aboutsummaryrefslogtreecommitdiff
path: root/network/dropbox/policies
blob: 3392464a169477e3fcab59fc5699111c97353ebf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
Dropbox Terms of Service

   Posted: November 4, 2015

   Thanks for using Dropbox! These terms of service ("Terms") cover your
   use and access to our services, client software and websites
   ("Services"). If you reside outside of the United States of America,
   Canada and Mexico (“North America”) your agreement is with Dropbox
   Ireland, and if you reside in North America your agreement is with
   Dropbox, Inc. Our [45]Privacy Policy explains how we collect and use
   your information while our [46]Acceptable Use Policy outlines your
   responsibilities when using our Services. By using our Services, you're
   agreeing to be bound by these Terms, and to review our [47]Privacy and
   [48]Acceptable Use policies. If you're using our Services for an
   organization, you're agreeing to these Terms on behalf of that
   organization.

Your Stuff & Your Permissions

   When you use our Services, you provide us with things like your files,
   content, email messages, contacts and so on ("Your Stuff"). Your Stuff
   is yours. These Terms don't give us any rights to Your Stuff except for
   the limited rights that enable us to offer the Services.

   We need your permission to do things like hosting Your Stuff, backing
   it up, and sharing it when you ask us to. Our Services also provide you
   with features like photo thumbnails, document previews, email
   organization, easy sorting, editing, sharing and searching. These and
   other features may require our systems to access, store and scan Your
   Stuff. You give us permission to do those things, and this permission
   extends to our affiliates and trusted third parties we work with.

Sharing Your Stuff

   Our Services let you share Your Stuff with others, so please think
   carefully about what you share.

Your Responsibilities

   You're responsible for your conduct, Your Stuff and you must comply
   with our [49]Acceptable Use Policy. Content in the Services may be
   protected by others' intellectual property rights. Please don't copy,
   upload, download or share content unless you have the right to do so.

   We may review your conduct and content for compliance with these Terms
   and our [50]Acceptable Use Policy. With that said, we have no
   obligation to do so. We aren't responsible for the content people post
   and share via the Services.

   Please safeguard your password to the Services, make sure that others
   don't have access to it, and keep your account information current.

   Finally, our Services are not intended for and may not be used by
   people under the age of 13. By using our Services, you are representing
   to us that you're over 13.

Software

   Some of our Services allow you to download client software ("Software")
   which may update automatically. So long as you comply with these Terms,
   we give you a limited, nonexclusive, nontransferable, revocable license
   to use the Software, solely to access the Services. To the extent any
   component of the Software may be offered under an open source license,
   we'll make that license available to you and the provisions of that
   license may expressly override some of these Terms. Unless the
   following restrictions are prohibited by law, you agree not to reverse
   engineer or decompile the Services, attempt to do so, or assist anyone
   in doing so.

Beta Services

   We sometimes release products and features that we are still testing
   and evaluating. Those Services have been marked beta, preview, early
   access, or evaluation (or with words or phrases with similar meanings)
   and may not be as reliable as Dropbox’s other services, so please keep
   that in mind.

Our Stuff

   The Services are protected by copyright, trademark, and other US and
   foreign laws. These Terms don't grant you any right, title or interest
   in the Services, others' content in the Services, Dropbox trademarks,
   logos and other brand features. We welcome feedback, but note that we
   may use comments or suggestions without any obligation to you.

Copyright

   We respect the intellectual property of others and ask that you do too.
   We respond to notices of alleged copyright infringement if they comply
   with the law, and such notices should be reported using our
   [51]Copyright Policy. We reserve the right to delete or disable content
   alleged to be infringing and terminate accounts of repeat infringers.
   Our designated agent for notice of alleged copyright infringement on
   the Services is:

   Copyright Agent
   Dropbox, Inc.
   333 Brannan Street
   San Francisco, CA 94107
   copyright@dropbox.com

Paid Accounts

   Billing. You can increase your storage space and add paid features to
   your account (turning your account into a "Paid Account"). We'll
   automatically bill you from the date you convert to a Paid Account and
   on each periodic renewal until cancellation. You're responsible for all
   applicable taxes, and we'll charge tax when required to do so.

   No Refunds. You may cancel your Dropbox Paid Account at any time but
   you won't be issued a refund [52]unless it's legally required.

   Downgrades. Your Paid Account will remain in effect until it's
   cancelled or terminated under these Terms. If you don't pay for your
   Paid Account on time, we reserve the right to suspend it or reduce your
   storage to free space levels.

   Changes. We may change the fees in effect but will give you advance
   notice of these changes via a message to the email address associated
   with your account.

Dropbox Business

   Email address. If you sign up for a Dropbox account with an email
   address provisioned by your employer, your employer may be able to
   block your use of Dropbox until you transition to a Dropbox Business or
   Dropbox Enterprise account or you associate your Dropbox account with a
   personal email address.

   Using Dropbox Business or Dropbox Enterprise. If you join a Dropbox
   Business or Dropbox Enterprise account, you must use it in compliance
   with your employer's terms and policies. Please note that Dropbox
   Business and Dropbox Enterprise accounts are subject to your employer's
   control. Your administrators may be able to access, disclose, restrict,
   or remove information in or from your Dropbox Business or Dropbox
   Enterprise account. They may also be able to restrict or terminate your
   access to a Dropbox Business or Dropbox Enterprise account. If you
   convert an existing Dropbox account into a Dropbox Business or Dropbox
   Enterprise account, your administrators may prevent you from later
   disassociating your account from the Dropbox Business or Dropbox
   Enterprise account.

Termination

   You're free to stop using our Services at any time. We also reserve the
   right to suspend or end the Services at any time at our discretion and
   without notice. For example, we may suspend or terminate your use of
   the Services if you're not complying with these Terms, or use the
   Services in a manner that would cause us legal liability, disrupt the
   Services or disrupt others' use of the Services. Except for Paid
   Accounts, we reserve the right to terminate and delete your account if
   you haven't accessed our Services for 12 consecutive months. We'll of
   course provide you with notice via the email address associated with
   your account before we do so.

Services "AS IS"

   We strive to provide great Services, but there are certain things that
   we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX AND
   ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER
   EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS
   IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
   PARTICULAR PURPOSE AND NON-INFRINGEMENT. Some places don't allow the
   disclaimers in this paragraph, so they may not apply to you.

Limitation of Liability

   TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT FOR ANY LIABILITY FOR
   DROPBOX’S OR ITS AFFILIATES’ FRAUD, FRAUDULENT MISREPRESENTATION, OR
   GROSS NEGLIGENCE, IN NO EVENT WILL DROPBOX, ITS AFFILIATES, SUPPLIERS
   OR DISTRIBUTORS BE LIABLE FOR:

   (A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR
   CONSEQUENTIAL DAMAGES, OR

   (B) ANY LOSS OF USE, DATA, BUSINESS, OR PROFITS, REGARDLESS OF LEGAL
   THEORY.

   THIS WILL BE REGARDLESS OF WHETHER OR NOT DROPBOX OR ANY OF ITS
   AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN
   IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

   ADDITIONALLY, DROPBOX, ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS WILL
   NOT BE LIABLE FOR AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE
   SERVICES FOR MORE THAN THE GREATER OF $20 OR THE AMOUNTS PAID BY YOU TO
   DROPBOX FOR THE PAST 12 MONTHS OF THE SERVICES IN QUESTION.

   Some places don't allow the types of limitations in this paragraph, so
   they may not apply to you.

Resolving Disputes

   Let's Try To Sort Things Out First. We want to address your concerns
   without needing a formal legal case. Before filing a claim against
   Dropbox, you agree to try to resolve the dispute informally by
   contacting dispute-notice@dropbox.com. We'll try to resolve the dispute
   informally by contacting you via email. If a dispute is not resolved
   within 15 days of submission, you or Dropbox may bring a formal
   proceeding.

   Judicial forum for disputes. You and Dropbox agree that any judicial
   proceeding to resolve claims relating to these Terms or the Services
   will be brought in the federal or state courts of San Francisco County,
   California, subject to the mandatory arbitration provisions below. Both
   you and Dropbox consent to venue and personal jurisdiction in such
   courts.

IF YOU’RE A U.S. RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY
ARBITRATION PROVISIONS:

   We Both Agree To Arbitrate. You and Dropbox agree to resolve any claims
   relating to these Terms or the Services through final and binding
   arbitration, except as set forth under Exceptions to Agreement to
   Arbitrate below.

   Opt-out of Agreement to Arbitrate. You can decline this agreement to
   arbitrate by [53]clicking here and submitting the opt-out form within
   30 days of first accepting these Terms.

   Arbitration Procedures. The [54]American Arbitration Association (AAA)
   will administer the arbitration under its Commercial Arbitration Rules
   and the Supplementary Procedures for Consumer Related Disputes. The
   arbitration will be held in the United States county where you live or
   work, San Francisco (CA), or any other location we agree to.

   Arbitration Fees and Incentives. The AAA rules will govern payment of
   all arbitration fees. Dropbox will pay all arbitration fees for claims
   less than $75,000. If you receive an arbitration award that is more
   favorable than any offer we make to resolve the claim, we will pay you
   $1,000 in addition to the award. Dropbox will not seek its attorneys'
   fees and costs in arbitration unless the arbitrator determines that
   your claim is frivolous.

   Exceptions to Agreement to Arbitrate. Either you or Dropbox may assert
   claims, if they qualify, in small claims court in San Francisco (CA) or
   any United States county where you live or work. Either party may bring
   a lawsuit solely for injunctive relief to stop unauthorized use or
   abuse of the Services, or intellectual property infringement (for
   example, trademark, trade secret, copyright, or patent rights) without
   first engaging in arbitration or the informal dispute-resolution
   process described above. If the agreement to arbitrate is found not to
   apply to you or your claim, you agree to the exclusive jurisdiction of
   the state and federal courts in San Francisco County, California to
   resolve your claim.

   NO CLASS ACTIONS. You may only resolve disputes with us on an
   individual basis, and may not bring a claim as a plaintiff or a class
   member in a class, consolidated, or representative action. Class
   arbitrations, class actions, private attorney general actions, and
   consolidation with other arbitrations aren't allowed.

Controlling Law

   These Terms will be governed by California law except for its conflicts
   of laws principles, unless otherwise required by a mandatory law of any
   other jurisdiction.

Entire Agreement

   These Terms constitute the entire agreement between you and Dropbox
   with respect to the subject matter of these Terms, and supersede and
   replace any other prior or contemporaneous agreements, or terms and
   conditions applicable to the subject matter of these Terms. These Terms
   create no third party beneficiary rights.

Waiver, Severability & Assignment

   Dropbox's failure to enforce a provision is not a waiver of its right
   to do so later. If a provision is found unenforceable, the remaining
   provisions of the Terms will remain in full effect and an enforceable
   term will be substituted reflecting our intent as closely as possible.
   You may not assign any of your rights under these Terms, and any such
   attempt will be void. Dropbox may assign its rights to any of its
   affiliates or subsidiaries, or to any successor in interest of any
   business associated with the Services.

Modifications

   We may revise these Terms from time to time, and will always post the
   most current version on our website. If a revision meaningfully reduces
   your rights, we will notify you (by, for example, sending a message to
   the email address associated with your account, posting on our blog or
   on this page). By continuing to use or access the Services after the
   revisions come into effect, you agree to be bound by the revised Terms.

   If your organization signed a Dropbox Business or Dropbox Enterprise
   Agreement with Dropbox, that Agreement may have modified the privacy
   policy below. Please [55]contact your organization’s Admin for details.

Dropbox Privacy Policy

   Posted: February 12, 2016

   Thanks for using Dropbox! Here we describe how we collect, use and
   handle your information when you use our websites, software and
   services ("Services").

What & Why

   We collect and use the following information to provide, improve and
   protect our Services:

   Account. We collect, and associate with your account, information like
   your name, email address, phone number, payment info, and physical
   address. Some of our services let you access your accounts and your
   information with other service providers.

   Services. When you use our Services, we store, process and transmit
   your files (including stuff like your photos, [56]structured data and
   emails) and information related to them (for example, location tags in
   photos). If you give us access to your contacts, we'll store those
   contacts on our servers for you to use. This will make it easy for you
   to do things like share your stuff, send emails, and invite others to
   use the Services.

   Usage. We collect information from and about the devices you use to
   access the Services. This includes things like IP addresses, the type
   of browser and device you use, the web page you visited before coming
   to our sites, and identifiers associated with your devices. Your
   devices (depending on their settings) may also transmit location
   information to the Services.

   Cookies and other technologies. We use technologies like [57]cookies
   and pixel tags to provide, improve, protect and promote our Services.
   For example, cookies help us with things like remembering your username
   for your next visit, understanding how you are interacting with our
   Services, and improving them based on that information. You can set
   your browser to not accept cookies, but this may limit your ability to
   use the Services. If our systems receive a DNT:1 signal from your
   browser, we'll respond to that signal as outlined [58]here.

With whom

   We may share information as discussed below, but we won't sell it to
   advertisers or other third-parties.

   Others working for Dropbox. Dropbox uses certain trusted third parties
   to help us provide, improve, protect, and promote our Services. These
   third parties will access your information only to perform tasks on our
   behalf and in compliance with this Privacy Policy.

   Other users. Our Services display information like your name and email
   address to other users in places like your user profile and sharing
   notifications. Certain features let you make additional information
   available to other users.

   Other applications. You can also give third parties access to your
   information and account - for example, via [59]Dropbox APIs. Just
   remember that their use of your information will be governed by their
   privacy policies and terms.

   Dropbox Business and Dropbox Enterprise Admins. If you are a Dropbox
   Business or Dropbox Enterprise user, your administrator may have the
   ability to access and control your Dropbox Business or Dropbox
   Enterprise account. Please refer to your employer's internal policies
   if you have questions about this. If you are not a Dropbox Business
   user but interact with a Dropbox Business or Dropbox Enterprise user
   (by, for example, joining a shared folder or accessing stuff shared by
   that user), members of that organization may be able to view the name,
   email address and IP address that were associated with your account at
   the time of that interaction.

   Law & Order. We may disclose your information to third parties if we
   determine that such disclosure is reasonably necessary to (a) comply
   with the law; (b) protect any person from death or serious bodily
   injury; (c) prevent fraud or abuse of Dropbox or our users; or (d)
   protect Dropbox's property rights.

   Stewardship of your data is critical to us and a responsibility that we
   embrace. We believe that our users' data should receive the same legal
   protections regardless of whether it's stored on our services or on
   their home computer's hard drive. We'll abide by the following
   [60]Government Request Principles when receiving, scrutinizing and
   responding to government requests for our users' data:
     * Be transparent,
     * Fight blanket requests,
     * Protect all users, and
     * Provide trusted services.

   Please visit our [61]Government Request Principles and [62]Transparency
   Report for more detailed information.

How

   Security. We have a team dedicated to keeping your information secure
   and testing for vulnerabilities. We also continue to work on features
   to keep your information safe in addition to things like two-factor
   authentication, encryption of files at rest, and alerts when new
   devices and apps are linked to your account.

   Retention. We'll retain information you store on our Services for as
   long as we need it to provide you the Services. If you delete your
   account, we'll also delete this information. But please note: (1) there
   might be some latency in deleting this information from our servers and
   back-up storage; and (2) we may retain this information if necessary to
   comply with our legal obligations, resolve disputes, or enforce our
   agreements.

Where

   Around the world. To provide you with the Services, we may store,
   process and transmit information in the United States and locations
   around the world - including those outside your country. Information
   may also be stored locally on the devices you use to access the
   Services.

   Safe Harbor. Dropbox complies with the EU-U.S. and Swiss-U.S. Safe
   Harbor ("Safe Harbor") frameworks and principles. We have certified our
   compliance, and you can view our certifications [63]here. You can learn
   more about Safe Harbor by visiting [64]http://export.gov/safeharbor.
   JAMS is the independent organization responsible for reviewing and
   resolving complaints about our Safe Harbor compliance. We ask that you
   first submit any such complaints directly to us via
   privacy@dropbox.com. If you aren't satisfied with our response, please
   contact JAMS at
   [65]http://www.jamsinternational.com/rules-procedures/safeharbor/file-s
   afe-harbor-claim.

   NOTE: When transferring data from the European Union, the European
   Economic Area, and Switzerland, Dropbox relies upon a variety of legal
   mechanisms, including contracts with our users. Dropbox doesn’t rely
   upon Safe Harbor as a legal basis for data transfer but does adhere to
   the [66]Safe Harbor Privacy Principles while specific guidance for the
   forthcoming EU-US Privacy Shield program is developed. For information
   about data transfers from Europe to the United States, please visit
   [67]this page.

Changes

   If we are involved in a reorganization, merger, acquisition or sale of
   our assets, your information may be transferred as part of that deal.
   We will notify you (for example, via a message to the email address
   associated with your account) of any such deal and outline your choices
   in that event.

   We may revise this Privacy Policy from time to time, and will post the
   most current version on our website. If a revision meaningfully reduces
   your rights, we will notify you.

Contact

   Have questions or concerns about Dropbox, our Services and privacy?
   Contact us at [68]privacy@dropbox.com.

   This section of the agreement only applies to [69]Dropbox Business
   customers. If your organization signed a Dropbox Business or Dropbox
   Enterprise Agreement with Dropbox, that Agreement may be different from
   the terms below. Please [70]contact your organization’s Admin for
   details.

Dropbox Business Agreement

   Posted: June 2, 2016

   This Dropbox Business Agreement (the "Agreement") is between Dropbox
   Ireland if your organization is based outside of the United States,
   Canada and Mexico ("North America") or, if your organization is based
   in North America, with Dropbox, Inc., a Delaware corporation (each,
   "Dropbox") and the organization agreeing to these terms ("Customer").
   This Agreement governs access to and use of the Dropbox Business client
   software and services (together, "Dropbox Business"), as well as those
   Beta Services that are made available to you (together, with Dropbox
   Business, the "Services"). By clicking "I Agree," signing your contract
   for the Services or using the Services, you agree to this Agreement as
   a Customer.

   To the extent Dropbox, Inc. is, on behalf of Customer, processing
   Customer Data that is subject to national laws implementing EU Data
   Protection Directive (95/46/EC) ("EU Data Protection Laws"), then, by
   clicking "I agree," you are also agreeing to the EU Standard
   Contractual Clauses with Dropbox, Inc. for the transfer of personal
   data to processors set forth in Schedule 1.

   If you are agreeing to this Agreement and Schedule 1 (if applicable)
   for use of the Services by an organization, you are agreeing on behalf
   of that organization. You must have the authority to bind that
   organization to these terms, otherwise you must not sign up for the
   Services.
    1. Services.
         a. Provision of Services. Customer and users of Customer's
            Services account ("End Users") may access and use the Services
            in accordance with this Agreement.
         b. Facilities and Data Processing. Dropbox will use, at a
            minimum, industry standard technical and organizational
            security measures to transfer, store, and process Customer
            Data. These measures are designed to protect the integrity of
            Customer Data and guard against the unauthorized or unlawful
            access to, use, and processing of Customer Data. Customer
            agrees that Dropbox may transfer, store, and process Customer
            Data in the United States and locations other than Customer's
            country. To the extent that Customer Data is subject to EU
            Data Protection Laws and is processed by Dropbox as a data
            processor acting on Customer's behalf (as a data controller),
            Dropbox will use and process such Customer Data as Customer
            instructs in order to provide the Services and fulfil
            Dropbox's obligations under the Agreement. "Customer Data"
            means Stored Data and Account Data. "Stored Data" means the
            files and structured data submitted to the Services by
            Customer or End Users. "Account Data" means the account and
            contact information submitted to the Services by Customer or
            End Users.
         c. Modifications to the Services. Dropbox may update the Services
            from time to time. If Dropbox changes the Services in a manner
            that materially reduces their functionality, Dropbox will
            inform Customer via the email address associated with the
            account.
         d. Software. Some Services allow Customer to download Dropbox
            software which may update automatically. Customer may use the
            software only to access the Services. If any component of the
            software is offered under an open source license, Dropbox will
            make the license available to Customer and the provisions of
            that license may expressly override some of the terms of this
            Agreement.
         e. Beta Services. Dropbox may provide features or products that
            we are still testing and evaluating. These products and
            features are identified as alpha, beta, preview, early access,
            or evaluation (or words or phrases with similar meanings)
            (collectively, "Beta Services"). Notwithstanding anything to
            the contrary in this Agreement or in Schedule 1, the following
            terms apply to all Beta Services: (a) you may use or decline
            to use any Beta Services; (b) Beta Services may not be
            supported and may be changed at any time without notice to
            you; (c) Beta Services may not be as reliable or available as
            Dropbox Business; (d) Beta Services have not been subjected to
            the same security measures and auditing to which Dropbox
            Business has been subjected; and (e) DROPBOX WILL HAVE NO
            LIABILITY ARISING OUT OF OR IN CONNECTION WITH BETA
            SERVICES—USE AT YOUR OWN RISK.
    2. Customer Obligations.
         a. Compliance. Customer is responsible for use of the Services by
            its End Users. Customer and its End Users must use the
            Services in compliance with the [71]Acceptable Use Policy.
            Customer will obtain from End Users any consents necessary to
            allow Administrators to engage in the activities described in
            this Agreement and to allow Dropbox to provide the Services.
            Customer will comply with laws and regulations applicable to
            Customer's use of the Services, if any.
         b. Customer Administration of the Services. Customer may specify
            End Users as "Administrators" through the administrative
            console. Administrators may have the ability to access,
            disclose, restrict or remove Customer Data in or from Services
            accounts. Administrators may also have the ability to monitor,
            restrict, or terminate access to Services accounts. Dropbox's
            responsibilities do not extend to the internal management or
            administration of the Services. Customer is responsible for:
            (i) maintaining the confidentiality of passwords and
            Administrator accounts; (ii) managing access to Administrator
            accounts; and (iii) ensuring that Administrators' use of the
            Services complies with this Agreement. Customer acknowledges
            that if Customer purchases the Services through a reseller and
            delegates any of such reseller's personnel as Administrators
            of Customer's Services account, such reseller may be able to
            control account information, including Customer Data, and
            access Customer's Services account as further described above.
         c. Unauthorized Use & Access. Customer will prevent unauthorized
            use of the Services by its End Users and terminate any
            unauthorized use of or access to the Services. The Services
            are not intended for End Users under the age of 13. Customer
            will ensure that it does not allow any person under 13 to use
            the Services. Customer will promptly notify Dropbox of any
            unauthorized use of or access to the Services.
         d. Restricted Uses. Customer will not (i) sell, resell, or lease
            the Services; (ii) use the Services for activities where use
            or failure of the Services could lead to physical damage,
            death, or personal injury; or (iii) reverse engineer the
            Services, nor attempt nor assist anyone else to do so, unless
            this restriction is prohibited by law.
         e. Third Party Requests.
              i. "Third Party Request" means a request from a third party
                 for records relating to an End User's use of the Services
                 including information in or from an End User or
                 Customer's Services account. Third Party Requests may
                 include valid search warrants, court orders, or
                 subpoenas, or any other request for which there is
                 written consent from End Users permitting a disclosure.
             ii. Customer is responsible for responding to Third Party
                 Requests via its own access to information. Customer will
                 seek to obtain information required to respond to Third
                 Party Requests and will contact Dropbox only if it cannot
                 obtain such information despite diligent efforts.
             iii. Dropbox will make commercially reasonable efforts, to
                 the extent allowed by law and by the terms of the Third
                 Party Request, to: (A) promptly notify Customer of
                 Dropbox's receipt of a Third Party Request; (B) comply
                 with Customer's commercially reasonable requests
                 regarding its efforts to oppose a Third Party Request;
                 and (C) provide Customer with information or tools
                 required for Customer to respond to the Third Party
                 Request (if Customer is otherwise unable to obtain the
                 information). If Customer fails to promptly respond to
                 any Third Party Request, then Dropbox may, but will not
                 be obligated to do so.
    3. Third-Party Services. If Customer uses any third-party service
       (e.g., a service that uses a Dropbox API) with the Services, (a)
       Dropbox will not be responsible for any act or omission of the
       third party, including the third party's access to or use of
       Customer Data and (b) Dropbox does not warrant or support any
       service provided by the third party.
    4. Suspension
         a. Of End User Accounts by Dropbox. If an End User (i) violates
            this Agreement or (ii) uses the Services in a manner that
            Dropbox reasonably believes will cause it liability, then
            Dropbox may request that Customer suspend or terminate the
            applicable End User account. If Customer fails to promptly
            suspend or terminate the End User account, then Dropbox may do
            so.
         b. Security Emergencies. Notwithstanding anything in this
            Agreement, if there is a Security Emergency then Dropbox may
            automatically suspend use of the Services. Dropbox will make
            commercially reasonable efforts to narrowly tailor the
            suspension as needed to prevent or terminate the Security
            Emergency. "Security Emergency" means: (i) use of the Services
            that do or could disrupt the Services, other customers' use of
            the Services, or the infrastructure used to provide the
            Services and (ii) unauthorized third-party access to the
            Services.
    5. Intellectual Property Rights.
         a. Reservation of Rights. Except as expressly set forth herein,
            this Agreement does not grant (i) Dropbox any Intellectual
            Property Rights in Customer Data or (ii) Customer any
            Intellectual Property Rights in the Services or Dropbox
            trademarks and brand features. "Intellectual Property Rights"
            means current and future worldwide rights under patent,
            copyright, trade secret, trademark, moral rights, and other
            similar rights.
         b. Limited Permission. Customer grants Dropbox only the limited
            rights that are reasonably necessary for Dropbox to offer the
            Services (e.g., hosting Stored Data). This permission also
            extends to our affiliates and trusted third parties Dropbox
            works with to offer the Services (e.g., payment provider used
            to process payment of fees).
         c. Suggestions. Dropbox may, at its discretion and for any
            purpose, use, modify, and incorporate into its products and
            services, license and sublicense, any feedback, comments, or
            suggestions Customer or End Users send Dropbox or post in
            Dropbox's forums without any obligation to Customer.
         d. Customer List. Dropbox may include Customer's name in a list
            of Dropbox customers on the Dropbox website or in promotional
            materials.
    6. Fees & Payment.
         a. Fees. Customer will pay, and authorizes Dropbox or Customer's
            reseller to charge using Customer's selected payment method,
            for all applicable fees. Fees are non-refundable except as
            required by law. Customer is responsible for providing
            complete and accurate billing and contact information to
            Dropbox or Customer's reseller. Dropbox may suspend or
            terminate the Services if fees are past due.
         b. Auto Renewals and Trials. IF CUSTOMER'S ACCOUNT IS SET TO AUTO
            RENEWAL OR IS IN A TRIAL PERIOD, DROPBOX (OR CUSTOMER'S
            RESELLER) MAY AUTOMATICALLY CHARGE AT THE END OF THE TRIAL OR
            FOR THE RENEWAL, UNLESS CUSTOMER NOTIFIES DROPBOX (OR
            CUSTOMER'S RESELLER, AS APPLICABLE) THAT CUSTOMER WANTS TO
            CANCEL OR DISABLE AUTO RENEWAL. Dropbox may revise Service
            rates by providing Customer at least 30 days notice prior to
            the next charge.
         c. Taxes. Customer is responsible for all taxes. Dropbox or
            Customer's reseller will charge tax when required to do so. If
            Customer is required by law to withhold any taxes, Customer
            must provide Dropbox or Customer's reseller with an official
            tax receipt or other appropriate documentation.
         d. Purchase Orders. If Customer requires the use of a purchase
            order orpurchase order number, Customer (i) must provide the
            purchase order number at the time of purchase and (ii) agrees
            that any terms and conditions on a Customer purchase order
            will not apply to this Agreement and are null and void. If
            Customer is purchasing through a reseller, any terms and
            conditions from Customer's reseller or in a purchase order
            between Customer and its reseller that conflict with the
            Dropbox Business Agreement are null and void.
    7. Term & Termination.
         a. Term. This Agreement will remain in effect until Customer's
            subscription to the Services expires or terminates, or until
            the Agreement is terminated.
         b. Termination for Breach. Either Dropbox or Customer may
            terminate this Agreement if: (i) the other party is in
            material breach of the Agreement and fails to cure that breach
            within 30 days after receipt of written notice or (ii) the
            other party ceases its business operations or becomes subject
            to insolvency proceedings and the proceedings are not
            dismissed within 90 days.
         c. Effects of Termination. If this Agreement terminates: (i) the
            rights granted by Dropbox to Customer will cease immediately
            (except as set forth in this section); (ii) Dropbox may
            provide Customer access to its account at then-current fees so
            that Customer may export its Stored Data; and (iii) after a
            commercially reasonable period of time, Dropbox may delete any
            Stored Data relating to Customer's account. The following
            sections will survive expiration or termination of this
            Agreement: 2(e) (Third Party Requests), 5 (Intellectual
            Property Rights), 6 (Fees & Payment), 7(c) (Effects of
            Termination), 8 (Indemnification), 9 (Disclaimers), 10
            (Limitation of Liability), 11 (Disputes), and 12
            (Miscellaneous).
    8. Indemnification.
         a. By Customer. Customer will indemnify, defend, and hold
            harmless Dropbox from and against all liabilities, damages,
            and costs (including settlement costs and reasonable
            attorneys' fees) arising out of any claim by a third party
            against Dropbox and its affiliates regarding: (i) Customer
            Data; (ii) Customer's use of the Services in violation of this
            Agreement; or (iii) End Users' use of the Services in
            violation of this Agreement.
         b. By Dropbox. Dropbox will indemnify, defend, and hold harmless
            Customer from and against all liabilities, damages, and costs
            (including settlement costs and reasonable attorneys' fees)
            arising out of any claim by a third party against Customer to
            the extent based on an allegation that Dropbox's technology
            used to provide the Services to the Customer infringes or
            misappropriates any copyright, trade secret, U.S. patent, or
            trademark right of the third party. In no event will Dropbox
            have any obligations or liability under this section arising
            from: (i) use of any Services in a modified form or in
            combination with materials not furnished by Dropbox and (ii)
            any content, information, or data provided by Customer, End
            Users, or other third parties.
         c. Possible Infringement. If Dropbox believes the Services
            infringe or may be alleged to infringe a third party's
            Intellectual Property Rights, then Dropbox may: (i) obtain the
            right for Customer, at Dropbox's expense, to continue using
            the Services; (ii) provide a non-infringing functionally
            equivalent replacement; or (iii) modify the Services so that
            they no longer infringe. If Dropbox does not believe the
            options described in this section are commercially reasonable
            then Dropbox may suspend or terminate Customer's use of the
            affected Services (with a pro-rata refund of prepaid fees for
            the Services).
         d. General. The party seeking indemnification will promptly
            notify the other party of the claim and cooperate with the
            other party in defending the claim. The indemnifying party
            will have full control and authority over the defense, except
            that: (i) any settlement requiring the party seeking
            indemnification to admit liability requires prior written
            consent, not to be unreasonably withheld or delayed and (ii)
            the other party may join in the defense with its own counsel
            at its own expense. THE INDEMNITIES ABOVE ARE DROPBOX AND
            CUSTOMER'S ONLY REMEDY UNDER THIS AGREEMENT FOR VIOLATION BY
            THE OTHER PARTY OF A THIRD PARTY'S INTELLECTUAL PROPERTY
            RIGHTS.
    9. Disclaimers. THE SERVICES ARE PROVIDED "AS IS." TO THE FULLEST
       EXTENT PERMITTED BY LAW, EXCEPT AS EXPRESSLY STATED IN THIS
       AGREEMENT, NEITHER CUSTOMER NOR DROPBOX AND ITS AFFILIATES,
       SUPPLIERS, AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER
       EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF
       MERCHANTABILITY, FITNESS FOR A PARTICULAR USE, OR NON-INFRINGEMENT.
       CUSTOMER IS RESPONSIBLE FOR MAINTAINING AND BACKING UP ANY STORED
       DATA.
   10. Limitation of Liability.
         a. Limitation on Indirect Liability. TO THE FULLEST EXTENT
            PERMITTED BY LAW, EXCEPT FOR DROPBOX OR CUSTOMER'S
            INDEMNIFICATION OBLIGATIONS, NEITHER CUSTOMER NOR DROPBOX AND
            ITS AFFILIATES, SUPPLIERS, AND DISTRIBUTORS WILL BE LIABLE
            UNDER THIS AGREEMENT FOR (I) INDIRECT, SPECIAL, INCIDENTAL,
            CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR (II) LOSS OF
            USE, DATA, BUSINESS, REVENUES, OR PROFITS (IN EACH CASE
            WHETHER DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD
            HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF A
            REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
         b. Limitation on Amount of Liability. TO THE FULLEST EXTENT
            PERMITTED BY LAW, DROPBOX'S AGGREGATE LIABILITY UNDER THIS
            AGREEMENT WILL NOT EXCEED THE LESSER OF $100,000 OR THE AMOUNT
            PAID BY CUSTOMER FOR THE SERVICES HEREUNDER DURING THE TWELVE
            MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
   11. Disputes.
         a. Informal Resolution. Dropbox wants to address your concerns
            without resorting to a formal legal case. Before filing a
            claim, each party agrees to try to resolve the dispute by
            contacting the other party through the notice procedures in
            section 12(e). If a dispute is not resolved within 30 days of
            notice, Customer or Dropbox may bring a formal proceeding.
         b. Agreement to Arbitrate. Customer and Dropbox agree to resolve
            any claims relating to this Agreement or the Services through
            final and binding arbitration, except as set forth below. The
            [72]American Arbitration Association (AAA) will administer the
            arbitration under its Commercial Arbitration Rules. The
            arbitration will be held in San Francisco (CA), or any other
            location both parties agree to in writing.
         c. Exception to Agreement to Arbitrate. Either party may bring a
            lawsuit in the federal or state courts of San Francisco
            County, California solely for injunctive relief to stop
            unauthorized use or abuse of the Services or infringement of
            Intellectual Property Rights without first engaging in the
            informal dispute notice process described above. Both Customer
            and Dropbox consent to venue and personal jurisdiction there.
         d. NO CLASS ACTIONS. Customer may only resolve disputes with
            Dropbox on an individual basis and will not bring a claim in a
            class, consolidated, or representative action. Class
            arbitrations, class actions, private attorney general actions,
            and consolidation with other arbitrations are not allowed.
   12. Miscellaneous.
         a. Terms Modification. Dropbox may revise this Agreement from
            time to time and the most current version will always be
            posted on the Dropbox Business website. If a revision, in
            Dropbox's sole discretion, is material, Dropbox will notify
            Customer (by, for example, sending an email to the email
            address associated with the applicable account). Other
            revisions may be posted to Dropbox's blog or terms page, and
            Customer is responsible for checking such postings regularly.
            By continuing to access or use the Services after revisions
            become effective, Customer agrees to be bound by the revised
            Agreement. If Customer does not agree to the revised Agreement
            terms, Customer may terminate the Services within 30 days of
            receiving notice of the change.
         b. Entire Agreement. This Agreement, including Customer's invoice
            and order form with Dropbox (if applicable), constitutes the
            entire agreement between Customer and Dropbox with respect to
            the subject matter of this Agreement and supersedes and
            replaces any prior or contemporaneous understandings and
            agreements, whether written or oral, with respect to the
            subject matter of this Agreement. If there is a conflict
            between the documents that make up this Agreement, the
            documents will control in the following order: the Dropbox
            invoice, the Dropbox order form, the Agreement.
         c. Governing Law. THE AGREEMENT WILL BE GOVERNED BY CALIFORNIA
            LAW EXCEPT FOR ITS CONFLICTS OF LAWS PRINCIPLES.
         d. Severability. Unenforceable provisions will be modified to
            reflect the parties' intention and only to the extent
            necessary to make them enforceable, and the remaining
            provisions of the Agreement will remain in full effect.
         e. Notice. Notices must be sent via first class, airmail, or
            overnight courier and are deemed given when received. Notices
            to Customer may also be sent to the applicable account email
            address and are deemed given when sent. Notices to Dropbox
            must be sent to Dropbox, Inc., P.O. Box 77767, San Francisco,
            CA 94107, with a copy to the Legal Department.
         f. Waiver. A waiver of any default is not a waiver of any
            subsequent default.
         g. Assignment. Customer may not assign or transfer this Agreement
            or any rights or obligations under this Agreement without the
            written consent of Dropbox. Dropbox may not assign this
            Agreement without providing notice to Customer, except Dropbox
            may assign this Agreement or any rights or obligations under
            this Agreement to an affiliate or in connection with a merger,
            acquisition, corporate reorganization, or sale of all or
            substantially all of its assets without providing notice. Any
            other attempt to transfer or assign is void.
         h. No Agency. Dropbox and Customer are not legal partners or
            agents, but are independent contractors.
         i. Force Majeure. Except for payment obligations, neither Dropbox
            nor Customer will be liable for inadequate performance to the
            extent caused by a condition that was beyond the party's
            reasonable control (for example, natural disaster, act of war
            or terrorism, riot, labor condition, governmental action, and
            Internet disturbance).
         j. No Third-Party Beneficiaries. There are no third-party
            beneficiaries to this Agreement. Without limiting this
            section, a Customer's End Users are not third-party
            beneficiaries to Customer's rights under this Agreement.
         k. Export Restrictions. The export and re-export of Customer Data
            via the Services may be controlled by the United States Export
            Administration Regulations or other applicable export
            restrictions or embargo. The Services may not be used in Cuba,
            Iran, North Korea, Sudan, or Syria or any country that is
            subject to an embargo by the United States and Customer must
            not use the Services in violation of any export restriction or
            embargo by the United States or any other applicable
            jurisdiction. In addition, Customer must ensure that the
            Services are not provided to persons on the United States
            Table of Denial Orders, the Entity List, or the List of
            Specially Designated Nationals.
     __________________________________________________________________

Schedule 1

Commission Decision C(2010)593

Standard Contractual Clauses (processors)

   For the purposes of Article 26(2) of Directive 95/46/EC for the
   transfer of personal data to processors established in third countries
   which do not ensure an adequate level of data protection

   Name of the data exporting organisation: The Customer that is a party
   to the Dropbox Business Agreement with Dropbox Ireland
   (the data exporter)

   And

   Name of the data importing organisation: Dropbox, Inc.
   Address: 333 Brannan Street, San Francisco, CA 94107 USA
   (the data importer)

   each a "party"; together "the parties",

   HAVE AGREED on the following Contractual Clauses (the Clauses) in order
   to adduce adequate safeguards with respect to the protection of privacy
   and fundamental rights and freedoms of individuals for the transfer by
   the data exporter to the data importer of the personal data specified
   in [73]Appendix 1.

Clause 1

Definitions

   For the purposes of the Clauses:
    a. 'personal data', 'special categories of data',
       'process/processing', 'controller', 'processor', 'data subject' and
       'supervisory authority' shall have the same meaning as in Directive
       95/46/EC of the European Parliament and of the Council of 24
       October 1995 on the protection of individuals with regard to the
       processing of personal data and on the free movement of such
       data^[74]1;
    b. 'the data exporter' means the controller who transfers the personal
       data;
    c. 'the data importer' means the processor who agrees to receive from
       the data exporter personal data intended for processing on his
       behalf after the transfer in accordance with his instructions and
       the terms of the Clauses and who is not subject to a third
       country's system ensuring adequate protection within the meaning of
       Article 25(1) of Directive 95/46/EC;
    d. 'the subprocessor' means any processor engaged by the data importer
       or by any other subprocessor of the data importer who agrees to
       receive from the data importer or from any other subprocessor of
       the data importer personal data exclusively intended for processing
       activities to be carried out on behalf of the data exporter after
       the transfer in accordance with his instructions, the terms of the
       Clauses and the terms of the written subcontract;
    e. 'the applicable data protection law' means the legislation
       protecting the fundamental rights and freedoms of individuals and,
       in particular, their right to privacy with respect to the
       processing of personal data applicable to a data controller in the
       Member State in which the data exporter is established;
    f. 'technical and organisational security measures' means those
       measures aimed at protecting personal data against accidental or
       unlawful destruction or accidental loss, alteration, unauthorised
       disclosure or access, in particular where the processing involves
       the transmission of data over a network, and against all other
       unlawful forms of processing.

Clause 2

Details of the transfer

   The details of the transfer and in particular the special categories of
   personal data where applicable are specified in Appendix 1 which forms
   an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

    1. The data subject can enforce against the data exporter this Clause,
       Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1)
       and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party
       beneficiary.
    2. The data subject can enforce against the data importer this Clause,
       Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
       Clauses 9 to 12, in cases where the data exporter has factually
       disappeared or has ceased to exist in law unless any successor
       entity has assumed the entire legal obligations of the data
       exporter by contract or by operation of law, as a result of which
       it takes on the rights and obligations of the data exporter, in
       which case the data subject can enforce them against such entity.
    3. The data subject can enforce against the subprocessor this Clause,
       Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
       Clauses 9 to 12, in cases where both the data exporter and the data
       importer have factually disappeared or ceased to exist in law or
       have become insolvent, unless any successor entity has assumed the
       entire legal obligations of the data exporter by contract or by
       operation of law as a result of which it takes on the rights and
       obligations of the data exporter, in which case the data subject
       can enforce them against such entity. Such third-party liability of
       the subprocessor shall be limited to its own processing operations
       under the Clauses.
    4. The parties do not object to a data subject being represented by an
       association or other body if the data subject so expressly wishes
       and if permitted by national law.

Clause 4

Obligations of the data exporter

   The data exporter agrees and warrants:
    a. that the processing, including the transfer itself, of the personal
       data has been and will continue to be carried out in accordance
       with the relevant provisions of the applicable data protection law
       (and, where applicable, has been notified to the relevant
       authorities of the Member State where the data exporter is
       established) and does not violate the relevant provisions of that
       State;
    b. that it has instructed and throughout the duration of the personal
       data processing services will instruct the data importer to process
       the personal data transferred only on the data exporter's behalf
       and in accordance with the applicable data protection law and the
       Clauses;
    c. that the data importer will provide sufficient guarantees in
       respect of the technical and organisational security measures
       specified in [75]Appendix 2 to this contract;
    d. that after assessment of the requirements of the applicable data
       protection law, the security measures are appropriate to protect
       personal data against accidental or unlawful destruction or
       accidental loss, alteration, unauthorised disclosure or access, in
       particular where the processing involves the transmission of data
       over a network, and against all other unlawful forms of processing,
       and that these measures ensure a level of security appropriate to
       the risks presented by the processing and the nature of the data to
       be protected having regard to the state of the art and the cost of
       their implementation;
    e. that it will ensure compliance with the security measures;
    f. that, if the transfer involves special categories of data, the data
       subject has been informed or will be informed before, or as soon as
       possible after, the transfer that its data could be transmitted to
       a third country not providing adequate protection within the
       meaning of Directive 95/46/EC;
    g. to forward any notification received from the data importer or any
       subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data
       protection supervisory authority if the data exporter decides to
       continue the transfer or to lift the suspension;
    h. to make available to the data subjects upon request a copy of the
       Clauses, with the exception of Appendix 2, and a summary
       description of the security measures, as well as a copy of any
       contract for subprocessing services which has to be made in
       accordance with the Clauses, unless the Clauses or the contract
       contain commercial information, in which case it may remove such
       commercial information;
    i. that, in the event of subprocessing, the processing activity is
       carried out in accordance with Clause 11 by a subprocessor
       providing at least the same level of protection for the personal
       data and the rights of data subject as the data importer under the
       Clauses; and
    j. that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer^[76]2

   The data importer agrees and warrants:
    a. to process the personal data only on behalf of the data exporter
       and in compliance with its instructions and the Clauses; if it
       cannot provide such compliance for whatever reasons, it agrees to
       inform promptly the data exporter of its inability to comply, in
       which case the data exporter is entitled to suspend the transfer of
       data and/or terminate the contract;
    b. that it has no reason to believe that the legislation applicable to
       it prevents it from fulfilling the instructions received from the
       data exporter and its obligations under the contract and that in
       the event of a change in this legislation which is likely to have a
       substantial adverse effect on the warranties and obligations
       provided by the Clauses, it will promptly notify the change to the
       data exporter as soon as it is aware, in which case the data
       exporter is entitled to suspend the transfer of data and/or
       terminate the contract;
    c. that it has implemented the technical and organisational security
       measures specified in Appendix 2 before processing the personal
       data transferred;
    d. that it will promptly notify the data exporter about:
         i. any legally binding request for disclosure of the personal
            data by a law enforcement authority unless otherwise
            prohibited, such as a prohibition under criminal law to
            preserve the confidentiality of a law enforcement
            investigation,
        ii. any accidental or unauthorised access, and
        iii. any request received directly from the data subjects without
            responding to that request, unless it has been otherwise
            authorised to do so;
    e. to deal promptly and properly with all inquiries from the data
       exporter relating to its processing of the personal data subject to
       the transfer and to abide by the advice of the supervisory
       authority with regard to the processing of the data transferred;
    f. at the request of the data exporter to submit its data processing
       facilities for audit of the processing activities covered by the
       Clauses which shall be carried out by the data exporter or an
       inspection body composed of independent members and in possession
       of the required professional qualifications bound by a duty of
       confidentiality, selected by the data exporter, where applicable,
       in agreement with the supervisory authority;
    g. to make available to the data subject upon request a copy of the
       Clauses, or any existing contract for subprocessing, unless the
       Clauses or contract contain commercial information, in which case
       it may remove such commercial information, with the exception of
       Appendix 2 which shall be replaced by a summary description of the
       security measures in those cases where the data subject is unable
       to obtain a copy from the data exporter;
    h. that, in the event of subprocessing, it has previously informed the
       data exporter and obtained its prior written consent;
    i. that the processing services by the subprocessor will be carried
       out in accordance with Clause 11;
    j. to send promptly a copy of any subprocessor agreement it concludes
       under the Clauses to the data exporter.

Clause 6

Liability

    1. The parties agree that any data subject, who has suffered damage as
       a result of any breach of the obligations referred to in Clause 3
       or in Clause 11 by any party or subprocessor is entitled to receive
       compensation from the data exporter for the damage suffered.
    2. If a data subject is not able to bring a claim for compensation in
       accordance with paragraph 1 against the data exporter, arising out
       of a breach by the data importer or his subprocessor of any of
       their obligations referred to in Clause 3 or in Clause 11, because
       the data exporter has factually disappeared or ceased to exist in
       law or has become insolvent, the data importer agrees that the data
       subject may issue a claim against the data importer as if it were
       the data exporter, unless any successor entity has assumed the
       entire legal obligations of the data exporter by contract of by
       operation of law, in which case the data subject can enforce its
       rights against such entity.
       The data importer may not rely on a breach by a subprocessor of its
       obligations in order to avoid its own liabilities.
    3. If a data subject is not able to bring a claim against the data
       exporter or the data importer referred to in paragraphs 1 and 2,
       arising out of a breach by the subprocessor of any of their
       obligations referred to in Clause 3 or in Clause 11 because both
       the data exporter and the data importer have factually disappeared
       or ceased to exist in law or have become insolvent, the
       subprocessor agrees that the data subject may issue a claim against
       the data subprocessor with regard to its own processing operations
       under the Clauses as if it were the data exporter or the data
       importer, unless any successor entity has assumed the entire legal
       obligations of the data exporter or data importer by contract or by
       operation of law, in which case the data subject can enforce its
       rights against such entity. The liability of the subprocessor shall
       be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

    1. The data importer agrees that if the data subject invokes against
       it third-party beneficiary rights and/or claims compensation for
       damages under the Clauses, the data importer will accept the
       decision of the data subject:
         a. to refer the dispute to mediation, by an independent person
            or, where applicable, by the supervisory authority;
         b. to refer the dispute to the courts in the Member State in
            which the data exporter is established.
    2. The parties agree that the choice made by the data subject will not
       prejudice its substantive or procedural rights to seek remedies in
       accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

    1. The data exporter agrees to deposit a copy of this contract with
       the supervisory authority if it so requests or if such deposit is
       required under the applicable data protection law.
    2. The parties agree that the supervisory authority has the right to
       conduct an audit of the data importer, and of any subprocessor,
       which has the same scope and is subject to the same conditions as
       would apply to an audit of the data exporter under the applicable
       data protection law.
    3. The data importer shall promptly inform the data exporter about the
       existence of legislation applicable to it or any subprocessor
       preventing the conduct of an audit of the data importer, or any
       subprocessor, pursuant to paragraph 2. In such a case the data
       exporter shall be entitled to take the measures foreseen in Clause
       5 (b).

Clause 9

Governing Law

   The Clauses shall be governed by the law of the Member State in which
   the data exporter is established.

Clause 10

Variation of the contract

   The parties undertake not to vary or modify the Clauses. This does not
   preclude the parties from adding clauses on business related issues
   where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

    1. The data importer shall not subcontract any of its processing
       operations performed on behalf of the data exporter under the
       Clauses without the prior written consent of the data exporter.
       Where the data importer subcontracts its obligations under the
       Clauses, with the consent of the data exporter, it shall do so only
       by way of a written agreement with the subprocessor which imposes
       the same obligations on the subprocessor as are imposed on the data
       importer under the Clauses^[77]3. Where the subprocessor fails to
       fulfil its data protection obligations under such written agreement
       the data importer shall remain fully liable to the data exporter
       for the performance of the subprocessor's obligations under such
       agreement.
    2. The prior written contract between the data importer and the
       subprocessor shall also provide for a third-party beneficiary
       clause as laid down in Clause 3 for cases where the data subject is
       not able to bring the claim for compensation referred to in
       paragraph 1 of Clause 6 against the data exporter or the data
       importer because they have factually disappeared or have ceased to
       exist in law or have become insolvent and no successor entity has
       assumed the entire legal obligations of the data exporter or data
       importer by contract or by operation of law. Such third-party
       liability of the subprocessor shall be limited to its own
       processing operations under the Clauses.
    3. The provisions relating to data protection aspects for
       subprocessing of the contract referred to in paragraph 1 shall be
       governed by the law of the Member State in which the data exporter
       is established.
    4. The data exporter shall keep a list of subprocessing agreements
       concluded under the Clauses and notified by the data importer
       pursuant to Clause 5 (j), which shall be updated at least once a
       year. The list shall be available to the data exporter's data
       protection supervisory authority.

Clause 12

   Obligation after the termination of personal data processing services
    1. The parties agree that on the termination of the provision of data
       processing services, the data importer and the subprocessor shall,
       at the choice of the data exporter, return all the personal data
       transferred and the copies thereof to the data exporter or shall
       destroy all the personal data and certify to the data exporter that
       it has done so, unless legislation imposed upon the data importer
       prevents it from returning or destroying all or part of the
       personal data transferred. In that case, the data importer warrants
       that it will guarantee the confidentiality of the personal data
       transferred and will not actively process the personal data
       transferred anymore.
    2. The data importer and the subprocessor warrant that upon request of
       the data exporter and/or of the supervisory authority, it will
       submit its data processing facilities for an audit of the measures
       referred to in paragraph 1.

Additional Provisions

   Capitalised terms used in Sections A to C and the Appendices but not
   defined in the Clauses shall have the meaning provided in the Dropbox
   Business Agreement between the data exporter and Dropbox Ireland.
    A. Security Audit. The data importer maintains ISO/IEC 27001:2013 and
       ISO/IEC 27018:2014 certifications, which are issued by an
       independent third party auditor. The data importer will continue to
       undergo regular ISO/IEC 27001:2013 and ISO/IEC 27018 audits
       necessary for maintaining such certifications for the Services
       during the Term. The data importer also regularly undergoes Service
       Organization Control 2 (SOC 2) Type II audits. Subject to the data
       importer's confidentiality obligations and no more than once a
       year, the data importer will provide the data exporter with a copy
       of the SOC 2 Type II Report upon written request. The data importer
       will make new SOC 2 reports available as they are completed subject
       to the data importer's confidentiality requirements. The data
       importer regularly reviews its third party subservice
       organizations, which undergo Standards for Attestation Engagements
       No. 16 (SSAE 16) / International Standard on Assurance Engagements
       No. 3402 (ISAE 3402) Service Organization Control 1 (SOC 1) Type II
       or Service Organization Control 2 (SOC 2) Type II audits that
       evaluate the design and effectiveness of their security policies,
       procedures, and controls.
       The data exporter agrees that the data importer's obligations set
       forth in this Section A fully satisfy the audit rights under Clause
       5(f) and Clause 12 (2) of the Clauses.
    B. Sub-processing. The data importer may engage other companies to
       provide limited parts of the Services (including support services)
       on the data importer's behalf, and the data exporter consents to
       the data importer subcontracting the processing of personal data to
       such sub-processors as described in the Clauses. The data importer
       will ensure that any sub-processor will only access and use
       personal data to provide the Services as set forth in a written
       agreement between the data importer and the sub-processor. The data
       exporter acknowledges that any requirements applicable to the data
       importer under the Clauses in respect of agreements with
       sub-processors shall be satisfied in full provided that the
       sub-processing agreement between the data importer and the
       sub-processor provides at least the level of data protection
       required under the Dropbox Business Agreement.
    C. Liability. The Clauses shall be subject to the limitations and
       exclusions of liability contained in the "Limitation of Liability"
       section of the Dropbox Business Agreement, such that the total
       liability of the data importer and Dropbox Ireland, in aggregate,
       shall not exceed the limitations set out in the Dropbox Business
       Agreement. For the avoidance of doubt, the data exporter shall not
       be entitled to recover from both the data importer and Dropbox
       Ireland in respect of the same loss.
     __________________________________________________________________

Appendix 1 to the Standard Contractual Clauses

   This Appendix forms part of the Clauses and must be completed and
   signed by the parties.

   The Member States may complete or specify, according to their national
   procedures, any additional necessary information to be contained in
   this Appendix.

Data exporter

   The data exporter is (please specify briefly your activities relevant
   to the transfer):

   The Customer to the Dropbox Business Agreement with Dropbox Ireland.

Data importer

   The data importer is (please specify briefly activities relevant to the
   transfer):

   Dropbox, Inc., a global provider of cloud services for individuals and
   business. Dropbox, Inc., and its affiliates provide a website, software
   and mobile applications that allow people to store files, synchronize
   files across multiple devices, and collaborate with others. Dropbox,
   Inc.'s service may also be accessed by Application Programming
   Interfaces (APIs).

Data subjects

   The personal data transferred concern the following categories of data
   subjects (please specify):

   The data exporter and data exporter's affiliates' end users including
   employees, consultants and contractors of the data exporter, as well as
   any individuals collaborating or sharing with these end users using the
   services provided by data importer.

Categories of data

   The personal data transferred concern the following categories of data
   (please specify):

   End users identifying information and organization data (both on-line
   and off-line) as well as documents, images and other content or data in
   electronic form stored or transmitted by end users via data importer's
   services.

Processing operations

   The personal data transferred will be subject to the following basic
   processing activities (please specify):

   The data importer or its sub-processors will use and process personal
   data and the data exporter instructs the data importer to use and
   process personal data in order to provide the Services under the
   Dropbox Business Agreement.
     __________________________________________________________________

Appendix 2 to the Standard Contractual Clauses

   This Appendix forms part of the Clauses and must be completed and
   signed by the parties.

   Description of the technical and organisational security measures
   implemented by the data importer in accordance with Clauses 4(d) and
   5(c) (or document/legislation attached):

Data Privacy Contact

   The data privacy officer of the data importer can be reached at
   privacy@dropbox.com

Security Measures

   The data importer has implemented and will maintain appropriate
   administrative, technical and physical safeguards to protect personal
   data as further described in the Dropbox for Business Security
   Whitepaper (available as of the Effective Date at:
   [78]https://www.dropbox.com/…/Security_Whitepaper.pdf) and additionally
   set forth below. The data importer may update these security measures
   from time to time, with the most recent version available at the above
   URL (or other URL as communicated by data importer), provided however
   that data importer will notify data exporter if data importer updates
   the security measures in a manner that materially diminishes the
   administrative, technical or physical security features described
   therein or in this Appendix 2.
    1. Service Security
         1. Dropbox Architecture. The data importer's service is designed
            with multiple layers of protection, covering data transfer,
            encryption, network configuration and application-level
            controls that are distributed across a scalable, secure
            infrastructure. End users of data importer's service can
            access files and folders at any time from the desktop, web and
            mobile clients. All of these clients connect to secure
            services to provide access to files, allow file sharing with
            others, and update linked devices when files are added,
            changed or deleted. The service can be utilized and accessed
            through a number of interfaces. Each has security settings and
            features that process and protect the data while ensuring ease
            of access.
         2. Reliability. The data importer's service is developed with
            multiple layers of redundancy to guard against data loss and
            ensure availability.
         3. Encryption. To protect the data in transit between the data
            exporter and data importer, data importer uses Secure Sockets
            Layer (SSL)/Transport Layer Security (TLS) for data transfer,
            creating a secure tunnel protected by 128-bit or higher
            Advanced Encryption Standard (AES) encryption. File data at
            rest is encrypted using 256-bit AES encryption. The data
            importer's encryption key management infrastructure is
            designed with operational, technical and procedural security
            controls with very limited direct access to keys. Encryption
            key generation, exchange and storage are distributed for
            decentralized processing.
         4. User Management Features. End users of data importer's service
            have the ability to restore lost files and recover previous
            versions of files, ensuring changes to those files can be
            tracked and retrieved. The data importer's service allows for
            the use of a two-step authentication procedure which adds an
            extra layer of protection.
         5. Data Centers. The data importer's corporate and production
            systems are housed at third-party subservice organization data
            centers located in the United States. The data importer
            reviews all subservice organization data center Service
            Organization Control (SOC) 1 and/or SOC 2 reports at a minimum
            annually for sufficient security controls.
    2. Information Security.
         1. Policies. The data importer has established a thorough set of
            security policies covering areas of information security,
            physical security, incident response, logical access, physical
            production access, change management and support. These
            policies are reviewed and approved at least annually. The data
            importer personnel are notified of updates to these policies
            and are provided security training.
         2. Personnel Policy and Access. The data importer's internal
            policies require onboarding procedures that include background
            checks (as allowed by local laws), security policy
            acknowledgement, communicating updates to security policy, and
            non-disclosure agreements. All personnel access is promptly
            removed when an employee or contractor leaves the company. The
            data importer employs technical access controls and internal
            policies to prohibit employees or contractors from arbitrarily
            accessing file data and to restrict access to metadata and
            other information about end users' accounts. In order to
            protect end user privacy and security, only a small number of
            employees or contractors have access to the environment where
            end user files are stored. A record of access request,
            justification and approval are recorded by management and
            access is granted by appropriate individuals.
         3. Network Security. The data importer maintains network security
            and monitoring techniques that are designed to provide
            multiple layers of protection and defense. The data importer
            employs industry-standard protection techniques, including
            firewalls, network security monitoring, and intrusion
            detection systems to ensure only eligible traffic is able to
            reach data importer's infrastructure.
         4. Change Management. The data importer ensures that
            security-related changes have been authorized prior to
            implementation into the production environments. Source code
            changes are initiated by developers that would like to make an
            enhancement to a data importer application or service. Changes
            to data importer's infrastructure are restricted to authorized
            personnel only. Changes to the application level of the
            services are required to go through automated quality
            assurance ("QA") testing procedures to verify that security
            requirements are met. Successful completion of QA procedures
            leads to implementation of the change.
         5. Compliance. The data importer, its data center providers, and
            its managed service provider undergo regular security audits
            which are performed by an independent third party. The data
            importer will continue to participate in regular ISO/IEC
            27001:2013 and ISO/IEC 27018:2014 audits. Data importer also
            reviews SOC 1 and/or SOC 2 reports for all subservice
            organizations. In the event a subservice organization's SOC 1
            and/or SOC 2 report is unavailable, data importer performs
            security site visits to verify applicable physical,
            environmental, and operational security controls satisfy
            control criteria and contractual requirements. The data
            importer evaluates additional certifications and compliance
            attestations, as made available to data importer by the
            subservice providers, on an ongoing basis.
    3. Physical Security
         1. Infrastructure. Physical access to subservice organization
            facilities where production systems reside are restricted to
            personnel authorized by data importer, as required to perform
            their job function. Any individuals requiring additional
            access to production environment facilities are granted that
            access through explicit approval by appropriate management.
         2. Office. The data importer maintains a physical security team
            that is responsible for enforcing physical security policy and
            overseeing the security of data importer's corporate offices.
            Access to areas containing corporate services is restricted to
            authorized personnel via elevated roles granted through the
            badge access system.
     __________________________________________________________________

Footnotes

    1. Parties may reproduce definitions and meanings contained in
       Directive 95/46/EC within this Clause if they considered it better
       for the contract to stand alone. [79]↩
    2. Mandatory requirements of the national legislation applicable to
       the data importer which do not go beyond what is necessary in a
       democratic society on the basis of one of the interests listed in
       Article 13(1) of Directive 95/46/EC, that is, if they constitute a
       necessary measure to safeguard national security, defence, public
       security, the prevention, investigation, detection and prosecution
       of criminal offences or of breaches of ethics for the regulated
       professions, an important economic or financial interest of the
       State or the protection of the data subject or the rights and
       freedoms of others, are not in contradiction with the standard
       contractual clauses. Some examples of such mandatory requirements
       which do not go beyond what is necessary in a democratic society
       are, inter alia, internationally recognised sanctions,
       tax-reporting requirements or anti-money-laundering reporting
       requirements. [80]↩
    3. This requirement may be satisfied by the subprocessor co-signing
       the contract entered into between the data exporter and the data
       importer under this Decision. [81]↩

Dropbox DMCA Policy

   Dropbox (“Dropbox”) respects the intellectual property rights of others
   and expects its users to do the same. In accordance with the Digital
   Millennium Copyright Act of 1998, the text of which may be found on the
   U.S. Copyright Office website at
   [82]http://www.copyright.gov/legislation/dmca.pdf, Dropbox will respond
   expeditiously to claims of copyright infringement committed using the
   Dropbox service and/or the Dropbox website (the “Site”) if such claims
   are reported to Dropbox’s Designated Copyright Agent identified in the
   sample notice below.

   If you are a copyright owner, authorized to act on behalf of one, or
   authorized to act under any exclusive right under copyright, please
   report alleged copyright infringements taking place on or through the
   Site by completing the following DMCA Notice of Alleged Infringement
   and delivering it to Dropbox’s Designated Copyright Agent. Upon receipt
   of Notice as described below, Dropbox will take whatever action, in its
   sole discretion, it deems appropriate, including removal of the
   challenged content from the Site.

             DMCA Notice of Alleged Infringement (“Notice”)

    1. Identify the copyrighted work that you claim has been infringed, or
       - if multiple copyrighted works are covered by this Notice - you
       may provide a representative list of the copyrighted works that you
       claim have been infringed.
    2. Identify the material or link you claim is infringing (or the
       subject of infringing activity) and to which access is to be
       disabled, including at a minimum, if applicable, the URL of the
       link shown on the Site or the exact location where such material
       may be found.
    3. Provide your company affiliation (if applicable), mailing address,
       telephone number, and, if available, email address.
    4. Include both of the following statements in the body of the Notice:
          + “I hereby state that I have a good faith belief that the
            disputed use of the copyrighted material is not authorized by
            the copyright owner, its agent, or the law (e.g., as a fair
            use).”
          + “I hereby state that the information in this Notice is
            accurate and, under penalty of perjury, that I am the owner,
            or authorized to act on behalf of, the owner, of the copyright
            or of an exclusive right under the copyright that is allegedly
            infringed.”
    5. Provide your full legal name and your electronic or physical
       signature.

   Deliver this Notice, with all items completed, to Dropbox’s Designated
   Copyright Agent:
   Copyright Agent
   Dropbox Inc.
   333 Brannan Street
   San Francisco, CA 94107
   [83]copyright@dropbox.com
   [84]Submit DMCA notice

Dropbox Acceptable Use Policy

   Dropbox is used by millions of people, and we're proud of the trust
   placed in us. In exchange, we trust you to use our services
   responsibly.

   You agree not to misuse the Dropbox services ("Services") or help
   anyone else to do so. For example, you must not even try to do any of
   the following in connection with the Services:
     * probe, scan, or test the vulnerability of any system or network;
     * breach or otherwise circumvent any security or authentication
       measures;
     * access, tamper with, or use non-public areas or parts of the
       Services, or shared areas of the Services you haven't been invited
       to;
     * interfere with or disrupt any user, host, or network, for example
       by sending a virus, overloading, flooding, spamming, or
       mail-bombing any part of the Services;
     * access, search, or create accounts for the Services by any means
       other than our publicly supported interfaces (for example,
       "scraping" or creating accounts in bulk);
     * send unsolicited communications, promotions or advertisements, or
       spam;
     * send altered, deceptive or false source-identifying information,
       including "spoofing" or "phishing";
     * promote or advertise products or services other than your own
       without appropriate authorization;
     * abuse referrals or promotions to get more storage space than
       deserved;
     * circumvent storage space limits;
     * sell the Services unless specifically authorized to do so;
     * publish or share materials that are unlawfully pornographic or
       indecent, or that contain extreme acts of violence;
     * advocate bigotry or hatred against any person or group of people
       based on their race, religion, ethnicity, sex, gender identity,
       sexual preference, disability, or impairment;
     * violate the law in any way, including storing, publishing or
       sharing material that's fraudulent, defamatory, or misleading; or
     * violate the privacy or infringe the rights of others.