Zillow
· Zillow Privacy Notice
Retention period disclosures are required under CCPA/CPRA and are relevant to consumer deletion rights; indefinite or purpose-based retention policies without specific timeframes may be subject to regulatory scrutiny in jurisdictions requiring retention limitation disclosures.
Visa
· Visa Privacy Notice
The absence of specific retention periods makes it difficult for consumers to know how long their data is held and may conflict with GDPR's data minimization and storage limitation principles.
This provision discloses Coursera's security posture using a standard industry disclaimer that appropriate measures are in place but absolute security cannot be guaranteed. The document does not specify the particular security standards, certifications, or frameworks used, which limits third-party assessment of adequacy.
Rumble
· Rumble Privacy Policy
This provision establishes Rumble's stated security posture and its limitation of representations regarding data security outcomes; the 'reasonable measures' standard is the operative benchmark for FTC enforcement purposes and is consistent with broadly observed industry practice.
Nintendo's qualified security assurance means that in the event of a data breach, the company's contractual exposure may be limited by this disclaimer, and users should understand that no absolute security guarantee is made for payment card data, account credentials, or gameplay records.
Fastly
· Fastly Privacy Policy
Personal data can transfer to a third party whose privacy practices may differ from Fastly's without you receiving prior individual notice or having a right to object, which is a common but material provision in corporate data flows.
Klarna
· Klarna Privacy Policy
Your personal data flows to merchants when you use Klarna at checkout; the merchant's own privacy practices then govern how that data is used, which may be different from Klarna's own policy.
Uber
· Uber Privacy Notice
This provision authorizes real-time location and identifying information to be made visible to members of the public (riders and recipients), which creates personal safety considerations for drivers and constitutes a distinct data sharing pathway from internal or business partner disclosures.
This provision defines the operational boundaries of external data sharing, including sharing with domain administrators (relevant to Google Workspace users) and partners engaged for processing; the stated restrictions are subject to the listed exceptions, which include broad legal and safety grounds.
Declining to provide certain personal data could result in loss of access to ZipRecruiter's job search or recruiting services, framing data provision as a prerequisite for service access rather than a freely given choice.
These rights are the primary mechanism by which individuals can control their personal data held by Checkout.com, and knowing the contact point and applicable rights is essential to exercising them effectively.
Adyen
· Adyen Privacy Policy
This clause implements statutory data subject rights obligations, establishing the procedural mechanism through which individuals may exercise control over their personal data held by Adyen. The availability of designated contact channels creates an operational requirement for Adyen to receive and respond to rights requests according to applicable data protection frameworks.
This clause operationalizes data subject rights under privacy regulations by establishing the procedural mechanism through which individuals can exercise statutory rights and outlining the verification requirements Apple applies before fulfilling requests.
The policy discloses specific rights and a contact mechanism, which is relevant because the practical scope of these rights may differ depending on whether the user is a direct consumer or accessing Atlassian through an employer account, where the employer administrator controls data.
The clause operationalizes Revolut's obligations under data protection regulations by establishing procedural mechanisms through which users can assert control over personal data processing. The provision specifies both the substantive rights available and the operational channels through which those rights may be exercised.
The provision operationalizes data subject rights commonly required under privacy regulations such as GDPR and CCPA by establishing a framework through which users can exercise control over their personal information retained and processed by the service provider.
Netflix
· Netflix Privacy Statement
This clause creates a procedural mechanism for exercising data subject rights under privacy regulations. By designating a specific contact and email address, the provision establishes the operational pathway through which Netflix processes access, deletion, portability, and correction requests.
Klarna
· Klarna Privacy Policy
These provisions implement statutory data subject rights under regulations like GDPR and similar privacy frameworks, establishing formal mechanisms through which individuals can exercise control over personal data processing and obtain transparency into data holdings.
DeepL
· DeepL Privacy Policy
This provision enumerates the data subject rights DeepL recognizes and the mechanism through which users may exercise them. The right to lodge a supervisory authority complaint provides a direct regulatory escalation path independent of DeepL's own response.
The policy states that data subject rights are exercised through Microsoft's central privacy dashboard rather than through Minecraft-specific channels, which affects how users locate and exercise these rights in practice.
You have formal rights over your personal data held by Mistral AI, and the company has designated a DPO as a named point of contact, which is a meaningful accountability mechanism under GDPR.
These rights are legally enforceable in jurisdictions like California, Colorado, and the EU, meaning Databricks is required to respond to valid requests within specific timeframes and cannot penalize you for exercising them.
Stripe
· Stripe Privacy Policy
The clause establishes the foundational scope and transparency structure of Stripe's privacy practices, including disclosure of data handling procedures and affirmation of data subject rights available under applicable privacy regulations.
The clause operationalizes Apple's compliance with regional privacy regulations (such as GDPR and similar frameworks) by documenting the specific data subject rights Apple recognizes and the mechanism through which users may exercise consent withdrawal. This establishes the procedural framework through which Apple handles requests related to personal data management.
The clause operationalizes data subject rights under privacy regulations by designating a contact point (privacy@oneidentity.com) and establishing a compliance timeline tied to statutory requirements, which creates an administrative process for handling individual data requests.
These rights give users meaningful control over their personal data, but they require users to actively exercise them and understand which rights apply in their jurisdiction.
These rights are legally enforceable under GDPR and UK GDPR, and Palantir is required to respond within specific timeframes — typically 30 days — or provide a reasoned refusal.
DeepL
· DeepL Privacy Policy
These rights give users meaningful control over their personal data held by DeepL, including the ability to request deletion of account information and any retained translation inputs.
This provision operationalizes Mistral AI's GDPR compliance framework by explicitly defining the types of personal data subject to rights requests and establishing a procedural mechanism for users to exercise data access, correction, deletion, and portability rights under applicable EU data protection law.
Using home security event data for product improvement means that information about when alarms are triggered, which sensors activate, and how you interact with your system may be analyzed beyond the immediate purpose of protecting your home.