Posted: July 15, 2022
Effective as of: July 15, 2022
Posted: October 25, 2022
Effective as of: October 25, 2022
Dropbox provides the Dropbox Sign service, which is an on-demand electronic signature service that gives Customers the ability to upload, display, deliver, receive, and acknowledge documents for electronic signature. Dropbox also provides the Dropbox Forms service, which provides Customers with a simple way to complete complex workflows through document automation and integrated electronic signature services. Dropbox also offers application programming interfaces (APIs) that allow Customers to build seamless embedded electronic signature or workflow automation services into their websites, applications and other properties. Finally, Dropbox also provides the Dropbox Fax service, which is an electronic facsimile service that gives Customers the ability to upload, display, deliver, and receive faxes without a traditional fax machine.
10. How to contact us
1. INFORMATION WE COLLECT
Information you provide to us. When registering for or using the Dropbox Sign Services we collect personal information provided by you. For example, when you create a Dropbox Sign account, you may provide us with your name, account name, alias, employment-related information (to the extent you are using an employer’s business account), email address and a password, your phone number, your address and an electronic image of your signature (“Account information”).
You may provide us with personal information about other individuals when you use our Service, such as when you send or receive a signature request/workflow transaction, share information about such transactions, or ask others to electronically sign documents (“Your content”). You may also provide us with access to your contacts (“Contacts”) to make it easy for you to do things like share and collaborate with others, send messages, and invite others to use the Services. Contacts’ information may include personal information such as a real name, alias or email address. If you share your contracts with us, we will store those contacts on our servers for you to use.
Information that we collect automatically. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, creating, and signing documents) (“Usage information”). We use this information to provide, improve, and promote our Services, and to protect users of the Dropbox Sign Services. We also collect information from and about the devices you use to access the Dropbox Sign Services. This includes things like IP addresses, unique personal identifiers or online identifiers, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices (“Device information”). Your devices (depending on their settings) may also transmit location information to the Dropbox Sign Services. For example, we use device information to detect abuse and identify and troubleshoot bugs.
Information that we collect from third parties. We may share and/or collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer to better serve you. We collect information like your purchasing or consuming history or tendencies, including products or services purchased, obtained or considered (“Commercial information”). For example:
- Advertising: We use certain Google advertising features including Google Analytics Demographics and Interest Reporting and Remarketing. Third-party vendors, including Google, may show ads for the Dropbox Sign Services on sites across the Internet. You may opt out at any time here (adssettings.google.com/). We and third-party vendors, including Google, use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on someone's past visits to our website.
- Mobile: We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within the application.
Information we collect and process on behalf of you. The use of information collected through the Dropbox Sign Services shall be limited to the purpose for which you have engaged Dropbox. When you use the Dropbox Sign Services, we process and store certain information on your behalf as a data processor. For example, when a customer uploads documents for review or signature, we act as a data processor and process information on the customer’s behalf and in accordance with the customer’s instructions. In this situation, the customer is the data controller and is responsible for most aspects of the processing of the information.
If you are Customer that is based in the United States, its territories and possessions, Canada or Mexico, Dropbox, Inc. acts as your service provider. For all other Customers, Dropbox International Unlimited Company acts as a processor of your data.
Dropbox acknowledges that you have the right to access your personal information. Dropbox has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete data should direct their questions to Dropbox’s customers (the data controller). If requested to remove data we will respond within a reasonable timeframe. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.
Cookies and other technologies. We use technologies like cookies and pixel tags (more information available here: www.dropbox.com/terms/cookies) to provide, improve, protect, and promote the Dropbox Sign Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with the Dropbox Sign Services, and improving them based on that information. We may also use third-party service providers that set cookies and similar technologies to promote the Dropbox Sign Services.
We do not recognize or respond to browser-initiated Do Not Track signals.
2. HOW WE USE YOUR INFORMATION
We may use the information we collect through our products for a number of reasons, including to:
- provide, improve, protect, and promote our products and services;
- set your account(s);
- send you records of your use of the service, including for purchases or other events;
- understand how you use our products and customize your experience;
- send you marketing communications (in accordance with your subscription preferences);
- record details about your electronic signature requests, workflows and other transactions (such as when they were opened, signed, and when/where this took place);
- provide customer support;
- respond to your inquiries and requests;
- fix issues or problems with our products and services;
- prevent abuse of the products and services we offer; and
- carry out other lawful purposes about which we will notify our users and customers.
We may also combine the information we collect (or that is otherwise provided to us) through aggregation and other means to limit the identification of any particular individual to help with our business goals (such as research and marketing).
We give users the option to use some of the Dropbox Sign Services free of charge. These free Dropbox Sign Services are made possible by the fact that some users upgrade to one of our paid Dropbox Sign Services. If you register for the Dropbox Sign Services, we may, from time to time, send you information about upgrades. Users who receive these marketing materials can opt out at any time. If you don’t want to receive a particular type of marketing material from us, click the ‘unsubscribe’ link in the corresponding emails, or contact us using the contact details provided below (if using the contact details please provide your complete name, e-mail address, and any other relevant information that may be required to respond to your request). Please note that such marketing opt-out does not impact any transactional or operational notices that we may need to send you.
We sometimes contact people who don’t have a Dropbox Sign account. For recipients in the EU, we or a third party will obtain consent before reaching out. If you receive an email and no longer wish to be contacted by Dropbox Sign, you can unsubscribe and remove yourself from our contact list via the message itself.
Bases for processing your information. We collect and use the personal data described above in order to provide you with the Dropbox Sign Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent.
If you have questions about, or need further information concerning, the lawful bases for processing your data, please contact us using the contact details provided under the 'How to contact us’ heading below.
3. HOW WE MAY SHARE YOUR INFORMATION
We do not sell your information. We may share your personally identifiable information as described below:
- Vendors and other third-party service providers: We may share your information with third parties that we use for the business purposes of helping us to provide and support the Dropbox Sign Services. These parties provide services such as authentication, billing and collections, customer support, or data storage. We enter into legally binding agreements with these third-party service providers that protect your personal information and forbids such providers from using your information for their own purposes. These third parties (https://www.hellosign.com/subprocessors) will access your information to perform tasks on our behalf, and we’ll remain responsible for their handling of your information per our instructions.
- Dropbox has collected and disclosed the following categories of personal information, as described above, to vendors and third-party service providers in the preceding 12 months:
- Account Information: includes your identifying information, which could be your real name, alias, unique personal identifier or online identifier, and it could include other personal information like your postal address, Internet Protocol address, email address, account name or similar identifiers.
- Commercial information: such as your purchasing or consuming history or tendencies, including products or services purchased, obtained or considered.
- Your content: what you and your users decide to input into the fields in the Dropbox Sign and Dropbox Forms forms that you create and/or fill out.
- Contacts: includes identifying information about contacts that you’ve chosen to give us access to, like a real name, alias or email address.
- Usage information: includes information relating to your use of the Dropbox Sign Services. Because Dropbox provides online services, this may include internet or other electronic network activity information, such as information regarding your interaction with websites, applications, or advertisements.
- Device information: information about the particular devices you use to access the Dropbox Sign Services, which may include Usage information or device-specific information, such as an online identifier or Internet Protocol address, or geolocation data.
- Cookies and other technologies: technologies like cookies and pixel tags. These technologies can lead to the collection of online identifiers, Internet Protocol address, or other similar identifiers, as well as Usage information.
- Other Dropbox Companies: the Dropbox Sign Services share infrastructure, systems, and technology with other services and companies owned or operated by Dropbox, Inc. (“Dropbox Companies”) to provide, improve, protect, and promote services provided by Dropbox Companies. We process your information across the Dropbox Companies for these purposes, as permitted by applicable law and in accordance with their terms and policies.
- Compliance with Law, Safety, Security, and Business Transactions: We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of the Dropbox Sign Services or our users; (d) protect Dropbox’s rights, property, safety, or interest; or (e) perform a task carried out in the public interest.
- To other persons with your consent (e.g. fulfilling your fax or signature requests).
- Other users: the Dropbox Sign Services display information like your name, profile picture, device, email address, and usage information to other users you collaborate or choose to share with. When you register your Dropbox Sign account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your team by making some of your basic information - like your name, team name, profile picture, and email address - visible to other users on the same domain. This helps you sync up with teams you can join, and helps other users share files and documents with you.
- If you choose to opt-in to updates or marketing about the Dropbox Sign Services, we will email you with updates and offers, or inform you about other services and features.
4. RETENTION OF INFORMATION
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. HOW WE PROTECT YOUR INFORMATION
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at email@example.com.
6. YOUR CHOICES ABOUT YOUR INFORMATION
Upon your written request (for which email is sufficient), Dropbox will provide you with information about whether we hold any of your personal information, the business or commercial purpose for collecting it, the types of sources we got it from and types of third parties we’ve shared it with. You may submit a data access request, request that your personal data be deleted, or object to the processing of your personal information by logging into your account, or by contacting us using the contact details below. We will respond to your request within a reasonable timeframe. We will not discriminate against you for exercising any of these rights.
7. CHILDREN’S PRIVACY
The Dropbox Sign Services are not intended for use by or directed to minors. We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use the Dropbox Sign Services. Any person who provides their information to Dropbox through the account login page for new customers, signup page, or any other part of the Dropbox Sign Services represents to Dropbox that they are of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms. We will delete any information we discover is collected from a minor without permission from their parent(s) or legal guardian(s). Please contact us using the contact details below if you believe you may have provided Dropbox with a minor’s information without permission from their parent(s) or legal guardian(s).
8. WHERE WE MAY STORE, PROCESS, OR TRANSMIT YOUR INFORMATION
Around the world. To provide you with the Dropbox Sign Services, we may store, process, and transmit data in the United States and locations around the world—including those outside your country. Data may also be stored locally on the devices you use to access the Dropbox Sign Services.
Data Transfers. When transferring data from the European Union, the European Economic Area, the United Kingdom, and Switzerland, Dropbox relies upon a variety of legal mechanisms, such as contracts with our customers and affiliates, Standard Contractual Clauses, and the European Commission's adequacy decisions about certain countries, as applicable.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Dropbox complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States, although Dropbox does not rely on the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield Frameworks as a legal basis for transfers of personal data. Dropbox has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. You can also learn more about Privacy Shield at www.privacyshield.gov.
Dropbox is subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance—free of charge to you. We ask that you first submit any such complaints directly to us via firstname.lastname@example.org. If you aren’t satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
Our EEA Representative. Dropbox International has been appointed as Dropbox’s representative in the EEA for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. Dropbox International can be contacted in matters related to the processing of Personal Data. To make such an inquiry, please contact Dropbox International by emailing email@example.com. If they can’t answer your question, you have a right to raise questions or complaints with your local Data Protection Authority at any time.
9. CHANGES TO THIS POLICY
10. HOW TO CONTACT US
For questions or concerns regarding the collection, use, or disclosure of your information, you can contact us by sending an email to firstname.lastname@example.org.