International Privacy Rights

FoxtInn respects the privacy rights of individuals worldwide. In addition to our core Privacy Policy and GDPR compliance page, this page details your specific rights under regional and national privacy laws across more than 25 frameworks.

1. Americas

Brazil (LGPD - Lei Geral de Proteção de Dados)

Effective: September 2020 | Regulator: ANPD (Autoridade Nacional de Proteção de Dados)

Your Rights (10 rights):

• Confirmation of processing
• Access to your data
• Correction of inaccurate data
• Anonymization, blocking, or deletion of unnecessary data
• Data portability
• Deletion of data processed with consent
• Information about shared data
• Information about consequences of consent denial
• Withdrawal of consent
• Petition to ANPD for enforcement

Data transfers: Adequacy determination or contractual safeguards. FoxtInn uses LGPD-adapted Standard Contractual Clauses.

Contact: privacy@foxtcon.com, Subject: "LGPD Request"
Response: Within 15 business days

California & US States (CCPA/CPRA & State Privacy Laws)

CCPA/CPRA Rights (California): Know, Delete, Opt-Out of Sale/Sharing, Non-Discrimination, Correction, Limit Use of Sensitive PI

Important: FoxtInn does NOT sell personal information. We do NOT share personal information for cross-context behavioral advertising.

Other US States: Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Iowa, Tennessee, Texas TDPSA, Montana, Oregon, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, Indiana, Kentucky, and Rhode Island all provide similar universal rights: access, deletion, correction, opt-out of targeted advertising, and opt-out of profiling.

Global Privacy Control: FoxtInn honors GPC signals from all US jurisdictions.

Contact: privacy@foxtcon.com, Subject: "CCPA Request"
Response: Within 45 days

Canada (PIPEDA & Provincial Laws)

Rights: Access, correction, withdrawal of consent, complaint to Privacy Commissioner

Quebec Law 25: Enhanced consent and privacy impact assessment requirements (effective 2024)

Contact: privacy@foxtcon.com, Subject: "PIPEDA Request"
Response: Within 30 days

Argentina (PDPA - Law 25,326)

Status: EU adequacy since 2003

Rights: Access, rectification, suppression, confidentiality
Response: Within 10 business days (access), 5 business days (rectification/suppression)

Colombia (Law 1581/2012)

Rights: ARCO rights (access, update, rectification, deletion) + complaint to SIC (Superintendence of Industry and Commerce)
Response: Within 10 business days (access), 15 business days (complaints)

Mexico (LFPDPPP)

Rights: ARCO rights (Access, Rectification, Cancellation, Opposition)
Regulator: INAI (Instituto Nacional de Transparencia)
Response: Within 20 business days

Chile (Law 21,719 - effective December 1, 2026)

Framework: GDPR-style with consent requirement for sensitive data processing
Rights: Access, rectification, cancellation, opposition, portability
Regulator: Data Protection Agency (establishing)

2. Europe, Middle East & Africa

European Union & UK (GDPR / UK GDPR)

See our dedicated GDPR compliance page for comprehensive details.

Switzerland (nFADP)

Effective: September 1, 2023

Rights: Access, rectification, deletion, data portability, objection to automated decisions
Regulator: FDPIC (Federal Data Protection and Information Commissioner)

Turkey (KVKK - Law 6698)

Rights: Learn if processed, request information, know purpose, know third parties, correction, deletion, object to automated decisions, claim damages
Regulator: Personal Data Protection Authority
Response: Within 30 days

South Africa (POPIA)

Rights: Access, correction, deletion, objection, complaint to Information Regulator
Information Officer: privacy@foxtcon.com
Response: Within reasonable time (guidance: 30 days)

UAE (Federal Decree-Law No. 45/2021)

Scope: Extraterritorial application

Rights: Access, correction, restriction, deletion, objection, data portability
Response: Within 14 working days

Saudi Arabia (PDPL)

Effective: September 14, 2024

Rights: Access, correction, destruction, know about processing, data portability
Regulator: SDAIA (Saudi Data & Artificial Intelligence Authority)

Kenya (Data Protection Act 2019)

Rights: Access, correction, deletion, objection to processing
Regulator: Office of the Data Protection Commissioner

Nigeria (NDPR & Nigeria Data Protection Act 2023)

Rights: Access, rectification, restriction, data portability, objection, withdrawal of consent
Regulator: Nigeria Data Protection Commission (NDPC)

Egypt (Data Protection Law No. 151/2020)

Rights: Access, correction, deletion/restriction, objection, data portability
Requirement: Data transfers require approval from Data Protection Center

3. Asia-Pacific

India (DPDP Act 2023)

Enforcement: Phased, 2025-2027 expected full implementation

Your Rights (Data Principals): Access to summary of data, correction, erasure, grievance redressal, nominate representative

Important note: No legitimate interest basis — consent or deemed consent required. Children's data requires verifiable parental/guardian consent with no behavioral monitoring/targeted advertising.

Contact: privacy@foxtcon.com, Subject: "DPDP Request"
Response: Within prescribed period (expected ~30 days once rules finalized)

China (PIPL)

Rights: Know, decide, restrict/refuse, access, copy, portability, correction, deletion, explanation, withdraw consent

Important: FoxtInn currently stores data in the United States. Customers processing data of individuals in China should assess PIPL compliance requirements including potential data localization obligations.

Contact: privacy@foxtcon.com

Japan (APPI)

Rights: Disclosure, correction, cessation of use/provision, access to third-party transfer records

Note: Sensitive personal information requires explicit consent

Regulator: Personal Information Protection Commission (PPC)

South Korea (PIPA)

Framework: One of the strictest globally

Rights: Access, correction, suspension, deletion, withdrawal of consent
Automated decisions: Right to refuse and request explanation
Regulator: Personal Information Protection Commission (PIPC)

Singapore (PDPA)

Rights: Access, correction, withdrawal of consent
Compliance: Do Not Call Registry adherence
Penalties: Up to SGD 1M or 10% annual Singapore turnover
Regulator: Personal Data Protection Commission (PDPC)

Thailand (PDPA)

Scope: Extraterritorial application

Rights: Access, correction, deletion, restriction, objection, portability, complaint
Regulator: Personal Data Protection Committee (PDPC)

Australia (APPs - Privacy Act 1988)

Rights: Access, correction, complaint to OAIC, opt-out of direct marketing
Notifiable Data Breaches: Notify OAIC and affected individuals for eligible breaches
Regulator: Office of the Australian Information Commissioner (OAIC)

New Zealand (Privacy Act 2020)

Rights: Access, correction, complaint to Privacy Commissioner
New: Information Privacy Principle 3A (May 2026) requires notification for indirect collection
Biometrics: Processing Privacy Code (effective November 2025)

Malaysia (PDPA 2010, amended 2024)

Rights: Access, correction, withdrawal of consent, prevent marketing
DPO: Appointment required Phase 3 (June 2025)
Mandatory breach notification required

Philippines (Data Privacy Act 2012)

Rights: Informed, object, access, rectify, erase, damages, portability, complaint to NPC
Regulator: National Privacy Commission (NPC)

Indonesia (PDP Law, effective October 2024)

Rights: Access, correction, deletion, withdrawal of consent, objection to automated decisions, portability, complaint

Vietnam (PDPD, effective January 1, 2026)

Framework: Consent-based with sector-specific rules

Rights: Know, consent, access, correct, delete, restrict, portability, complaint, compensation
Cross-border: Impact assessment filing with Ministry of Public Security
Penalties: Up to 5% of annual revenue for serious violations

4. How to Exercise Your Rights

Email: privacy@foxtcon.com
Subject line: "[Law Name] Request" (e.g., "GDPR Request", "CCPA Request")
Include: Full name, account email, jurisdiction/country, specific right you wish to exercise, description of request

Verification: We may request identity verification before processing.
Response timelines: GDPR 30 days, CCPA 45 days, LGPD 15 business days, PIPEDA 30 days, DPDP prescribed period

Fees: Generally free. Excessive or unfounded requests may incur reasonable fee per applicable law.
Appeal: If denied, we explain reasons and your right to appeal to the relevant supervisory authority.

5. International Data Transfers

FoxtInn stores data in the United States (AWS US regions). We implement appropriate safeguards including Standard Contractual Clauses (SCCs) for EU/Brazil transfers, APEC CBPR framework for Asia-Pacific compliance, and contractual safeguards with equivalent protections for other jurisdictions.

6. Updates to This Page

This page is updated as new privacy laws take effect or existing laws are amended. Last material update: April 13, 2026.
Subscribe to updates: Email privacy@foxtcon.com with subject "Privacy Updates" for notifications of material changes.