law protections uniformly rather than implementing state-by-state variations.
A single feedback action such as clicking thumbs up or down on any message triggers retention and storage of the full conversation, which may include personal data shared throughout the session beyond the specific message rated.
Calm
· Calm Privacy Policy
This clause establishes the operational framework for Calm's incentive-based data collection practices, specifying that personal information gathered through such programs is valued in proportion to the offered compensation. The provision also creates explicit opt-in and opt-out mechanisms, defining how users can control participation in these programs.
Zoom
· Zoom Privacy Statement
This provision establishes the range of data subject rights Zoom recognizes under applicable law and the mechanism by which users can exercise them. For enterprise customers, understanding which rights apply to employee or customer data processed through Zoom is relevant to their own data subject access request workflows.
Noom
· Noom Privacy Policy
GDPR provides some of the strongest personal data protections globally; EU and UK users of Noom can exercise these rights to control how their sensitive health data is processed.
The policy explicitly enumerates GDPR and UK GDPR data subject rights and provides a mechanism for exercising them through account settings, giving EEA and UK users enforceable controls over their personal data.
This provision describes the procedural mechanism through which EU/EEA users may exercise statutory data rights. Organizations deploying Tabnine for EU-based employees should confirm that Tabnine's response processes meet GDPR's one-month response requirement.
These rights are enforceable under GDPR and UK GDPR and provide EU, UK, and Swiss users with meaningful legal recourse if Dropbox does not respond adequately to data requests, including the ability to escalate to a national regulator.
The clause operationalizes GDPR compliance as an integrated component of Anyscale's data handling framework for affected jurisdictions, establishing that EU/UK users have access to statutory data subject rights alongside the company's stated privacy practices.
This provision establishes the procedural mechanism through which EU, UK, and Swiss users may exercise their statutory data rights under GDPR and equivalent frameworks. The enforceability and response timelines for these rights are governed by applicable law rather than solely by the policy terms.
Okta
· Okta Privacy Policy
These rights give EU, UK, and Swiss residents meaningful control over their personal data held by Okta in its capacity as controller, including the ability to request deletion of marketing profiles or opt out of data processing based on legitimate interests.