aboutsummaryrefslogtreecommitdiff
path: root/network/dropbox/policies
diff options
context:
space:
mode:
Diffstat (limited to 'network/dropbox/policies')
-rw-r--r--network/dropbox/policies1588
1 files changed, 1588 insertions, 0 deletions
diff --git a/network/dropbox/policies b/network/dropbox/policies
new file mode 100644
index 0000000000000..3392464a16947
--- /dev/null
+++ b/network/dropbox/policies
@@ -0,0 +1,1588 @@
+Dropbox Terms of Service
+
+ Posted: November 4, 2015
+
+ Thanks for using Dropbox! These terms of service ("Terms") cover your
+ use and access to our services, client software and websites
+ ("Services"). If you reside outside of the United States of America,
+ Canada and Mexico (“North America”) your agreement is with Dropbox
+ Ireland, and if you reside in North America your agreement is with
+ Dropbox, Inc. Our [45]Privacy Policy explains how we collect and use
+ your information while our [46]Acceptable Use Policy outlines your
+ responsibilities when using our Services. By using our Services, you're
+ agreeing to be bound by these Terms, and to review our [47]Privacy and
+ [48]Acceptable Use policies. If you're using our Services for an
+ organization, you're agreeing to these Terms on behalf of that
+ organization.
+
+Your Stuff & Your Permissions
+
+ When you use our Services, you provide us with things like your files,
+ content, email messages, contacts and so on ("Your Stuff"). Your Stuff
+ is yours. These Terms don't give us any rights to Your Stuff except for
+ the limited rights that enable us to offer the Services.
+
+ We need your permission to do things like hosting Your Stuff, backing
+ it up, and sharing it when you ask us to. Our Services also provide you
+ with features like photo thumbnails, document previews, email
+ organization, easy sorting, editing, sharing and searching. These and
+ other features may require our systems to access, store and scan Your
+ Stuff. You give us permission to do those things, and this permission
+ extends to our affiliates and trusted third parties we work with.
+
+Sharing Your Stuff
+
+ Our Services let you share Your Stuff with others, so please think
+ carefully about what you share.
+
+Your Responsibilities
+
+ You're responsible for your conduct, Your Stuff and you must comply
+ with our [49]Acceptable Use Policy. Content in the Services may be
+ protected by others' intellectual property rights. Please don't copy,
+ upload, download or share content unless you have the right to do so.
+
+ We may review your conduct and content for compliance with these Terms
+ and our [50]Acceptable Use Policy. With that said, we have no
+ obligation to do so. We aren't responsible for the content people post
+ and share via the Services.
+
+ Please safeguard your password to the Services, make sure that others
+ don't have access to it, and keep your account information current.
+
+ Finally, our Services are not intended for and may not be used by
+ people under the age of 13. By using our Services, you are representing
+ to us that you're over 13.
+
+Software
+
+ Some of our Services allow you to download client software ("Software")
+ which may update automatically. So long as you comply with these Terms,
+ we give you a limited, nonexclusive, nontransferable, revocable license
+ to use the Software, solely to access the Services. To the extent any
+ component of the Software may be offered under an open source license,
+ we'll make that license available to you and the provisions of that
+ license may expressly override some of these Terms. Unless the
+ following restrictions are prohibited by law, you agree not to reverse
+ engineer or decompile the Services, attempt to do so, or assist anyone
+ in doing so.
+
+Beta Services
+
+ We sometimes release products and features that we are still testing
+ and evaluating. Those Services have been marked beta, preview, early
+ access, or evaluation (or with words or phrases with similar meanings)
+ and may not be as reliable as Dropbox’s other services, so please keep
+ that in mind.
+
+Our Stuff
+
+ The Services are protected by copyright, trademark, and other US and
+ foreign laws. These Terms don't grant you any right, title or interest
+ in the Services, others' content in the Services, Dropbox trademarks,
+ logos and other brand features. We welcome feedback, but note that we
+ may use comments or suggestions without any obligation to you.
+
+Copyright
+
+ We respect the intellectual property of others and ask that you do too.
+ We respond to notices of alleged copyright infringement if they comply
+ with the law, and such notices should be reported using our
+ [51]Copyright Policy. We reserve the right to delete or disable content
+ alleged to be infringing and terminate accounts of repeat infringers.
+ Our designated agent for notice of alleged copyright infringement on
+ the Services is:
+
+ Copyright Agent
+ Dropbox, Inc.
+ 333 Brannan Street
+ San Francisco, CA 94107
+ copyright@dropbox.com
+
+Paid Accounts
+
+ Billing. You can increase your storage space and add paid features to
+ your account (turning your account into a "Paid Account"). We'll
+ automatically bill you from the date you convert to a Paid Account and
+ on each periodic renewal until cancellation. You're responsible for all
+ applicable taxes, and we'll charge tax when required to do so.
+
+ No Refunds. You may cancel your Dropbox Paid Account at any time but
+ you won't be issued a refund [52]unless it's legally required.
+
+ Downgrades. Your Paid Account will remain in effect until it's
+ cancelled or terminated under these Terms. If you don't pay for your
+ Paid Account on time, we reserve the right to suspend it or reduce your
+ storage to free space levels.
+
+ Changes. We may change the fees in effect but will give you advance
+ notice of these changes via a message to the email address associated
+ with your account.
+
+Dropbox Business
+
+ Email address. If you sign up for a Dropbox account with an email
+ address provisioned by your employer, your employer may be able to
+ block your use of Dropbox until you transition to a Dropbox Business or
+ Dropbox Enterprise account or you associate your Dropbox account with a
+ personal email address.
+
+ Using Dropbox Business or Dropbox Enterprise. If you join a Dropbox
+ Business or Dropbox Enterprise account, you must use it in compliance
+ with your employer's terms and policies. Please note that Dropbox
+ Business and Dropbox Enterprise accounts are subject to your employer's
+ control. Your administrators may be able to access, disclose, restrict,
+ or remove information in or from your Dropbox Business or Dropbox
+ Enterprise account. They may also be able to restrict or terminate your
+ access to a Dropbox Business or Dropbox Enterprise account. If you
+ convert an existing Dropbox account into a Dropbox Business or Dropbox
+ Enterprise account, your administrators may prevent you from later
+ disassociating your account from the Dropbox Business or Dropbox
+ Enterprise account.
+
+Termination
+
+ You're free to stop using our Services at any time. We also reserve the
+ right to suspend or end the Services at any time at our discretion and
+ without notice. For example, we may suspend or terminate your use of
+ the Services if you're not complying with these Terms, or use the
+ Services in a manner that would cause us legal liability, disrupt the
+ Services or disrupt others' use of the Services. Except for Paid
+ Accounts, we reserve the right to terminate and delete your account if
+ you haven't accessed our Services for 12 consecutive months. We'll of
+ course provide you with notice via the email address associated with
+ your account before we do so.
+
+Services "AS IS"
+
+ We strive to provide great Services, but there are certain things that
+ we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX AND
+ ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER
+ EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS
+ IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ PARTICULAR PURPOSE AND NON-INFRINGEMENT. Some places don't allow the
+ disclaimers in this paragraph, so they may not apply to you.
+
+Limitation of Liability
+
+ TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT FOR ANY LIABILITY FOR
+ DROPBOX’S OR ITS AFFILIATES’ FRAUD, FRAUDULENT MISREPRESENTATION, OR
+ GROSS NEGLIGENCE, IN NO EVENT WILL DROPBOX, ITS AFFILIATES, SUPPLIERS
+ OR DISTRIBUTORS BE LIABLE FOR:
+
+ (A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR
+ CONSEQUENTIAL DAMAGES, OR
+
+ (B) ANY LOSS OF USE, DATA, BUSINESS, OR PROFITS, REGARDLESS OF LEGAL
+ THEORY.
+
+ THIS WILL BE REGARDLESS OF WHETHER OR NOT DROPBOX OR ANY OF ITS
+ AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN
+ IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
+
+ ADDITIONALLY, DROPBOX, ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS WILL
+ NOT BE LIABLE FOR AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE
+ SERVICES FOR MORE THAN THE GREATER OF $20 OR THE AMOUNTS PAID BY YOU TO
+ DROPBOX FOR THE PAST 12 MONTHS OF THE SERVICES IN QUESTION.
+
+ Some places don't allow the types of limitations in this paragraph, so
+ they may not apply to you.
+
+Resolving Disputes
+
+ Let's Try To Sort Things Out First. We want to address your concerns
+ without needing a formal legal case. Before filing a claim against
+ Dropbox, you agree to try to resolve the dispute informally by
+ contacting dispute-notice@dropbox.com. We'll try to resolve the dispute
+ informally by contacting you via email. If a dispute is not resolved
+ within 15 days of submission, you or Dropbox may bring a formal
+ proceeding.
+
+ Judicial forum for disputes. You and Dropbox agree that any judicial
+ proceeding to resolve claims relating to these Terms or the Services
+ will be brought in the federal or state courts of San Francisco County,
+ California, subject to the mandatory arbitration provisions below. Both
+ you and Dropbox consent to venue and personal jurisdiction in such
+ courts.
+
+IF YOU’RE A U.S. RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY
+ARBITRATION PROVISIONS:
+
+ We Both Agree To Arbitrate. You and Dropbox agree to resolve any claims
+ relating to these Terms or the Services through final and binding
+ arbitration, except as set forth under Exceptions to Agreement to
+ Arbitrate below.
+
+ Opt-out of Agreement to Arbitrate. You can decline this agreement to
+ arbitrate by [53]clicking here and submitting the opt-out form within
+ 30 days of first accepting these Terms.
+
+ Arbitration Procedures. The [54]American Arbitration Association (AAA)
+ will administer the arbitration under its Commercial Arbitration Rules
+ and the Supplementary Procedures for Consumer Related Disputes. The
+ arbitration will be held in the United States county where you live or
+ work, San Francisco (CA), or any other location we agree to.
+
+ Arbitration Fees and Incentives. The AAA rules will govern payment of
+ all arbitration fees. Dropbox will pay all arbitration fees for claims
+ less than $75,000. If you receive an arbitration award that is more
+ favorable than any offer we make to resolve the claim, we will pay you
+ $1,000 in addition to the award. Dropbox will not seek its attorneys'
+ fees and costs in arbitration unless the arbitrator determines that
+ your claim is frivolous.
+
+ Exceptions to Agreement to Arbitrate. Either you or Dropbox may assert
+ claims, if they qualify, in small claims court in San Francisco (CA) or
+ any United States county where you live or work. Either party may bring
+ a lawsuit solely for injunctive relief to stop unauthorized use or
+ abuse of the Services, or intellectual property infringement (for
+ example, trademark, trade secret, copyright, or patent rights) without
+ first engaging in arbitration or the informal dispute-resolution
+ process described above. If the agreement to arbitrate is found not to
+ apply to you or your claim, you agree to the exclusive jurisdiction of
+ the state and federal courts in San Francisco County, California to
+ resolve your claim.
+
+ NO CLASS ACTIONS. You may only resolve disputes with us on an
+ individual basis, and may not bring a claim as a plaintiff or a class
+ member in a class, consolidated, or representative action. Class
+ arbitrations, class actions, private attorney general actions, and
+ consolidation with other arbitrations aren't allowed.
+
+Controlling Law
+
+ These Terms will be governed by California law except for its conflicts
+ of laws principles, unless otherwise required by a mandatory law of any
+ other jurisdiction.
+
+Entire Agreement
+
+ These Terms constitute the entire agreement between you and Dropbox
+ with respect to the subject matter of these Terms, and supersede and
+ replace any other prior or contemporaneous agreements, or terms and
+ conditions applicable to the subject matter of these Terms. These Terms
+ create no third party beneficiary rights.
+
+Waiver, Severability & Assignment
+
+ Dropbox's failure to enforce a provision is not a waiver of its right
+ to do so later. If a provision is found unenforceable, the remaining
+ provisions of the Terms will remain in full effect and an enforceable
+ term will be substituted reflecting our intent as closely as possible.
+ You may not assign any of your rights under these Terms, and any such
+ attempt will be void. Dropbox may assign its rights to any of its
+ affiliates or subsidiaries, or to any successor in interest of any
+ business associated with the Services.
+
+Modifications
+
+ We may revise these Terms from time to time, and will always post the
+ most current version on our website. If a revision meaningfully reduces
+ your rights, we will notify you (by, for example, sending a message to
+ the email address associated with your account, posting on our blog or
+ on this page). By continuing to use or access the Services after the
+ revisions come into effect, you agree to be bound by the revised Terms.
+
+ If your organization signed a Dropbox Business or Dropbox Enterprise
+ Agreement with Dropbox, that Agreement may have modified the privacy
+ policy below. Please [55]contact your organization’s Admin for details.
+
+Dropbox Privacy Policy
+
+ Posted: February 12, 2016
+
+ Thanks for using Dropbox! Here we describe how we collect, use and
+ handle your information when you use our websites, software and
+ services ("Services").
+
+What & Why
+
+ We collect and use the following information to provide, improve and
+ protect our Services:
+
+ Account. We collect, and associate with your account, information like
+ your name, email address, phone number, payment info, and physical
+ address. Some of our services let you access your accounts and your
+ information with other service providers.
+
+ Services. When you use our Services, we store, process and transmit
+ your files (including stuff like your photos, [56]structured data and
+ emails) and information related to them (for example, location tags in
+ photos). If you give us access to your contacts, we'll store those
+ contacts on our servers for you to use. This will make it easy for you
+ to do things like share your stuff, send emails, and invite others to
+ use the Services.
+
+ Usage. We collect information from and about the devices you use to
+ access the Services. This includes things like IP addresses, the type
+ of browser and device you use, the web page you visited before coming
+ to our sites, and identifiers associated with your devices. Your
+ devices (depending on their settings) may also transmit location
+ information to the Services.
+
+ Cookies and other technologies. We use technologies like [57]cookies
+ and pixel tags to provide, improve, protect and promote our Services.
+ For example, cookies help us with things like remembering your username
+ for your next visit, understanding how you are interacting with our
+ Services, and improving them based on that information. You can set
+ your browser to not accept cookies, but this may limit your ability to
+ use the Services. If our systems receive a DNT:1 signal from your
+ browser, we'll respond to that signal as outlined [58]here.
+
+With whom
+
+ We may share information as discussed below, but we won't sell it to
+ advertisers or other third-parties.
+
+ Others working for Dropbox. Dropbox uses certain trusted third parties
+ to help us provide, improve, protect, and promote our Services. These
+ third parties will access your information only to perform tasks on our
+ behalf and in compliance with this Privacy Policy.
+
+ Other users. Our Services display information like your name and email
+ address to other users in places like your user profile and sharing
+ notifications. Certain features let you make additional information
+ available to other users.
+
+ Other applications. You can also give third parties access to your
+ information and account - for example, via [59]Dropbox APIs. Just
+ remember that their use of your information will be governed by their
+ privacy policies and terms.
+
+ Dropbox Business and Dropbox Enterprise Admins. If you are a Dropbox
+ Business or Dropbox Enterprise user, your administrator may have the
+ ability to access and control your Dropbox Business or Dropbox
+ Enterprise account. Please refer to your employer's internal policies
+ if you have questions about this. If you are not a Dropbox Business
+ user but interact with a Dropbox Business or Dropbox Enterprise user
+ (by, for example, joining a shared folder or accessing stuff shared by
+ that user), members of that organization may be able to view the name,
+ email address and IP address that were associated with your account at
+ the time of that interaction.
+
+ Law & Order. We may disclose your information to third parties if we
+ determine that such disclosure is reasonably necessary to (a) comply
+ with the law; (b) protect any person from death or serious bodily
+ injury; (c) prevent fraud or abuse of Dropbox or our users; or (d)
+ protect Dropbox's property rights.
+
+ Stewardship of your data is critical to us and a responsibility that we
+ embrace. We believe that our users' data should receive the same legal
+ protections regardless of whether it's stored on our services or on
+ their home computer's hard drive. We'll abide by the following
+ [60]Government Request Principles when receiving, scrutinizing and
+ responding to government requests for our users' data:
+ * Be transparent,
+ * Fight blanket requests,
+ * Protect all users, and
+ * Provide trusted services.
+
+ Please visit our [61]Government Request Principles and [62]Transparency
+ Report for more detailed information.
+
+How
+
+ Security. We have a team dedicated to keeping your information secure
+ and testing for vulnerabilities. We also continue to work on features
+ to keep your information safe in addition to things like two-factor
+ authentication, encryption of files at rest, and alerts when new
+ devices and apps are linked to your account.
+
+ Retention. We'll retain information you store on our Services for as
+ long as we need it to provide you the Services. If you delete your
+ account, we'll also delete this information. But please note: (1) there
+ might be some latency in deleting this information from our servers and
+ back-up storage; and (2) we may retain this information if necessary to
+ comply with our legal obligations, resolve disputes, or enforce our
+ agreements.
+
+Where
+
+ Around the world. To provide you with the Services, we may store,
+ process and transmit information in the United States and locations
+ around the world - including those outside your country. Information
+ may also be stored locally on the devices you use to access the
+ Services.
+
+ Safe Harbor. Dropbox complies with the EU-U.S. and Swiss-U.S. Safe
+ Harbor ("Safe Harbor") frameworks and principles. We have certified our
+ compliance, and you can view our certifications [63]here. You can learn
+ more about Safe Harbor by visiting [64]http://export.gov/safeharbor.
+ JAMS is the independent organization responsible for reviewing and
+ resolving complaints about our Safe Harbor compliance. We ask that you
+ first submit any such complaints directly to us via
+ privacy@dropbox.com. If you aren't satisfied with our response, please
+ contact JAMS at
+ [65]http://www.jamsinternational.com/rules-procedures/safeharbor/file-s
+ afe-harbor-claim.
+
+ NOTE: When transferring data from the European Union, the European
+ Economic Area, and Switzerland, Dropbox relies upon a variety of legal
+ mechanisms, including contracts with our users. Dropbox doesn’t rely
+ upon Safe Harbor as a legal basis for data transfer but does adhere to
+ the [66]Safe Harbor Privacy Principles while specific guidance for the
+ forthcoming EU-US Privacy Shield program is developed. For information
+ about data transfers from Europe to the United States, please visit
+ [67]this page.
+
+Changes
+
+ If we are involved in a reorganization, merger, acquisition or sale of
+ our assets, your information may be transferred as part of that deal.
+ We will notify you (for example, via a message to the email address
+ associated with your account) of any such deal and outline your choices
+ in that event.
+
+ We may revise this Privacy Policy from time to time, and will post the
+ most current version on our website. If a revision meaningfully reduces
+ your rights, we will notify you.
+
+Contact
+
+ Have questions or concerns about Dropbox, our Services and privacy?
+ Contact us at [68]privacy@dropbox.com.
+
+ This section of the agreement only applies to [69]Dropbox Business
+ customers. If your organization signed a Dropbox Business or Dropbox
+ Enterprise Agreement with Dropbox, that Agreement may be different from
+ the terms below. Please [70]contact your organization’s Admin for
+ details.
+
+Dropbox Business Agreement
+
+ Posted: June 2, 2016
+
+ This Dropbox Business Agreement (the "Agreement") is between Dropbox
+ Ireland if your organization is based outside of the United States,
+ Canada and Mexico ("North America") or, if your organization is based
+ in North America, with Dropbox, Inc., a Delaware corporation (each,
+ "Dropbox") and the organization agreeing to these terms ("Customer").
+ This Agreement governs access to and use of the Dropbox Business client
+ software and services (together, "Dropbox Business"), as well as those
+ Beta Services that are made available to you (together, with Dropbox
+ Business, the "Services"). By clicking "I Agree," signing your contract
+ for the Services or using the Services, you agree to this Agreement as
+ a Customer.
+
+ To the extent Dropbox, Inc. is, on behalf of Customer, processing
+ Customer Data that is subject to national laws implementing EU Data
+ Protection Directive (95/46/EC) ("EU Data Protection Laws"), then, by
+ clicking "I agree," you are also agreeing to the EU Standard
+ Contractual Clauses with Dropbox, Inc. for the transfer of personal
+ data to processors set forth in Schedule 1.
+
+ If you are agreeing to this Agreement and Schedule 1 (if applicable)
+ for use of the Services by an organization, you are agreeing on behalf
+ of that organization. You must have the authority to bind that
+ organization to these terms, otherwise you must not sign up for the
+ Services.
+ 1. Services.
+ a. Provision of Services. Customer and users of Customer's
+ Services account ("End Users") may access and use the Services
+ in accordance with this Agreement.
+ b. Facilities and Data Processing. Dropbox will use, at a
+ minimum, industry standard technical and organizational
+ security measures to transfer, store, and process Customer
+ Data. These measures are designed to protect the integrity of
+ Customer Data and guard against the unauthorized or unlawful
+ access to, use, and processing of Customer Data. Customer
+ agrees that Dropbox may transfer, store, and process Customer
+ Data in the United States and locations other than Customer's
+ country. To the extent that Customer Data is subject to EU
+ Data Protection Laws and is processed by Dropbox as a data
+ processor acting on Customer's behalf (as a data controller),
+ Dropbox will use and process such Customer Data as Customer
+ instructs in order to provide the Services and fulfil
+ Dropbox's obligations under the Agreement. "Customer Data"
+ means Stored Data and Account Data. "Stored Data" means the
+ files and structured data submitted to the Services by
+ Customer or End Users. "Account Data" means the account and
+ contact information submitted to the Services by Customer or
+ End Users.
+ c. Modifications to the Services. Dropbox may update the Services
+ from time to time. If Dropbox changes the Services in a manner
+ that materially reduces their functionality, Dropbox will
+ inform Customer via the email address associated with the
+ account.
+ d. Software. Some Services allow Customer to download Dropbox
+ software which may update automatically. Customer may use the
+ software only to access the Services. If any component of the
+ software is offered under an open source license, Dropbox will
+ make the license available to Customer and the provisions of
+ that license may expressly override some of the terms of this
+ Agreement.
+ e. Beta Services. Dropbox may provide features or products that
+ we are still testing and evaluating. These products and
+ features are identified as alpha, beta, preview, early access,
+ or evaluation (or words or phrases with similar meanings)
+ (collectively, "Beta Services"). Notwithstanding anything to
+ the contrary in this Agreement or in Schedule 1, the following
+ terms apply to all Beta Services: (a) you may use or decline
+ to use any Beta Services; (b) Beta Services may not be
+ supported and may be changed at any time without notice to
+ you; (c) Beta Services may not be as reliable or available as
+ Dropbox Business; (d) Beta Services have not been subjected to
+ the same security measures and auditing to which Dropbox
+ Business has been subjected; and (e) DROPBOX WILL HAVE NO
+ LIABILITY ARISING OUT OF OR IN CONNECTION WITH BETA
+ SERVICES—USE AT YOUR OWN RISK.
+ 2. Customer Obligations.
+ a. Compliance. Customer is responsible for use of the Services by
+ its End Users. Customer and its End Users must use the
+ Services in compliance with the [71]Acceptable Use Policy.
+ Customer will obtain from End Users any consents necessary to
+ allow Administrators to engage in the activities described in
+ this Agreement and to allow Dropbox to provide the Services.
+ Customer will comply with laws and regulations applicable to
+ Customer's use of the Services, if any.
+ b. Customer Administration of the Services. Customer may specify
+ End Users as "Administrators" through the administrative
+ console. Administrators may have the ability to access,
+ disclose, restrict or remove Customer Data in or from Services
+ accounts. Administrators may also have the ability to monitor,
+ restrict, or terminate access to Services accounts. Dropbox's
+ responsibilities do not extend to the internal management or
+ administration of the Services. Customer is responsible for:
+ (i) maintaining the confidentiality of passwords and
+ Administrator accounts; (ii) managing access to Administrator
+ accounts; and (iii) ensuring that Administrators' use of the
+ Services complies with this Agreement. Customer acknowledges
+ that if Customer purchases the Services through a reseller and
+ delegates any of such reseller's personnel as Administrators
+ of Customer's Services account, such reseller may be able to
+ control account information, including Customer Data, and
+ access Customer's Services account as further described above.
+ c. Unauthorized Use & Access. Customer will prevent unauthorized
+ use of the Services by its End Users and terminate any
+ unauthorized use of or access to the Services. The Services
+ are not intended for End Users under the age of 13. Customer
+ will ensure that it does not allow any person under 13 to use
+ the Services. Customer will promptly notify Dropbox of any
+ unauthorized use of or access to the Services.
+ d. Restricted Uses. Customer will not (i) sell, resell, or lease
+ the Services; (ii) use the Services for activities where use
+ or failure of the Services could lead to physical damage,
+ death, or personal injury; or (iii) reverse engineer the
+ Services, nor attempt nor assist anyone else to do so, unless
+ this restriction is prohibited by law.
+ e. Third Party Requests.
+ i. "Third Party Request" means a request from a third party
+ for records relating to an End User's use of the Services
+ including information in or from an End User or
+ Customer's Services account. Third Party Requests may
+ include valid search warrants, court orders, or
+ subpoenas, or any other request for which there is
+ written consent from End Users permitting a disclosure.
+ ii. Customer is responsible for responding to Third Party
+ Requests via its own access to information. Customer will
+ seek to obtain information required to respond to Third
+ Party Requests and will contact Dropbox only if it cannot
+ obtain such information despite diligent efforts.
+ iii. Dropbox will make commercially reasonable efforts, to
+ the extent allowed by law and by the terms of the Third
+ Party Request, to: (A) promptly notify Customer of
+ Dropbox's receipt of a Third Party Request; (B) comply
+ with Customer's commercially reasonable requests
+ regarding its efforts to oppose a Third Party Request;
+ and (C) provide Customer with information or tools
+ required for Customer to respond to the Third Party
+ Request (if Customer is otherwise unable to obtain the
+ information). If Customer fails to promptly respond to
+ any Third Party Request, then Dropbox may, but will not
+ be obligated to do so.
+ 3. Third-Party Services. If Customer uses any third-party service
+ (e.g., a service that uses a Dropbox API) with the Services, (a)
+ Dropbox will not be responsible for any act or omission of the
+ third party, including the third party's access to or use of
+ Customer Data and (b) Dropbox does not warrant or support any
+ service provided by the third party.
+ 4. Suspension
+ a. Of End User Accounts by Dropbox. If an End User (i) violates
+ this Agreement or (ii) uses the Services in a manner that
+ Dropbox reasonably believes will cause it liability, then
+ Dropbox may request that Customer suspend or terminate the
+ applicable End User account. If Customer fails to promptly
+ suspend or terminate the End User account, then Dropbox may do
+ so.
+ b. Security Emergencies. Notwithstanding anything in this
+ Agreement, if there is a Security Emergency then Dropbox may
+ automatically suspend use of the Services. Dropbox will make
+ commercially reasonable efforts to narrowly tailor the
+ suspension as needed to prevent or terminate the Security
+ Emergency. "Security Emergency" means: (i) use of the Services
+ that do or could disrupt the Services, other customers' use of
+ the Services, or the infrastructure used to provide the
+ Services and (ii) unauthorized third-party access to the
+ Services.
+ 5. Intellectual Property Rights.
+ a. Reservation of Rights. Except as expressly set forth herein,
+ this Agreement does not grant (i) Dropbox any Intellectual
+ Property Rights in Customer Data or (ii) Customer any
+ Intellectual Property Rights in the Services or Dropbox
+ trademarks and brand features. "Intellectual Property Rights"
+ means current and future worldwide rights under patent,
+ copyright, trade secret, trademark, moral rights, and other
+ similar rights.
+ b. Limited Permission. Customer grants Dropbox only the limited
+ rights that are reasonably necessary for Dropbox to offer the
+ Services (e.g., hosting Stored Data). This permission also
+ extends to our affiliates and trusted third parties Dropbox
+ works with to offer the Services (e.g., payment provider used
+ to process payment of fees).
+ c. Suggestions. Dropbox may, at its discretion and for any
+ purpose, use, modify, and incorporate into its products and
+ services, license and sublicense, any feedback, comments, or
+ suggestions Customer or End Users send Dropbox or post in
+ Dropbox's forums without any obligation to Customer.
+ d. Customer List. Dropbox may include Customer's name in a list
+ of Dropbox customers on the Dropbox website or in promotional
+ materials.
+ 6. Fees & Payment.
+ a. Fees. Customer will pay, and authorizes Dropbox or Customer's
+ reseller to charge using Customer's selected payment method,
+ for all applicable fees. Fees are non-refundable except as
+ required by law. Customer is responsible for providing
+ complete and accurate billing and contact information to
+ Dropbox or Customer's reseller. Dropbox may suspend or
+ terminate the Services if fees are past due.
+ b. Auto Renewals and Trials. IF CUSTOMER'S ACCOUNT IS SET TO AUTO
+ RENEWAL OR IS IN A TRIAL PERIOD, DROPBOX (OR CUSTOMER'S
+ RESELLER) MAY AUTOMATICALLY CHARGE AT THE END OF THE TRIAL OR
+ FOR THE RENEWAL, UNLESS CUSTOMER NOTIFIES DROPBOX (OR
+ CUSTOMER'S RESELLER, AS APPLICABLE) THAT CUSTOMER WANTS TO
+ CANCEL OR DISABLE AUTO RENEWAL. Dropbox may revise Service
+ rates by providing Customer at least 30 days notice prior to
+ the next charge.
+ c. Taxes. Customer is responsible for all taxes. Dropbox or
+ Customer's reseller will charge tax when required to do so. If
+ Customer is required by law to withhold any taxes, Customer
+ must provide Dropbox or Customer's reseller with an official
+ tax receipt or other appropriate documentation.
+ d. Purchase Orders. If Customer requires the use of a purchase
+ order orpurchase order number, Customer (i) must provide the
+ purchase order number at the time of purchase and (ii) agrees
+ that any terms and conditions on a Customer purchase order
+ will not apply to this Agreement and are null and void. If
+ Customer is purchasing through a reseller, any terms and
+ conditions from Customer's reseller or in a purchase order
+ between Customer and its reseller that conflict with the
+ Dropbox Business Agreement are null and void.
+ 7. Term & Termination.
+ a. Term. This Agreement will remain in effect until Customer's
+ subscription to the Services expires or terminates, or until
+ the Agreement is terminated.
+ b. Termination for Breach. Either Dropbox or Customer may
+ terminate this Agreement if: (i) the other party is in
+ material breach of the Agreement and fails to cure that breach
+ within 30 days after receipt of written notice or (ii) the
+ other party ceases its business operations or becomes subject
+ to insolvency proceedings and the proceedings are not
+ dismissed within 90 days.
+ c. Effects of Termination. If this Agreement terminates: (i) the
+ rights granted by Dropbox to Customer will cease immediately
+ (except as set forth in this section); (ii) Dropbox may
+ provide Customer access to its account at then-current fees so
+ that Customer may export its Stored Data; and (iii) after a
+ commercially reasonable period of time, Dropbox may delete any
+ Stored Data relating to Customer's account. The following
+ sections will survive expiration or termination of this
+ Agreement: 2(e) (Third Party Requests), 5 (Intellectual
+ Property Rights), 6 (Fees & Payment), 7(c) (Effects of
+ Termination), 8 (Indemnification), 9 (Disclaimers), 10
+ (Limitation of Liability), 11 (Disputes), and 12
+ (Miscellaneous).
+ 8. Indemnification.
+ a. By Customer. Customer will indemnify, defend, and hold
+ harmless Dropbox from and against all liabilities, damages,
+ and costs (including settlement costs and reasonable
+ attorneys' fees) arising out of any claim by a third party
+ against Dropbox and its affiliates regarding: (i) Customer
+ Data; (ii) Customer's use of the Services in violation of this
+ Agreement; or (iii) End Users' use of the Services in
+ violation of this Agreement.
+ b. By Dropbox. Dropbox will indemnify, defend, and hold harmless
+ Customer from and against all liabilities, damages, and costs
+ (including settlement costs and reasonable attorneys' fees)
+ arising out of any claim by a third party against Customer to
+ the extent based on an allegation that Dropbox's technology
+ used to provide the Services to the Customer infringes or
+ misappropriates any copyright, trade secret, U.S. patent, or
+ trademark right of the third party. In no event will Dropbox
+ have any obligations or liability under this section arising
+ from: (i) use of any Services in a modified form or in
+ combination with materials not furnished by Dropbox and (ii)
+ any content, information, or data provided by Customer, End
+ Users, or other third parties.
+ c. Possible Infringement. If Dropbox believes the Services
+ infringe or may be alleged to infringe a third party's
+ Intellectual Property Rights, then Dropbox may: (i) obtain the
+ right for Customer, at Dropbox's expense, to continue using
+ the Services; (ii) provide a non-infringing functionally
+ equivalent replacement; or (iii) modify the Services so that
+ they no longer infringe. If Dropbox does not believe the
+ options described in this section are commercially reasonable
+ then Dropbox may suspend or terminate Customer's use of the
+ affected Services (with a pro-rata refund of prepaid fees for
+ the Services).
+ d. General. The party seeking indemnification will promptly
+ notify the other party of the claim and cooperate with the
+ other party in defending the claim. The indemnifying party
+ will have full control and authority over the defense, except
+ that: (i) any settlement requiring the party seeking
+ indemnification to admit liability requires prior written
+ consent, not to be unreasonably withheld or delayed and (ii)
+ the other party may join in the defense with its own counsel
+ at its own expense. THE INDEMNITIES ABOVE ARE DROPBOX AND
+ CUSTOMER'S ONLY REMEDY UNDER THIS AGREEMENT FOR VIOLATION BY
+ THE OTHER PARTY OF A THIRD PARTY'S INTELLECTUAL PROPERTY
+ RIGHTS.
+ 9. Disclaimers. THE SERVICES ARE PROVIDED "AS IS." TO THE FULLEST
+ EXTENT PERMITTED BY LAW, EXCEPT AS EXPRESSLY STATED IN THIS
+ AGREEMENT, NEITHER CUSTOMER NOR DROPBOX AND ITS AFFILIATES,
+ SUPPLIERS, AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER
+ EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR USE, OR NON-INFRINGEMENT.
+ CUSTOMER IS RESPONSIBLE FOR MAINTAINING AND BACKING UP ANY STORED
+ DATA.
+ 10. Limitation of Liability.
+ a. Limitation on Indirect Liability. TO THE FULLEST EXTENT
+ PERMITTED BY LAW, EXCEPT FOR DROPBOX OR CUSTOMER'S
+ INDEMNIFICATION OBLIGATIONS, NEITHER CUSTOMER NOR DROPBOX AND
+ ITS AFFILIATES, SUPPLIERS, AND DISTRIBUTORS WILL BE LIABLE
+ UNDER THIS AGREEMENT FOR (I) INDIRECT, SPECIAL, INCIDENTAL,
+ CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR (II) LOSS OF
+ USE, DATA, BUSINESS, REVENUES, OR PROFITS (IN EACH CASE
+ WHETHER DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD
+ HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF A
+ REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
+ b. Limitation on Amount of Liability. TO THE FULLEST EXTENT
+ PERMITTED BY LAW, DROPBOX'S AGGREGATE LIABILITY UNDER THIS
+ AGREEMENT WILL NOT EXCEED THE LESSER OF $100,000 OR THE AMOUNT
+ PAID BY CUSTOMER FOR THE SERVICES HEREUNDER DURING THE TWELVE
+ MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
+ 11. Disputes.
+ a. Informal Resolution. Dropbox wants to address your concerns
+ without resorting to a formal legal case. Before filing a
+ claim, each party agrees to try to resolve the dispute by
+ contacting the other party through the notice procedures in
+ section 12(e). If a dispute is not resolved within 30 days of
+ notice, Customer or Dropbox may bring a formal proceeding.
+ b. Agreement to Arbitrate. Customer and Dropbox agree to resolve
+ any claims relating to this Agreement or the Services through
+ final and binding arbitration, except as set forth below. The
+ [72]American Arbitration Association (AAA) will administer the
+ arbitration under its Commercial Arbitration Rules. The
+ arbitration will be held in San Francisco (CA), or any other
+ location both parties agree to in writing.
+ c. Exception to Agreement to Arbitrate. Either party may bring a
+ lawsuit in the federal or state courts of San Francisco
+ County, California solely for injunctive relief to stop
+ unauthorized use or abuse of the Services or infringement of
+ Intellectual Property Rights without first engaging in the
+ informal dispute notice process described above. Both Customer
+ and Dropbox consent to venue and personal jurisdiction there.
+ d. NO CLASS ACTIONS. Customer may only resolve disputes with
+ Dropbox on an individual basis and will not bring a claim in a
+ class, consolidated, or representative action. Class
+ arbitrations, class actions, private attorney general actions,
+ and consolidation with other arbitrations are not allowed.
+ 12. Miscellaneous.
+ a. Terms Modification. Dropbox may revise this Agreement from
+ time to time and the most current version will always be
+ posted on the Dropbox Business website. If a revision, in
+ Dropbox's sole discretion, is material, Dropbox will notify
+ Customer (by, for example, sending an email to the email
+ address associated with the applicable account). Other
+ revisions may be posted to Dropbox's blog or terms page, and
+ Customer is responsible for checking such postings regularly.
+ By continuing to access or use the Services after revisions
+ become effective, Customer agrees to be bound by the revised
+ Agreement. If Customer does not agree to the revised Agreement
+ terms, Customer may terminate the Services within 30 days of
+ receiving notice of the change.
+ b. Entire Agreement. This Agreement, including Customer's invoice
+ and order form with Dropbox (if applicable), constitutes the
+ entire agreement between Customer and Dropbox with respect to
+ the subject matter of this Agreement and supersedes and
+ replaces any prior or contemporaneous understandings and
+ agreements, whether written or oral, with respect to the
+ subject matter of this Agreement. If there is a conflict
+ between the documents that make up this Agreement, the
+ documents will control in the following order: the Dropbox
+ invoice, the Dropbox order form, the Agreement.
+ c. Governing Law. THE AGREEMENT WILL BE GOVERNED BY CALIFORNIA
+ LAW EXCEPT FOR ITS CONFLICTS OF LAWS PRINCIPLES.
+ d. Severability. Unenforceable provisions will be modified to
+ reflect the parties' intention and only to the extent
+ necessary to make them enforceable, and the remaining
+ provisions of the Agreement will remain in full effect.
+ e. Notice. Notices must be sent via first class, airmail, or
+ overnight courier and are deemed given when received. Notices
+ to Customer may also be sent to the applicable account email
+ address and are deemed given when sent. Notices to Dropbox
+ must be sent to Dropbox, Inc., P.O. Box 77767, San Francisco,
+ CA 94107, with a copy to the Legal Department.
+ f. Waiver. A waiver of any default is not a waiver of any
+ subsequent default.
+ g. Assignment. Customer may not assign or transfer this Agreement
+ or any rights or obligations under this Agreement without the
+ written consent of Dropbox. Dropbox may not assign this
+ Agreement without providing notice to Customer, except Dropbox
+ may assign this Agreement or any rights or obligations under
+ this Agreement to an affiliate or in connection with a merger,
+ acquisition, corporate reorganization, or sale of all or
+ substantially all of its assets without providing notice. Any
+ other attempt to transfer or assign is void.
+ h. No Agency. Dropbox and Customer are not legal partners or
+ agents, but are independent contractors.
+ i. Force Majeure. Except for payment obligations, neither Dropbox
+ nor Customer will be liable for inadequate performance to the
+ extent caused by a condition that was beyond the party's
+ reasonable control (for example, natural disaster, act of war
+ or terrorism, riot, labor condition, governmental action, and
+ Internet disturbance).
+ j. No Third-Party Beneficiaries. There are no third-party
+ beneficiaries to this Agreement. Without limiting this
+ section, a Customer's End Users are not third-party
+ beneficiaries to Customer's rights under this Agreement.
+ k. Export Restrictions. The export and re-export of Customer Data
+ via the Services may be controlled by the United States Export
+ Administration Regulations or other applicable export
+ restrictions or embargo. The Services may not be used in Cuba,
+ Iran, North Korea, Sudan, or Syria or any country that is
+ subject to an embargo by the United States and Customer must
+ not use the Services in violation of any export restriction or
+ embargo by the United States or any other applicable
+ jurisdiction. In addition, Customer must ensure that the
+ Services are not provided to persons on the United States
+ Table of Denial Orders, the Entity List, or the List of
+ Specially Designated Nationals.
+ __________________________________________________________________
+
+Schedule 1
+
+Commission Decision C(2010)593
+
+Standard Contractual Clauses (processors)
+
+ For the purposes of Article 26(2) of Directive 95/46/EC for the
+ transfer of personal data to processors established in third countries
+ which do not ensure an adequate level of data protection
+
+ Name of the data exporting organisation: The Customer that is a party
+ to the Dropbox Business Agreement with Dropbox Ireland
+ (the data exporter)
+
+ And
+
+ Name of the data importing organisation: Dropbox, Inc.
+ Address: 333 Brannan Street, San Francisco, CA 94107 USA
+ (the data importer)
+
+ each a "party"; together "the parties",
+
+ HAVE AGREED on the following Contractual Clauses (the Clauses) in order
+ to adduce adequate safeguards with respect to the protection of privacy
+ and fundamental rights and freedoms of individuals for the transfer by
+ the data exporter to the data importer of the personal data specified
+ in [73]Appendix 1.
+
+Clause 1
+
+Definitions
+
+ For the purposes of the Clauses:
+ a. 'personal data', 'special categories of data',
+ 'process/processing', 'controller', 'processor', 'data subject' and
+ 'supervisory authority' shall have the same meaning as in Directive
+ 95/46/EC of the European Parliament and of the Council of 24
+ October 1995 on the protection of individuals with regard to the
+ processing of personal data and on the free movement of such
+ data^[74]1;
+ b. 'the data exporter' means the controller who transfers the personal
+ data;
+ c. 'the data importer' means the processor who agrees to receive from
+ the data exporter personal data intended for processing on his
+ behalf after the transfer in accordance with his instructions and
+ the terms of the Clauses and who is not subject to a third
+ country's system ensuring adequate protection within the meaning of
+ Article 25(1) of Directive 95/46/EC;
+ d. 'the subprocessor' means any processor engaged by the data importer
+ or by any other subprocessor of the data importer who agrees to
+ receive from the data importer or from any other subprocessor of
+ the data importer personal data exclusively intended for processing
+ activities to be carried out on behalf of the data exporter after
+ the transfer in accordance with his instructions, the terms of the
+ Clauses and the terms of the written subcontract;
+ e. 'the applicable data protection law' means the legislation
+ protecting the fundamental rights and freedoms of individuals and,
+ in particular, their right to privacy with respect to the
+ processing of personal data applicable to a data controller in the
+ Member State in which the data exporter is established;
+ f. 'technical and organisational security measures' means those
+ measures aimed at protecting personal data against accidental or
+ unlawful destruction or accidental loss, alteration, unauthorised
+ disclosure or access, in particular where the processing involves
+ the transmission of data over a network, and against all other
+ unlawful forms of processing.
+
+Clause 2
+
+Details of the transfer
+
+ The details of the transfer and in particular the special categories of
+ personal data where applicable are specified in Appendix 1 which forms
+ an integral part of the Clauses.
+
+Clause 3
+
+Third-party beneficiary clause
+
+ 1. The data subject can enforce against the data exporter this Clause,
+ Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1)
+ and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party
+ beneficiary.
+ 2. The data subject can enforce against the data importer this Clause,
+ Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
+ Clauses 9 to 12, in cases where the data exporter has factually
+ disappeared or has ceased to exist in law unless any successor
+ entity has assumed the entire legal obligations of the data
+ exporter by contract or by operation of law, as a result of which
+ it takes on the rights and obligations of the data exporter, in
+ which case the data subject can enforce them against such entity.
+ 3. The data subject can enforce against the subprocessor this Clause,
+ Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
+ Clauses 9 to 12, in cases where both the data exporter and the data
+ importer have factually disappeared or ceased to exist in law or
+ have become insolvent, unless any successor entity has assumed the
+ entire legal obligations of the data exporter by contract or by
+ operation of law as a result of which it takes on the rights and
+ obligations of the data exporter, in which case the data subject
+ can enforce them against such entity. Such third-party liability of
+ the subprocessor shall be limited to its own processing operations
+ under the Clauses.
+ 4. The parties do not object to a data subject being represented by an
+ association or other body if the data subject so expressly wishes
+ and if permitted by national law.
+
+Clause 4
+
+Obligations of the data exporter
+
+ The data exporter agrees and warrants:
+ a. that the processing, including the transfer itself, of the personal
+ data has been and will continue to be carried out in accordance
+ with the relevant provisions of the applicable data protection law
+ (and, where applicable, has been notified to the relevant
+ authorities of the Member State where the data exporter is
+ established) and does not violate the relevant provisions of that
+ State;
+ b. that it has instructed and throughout the duration of the personal
+ data processing services will instruct the data importer to process
+ the personal data transferred only on the data exporter's behalf
+ and in accordance with the applicable data protection law and the
+ Clauses;
+ c. that the data importer will provide sufficient guarantees in
+ respect of the technical and organisational security measures
+ specified in [75]Appendix 2 to this contract;
+ d. that after assessment of the requirements of the applicable data
+ protection law, the security measures are appropriate to protect
+ personal data against accidental or unlawful destruction or
+ accidental loss, alteration, unauthorised disclosure or access, in
+ particular where the processing involves the transmission of data
+ over a network, and against all other unlawful forms of processing,
+ and that these measures ensure a level of security appropriate to
+ the risks presented by the processing and the nature of the data to
+ be protected having regard to the state of the art and the cost of
+ their implementation;
+ e. that it will ensure compliance with the security measures;
+ f. that, if the transfer involves special categories of data, the data
+ subject has been informed or will be informed before, or as soon as
+ possible after, the transfer that its data could be transmitted to
+ a third country not providing adequate protection within the
+ meaning of Directive 95/46/EC;
+ g. to forward any notification received from the data importer or any
+ subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data
+ protection supervisory authority if the data exporter decides to
+ continue the transfer or to lift the suspension;
+ h. to make available to the data subjects upon request a copy of the
+ Clauses, with the exception of Appendix 2, and a summary
+ description of the security measures, as well as a copy of any
+ contract for subprocessing services which has to be made in
+ accordance with the Clauses, unless the Clauses or the contract
+ contain commercial information, in which case it may remove such
+ commercial information;
+ i. that, in the event of subprocessing, the processing activity is
+ carried out in accordance with Clause 11 by a subprocessor
+ providing at least the same level of protection for the personal
+ data and the rights of data subject as the data importer under the
+ Clauses; and
+ j. that it will ensure compliance with Clause 4(a) to (i).
+
+Clause 5
+
+Obligations of the data importer^[76]2
+
+ The data importer agrees and warrants:
+ a. to process the personal data only on behalf of the data exporter
+ and in compliance with its instructions and the Clauses; if it
+ cannot provide such compliance for whatever reasons, it agrees to
+ inform promptly the data exporter of its inability to comply, in
+ which case the data exporter is entitled to suspend the transfer of
+ data and/or terminate the contract;
+ b. that it has no reason to believe that the legislation applicable to
+ it prevents it from fulfilling the instructions received from the
+ data exporter and its obligations under the contract and that in
+ the event of a change in this legislation which is likely to have a
+ substantial adverse effect on the warranties and obligations
+ provided by the Clauses, it will promptly notify the change to the
+ data exporter as soon as it is aware, in which case the data
+ exporter is entitled to suspend the transfer of data and/or
+ terminate the contract;
+ c. that it has implemented the technical and organisational security
+ measures specified in Appendix 2 before processing the personal
+ data transferred;
+ d. that it will promptly notify the data exporter about:
+ i. any legally binding request for disclosure of the personal
+ data by a law enforcement authority unless otherwise
+ prohibited, such as a prohibition under criminal law to
+ preserve the confidentiality of a law enforcement
+ investigation,
+ ii. any accidental or unauthorised access, and
+ iii. any request received directly from the data subjects without
+ responding to that request, unless it has been otherwise
+ authorised to do so;
+ e. to deal promptly and properly with all inquiries from the data
+ exporter relating to its processing of the personal data subject to
+ the transfer and to abide by the advice of the supervisory
+ authority with regard to the processing of the data transferred;
+ f. at the request of the data exporter to submit its data processing
+ facilities for audit of the processing activities covered by the
+ Clauses which shall be carried out by the data exporter or an
+ inspection body composed of independent members and in possession
+ of the required professional qualifications bound by a duty of
+ confidentiality, selected by the data exporter, where applicable,
+ in agreement with the supervisory authority;
+ g. to make available to the data subject upon request a copy of the
+ Clauses, or any existing contract for subprocessing, unless the
+ Clauses or contract contain commercial information, in which case
+ it may remove such commercial information, with the exception of
+ Appendix 2 which shall be replaced by a summary description of the
+ security measures in those cases where the data subject is unable
+ to obtain a copy from the data exporter;
+ h. that, in the event of subprocessing, it has previously informed the
+ data exporter and obtained its prior written consent;
+ i. that the processing services by the subprocessor will be carried
+ out in accordance with Clause 11;
+ j. to send promptly a copy of any subprocessor agreement it concludes
+ under the Clauses to the data exporter.
+
+Clause 6
+
+Liability
+
+ 1. The parties agree that any data subject, who has suffered damage as
+ a result of any breach of the obligations referred to in Clause 3
+ or in Clause 11 by any party or subprocessor is entitled to receive
+ compensation from the data exporter for the damage suffered.
+ 2. If a data subject is not able to bring a claim for compensation in
+ accordance with paragraph 1 against the data exporter, arising out
+ of a breach by the data importer or his subprocessor of any of
+ their obligations referred to in Clause 3 or in Clause 11, because
+ the data exporter has factually disappeared or ceased to exist in
+ law or has become insolvent, the data importer agrees that the data
+ subject may issue a claim against the data importer as if it were
+ the data exporter, unless any successor entity has assumed the
+ entire legal obligations of the data exporter by contract of by
+ operation of law, in which case the data subject can enforce its
+ rights against such entity.
+ The data importer may not rely on a breach by a subprocessor of its
+ obligations in order to avoid its own liabilities.
+ 3. If a data subject is not able to bring a claim against the data
+ exporter or the data importer referred to in paragraphs 1 and 2,
+ arising out of a breach by the subprocessor of any of their
+ obligations referred to in Clause 3 or in Clause 11 because both
+ the data exporter and the data importer have factually disappeared
+ or ceased to exist in law or have become insolvent, the
+ subprocessor agrees that the data subject may issue a claim against
+ the data subprocessor with regard to its own processing operations
+ under the Clauses as if it were the data exporter or the data
+ importer, unless any successor entity has assumed the entire legal
+ obligations of the data exporter or data importer by contract or by
+ operation of law, in which case the data subject can enforce its
+ rights against such entity. The liability of the subprocessor shall
+ be limited to its own processing operations under the Clauses.
+
+Clause 7
+
+Mediation and jurisdiction
+
+ 1. The data importer agrees that if the data subject invokes against
+ it third-party beneficiary rights and/or claims compensation for
+ damages under the Clauses, the data importer will accept the
+ decision of the data subject:
+ a. to refer the dispute to mediation, by an independent person
+ or, where applicable, by the supervisory authority;
+ b. to refer the dispute to the courts in the Member State in
+ which the data exporter is established.
+ 2. The parties agree that the choice made by the data subject will not
+ prejudice its substantive or procedural rights to seek remedies in
+ accordance with other provisions of national or international law.
+
+Clause 8
+
+Cooperation with supervisory authorities
+
+ 1. The data exporter agrees to deposit a copy of this contract with
+ the supervisory authority if it so requests or if such deposit is
+ required under the applicable data protection law.
+ 2. The parties agree that the supervisory authority has the right to
+ conduct an audit of the data importer, and of any subprocessor,
+ which has the same scope and is subject to the same conditions as
+ would apply to an audit of the data exporter under the applicable
+ data protection law.
+ 3. The data importer shall promptly inform the data exporter about the
+ existence of legislation applicable to it or any subprocessor
+ preventing the conduct of an audit of the data importer, or any
+ subprocessor, pursuant to paragraph 2. In such a case the data
+ exporter shall be entitled to take the measures foreseen in Clause
+ 5 (b).
+
+Clause 9
+
+Governing Law
+
+ The Clauses shall be governed by the law of the Member State in which
+ the data exporter is established.
+
+Clause 10
+
+Variation of the contract
+
+ The parties undertake not to vary or modify the Clauses. This does not
+ preclude the parties from adding clauses on business related issues
+ where required as long as they do not contradict the Clause.
+
+Clause 11
+
+Subprocessing
+
+ 1. The data importer shall not subcontract any of its processing
+ operations performed on behalf of the data exporter under the
+ Clauses without the prior written consent of the data exporter.
+ Where the data importer subcontracts its obligations under the
+ Clauses, with the consent of the data exporter, it shall do so only
+ by way of a written agreement with the subprocessor which imposes
+ the same obligations on the subprocessor as are imposed on the data
+ importer under the Clauses^[77]3. Where the subprocessor fails to
+ fulfil its data protection obligations under such written agreement
+ the data importer shall remain fully liable to the data exporter
+ for the performance of the subprocessor's obligations under such
+ agreement.
+ 2. The prior written contract between the data importer and the
+ subprocessor shall also provide for a third-party beneficiary
+ clause as laid down in Clause 3 for cases where the data subject is
+ not able to bring the claim for compensation referred to in
+ paragraph 1 of Clause 6 against the data exporter or the data
+ importer because they have factually disappeared or have ceased to
+ exist in law or have become insolvent and no successor entity has
+ assumed the entire legal obligations of the data exporter or data
+ importer by contract or by operation of law. Such third-party
+ liability of the subprocessor shall be limited to its own
+ processing operations under the Clauses.
+ 3. The provisions relating to data protection aspects for
+ subprocessing of the contract referred to in paragraph 1 shall be
+ governed by the law of the Member State in which the data exporter
+ is established.
+ 4. The data exporter shall keep a list of subprocessing agreements
+ concluded under the Clauses and notified by the data importer
+ pursuant to Clause 5 (j), which shall be updated at least once a
+ year. The list shall be available to the data exporter's data
+ protection supervisory authority.
+
+Clause 12
+
+ Obligation after the termination of personal data processing services
+ 1. The parties agree that on the termination of the provision of data
+ processing services, the data importer and the subprocessor shall,
+ at the choice of the data exporter, return all the personal data
+ transferred and the copies thereof to the data exporter or shall
+ destroy all the personal data and certify to the data exporter that
+ it has done so, unless legislation imposed upon the data importer
+ prevents it from returning or destroying all or part of the
+ personal data transferred. In that case, the data importer warrants
+ that it will guarantee the confidentiality of the personal data
+ transferred and will not actively process the personal data
+ transferred anymore.
+ 2. The data importer and the subprocessor warrant that upon request of
+ the data exporter and/or of the supervisory authority, it will
+ submit its data processing facilities for an audit of the measures
+ referred to in paragraph 1.
+
+Additional Provisions
+
+ Capitalised terms used in Sections A to C and the Appendices but not
+ defined in the Clauses shall have the meaning provided in the Dropbox
+ Business Agreement between the data exporter and Dropbox Ireland.
+ A. Security Audit. The data importer maintains ISO/IEC 27001:2013 and
+ ISO/IEC 27018:2014 certifications, which are issued by an
+ independent third party auditor. The data importer will continue to
+ undergo regular ISO/IEC 27001:2013 and ISO/IEC 27018 audits
+ necessary for maintaining such certifications for the Services
+ during the Term. The data importer also regularly undergoes Service
+ Organization Control 2 (SOC 2) Type II audits. Subject to the data
+ importer's confidentiality obligations and no more than once a
+ year, the data importer will provide the data exporter with a copy
+ of the SOC 2 Type II Report upon written request. The data importer
+ will make new SOC 2 reports available as they are completed subject
+ to the data importer's confidentiality requirements. The data
+ importer regularly reviews its third party subservice
+ organizations, which undergo Standards for Attestation Engagements
+ No. 16 (SSAE 16) / International Standard on Assurance Engagements
+ No. 3402 (ISAE 3402) Service Organization Control 1 (SOC 1) Type II
+ or Service Organization Control 2 (SOC 2) Type II audits that
+ evaluate the design and effectiveness of their security policies,
+ procedures, and controls.
+ The data exporter agrees that the data importer's obligations set
+ forth in this Section A fully satisfy the audit rights under Clause
+ 5(f) and Clause 12 (2) of the Clauses.
+ B. Sub-processing. The data importer may engage other companies to
+ provide limited parts of the Services (including support services)
+ on the data importer's behalf, and the data exporter consents to
+ the data importer subcontracting the processing of personal data to
+ such sub-processors as described in the Clauses. The data importer
+ will ensure that any sub-processor will only access and use
+ personal data to provide the Services as set forth in a written
+ agreement between the data importer and the sub-processor. The data
+ exporter acknowledges that any requirements applicable to the data
+ importer under the Clauses in respect of agreements with
+ sub-processors shall be satisfied in full provided that the
+ sub-processing agreement between the data importer and the
+ sub-processor provides at least the level of data protection
+ required under the Dropbox Business Agreement.
+ C. Liability. The Clauses shall be subject to the limitations and
+ exclusions of liability contained in the "Limitation of Liability"
+ section of the Dropbox Business Agreement, such that the total
+ liability of the data importer and Dropbox Ireland, in aggregate,
+ shall not exceed the limitations set out in the Dropbox Business
+ Agreement. For the avoidance of doubt, the data exporter shall not
+ be entitled to recover from both the data importer and Dropbox
+ Ireland in respect of the same loss.
+ __________________________________________________________________
+
+Appendix 1 to the Standard Contractual Clauses
+
+ This Appendix forms part of the Clauses and must be completed and
+ signed by the parties.
+
+ The Member States may complete or specify, according to their national
+ procedures, any additional necessary information to be contained in
+ this Appendix.
+
+Data exporter
+
+ The data exporter is (please specify briefly your activities relevant
+ to the transfer):
+
+ The Customer to the Dropbox Business Agreement with Dropbox Ireland.
+
+Data importer
+
+ The data importer is (please specify briefly activities relevant to the
+ transfer):
+
+ Dropbox, Inc., a global provider of cloud services for individuals and
+ business. Dropbox, Inc., and its affiliates provide a website, software
+ and mobile applications that allow people to store files, synchronize
+ files across multiple devices, and collaborate with others. Dropbox,
+ Inc.'s service may also be accessed by Application Programming
+ Interfaces (APIs).
+
+Data subjects
+
+ The personal data transferred concern the following categories of data
+ subjects (please specify):
+
+ The data exporter and data exporter's affiliates' end users including
+ employees, consultants and contractors of the data exporter, as well as
+ any individuals collaborating or sharing with these end users using the
+ services provided by data importer.
+
+Categories of data
+
+ The personal data transferred concern the following categories of data
+ (please specify):
+
+ End users identifying information and organization data (both on-line
+ and off-line) as well as documents, images and other content or data in
+ electronic form stored or transmitted by end users via data importer's
+ services.
+
+Processing operations
+
+ The personal data transferred will be subject to the following basic
+ processing activities (please specify):
+
+ The data importer or its sub-processors will use and process personal
+ data and the data exporter instructs the data importer to use and
+ process personal data in order to provide the Services under the
+ Dropbox Business Agreement.
+ __________________________________________________________________
+
+Appendix 2 to the Standard Contractual Clauses
+
+ This Appendix forms part of the Clauses and must be completed and
+ signed by the parties.
+
+ Description of the technical and organisational security measures
+ implemented by the data importer in accordance with Clauses 4(d) and
+ 5(c) (or document/legislation attached):
+
+Data Privacy Contact
+
+ The data privacy officer of the data importer can be reached at
+ privacy@dropbox.com
+
+Security Measures
+
+ The data importer has implemented and will maintain appropriate
+ administrative, technical and physical safeguards to protect personal
+ data as further described in the Dropbox for Business Security
+ Whitepaper (available as of the Effective Date at:
+ [78]https://www.dropbox.com/…/Security_Whitepaper.pdf) and additionally
+ set forth below. The data importer may update these security measures
+ from time to time, with the most recent version available at the above
+ URL (or other URL as communicated by data importer), provided however
+ that data importer will notify data exporter if data importer updates
+ the security measures in a manner that materially diminishes the
+ administrative, technical or physical security features described
+ therein or in this Appendix 2.
+ 1. Service Security
+ 1. Dropbox Architecture. The data importer's service is designed
+ with multiple layers of protection, covering data transfer,
+ encryption, network configuration and application-level
+ controls that are distributed across a scalable, secure
+ infrastructure. End users of data importer's service can
+ access files and folders at any time from the desktop, web and
+ mobile clients. All of these clients connect to secure
+ services to provide access to files, allow file sharing with
+ others, and update linked devices when files are added,
+ changed or deleted. The service can be utilized and accessed
+ through a number of interfaces. Each has security settings and
+ features that process and protect the data while ensuring ease
+ of access.
+ 2. Reliability. The data importer's service is developed with
+ multiple layers of redundancy to guard against data loss and
+ ensure availability.
+ 3. Encryption. To protect the data in transit between the data
+ exporter and data importer, data importer uses Secure Sockets
+ Layer (SSL)/Transport Layer Security (TLS) for data transfer,
+ creating a secure tunnel protected by 128-bit or higher
+ Advanced Encryption Standard (AES) encryption. File data at
+ rest is encrypted using 256-bit AES encryption. The data
+ importer's encryption key management infrastructure is
+ designed with operational, technical and procedural security
+ controls with very limited direct access to keys. Encryption
+ key generation, exchange and storage are distributed for
+ decentralized processing.
+ 4. User Management Features. End users of data importer's service
+ have the ability to restore lost files and recover previous
+ versions of files, ensuring changes to those files can be
+ tracked and retrieved. The data importer's service allows for
+ the use of a two-step authentication procedure which adds an
+ extra layer of protection.
+ 5. Data Centers. The data importer's corporate and production
+ systems are housed at third-party subservice organization data
+ centers located in the United States. The data importer
+ reviews all subservice organization data center Service
+ Organization Control (SOC) 1 and/or SOC 2 reports at a minimum
+ annually for sufficient security controls.
+ 2. Information Security.
+ 1. Policies. The data importer has established a thorough set of
+ security policies covering areas of information security,
+ physical security, incident response, logical access, physical
+ production access, change management and support. These
+ policies are reviewed and approved at least annually. The data
+ importer personnel are notified of updates to these policies
+ and are provided security training.
+ 2. Personnel Policy and Access. The data importer's internal
+ policies require onboarding procedures that include background
+ checks (as allowed by local laws), security policy
+ acknowledgement, communicating updates to security policy, and
+ non-disclosure agreements. All personnel access is promptly
+ removed when an employee or contractor leaves the company. The
+ data importer employs technical access controls and internal
+ policies to prohibit employees or contractors from arbitrarily
+ accessing file data and to restrict access to metadata and
+ other information about end users' accounts. In order to
+ protect end user privacy and security, only a small number of
+ employees or contractors have access to the environment where
+ end user files are stored. A record of access request,
+ justification and approval are recorded by management and
+ access is granted by appropriate individuals.
+ 3. Network Security. The data importer maintains network security
+ and monitoring techniques that are designed to provide
+ multiple layers of protection and defense. The data importer
+ employs industry-standard protection techniques, including
+ firewalls, network security monitoring, and intrusion
+ detection systems to ensure only eligible traffic is able to
+ reach data importer's infrastructure.
+ 4. Change Management. The data importer ensures that
+ security-related changes have been authorized prior to
+ implementation into the production environments. Source code
+ changes are initiated by developers that would like to make an
+ enhancement to a data importer application or service. Changes
+ to data importer's infrastructure are restricted to authorized
+ personnel only. Changes to the application level of the
+ services are required to go through automated quality
+ assurance ("QA") testing procedures to verify that security
+ requirements are met. Successful completion of QA procedures
+ leads to implementation of the change.
+ 5. Compliance. The data importer, its data center providers, and
+ its managed service provider undergo regular security audits
+ which are performed by an independent third party. The data
+ importer will continue to participate in regular ISO/IEC
+ 27001:2013 and ISO/IEC 27018:2014 audits. Data importer also
+ reviews SOC 1 and/or SOC 2 reports for all subservice
+ organizations. In the event a subservice organization's SOC 1
+ and/or SOC 2 report is unavailable, data importer performs
+ security site visits to verify applicable physical,
+ environmental, and operational security controls satisfy
+ control criteria and contractual requirements. The data
+ importer evaluates additional certifications and compliance
+ attestations, as made available to data importer by the
+ subservice providers, on an ongoing basis.
+ 3. Physical Security
+ 1. Infrastructure. Physical access to subservice organization
+ facilities where production systems reside are restricted to
+ personnel authorized by data importer, as required to perform
+ their job function. Any individuals requiring additional
+ access to production environment facilities are granted that
+ access through explicit approval by appropriate management.
+ 2. Office. The data importer maintains a physical security team
+ that is responsible for enforcing physical security policy and
+ overseeing the security of data importer's corporate offices.
+ Access to areas containing corporate services is restricted to
+ authorized personnel via elevated roles granted through the
+ badge access system.
+ __________________________________________________________________
+
+Footnotes
+
+ 1. Parties may reproduce definitions and meanings contained in
+ Directive 95/46/EC within this Clause if they considered it better
+ for the contract to stand alone. [79]↩
+ 2. Mandatory requirements of the national legislation applicable to
+ the data importer which do not go beyond what is necessary in a
+ democratic society on the basis of one of the interests listed in
+ Article 13(1) of Directive 95/46/EC, that is, if they constitute a
+ necessary measure to safeguard national security, defence, public
+ security, the prevention, investigation, detection and prosecution
+ of criminal offences or of breaches of ethics for the regulated
+ professions, an important economic or financial interest of the
+ State or the protection of the data subject or the rights and
+ freedoms of others, are not in contradiction with the standard
+ contractual clauses. Some examples of such mandatory requirements
+ which do not go beyond what is necessary in a democratic society
+ are, inter alia, internationally recognised sanctions,
+ tax-reporting requirements or anti-money-laundering reporting
+ requirements. [80]↩
+ 3. This requirement may be satisfied by the subprocessor co-signing
+ the contract entered into between the data exporter and the data
+ importer under this Decision. [81]↩
+
+Dropbox DMCA Policy
+
+ Dropbox (“Dropbox”) respects the intellectual property rights of others
+ and expects its users to do the same. In accordance with the Digital
+ Millennium Copyright Act of 1998, the text of which may be found on the
+ U.S. Copyright Office website at
+ [82]http://www.copyright.gov/legislation/dmca.pdf, Dropbox will respond
+ expeditiously to claims of copyright infringement committed using the
+ Dropbox service and/or the Dropbox website (the “Site”) if such claims
+ are reported to Dropbox’s Designated Copyright Agent identified in the
+ sample notice below.
+
+ If you are a copyright owner, authorized to act on behalf of one, or
+ authorized to act under any exclusive right under copyright, please
+ report alleged copyright infringements taking place on or through the
+ Site by completing the following DMCA Notice of Alleged Infringement
+ and delivering it to Dropbox’s Designated Copyright Agent. Upon receipt
+ of Notice as described below, Dropbox will take whatever action, in its
+ sole discretion, it deems appropriate, including removal of the
+ challenged content from the Site.
+
+ DMCA Notice of Alleged Infringement (“Notice”)
+
+ 1. Identify the copyrighted work that you claim has been infringed, or
+ - if multiple copyrighted works are covered by this Notice - you
+ may provide a representative list of the copyrighted works that you
+ claim have been infringed.
+ 2. Identify the material or link you claim is infringing (or the
+ subject of infringing activity) and to which access is to be
+ disabled, including at a minimum, if applicable, the URL of the
+ link shown on the Site or the exact location where such material
+ may be found.
+ 3. Provide your company affiliation (if applicable), mailing address,
+ telephone number, and, if available, email address.
+ 4. Include both of the following statements in the body of the Notice:
+ + “I hereby state that I have a good faith belief that the
+ disputed use of the copyrighted material is not authorized by
+ the copyright owner, its agent, or the law (e.g., as a fair
+ use).”
+ + “I hereby state that the information in this Notice is
+ accurate and, under penalty of perjury, that I am the owner,
+ or authorized to act on behalf of, the owner, of the copyright
+ or of an exclusive right under the copyright that is allegedly
+ infringed.”
+ 5. Provide your full legal name and your electronic or physical
+ signature.
+
+ Deliver this Notice, with all items completed, to Dropbox’s Designated
+ Copyright Agent:
+ Copyright Agent
+ Dropbox Inc.
+ 333 Brannan Street
+ San Francisco, CA 94107
+ [83]copyright@dropbox.com
+ [84]Submit DMCA notice
+
+Dropbox Acceptable Use Policy
+
+ Dropbox is used by millions of people, and we're proud of the trust
+ placed in us. In exchange, we trust you to use our services
+ responsibly.
+
+ You agree not to misuse the Dropbox services ("Services") or help
+ anyone else to do so. For example, you must not even try to do any of
+ the following in connection with the Services:
+ * probe, scan, or test the vulnerability of any system or network;
+ * breach or otherwise circumvent any security or authentication
+ measures;
+ * access, tamper with, or use non-public areas or parts of the
+ Services, or shared areas of the Services you haven't been invited
+ to;
+ * interfere with or disrupt any user, host, or network, for example
+ by sending a virus, overloading, flooding, spamming, or
+ mail-bombing any part of the Services;
+ * access, search, or create accounts for the Services by any means
+ other than our publicly supported interfaces (for example,
+ "scraping" or creating accounts in bulk);
+ * send unsolicited communications, promotions or advertisements, or
+ spam;
+ * send altered, deceptive or false source-identifying information,
+ including "spoofing" or "phishing";
+ * promote or advertise products or services other than your own
+ without appropriate authorization;
+ * abuse referrals or promotions to get more storage space than
+ deserved;
+ * circumvent storage space limits;
+ * sell the Services unless specifically authorized to do so;
+ * publish or share materials that are unlawfully pornographic or
+ indecent, or that contain extreme acts of violence;
+ * advocate bigotry or hatred against any person or group of people
+ based on their race, religion, ethnicity, sex, gender identity,
+ sexual preference, disability, or impairment;
+ * violate the law in any way, including storing, publishing or
+ sharing material that's fraudulent, defamatory, or misleading; or
+ * violate the privacy or infringe the rights of others.