mirror of
https://github.com/Ponce/slackbuilds
synced 2024-12-01 01:00:03 +01:00
35b31a1f31
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
1588 lines
87 KiB
Text
1588 lines
87 KiB
Text
Dropbox Terms of Service
|
||
|
||
Posted: November 4, 2015
|
||
|
||
Thanks for using Dropbox! These terms of service ("Terms") cover your
|
||
use and access to our services, client software and websites
|
||
("Services"). If you reside outside of the United States of America,
|
||
Canada and Mexico (“North America”) your agreement is with Dropbox
|
||
Ireland, and if you reside in North America your agreement is with
|
||
Dropbox, Inc. Our [45]Privacy Policy explains how we collect and use
|
||
your information while our [46]Acceptable Use Policy outlines your
|
||
responsibilities when using our Services. By using our Services, you're
|
||
agreeing to be bound by these Terms, and to review our [47]Privacy and
|
||
[48]Acceptable Use policies. If you're using our Services for an
|
||
organization, you're agreeing to these Terms on behalf of that
|
||
organization.
|
||
|
||
Your Stuff & Your Permissions
|
||
|
||
When you use our Services, you provide us with things like your files,
|
||
content, email messages, contacts and so on ("Your Stuff"). Your Stuff
|
||
is yours. These Terms don't give us any rights to Your Stuff except for
|
||
the limited rights that enable us to offer the Services.
|
||
|
||
We need your permission to do things like hosting Your Stuff, backing
|
||
it up, and sharing it when you ask us to. Our Services also provide you
|
||
with features like photo thumbnails, document previews, email
|
||
organization, easy sorting, editing, sharing and searching. These and
|
||
other features may require our systems to access, store and scan Your
|
||
Stuff. You give us permission to do those things, and this permission
|
||
extends to our affiliates and trusted third parties we work with.
|
||
|
||
Sharing Your Stuff
|
||
|
||
Our Services let you share Your Stuff with others, so please think
|
||
carefully about what you share.
|
||
|
||
Your Responsibilities
|
||
|
||
You're responsible for your conduct, Your Stuff and you must comply
|
||
with our [49]Acceptable Use Policy. Content in the Services may be
|
||
protected by others' intellectual property rights. Please don't copy,
|
||
upload, download or share content unless you have the right to do so.
|
||
|
||
We may review your conduct and content for compliance with these Terms
|
||
and our [50]Acceptable Use Policy. With that said, we have no
|
||
obligation to do so. We aren't responsible for the content people post
|
||
and share via the Services.
|
||
|
||
Please safeguard your password to the Services, make sure that others
|
||
don't have access to it, and keep your account information current.
|
||
|
||
Finally, our Services are not intended for and may not be used by
|
||
people under the age of 13. By using our Services, you are representing
|
||
to us that you're over 13.
|
||
|
||
Software
|
||
|
||
Some of our Services allow you to download client software ("Software")
|
||
which may update automatically. So long as you comply with these Terms,
|
||
we give you a limited, nonexclusive, nontransferable, revocable license
|
||
to use the Software, solely to access the Services. To the extent any
|
||
component of the Software may be offered under an open source license,
|
||
we'll make that license available to you and the provisions of that
|
||
license may expressly override some of these Terms. Unless the
|
||
following restrictions are prohibited by law, you agree not to reverse
|
||
engineer or decompile the Services, attempt to do so, or assist anyone
|
||
in doing so.
|
||
|
||
Beta Services
|
||
|
||
We sometimes release products and features that we are still testing
|
||
and evaluating. Those Services have been marked beta, preview, early
|
||
access, or evaluation (or with words or phrases with similar meanings)
|
||
and may not be as reliable as Dropbox’s other services, so please keep
|
||
that in mind.
|
||
|
||
Our Stuff
|
||
|
||
The Services are protected by copyright, trademark, and other US and
|
||
foreign laws. These Terms don't grant you any right, title or interest
|
||
in the Services, others' content in the Services, Dropbox trademarks,
|
||
logos and other brand features. We welcome feedback, but note that we
|
||
may use comments or suggestions without any obligation to you.
|
||
|
||
Copyright
|
||
|
||
We respect the intellectual property of others and ask that you do too.
|
||
We respond to notices of alleged copyright infringement if they comply
|
||
with the law, and such notices should be reported using our
|
||
[51]Copyright Policy. We reserve the right to delete or disable content
|
||
alleged to be infringing and terminate accounts of repeat infringers.
|
||
Our designated agent for notice of alleged copyright infringement on
|
||
the Services is:
|
||
|
||
Copyright Agent
|
||
Dropbox, Inc.
|
||
333 Brannan Street
|
||
San Francisco, CA 94107
|
||
copyright@dropbox.com
|
||
|
||
Paid Accounts
|
||
|
||
Billing. You can increase your storage space and add paid features to
|
||
your account (turning your account into a "Paid Account"). We'll
|
||
automatically bill you from the date you convert to a Paid Account and
|
||
on each periodic renewal until cancellation. You're responsible for all
|
||
applicable taxes, and we'll charge tax when required to do so.
|
||
|
||
No Refunds. You may cancel your Dropbox Paid Account at any time but
|
||
you won't be issued a refund [52]unless it's legally required.
|
||
|
||
Downgrades. Your Paid Account will remain in effect until it's
|
||
cancelled or terminated under these Terms. If you don't pay for your
|
||
Paid Account on time, we reserve the right to suspend it or reduce your
|
||
storage to free space levels.
|
||
|
||
Changes. We may change the fees in effect but will give you advance
|
||
notice of these changes via a message to the email address associated
|
||
with your account.
|
||
|
||
Dropbox Business
|
||
|
||
Email address. If you sign up for a Dropbox account with an email
|
||
address provisioned by your employer, your employer may be able to
|
||
block your use of Dropbox until you transition to a Dropbox Business or
|
||
Dropbox Enterprise account or you associate your Dropbox account with a
|
||
personal email address.
|
||
|
||
Using Dropbox Business or Dropbox Enterprise. If you join a Dropbox
|
||
Business or Dropbox Enterprise account, you must use it in compliance
|
||
with your employer's terms and policies. Please note that Dropbox
|
||
Business and Dropbox Enterprise accounts are subject to your employer's
|
||
control. Your administrators may be able to access, disclose, restrict,
|
||
or remove information in or from your Dropbox Business or Dropbox
|
||
Enterprise account. They may also be able to restrict or terminate your
|
||
access to a Dropbox Business or Dropbox Enterprise account. If you
|
||
convert an existing Dropbox account into a Dropbox Business or Dropbox
|
||
Enterprise account, your administrators may prevent you from later
|
||
disassociating your account from the Dropbox Business or Dropbox
|
||
Enterprise account.
|
||
|
||
Termination
|
||
|
||
You're free to stop using our Services at any time. We also reserve the
|
||
right to suspend or end the Services at any time at our discretion and
|
||
without notice. For example, we may suspend or terminate your use of
|
||
the Services if you're not complying with these Terms, or use the
|
||
Services in a manner that would cause us legal liability, disrupt the
|
||
Services or disrupt others' use of the Services. Except for Paid
|
||
Accounts, we reserve the right to terminate and delete your account if
|
||
you haven't accessed our Services for 12 consecutive months. We'll of
|
||
course provide you with notice via the email address associated with
|
||
your account before we do so.
|
||
|
||
Services "AS IS"
|
||
|
||
We strive to provide great Services, but there are certain things that
|
||
we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, DROPBOX AND
|
||
ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER
|
||
EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS
|
||
IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
|
||
PARTICULAR PURPOSE AND NON-INFRINGEMENT. Some places don't allow the
|
||
disclaimers in this paragraph, so they may not apply to you.
|
||
|
||
Limitation of Liability
|
||
|
||
TO THE FULLEST EXTENT PERMITTED BY LAW, EXCEPT FOR ANY LIABILITY FOR
|
||
DROPBOX’S OR ITS AFFILIATES’ FRAUD, FRAUDULENT MISREPRESENTATION, OR
|
||
GROSS NEGLIGENCE, IN NO EVENT WILL DROPBOX, ITS AFFILIATES, SUPPLIERS
|
||
OR DISTRIBUTORS BE LIABLE FOR:
|
||
|
||
(A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR
|
||
CONSEQUENTIAL DAMAGES, OR
|
||
|
||
(B) ANY LOSS OF USE, DATA, BUSINESS, OR PROFITS, REGARDLESS OF LEGAL
|
||
THEORY.
|
||
|
||
THIS WILL BE REGARDLESS OF WHETHER OR NOT DROPBOX OR ANY OF ITS
|
||
AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN
|
||
IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
|
||
|
||
ADDITIONALLY, DROPBOX, ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS WILL
|
||
NOT BE LIABLE FOR AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE
|
||
SERVICES FOR MORE THAN THE GREATER OF $20 OR THE AMOUNTS PAID BY YOU TO
|
||
DROPBOX FOR THE PAST 12 MONTHS OF THE SERVICES IN QUESTION.
|
||
|
||
Some places don't allow the types of limitations in this paragraph, so
|
||
they may not apply to you.
|
||
|
||
Resolving Disputes
|
||
|
||
Let's Try To Sort Things Out First. We want to address your concerns
|
||
without needing a formal legal case. Before filing a claim against
|
||
Dropbox, you agree to try to resolve the dispute informally by
|
||
contacting dispute-notice@dropbox.com. We'll try to resolve the dispute
|
||
informally by contacting you via email. If a dispute is not resolved
|
||
within 15 days of submission, you or Dropbox may bring a formal
|
||
proceeding.
|
||
|
||
Judicial forum for disputes. You and Dropbox agree that any judicial
|
||
proceeding to resolve claims relating to these Terms or the Services
|
||
will be brought in the federal or state courts of San Francisco County,
|
||
California, subject to the mandatory arbitration provisions below. Both
|
||
you and Dropbox consent to venue and personal jurisdiction in such
|
||
courts.
|
||
|
||
IF YOU’RE A U.S. RESIDENT, YOU ALSO AGREE TO THE FOLLOWING MANDATORY
|
||
ARBITRATION PROVISIONS:
|
||
|
||
We Both Agree To Arbitrate. You and Dropbox agree to resolve any claims
|
||
relating to these Terms or the Services through final and binding
|
||
arbitration, except as set forth under Exceptions to Agreement to
|
||
Arbitrate below.
|
||
|
||
Opt-out of Agreement to Arbitrate. You can decline this agreement to
|
||
arbitrate by [53]clicking here and submitting the opt-out form within
|
||
30 days of first accepting these Terms.
|
||
|
||
Arbitration Procedures. The [54]American Arbitration Association (AAA)
|
||
will administer the arbitration under its Commercial Arbitration Rules
|
||
and the Supplementary Procedures for Consumer Related Disputes. The
|
||
arbitration will be held in the United States county where you live or
|
||
work, San Francisco (CA), or any other location we agree to.
|
||
|
||
Arbitration Fees and Incentives. The AAA rules will govern payment of
|
||
all arbitration fees. Dropbox will pay all arbitration fees for claims
|
||
less than $75,000. If you receive an arbitration award that is more
|
||
favorable than any offer we make to resolve the claim, we will pay you
|
||
$1,000 in addition to the award. Dropbox will not seek its attorneys'
|
||
fees and costs in arbitration unless the arbitrator determines that
|
||
your claim is frivolous.
|
||
|
||
Exceptions to Agreement to Arbitrate. Either you or Dropbox may assert
|
||
claims, if they qualify, in small claims court in San Francisco (CA) or
|
||
any United States county where you live or work. Either party may bring
|
||
a lawsuit solely for injunctive relief to stop unauthorized use or
|
||
abuse of the Services, or intellectual property infringement (for
|
||
example, trademark, trade secret, copyright, or patent rights) without
|
||
first engaging in arbitration or the informal dispute-resolution
|
||
process described above. If the agreement to arbitrate is found not to
|
||
apply to you or your claim, you agree to the exclusive jurisdiction of
|
||
the state and federal courts in San Francisco County, California to
|
||
resolve your claim.
|
||
|
||
NO CLASS ACTIONS. You may only resolve disputes with us on an
|
||
individual basis, and may not bring a claim as a plaintiff or a class
|
||
member in a class, consolidated, or representative action. Class
|
||
arbitrations, class actions, private attorney general actions, and
|
||
consolidation with other arbitrations aren't allowed.
|
||
|
||
Controlling Law
|
||
|
||
These Terms will be governed by California law except for its conflicts
|
||
of laws principles, unless otherwise required by a mandatory law of any
|
||
other jurisdiction.
|
||
|
||
Entire Agreement
|
||
|
||
These Terms constitute the entire agreement between you and Dropbox
|
||
with respect to the subject matter of these Terms, and supersede and
|
||
replace any other prior or contemporaneous agreements, or terms and
|
||
conditions applicable to the subject matter of these Terms. These Terms
|
||
create no third party beneficiary rights.
|
||
|
||
Waiver, Severability & Assignment
|
||
|
||
Dropbox's failure to enforce a provision is not a waiver of its right
|
||
to do so later. If a provision is found unenforceable, the remaining
|
||
provisions of the Terms will remain in full effect and an enforceable
|
||
term will be substituted reflecting our intent as closely as possible.
|
||
You may not assign any of your rights under these Terms, and any such
|
||
attempt will be void. Dropbox may assign its rights to any of its
|
||
affiliates or subsidiaries, or to any successor in interest of any
|
||
business associated with the Services.
|
||
|
||
Modifications
|
||
|
||
We may revise these Terms from time to time, and will always post the
|
||
most current version on our website. If a revision meaningfully reduces
|
||
your rights, we will notify you (by, for example, sending a message to
|
||
the email address associated with your account, posting on our blog or
|
||
on this page). By continuing to use or access the Services after the
|
||
revisions come into effect, you agree to be bound by the revised Terms.
|
||
|
||
If your organization signed a Dropbox Business or Dropbox Enterprise
|
||
Agreement with Dropbox, that Agreement may have modified the privacy
|
||
policy below. Please [55]contact your organization’s Admin for details.
|
||
|
||
Dropbox Privacy Policy
|
||
|
||
Posted: February 12, 2016
|
||
|
||
Thanks for using Dropbox! Here we describe how we collect, use and
|
||
handle your information when you use our websites, software and
|
||
services ("Services").
|
||
|
||
What & Why
|
||
|
||
We collect and use the following information to provide, improve and
|
||
protect our Services:
|
||
|
||
Account. We collect, and associate with your account, information like
|
||
your name, email address, phone number, payment info, and physical
|
||
address. Some of our services let you access your accounts and your
|
||
information with other service providers.
|
||
|
||
Services. When you use our Services, we store, process and transmit
|
||
your files (including stuff like your photos, [56]structured data and
|
||
emails) and information related to them (for example, location tags in
|
||
photos). If you give us access to your contacts, we'll store those
|
||
contacts on our servers for you to use. This will make it easy for you
|
||
to do things like share your stuff, send emails, and invite others to
|
||
use the Services.
|
||
|
||
Usage. We collect information from and about the devices you use to
|
||
access the Services. This includes things like IP addresses, the type
|
||
of browser and device you use, the web page you visited before coming
|
||
to our sites, and identifiers associated with your devices. Your
|
||
devices (depending on their settings) may also transmit location
|
||
information to the Services.
|
||
|
||
Cookies and other technologies. We use technologies like [57]cookies
|
||
and pixel tags to provide, improve, protect and promote our Services.
|
||
For example, cookies help us with things like remembering your username
|
||
for your next visit, understanding how you are interacting with our
|
||
Services, and improving them based on that information. You can set
|
||
your browser to not accept cookies, but this may limit your ability to
|
||
use the Services. If our systems receive a DNT:1 signal from your
|
||
browser, we'll respond to that signal as outlined [58]here.
|
||
|
||
With whom
|
||
|
||
We may share information as discussed below, but we won't sell it to
|
||
advertisers or other third-parties.
|
||
|
||
Others working for Dropbox. Dropbox uses certain trusted third parties
|
||
to help us provide, improve, protect, and promote our Services. These
|
||
third parties will access your information only to perform tasks on our
|
||
behalf and in compliance with this Privacy Policy.
|
||
|
||
Other users. Our Services display information like your name and email
|
||
address to other users in places like your user profile and sharing
|
||
notifications. Certain features let you make additional information
|
||
available to other users.
|
||
|
||
Other applications. You can also give third parties access to your
|
||
information and account - for example, via [59]Dropbox APIs. Just
|
||
remember that their use of your information will be governed by their
|
||
privacy policies and terms.
|
||
|
||
Dropbox Business and Dropbox Enterprise Admins. If you are a Dropbox
|
||
Business or Dropbox Enterprise user, your administrator may have the
|
||
ability to access and control your Dropbox Business or Dropbox
|
||
Enterprise account. Please refer to your employer's internal policies
|
||
if you have questions about this. If you are not a Dropbox Business
|
||
user but interact with a Dropbox Business or Dropbox Enterprise user
|
||
(by, for example, joining a shared folder or accessing stuff shared by
|
||
that user), members of that organization may be able to view the name,
|
||
email address and IP address that were associated with your account at
|
||
the time of that interaction.
|
||
|
||
Law & Order. We may disclose your information to third parties if we
|
||
determine that such disclosure is reasonably necessary to (a) comply
|
||
with the law; (b) protect any person from death or serious bodily
|
||
injury; (c) prevent fraud or abuse of Dropbox or our users; or (d)
|
||
protect Dropbox's property rights.
|
||
|
||
Stewardship of your data is critical to us and a responsibility that we
|
||
embrace. We believe that our users' data should receive the same legal
|
||
protections regardless of whether it's stored on our services or on
|
||
their home computer's hard drive. We'll abide by the following
|
||
[60]Government Request Principles when receiving, scrutinizing and
|
||
responding to government requests for our users' data:
|
||
* Be transparent,
|
||
* Fight blanket requests,
|
||
* Protect all users, and
|
||
* Provide trusted services.
|
||
|
||
Please visit our [61]Government Request Principles and [62]Transparency
|
||
Report for more detailed information.
|
||
|
||
How
|
||
|
||
Security. We have a team dedicated to keeping your information secure
|
||
and testing for vulnerabilities. We also continue to work on features
|
||
to keep your information safe in addition to things like two-factor
|
||
authentication, encryption of files at rest, and alerts when new
|
||
devices and apps are linked to your account.
|
||
|
||
Retention. We'll retain information you store on our Services for as
|
||
long as we need it to provide you the Services. If you delete your
|
||
account, we'll also delete this information. But please note: (1) there
|
||
might be some latency in deleting this information from our servers and
|
||
back-up storage; and (2) we may retain this information if necessary to
|
||
comply with our legal obligations, resolve disputes, or enforce our
|
||
agreements.
|
||
|
||
Where
|
||
|
||
Around the world. To provide you with the Services, we may store,
|
||
process and transmit information in the United States and locations
|
||
around the world - including those outside your country. Information
|
||
may also be stored locally on the devices you use to access the
|
||
Services.
|
||
|
||
Safe Harbor. Dropbox complies with the EU-U.S. and Swiss-U.S. Safe
|
||
Harbor ("Safe Harbor") frameworks and principles. We have certified our
|
||
compliance, and you can view our certifications [63]here. You can learn
|
||
more about Safe Harbor by visiting [64]http://export.gov/safeharbor.
|
||
JAMS is the independent organization responsible for reviewing and
|
||
resolving complaints about our Safe Harbor compliance. We ask that you
|
||
first submit any such complaints directly to us via
|
||
privacy@dropbox.com. If you aren't satisfied with our response, please
|
||
contact JAMS at
|
||
[65]http://www.jamsinternational.com/rules-procedures/safeharbor/file-s
|
||
afe-harbor-claim.
|
||
|
||
NOTE: When transferring data from the European Union, the European
|
||
Economic Area, and Switzerland, Dropbox relies upon a variety of legal
|
||
mechanisms, including contracts with our users. Dropbox doesn’t rely
|
||
upon Safe Harbor as a legal basis for data transfer but does adhere to
|
||
the [66]Safe Harbor Privacy Principles while specific guidance for the
|
||
forthcoming EU-US Privacy Shield program is developed. For information
|
||
about data transfers from Europe to the United States, please visit
|
||
[67]this page.
|
||
|
||
Changes
|
||
|
||
If we are involved in a reorganization, merger, acquisition or sale of
|
||
our assets, your information may be transferred as part of that deal.
|
||
We will notify you (for example, via a message to the email address
|
||
associated with your account) of any such deal and outline your choices
|
||
in that event.
|
||
|
||
We may revise this Privacy Policy from time to time, and will post the
|
||
most current version on our website. If a revision meaningfully reduces
|
||
your rights, we will notify you.
|
||
|
||
Contact
|
||
|
||
Have questions or concerns about Dropbox, our Services and privacy?
|
||
Contact us at [68]privacy@dropbox.com.
|
||
|
||
This section of the agreement only applies to [69]Dropbox Business
|
||
customers. If your organization signed a Dropbox Business or Dropbox
|
||
Enterprise Agreement with Dropbox, that Agreement may be different from
|
||
the terms below. Please [70]contact your organization’s Admin for
|
||
details.
|
||
|
||
Dropbox Business Agreement
|
||
|
||
Posted: June 2, 2016
|
||
|
||
This Dropbox Business Agreement (the "Agreement") is between Dropbox
|
||
Ireland if your organization is based outside of the United States,
|
||
Canada and Mexico ("North America") or, if your organization is based
|
||
in North America, with Dropbox, Inc., a Delaware corporation (each,
|
||
"Dropbox") and the organization agreeing to these terms ("Customer").
|
||
This Agreement governs access to and use of the Dropbox Business client
|
||
software and services (together, "Dropbox Business"), as well as those
|
||
Beta Services that are made available to you (together, with Dropbox
|
||
Business, the "Services"). By clicking "I Agree," signing your contract
|
||
for the Services or using the Services, you agree to this Agreement as
|
||
a Customer.
|
||
|
||
To the extent Dropbox, Inc. is, on behalf of Customer, processing
|
||
Customer Data that is subject to national laws implementing EU Data
|
||
Protection Directive (95/46/EC) ("EU Data Protection Laws"), then, by
|
||
clicking "I agree," you are also agreeing to the EU Standard
|
||
Contractual Clauses with Dropbox, Inc. for the transfer of personal
|
||
data to processors set forth in Schedule 1.
|
||
|
||
If you are agreeing to this Agreement and Schedule 1 (if applicable)
|
||
for use of the Services by an organization, you are agreeing on behalf
|
||
of that organization. You must have the authority to bind that
|
||
organization to these terms, otherwise you must not sign up for the
|
||
Services.
|
||
1. Services.
|
||
a. Provision of Services. Customer and users of Customer's
|
||
Services account ("End Users") may access and use the Services
|
||
in accordance with this Agreement.
|
||
b. Facilities and Data Processing. Dropbox will use, at a
|
||
minimum, industry standard technical and organizational
|
||
security measures to transfer, store, and process Customer
|
||
Data. These measures are designed to protect the integrity of
|
||
Customer Data and guard against the unauthorized or unlawful
|
||
access to, use, and processing of Customer Data. Customer
|
||
agrees that Dropbox may transfer, store, and process Customer
|
||
Data in the United States and locations other than Customer's
|
||
country. To the extent that Customer Data is subject to EU
|
||
Data Protection Laws and is processed by Dropbox as a data
|
||
processor acting on Customer's behalf (as a data controller),
|
||
Dropbox will use and process such Customer Data as Customer
|
||
instructs in order to provide the Services and fulfil
|
||
Dropbox's obligations under the Agreement. "Customer Data"
|
||
means Stored Data and Account Data. "Stored Data" means the
|
||
files and structured data submitted to the Services by
|
||
Customer or End Users. "Account Data" means the account and
|
||
contact information submitted to the Services by Customer or
|
||
End Users.
|
||
c. Modifications to the Services. Dropbox may update the Services
|
||
from time to time. If Dropbox changes the Services in a manner
|
||
that materially reduces their functionality, Dropbox will
|
||
inform Customer via the email address associated with the
|
||
account.
|
||
d. Software. Some Services allow Customer to download Dropbox
|
||
software which may update automatically. Customer may use the
|
||
software only to access the Services. If any component of the
|
||
software is offered under an open source license, Dropbox will
|
||
make the license available to Customer and the provisions of
|
||
that license may expressly override some of the terms of this
|
||
Agreement.
|
||
e. Beta Services. Dropbox may provide features or products that
|
||
we are still testing and evaluating. These products and
|
||
features are identified as alpha, beta, preview, early access,
|
||
or evaluation (or words or phrases with similar meanings)
|
||
(collectively, "Beta Services"). Notwithstanding anything to
|
||
the contrary in this Agreement or in Schedule 1, the following
|
||
terms apply to all Beta Services: (a) you may use or decline
|
||
to use any Beta Services; (b) Beta Services may not be
|
||
supported and may be changed at any time without notice to
|
||
you; (c) Beta Services may not be as reliable or available as
|
||
Dropbox Business; (d) Beta Services have not been subjected to
|
||
the same security measures and auditing to which Dropbox
|
||
Business has been subjected; and (e) DROPBOX WILL HAVE NO
|
||
LIABILITY ARISING OUT OF OR IN CONNECTION WITH BETA
|
||
SERVICES—USE AT YOUR OWN RISK.
|
||
2. Customer Obligations.
|
||
a. Compliance. Customer is responsible for use of the Services by
|
||
its End Users. Customer and its End Users must use the
|
||
Services in compliance with the [71]Acceptable Use Policy.
|
||
Customer will obtain from End Users any consents necessary to
|
||
allow Administrators to engage in the activities described in
|
||
this Agreement and to allow Dropbox to provide the Services.
|
||
Customer will comply with laws and regulations applicable to
|
||
Customer's use of the Services, if any.
|
||
b. Customer Administration of the Services. Customer may specify
|
||
End Users as "Administrators" through the administrative
|
||
console. Administrators may have the ability to access,
|
||
disclose, restrict or remove Customer Data in or from Services
|
||
accounts. Administrators may also have the ability to monitor,
|
||
restrict, or terminate access to Services accounts. Dropbox's
|
||
responsibilities do not extend to the internal management or
|
||
administration of the Services. Customer is responsible for:
|
||
(i) maintaining the confidentiality of passwords and
|
||
Administrator accounts; (ii) managing access to Administrator
|
||
accounts; and (iii) ensuring that Administrators' use of the
|
||
Services complies with this Agreement. Customer acknowledges
|
||
that if Customer purchases the Services through a reseller and
|
||
delegates any of such reseller's personnel as Administrators
|
||
of Customer's Services account, such reseller may be able to
|
||
control account information, including Customer Data, and
|
||
access Customer's Services account as further described above.
|
||
c. Unauthorized Use & Access. Customer will prevent unauthorized
|
||
use of the Services by its End Users and terminate any
|
||
unauthorized use of or access to the Services. The Services
|
||
are not intended for End Users under the age of 13. Customer
|
||
will ensure that it does not allow any person under 13 to use
|
||
the Services. Customer will promptly notify Dropbox of any
|
||
unauthorized use of or access to the Services.
|
||
d. Restricted Uses. Customer will not (i) sell, resell, or lease
|
||
the Services; (ii) use the Services for activities where use
|
||
or failure of the Services could lead to physical damage,
|
||
death, or personal injury; or (iii) reverse engineer the
|
||
Services, nor attempt nor assist anyone else to do so, unless
|
||
this restriction is prohibited by law.
|
||
e. Third Party Requests.
|
||
i. "Third Party Request" means a request from a third party
|
||
for records relating to an End User's use of the Services
|
||
including information in or from an End User or
|
||
Customer's Services account. Third Party Requests may
|
||
include valid search warrants, court orders, or
|
||
subpoenas, or any other request for which there is
|
||
written consent from End Users permitting a disclosure.
|
||
ii. Customer is responsible for responding to Third Party
|
||
Requests via its own access to information. Customer will
|
||
seek to obtain information required to respond to Third
|
||
Party Requests and will contact Dropbox only if it cannot
|
||
obtain such information despite diligent efforts.
|
||
iii. Dropbox will make commercially reasonable efforts, to
|
||
the extent allowed by law and by the terms of the Third
|
||
Party Request, to: (A) promptly notify Customer of
|
||
Dropbox's receipt of a Third Party Request; (B) comply
|
||
with Customer's commercially reasonable requests
|
||
regarding its efforts to oppose a Third Party Request;
|
||
and (C) provide Customer with information or tools
|
||
required for Customer to respond to the Third Party
|
||
Request (if Customer is otherwise unable to obtain the
|
||
information). If Customer fails to promptly respond to
|
||
any Third Party Request, then Dropbox may, but will not
|
||
be obligated to do so.
|
||
3. Third-Party Services. If Customer uses any third-party service
|
||
(e.g., a service that uses a Dropbox API) with the Services, (a)
|
||
Dropbox will not be responsible for any act or omission of the
|
||
third party, including the third party's access to or use of
|
||
Customer Data and (b) Dropbox does not warrant or support any
|
||
service provided by the third party.
|
||
4. Suspension
|
||
a. Of End User Accounts by Dropbox. If an End User (i) violates
|
||
this Agreement or (ii) uses the Services in a manner that
|
||
Dropbox reasonably believes will cause it liability, then
|
||
Dropbox may request that Customer suspend or terminate the
|
||
applicable End User account. If Customer fails to promptly
|
||
suspend or terminate the End User account, then Dropbox may do
|
||
so.
|
||
b. Security Emergencies. Notwithstanding anything in this
|
||
Agreement, if there is a Security Emergency then Dropbox may
|
||
automatically suspend use of the Services. Dropbox will make
|
||
commercially reasonable efforts to narrowly tailor the
|
||
suspension as needed to prevent or terminate the Security
|
||
Emergency. "Security Emergency" means: (i) use of the Services
|
||
that do or could disrupt the Services, other customers' use of
|
||
the Services, or the infrastructure used to provide the
|
||
Services and (ii) unauthorized third-party access to the
|
||
Services.
|
||
5. Intellectual Property Rights.
|
||
a. Reservation of Rights. Except as expressly set forth herein,
|
||
this Agreement does not grant (i) Dropbox any Intellectual
|
||
Property Rights in Customer Data or (ii) Customer any
|
||
Intellectual Property Rights in the Services or Dropbox
|
||
trademarks and brand features. "Intellectual Property Rights"
|
||
means current and future worldwide rights under patent,
|
||
copyright, trade secret, trademark, moral rights, and other
|
||
similar rights.
|
||
b. Limited Permission. Customer grants Dropbox only the limited
|
||
rights that are reasonably necessary for Dropbox to offer the
|
||
Services (e.g., hosting Stored Data). This permission also
|
||
extends to our affiliates and trusted third parties Dropbox
|
||
works with to offer the Services (e.g., payment provider used
|
||
to process payment of fees).
|
||
c. Suggestions. Dropbox may, at its discretion and for any
|
||
purpose, use, modify, and incorporate into its products and
|
||
services, license and sublicense, any feedback, comments, or
|
||
suggestions Customer or End Users send Dropbox or post in
|
||
Dropbox's forums without any obligation to Customer.
|
||
d. Customer List. Dropbox may include Customer's name in a list
|
||
of Dropbox customers on the Dropbox website or in promotional
|
||
materials.
|
||
6. Fees & Payment.
|
||
a. Fees. Customer will pay, and authorizes Dropbox or Customer's
|
||
reseller to charge using Customer's selected payment method,
|
||
for all applicable fees. Fees are non-refundable except as
|
||
required by law. Customer is responsible for providing
|
||
complete and accurate billing and contact information to
|
||
Dropbox or Customer's reseller. Dropbox may suspend or
|
||
terminate the Services if fees are past due.
|
||
b. Auto Renewals and Trials. IF CUSTOMER'S ACCOUNT IS SET TO AUTO
|
||
RENEWAL OR IS IN A TRIAL PERIOD, DROPBOX (OR CUSTOMER'S
|
||
RESELLER) MAY AUTOMATICALLY CHARGE AT THE END OF THE TRIAL OR
|
||
FOR THE RENEWAL, UNLESS CUSTOMER NOTIFIES DROPBOX (OR
|
||
CUSTOMER'S RESELLER, AS APPLICABLE) THAT CUSTOMER WANTS TO
|
||
CANCEL OR DISABLE AUTO RENEWAL. Dropbox may revise Service
|
||
rates by providing Customer at least 30 days notice prior to
|
||
the next charge.
|
||
c. Taxes. Customer is responsible for all taxes. Dropbox or
|
||
Customer's reseller will charge tax when required to do so. If
|
||
Customer is required by law to withhold any taxes, Customer
|
||
must provide Dropbox or Customer's reseller with an official
|
||
tax receipt or other appropriate documentation.
|
||
d. Purchase Orders. If Customer requires the use of a purchase
|
||
order orpurchase order number, Customer (i) must provide the
|
||
purchase order number at the time of purchase and (ii) agrees
|
||
that any terms and conditions on a Customer purchase order
|
||
will not apply to this Agreement and are null and void. If
|
||
Customer is purchasing through a reseller, any terms and
|
||
conditions from Customer's reseller or in a purchase order
|
||
between Customer and its reseller that conflict with the
|
||
Dropbox Business Agreement are null and void.
|
||
7. Term & Termination.
|
||
a. Term. This Agreement will remain in effect until Customer's
|
||
subscription to the Services expires or terminates, or until
|
||
the Agreement is terminated.
|
||
b. Termination for Breach. Either Dropbox or Customer may
|
||
terminate this Agreement if: (i) the other party is in
|
||
material breach of the Agreement and fails to cure that breach
|
||
within 30 days after receipt of written notice or (ii) the
|
||
other party ceases its business operations or becomes subject
|
||
to insolvency proceedings and the proceedings are not
|
||
dismissed within 90 days.
|
||
c. Effects of Termination. If this Agreement terminates: (i) the
|
||
rights granted by Dropbox to Customer will cease immediately
|
||
(except as set forth in this section); (ii) Dropbox may
|
||
provide Customer access to its account at then-current fees so
|
||
that Customer may export its Stored Data; and (iii) after a
|
||
commercially reasonable period of time, Dropbox may delete any
|
||
Stored Data relating to Customer's account. The following
|
||
sections will survive expiration or termination of this
|
||
Agreement: 2(e) (Third Party Requests), 5 (Intellectual
|
||
Property Rights), 6 (Fees & Payment), 7(c) (Effects of
|
||
Termination), 8 (Indemnification), 9 (Disclaimers), 10
|
||
(Limitation of Liability), 11 (Disputes), and 12
|
||
(Miscellaneous).
|
||
8. Indemnification.
|
||
a. By Customer. Customer will indemnify, defend, and hold
|
||
harmless Dropbox from and against all liabilities, damages,
|
||
and costs (including settlement costs and reasonable
|
||
attorneys' fees) arising out of any claim by a third party
|
||
against Dropbox and its affiliates regarding: (i) Customer
|
||
Data; (ii) Customer's use of the Services in violation of this
|
||
Agreement; or (iii) End Users' use of the Services in
|
||
violation of this Agreement.
|
||
b. By Dropbox. Dropbox will indemnify, defend, and hold harmless
|
||
Customer from and against all liabilities, damages, and costs
|
||
(including settlement costs and reasonable attorneys' fees)
|
||
arising out of any claim by a third party against Customer to
|
||
the extent based on an allegation that Dropbox's technology
|
||
used to provide the Services to the Customer infringes or
|
||
misappropriates any copyright, trade secret, U.S. patent, or
|
||
trademark right of the third party. In no event will Dropbox
|
||
have any obligations or liability under this section arising
|
||
from: (i) use of any Services in a modified form or in
|
||
combination with materials not furnished by Dropbox and (ii)
|
||
any content, information, or data provided by Customer, End
|
||
Users, or other third parties.
|
||
c. Possible Infringement. If Dropbox believes the Services
|
||
infringe or may be alleged to infringe a third party's
|
||
Intellectual Property Rights, then Dropbox may: (i) obtain the
|
||
right for Customer, at Dropbox's expense, to continue using
|
||
the Services; (ii) provide a non-infringing functionally
|
||
equivalent replacement; or (iii) modify the Services so that
|
||
they no longer infringe. If Dropbox does not believe the
|
||
options described in this section are commercially reasonable
|
||
then Dropbox may suspend or terminate Customer's use of the
|
||
affected Services (with a pro-rata refund of prepaid fees for
|
||
the Services).
|
||
d. General. The party seeking indemnification will promptly
|
||
notify the other party of the claim and cooperate with the
|
||
other party in defending the claim. The indemnifying party
|
||
will have full control and authority over the defense, except
|
||
that: (i) any settlement requiring the party seeking
|
||
indemnification to admit liability requires prior written
|
||
consent, not to be unreasonably withheld or delayed and (ii)
|
||
the other party may join in the defense with its own counsel
|
||
at its own expense. THE INDEMNITIES ABOVE ARE DROPBOX AND
|
||
CUSTOMER'S ONLY REMEDY UNDER THIS AGREEMENT FOR VIOLATION BY
|
||
THE OTHER PARTY OF A THIRD PARTY'S INTELLECTUAL PROPERTY
|
||
RIGHTS.
|
||
9. Disclaimers. THE SERVICES ARE PROVIDED "AS IS." TO THE FULLEST
|
||
EXTENT PERMITTED BY LAW, EXCEPT AS EXPRESSLY STATED IN THIS
|
||
AGREEMENT, NEITHER CUSTOMER NOR DROPBOX AND ITS AFFILIATES,
|
||
SUPPLIERS, AND DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER
|
||
EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF
|
||
MERCHANTABILITY, FITNESS FOR A PARTICULAR USE, OR NON-INFRINGEMENT.
|
||
CUSTOMER IS RESPONSIBLE FOR MAINTAINING AND BACKING UP ANY STORED
|
||
DATA.
|
||
10. Limitation of Liability.
|
||
a. Limitation on Indirect Liability. TO THE FULLEST EXTENT
|
||
PERMITTED BY LAW, EXCEPT FOR DROPBOX OR CUSTOMER'S
|
||
INDEMNIFICATION OBLIGATIONS, NEITHER CUSTOMER NOR DROPBOX AND
|
||
ITS AFFILIATES, SUPPLIERS, AND DISTRIBUTORS WILL BE LIABLE
|
||
UNDER THIS AGREEMENT FOR (I) INDIRECT, SPECIAL, INCIDENTAL,
|
||
CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR (II) LOSS OF
|
||
USE, DATA, BUSINESS, REVENUES, OR PROFITS (IN EACH CASE
|
||
WHETHER DIRECT OR INDIRECT), EVEN IF THE PARTY KNEW OR SHOULD
|
||
HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF A
|
||
REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
|
||
b. Limitation on Amount of Liability. TO THE FULLEST EXTENT
|
||
PERMITTED BY LAW, DROPBOX'S AGGREGATE LIABILITY UNDER THIS
|
||
AGREEMENT WILL NOT EXCEED THE LESSER OF $100,000 OR THE AMOUNT
|
||
PAID BY CUSTOMER FOR THE SERVICES HEREUNDER DURING THE TWELVE
|
||
MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
|
||
11. Disputes.
|
||
a. Informal Resolution. Dropbox wants to address your concerns
|
||
without resorting to a formal legal case. Before filing a
|
||
claim, each party agrees to try to resolve the dispute by
|
||
contacting the other party through the notice procedures in
|
||
section 12(e). If a dispute is not resolved within 30 days of
|
||
notice, Customer or Dropbox may bring a formal proceeding.
|
||
b. Agreement to Arbitrate. Customer and Dropbox agree to resolve
|
||
any claims relating to this Agreement or the Services through
|
||
final and binding arbitration, except as set forth below. The
|
||
[72]American Arbitration Association (AAA) will administer the
|
||
arbitration under its Commercial Arbitration Rules. The
|
||
arbitration will be held in San Francisco (CA), or any other
|
||
location both parties agree to in writing.
|
||
c. Exception to Agreement to Arbitrate. Either party may bring a
|
||
lawsuit in the federal or state courts of San Francisco
|
||
County, California solely for injunctive relief to stop
|
||
unauthorized use or abuse of the Services or infringement of
|
||
Intellectual Property Rights without first engaging in the
|
||
informal dispute notice process described above. Both Customer
|
||
and Dropbox consent to venue and personal jurisdiction there.
|
||
d. NO CLASS ACTIONS. Customer may only resolve disputes with
|
||
Dropbox on an individual basis and will not bring a claim in a
|
||
class, consolidated, or representative action. Class
|
||
arbitrations, class actions, private attorney general actions,
|
||
and consolidation with other arbitrations are not allowed.
|
||
12. Miscellaneous.
|
||
a. Terms Modification. Dropbox may revise this Agreement from
|
||
time to time and the most current version will always be
|
||
posted on the Dropbox Business website. If a revision, in
|
||
Dropbox's sole discretion, is material, Dropbox will notify
|
||
Customer (by, for example, sending an email to the email
|
||
address associated with the applicable account). Other
|
||
revisions may be posted to Dropbox's blog or terms page, and
|
||
Customer is responsible for checking such postings regularly.
|
||
By continuing to access or use the Services after revisions
|
||
become effective, Customer agrees to be bound by the revised
|
||
Agreement. If Customer does not agree to the revised Agreement
|
||
terms, Customer may terminate the Services within 30 days of
|
||
receiving notice of the change.
|
||
b. Entire Agreement. This Agreement, including Customer's invoice
|
||
and order form with Dropbox (if applicable), constitutes the
|
||
entire agreement between Customer and Dropbox with respect to
|
||
the subject matter of this Agreement and supersedes and
|
||
replaces any prior or contemporaneous understandings and
|
||
agreements, whether written or oral, with respect to the
|
||
subject matter of this Agreement. If there is a conflict
|
||
between the documents that make up this Agreement, the
|
||
documents will control in the following order: the Dropbox
|
||
invoice, the Dropbox order form, the Agreement.
|
||
c. Governing Law. THE AGREEMENT WILL BE GOVERNED BY CALIFORNIA
|
||
LAW EXCEPT FOR ITS CONFLICTS OF LAWS PRINCIPLES.
|
||
d. Severability. Unenforceable provisions will be modified to
|
||
reflect the parties' intention and only to the extent
|
||
necessary to make them enforceable, and the remaining
|
||
provisions of the Agreement will remain in full effect.
|
||
e. Notice. Notices must be sent via first class, airmail, or
|
||
overnight courier and are deemed given when received. Notices
|
||
to Customer may also be sent to the applicable account email
|
||
address and are deemed given when sent. Notices to Dropbox
|
||
must be sent to Dropbox, Inc., P.O. Box 77767, San Francisco,
|
||
CA 94107, with a copy to the Legal Department.
|
||
f. Waiver. A waiver of any default is not a waiver of any
|
||
subsequent default.
|
||
g. Assignment. Customer may not assign or transfer this Agreement
|
||
or any rights or obligations under this Agreement without the
|
||
written consent of Dropbox. Dropbox may not assign this
|
||
Agreement without providing notice to Customer, except Dropbox
|
||
may assign this Agreement or any rights or obligations under
|
||
this Agreement to an affiliate or in connection with a merger,
|
||
acquisition, corporate reorganization, or sale of all or
|
||
substantially all of its assets without providing notice. Any
|
||
other attempt to transfer or assign is void.
|
||
h. No Agency. Dropbox and Customer are not legal partners or
|
||
agents, but are independent contractors.
|
||
i. Force Majeure. Except for payment obligations, neither Dropbox
|
||
nor Customer will be liable for inadequate performance to the
|
||
extent caused by a condition that was beyond the party's
|
||
reasonable control (for example, natural disaster, act of war
|
||
or terrorism, riot, labor condition, governmental action, and
|
||
Internet disturbance).
|
||
j. No Third-Party Beneficiaries. There are no third-party
|
||
beneficiaries to this Agreement. Without limiting this
|
||
section, a Customer's End Users are not third-party
|
||
beneficiaries to Customer's rights under this Agreement.
|
||
k. Export Restrictions. The export and re-export of Customer Data
|
||
via the Services may be controlled by the United States Export
|
||
Administration Regulations or other applicable export
|
||
restrictions or embargo. The Services may not be used in Cuba,
|
||
Iran, North Korea, Sudan, or Syria or any country that is
|
||
subject to an embargo by the United States and Customer must
|
||
not use the Services in violation of any export restriction or
|
||
embargo by the United States or any other applicable
|
||
jurisdiction. In addition, Customer must ensure that the
|
||
Services are not provided to persons on the United States
|
||
Table of Denial Orders, the Entity List, or the List of
|
||
Specially Designated Nationals.
|
||
__________________________________________________________________
|
||
|
||
Schedule 1
|
||
|
||
Commission Decision C(2010)593
|
||
|
||
Standard Contractual Clauses (processors)
|
||
|
||
For the purposes of Article 26(2) of Directive 95/46/EC for the
|
||
transfer of personal data to processors established in third countries
|
||
which do not ensure an adequate level of data protection
|
||
|
||
Name of the data exporting organisation: The Customer that is a party
|
||
to the Dropbox Business Agreement with Dropbox Ireland
|
||
(the data exporter)
|
||
|
||
And
|
||
|
||
Name of the data importing organisation: Dropbox, Inc.
|
||
Address: 333 Brannan Street, San Francisco, CA 94107 USA
|
||
(the data importer)
|
||
|
||
each a "party"; together "the parties",
|
||
|
||
HAVE AGREED on the following Contractual Clauses (the Clauses) in order
|
||
to adduce adequate safeguards with respect to the protection of privacy
|
||
and fundamental rights and freedoms of individuals for the transfer by
|
||
the data exporter to the data importer of the personal data specified
|
||
in [73]Appendix 1.
|
||
|
||
Clause 1
|
||
|
||
Definitions
|
||
|
||
For the purposes of the Clauses:
|
||
a. 'personal data', 'special categories of data',
|
||
'process/processing', 'controller', 'processor', 'data subject' and
|
||
'supervisory authority' shall have the same meaning as in Directive
|
||
95/46/EC of the European Parliament and of the Council of 24
|
||
October 1995 on the protection of individuals with regard to the
|
||
processing of personal data and on the free movement of such
|
||
data^[74]1;
|
||
b. 'the data exporter' means the controller who transfers the personal
|
||
data;
|
||
c. 'the data importer' means the processor who agrees to receive from
|
||
the data exporter personal data intended for processing on his
|
||
behalf after the transfer in accordance with his instructions and
|
||
the terms of the Clauses and who is not subject to a third
|
||
country's system ensuring adequate protection within the meaning of
|
||
Article 25(1) of Directive 95/46/EC;
|
||
d. 'the subprocessor' means any processor engaged by the data importer
|
||
or by any other subprocessor of the data importer who agrees to
|
||
receive from the data importer or from any other subprocessor of
|
||
the data importer personal data exclusively intended for processing
|
||
activities to be carried out on behalf of the data exporter after
|
||
the transfer in accordance with his instructions, the terms of the
|
||
Clauses and the terms of the written subcontract;
|
||
e. 'the applicable data protection law' means the legislation
|
||
protecting the fundamental rights and freedoms of individuals and,
|
||
in particular, their right to privacy with respect to the
|
||
processing of personal data applicable to a data controller in the
|
||
Member State in which the data exporter is established;
|
||
f. 'technical and organisational security measures' means those
|
||
measures aimed at protecting personal data against accidental or
|
||
unlawful destruction or accidental loss, alteration, unauthorised
|
||
disclosure or access, in particular where the processing involves
|
||
the transmission of data over a network, and against all other
|
||
unlawful forms of processing.
|
||
|
||
Clause 2
|
||
|
||
Details of the transfer
|
||
|
||
The details of the transfer and in particular the special categories of
|
||
personal data where applicable are specified in Appendix 1 which forms
|
||
an integral part of the Clauses.
|
||
|
||
Clause 3
|
||
|
||
Third-party beneficiary clause
|
||
|
||
1. The data subject can enforce against the data exporter this Clause,
|
||
Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1)
|
||
and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party
|
||
beneficiary.
|
||
2. The data subject can enforce against the data importer this Clause,
|
||
Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
|
||
Clauses 9 to 12, in cases where the data exporter has factually
|
||
disappeared or has ceased to exist in law unless any successor
|
||
entity has assumed the entire legal obligations of the data
|
||
exporter by contract or by operation of law, as a result of which
|
||
it takes on the rights and obligations of the data exporter, in
|
||
which case the data subject can enforce them against such entity.
|
||
3. The data subject can enforce against the subprocessor this Clause,
|
||
Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and
|
||
Clauses 9 to 12, in cases where both the data exporter and the data
|
||
importer have factually disappeared or ceased to exist in law or
|
||
have become insolvent, unless any successor entity has assumed the
|
||
entire legal obligations of the data exporter by contract or by
|
||
operation of law as a result of which it takes on the rights and
|
||
obligations of the data exporter, in which case the data subject
|
||
can enforce them against such entity. Such third-party liability of
|
||
the subprocessor shall be limited to its own processing operations
|
||
under the Clauses.
|
||
4. The parties do not object to a data subject being represented by an
|
||
association or other body if the data subject so expressly wishes
|
||
and if permitted by national law.
|
||
|
||
Clause 4
|
||
|
||
Obligations of the data exporter
|
||
|
||
The data exporter agrees and warrants:
|
||
a. that the processing, including the transfer itself, of the personal
|
||
data has been and will continue to be carried out in accordance
|
||
with the relevant provisions of the applicable data protection law
|
||
(and, where applicable, has been notified to the relevant
|
||
authorities of the Member State where the data exporter is
|
||
established) and does not violate the relevant provisions of that
|
||
State;
|
||
b. that it has instructed and throughout the duration of the personal
|
||
data processing services will instruct the data importer to process
|
||
the personal data transferred only on the data exporter's behalf
|
||
and in accordance with the applicable data protection law and the
|
||
Clauses;
|
||
c. that the data importer will provide sufficient guarantees in
|
||
respect of the technical and organisational security measures
|
||
specified in [75]Appendix 2 to this contract;
|
||
d. that after assessment of the requirements of the applicable data
|
||
protection law, the security measures are appropriate to protect
|
||
personal data against accidental or unlawful destruction or
|
||
accidental loss, alteration, unauthorised disclosure or access, in
|
||
particular where the processing involves the transmission of data
|
||
over a network, and against all other unlawful forms of processing,
|
||
and that these measures ensure a level of security appropriate to
|
||
the risks presented by the processing and the nature of the data to
|
||
be protected having regard to the state of the art and the cost of
|
||
their implementation;
|
||
e. that it will ensure compliance with the security measures;
|
||
f. that, if the transfer involves special categories of data, the data
|
||
subject has been informed or will be informed before, or as soon as
|
||
possible after, the transfer that its data could be transmitted to
|
||
a third country not providing adequate protection within the
|
||
meaning of Directive 95/46/EC;
|
||
g. to forward any notification received from the data importer or any
|
||
subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data
|
||
protection supervisory authority if the data exporter decides to
|
||
continue the transfer or to lift the suspension;
|
||
h. to make available to the data subjects upon request a copy of the
|
||
Clauses, with the exception of Appendix 2, and a summary
|
||
description of the security measures, as well as a copy of any
|
||
contract for subprocessing services which has to be made in
|
||
accordance with the Clauses, unless the Clauses or the contract
|
||
contain commercial information, in which case it may remove such
|
||
commercial information;
|
||
i. that, in the event of subprocessing, the processing activity is
|
||
carried out in accordance with Clause 11 by a subprocessor
|
||
providing at least the same level of protection for the personal
|
||
data and the rights of data subject as the data importer under the
|
||
Clauses; and
|
||
j. that it will ensure compliance with Clause 4(a) to (i).
|
||
|
||
Clause 5
|
||
|
||
Obligations of the data importer^[76]2
|
||
|
||
The data importer agrees and warrants:
|
||
a. to process the personal data only on behalf of the data exporter
|
||
and in compliance with its instructions and the Clauses; if it
|
||
cannot provide such compliance for whatever reasons, it agrees to
|
||
inform promptly the data exporter of its inability to comply, in
|
||
which case the data exporter is entitled to suspend the transfer of
|
||
data and/or terminate the contract;
|
||
b. that it has no reason to believe that the legislation applicable to
|
||
it prevents it from fulfilling the instructions received from the
|
||
data exporter and its obligations under the contract and that in
|
||
the event of a change in this legislation which is likely to have a
|
||
substantial adverse effect on the warranties and obligations
|
||
provided by the Clauses, it will promptly notify the change to the
|
||
data exporter as soon as it is aware, in which case the data
|
||
exporter is entitled to suspend the transfer of data and/or
|
||
terminate the contract;
|
||
c. that it has implemented the technical and organisational security
|
||
measures specified in Appendix 2 before processing the personal
|
||
data transferred;
|
||
d. that it will promptly notify the data exporter about:
|
||
i. any legally binding request for disclosure of the personal
|
||
data by a law enforcement authority unless otherwise
|
||
prohibited, such as a prohibition under criminal law to
|
||
preserve the confidentiality of a law enforcement
|
||
investigation,
|
||
ii. any accidental or unauthorised access, and
|
||
iii. any request received directly from the data subjects without
|
||
responding to that request, unless it has been otherwise
|
||
authorised to do so;
|
||
e. to deal promptly and properly with all inquiries from the data
|
||
exporter relating to its processing of the personal data subject to
|
||
the transfer and to abide by the advice of the supervisory
|
||
authority with regard to the processing of the data transferred;
|
||
f. at the request of the data exporter to submit its data processing
|
||
facilities for audit of the processing activities covered by the
|
||
Clauses which shall be carried out by the data exporter or an
|
||
inspection body composed of independent members and in possession
|
||
of the required professional qualifications bound by a duty of
|
||
confidentiality, selected by the data exporter, where applicable,
|
||
in agreement with the supervisory authority;
|
||
g. to make available to the data subject upon request a copy of the
|
||
Clauses, or any existing contract for subprocessing, unless the
|
||
Clauses or contract contain commercial information, in which case
|
||
it may remove such commercial information, with the exception of
|
||
Appendix 2 which shall be replaced by a summary description of the
|
||
security measures in those cases where the data subject is unable
|
||
to obtain a copy from the data exporter;
|
||
h. that, in the event of subprocessing, it has previously informed the
|
||
data exporter and obtained its prior written consent;
|
||
i. that the processing services by the subprocessor will be carried
|
||
out in accordance with Clause 11;
|
||
j. to send promptly a copy of any subprocessor agreement it concludes
|
||
under the Clauses to the data exporter.
|
||
|
||
Clause 6
|
||
|
||
Liability
|
||
|
||
1. The parties agree that any data subject, who has suffered damage as
|
||
a result of any breach of the obligations referred to in Clause 3
|
||
or in Clause 11 by any party or subprocessor is entitled to receive
|
||
compensation from the data exporter for the damage suffered.
|
||
2. If a data subject is not able to bring a claim for compensation in
|
||
accordance with paragraph 1 against the data exporter, arising out
|
||
of a breach by the data importer or his subprocessor of any of
|
||
their obligations referred to in Clause 3 or in Clause 11, because
|
||
the data exporter has factually disappeared or ceased to exist in
|
||
law or has become insolvent, the data importer agrees that the data
|
||
subject may issue a claim against the data importer as if it were
|
||
the data exporter, unless any successor entity has assumed the
|
||
entire legal obligations of the data exporter by contract of by
|
||
operation of law, in which case the data subject can enforce its
|
||
rights against such entity.
|
||
The data importer may not rely on a breach by a subprocessor of its
|
||
obligations in order to avoid its own liabilities.
|
||
3. If a data subject is not able to bring a claim against the data
|
||
exporter or the data importer referred to in paragraphs 1 and 2,
|
||
arising out of a breach by the subprocessor of any of their
|
||
obligations referred to in Clause 3 or in Clause 11 because both
|
||
the data exporter and the data importer have factually disappeared
|
||
or ceased to exist in law or have become insolvent, the
|
||
subprocessor agrees that the data subject may issue a claim against
|
||
the data subprocessor with regard to its own processing operations
|
||
under the Clauses as if it were the data exporter or the data
|
||
importer, unless any successor entity has assumed the entire legal
|
||
obligations of the data exporter or data importer by contract or by
|
||
operation of law, in which case the data subject can enforce its
|
||
rights against such entity. The liability of the subprocessor shall
|
||
be limited to its own processing operations under the Clauses.
|
||
|
||
Clause 7
|
||
|
||
Mediation and jurisdiction
|
||
|
||
1. The data importer agrees that if the data subject invokes against
|
||
it third-party beneficiary rights and/or claims compensation for
|
||
damages under the Clauses, the data importer will accept the
|
||
decision of the data subject:
|
||
a. to refer the dispute to mediation, by an independent person
|
||
or, where applicable, by the supervisory authority;
|
||
b. to refer the dispute to the courts in the Member State in
|
||
which the data exporter is established.
|
||
2. The parties agree that the choice made by the data subject will not
|
||
prejudice its substantive or procedural rights to seek remedies in
|
||
accordance with other provisions of national or international law.
|
||
|
||
Clause 8
|
||
|
||
Cooperation with supervisory authorities
|
||
|
||
1. The data exporter agrees to deposit a copy of this contract with
|
||
the supervisory authority if it so requests or if such deposit is
|
||
required under the applicable data protection law.
|
||
2. The parties agree that the supervisory authority has the right to
|
||
conduct an audit of the data importer, and of any subprocessor,
|
||
which has the same scope and is subject to the same conditions as
|
||
would apply to an audit of the data exporter under the applicable
|
||
data protection law.
|
||
3. The data importer shall promptly inform the data exporter about the
|
||
existence of legislation applicable to it or any subprocessor
|
||
preventing the conduct of an audit of the data importer, or any
|
||
subprocessor, pursuant to paragraph 2. In such a case the data
|
||
exporter shall be entitled to take the measures foreseen in Clause
|
||
5 (b).
|
||
|
||
Clause 9
|
||
|
||
Governing Law
|
||
|
||
The Clauses shall be governed by the law of the Member State in which
|
||
the data exporter is established.
|
||
|
||
Clause 10
|
||
|
||
Variation of the contract
|
||
|
||
The parties undertake not to vary or modify the Clauses. This does not
|
||
preclude the parties from adding clauses on business related issues
|
||
where required as long as they do not contradict the Clause.
|
||
|
||
Clause 11
|
||
|
||
Subprocessing
|
||
|
||
1. The data importer shall not subcontract any of its processing
|
||
operations performed on behalf of the data exporter under the
|
||
Clauses without the prior written consent of the data exporter.
|
||
Where the data importer subcontracts its obligations under the
|
||
Clauses, with the consent of the data exporter, it shall do so only
|
||
by way of a written agreement with the subprocessor which imposes
|
||
the same obligations on the subprocessor as are imposed on the data
|
||
importer under the Clauses^[77]3. Where the subprocessor fails to
|
||
fulfil its data protection obligations under such written agreement
|
||
the data importer shall remain fully liable to the data exporter
|
||
for the performance of the subprocessor's obligations under such
|
||
agreement.
|
||
2. The prior written contract between the data importer and the
|
||
subprocessor shall also provide for a third-party beneficiary
|
||
clause as laid down in Clause 3 for cases where the data subject is
|
||
not able to bring the claim for compensation referred to in
|
||
paragraph 1 of Clause 6 against the data exporter or the data
|
||
importer because they have factually disappeared or have ceased to
|
||
exist in law or have become insolvent and no successor entity has
|
||
assumed the entire legal obligations of the data exporter or data
|
||
importer by contract or by operation of law. Such third-party
|
||
liability of the subprocessor shall be limited to its own
|
||
processing operations under the Clauses.
|
||
3. The provisions relating to data protection aspects for
|
||
subprocessing of the contract referred to in paragraph 1 shall be
|
||
governed by the law of the Member State in which the data exporter
|
||
is established.
|
||
4. The data exporter shall keep a list of subprocessing agreements
|
||
concluded under the Clauses and notified by the data importer
|
||
pursuant to Clause 5 (j), which shall be updated at least once a
|
||
year. The list shall be available to the data exporter's data
|
||
protection supervisory authority.
|
||
|
||
Clause 12
|
||
|
||
Obligation after the termination of personal data processing services
|
||
1. The parties agree that on the termination of the provision of data
|
||
processing services, the data importer and the subprocessor shall,
|
||
at the choice of the data exporter, return all the personal data
|
||
transferred and the copies thereof to the data exporter or shall
|
||
destroy all the personal data and certify to the data exporter that
|
||
it has done so, unless legislation imposed upon the data importer
|
||
prevents it from returning or destroying all or part of the
|
||
personal data transferred. In that case, the data importer warrants
|
||
that it will guarantee the confidentiality of the personal data
|
||
transferred and will not actively process the personal data
|
||
transferred anymore.
|
||
2. The data importer and the subprocessor warrant that upon request of
|
||
the data exporter and/or of the supervisory authority, it will
|
||
submit its data processing facilities for an audit of the measures
|
||
referred to in paragraph 1.
|
||
|
||
Additional Provisions
|
||
|
||
Capitalised terms used in Sections A to C and the Appendices but not
|
||
defined in the Clauses shall have the meaning provided in the Dropbox
|
||
Business Agreement between the data exporter and Dropbox Ireland.
|
||
A. Security Audit. The data importer maintains ISO/IEC 27001:2013 and
|
||
ISO/IEC 27018:2014 certifications, which are issued by an
|
||
independent third party auditor. The data importer will continue to
|
||
undergo regular ISO/IEC 27001:2013 and ISO/IEC 27018 audits
|
||
necessary for maintaining such certifications for the Services
|
||
during the Term. The data importer also regularly undergoes Service
|
||
Organization Control 2 (SOC 2) Type II audits. Subject to the data
|
||
importer's confidentiality obligations and no more than once a
|
||
year, the data importer will provide the data exporter with a copy
|
||
of the SOC 2 Type II Report upon written request. The data importer
|
||
will make new SOC 2 reports available as they are completed subject
|
||
to the data importer's confidentiality requirements. The data
|
||
importer regularly reviews its third party subservice
|
||
organizations, which undergo Standards for Attestation Engagements
|
||
No. 16 (SSAE 16) / International Standard on Assurance Engagements
|
||
No. 3402 (ISAE 3402) Service Organization Control 1 (SOC 1) Type II
|
||
or Service Organization Control 2 (SOC 2) Type II audits that
|
||
evaluate the design and effectiveness of their security policies,
|
||
procedures, and controls.
|
||
The data exporter agrees that the data importer's obligations set
|
||
forth in this Section A fully satisfy the audit rights under Clause
|
||
5(f) and Clause 12 (2) of the Clauses.
|
||
B. Sub-processing. The data importer may engage other companies to
|
||
provide limited parts of the Services (including support services)
|
||
on the data importer's behalf, and the data exporter consents to
|
||
the data importer subcontracting the processing of personal data to
|
||
such sub-processors as described in the Clauses. The data importer
|
||
will ensure that any sub-processor will only access and use
|
||
personal data to provide the Services as set forth in a written
|
||
agreement between the data importer and the sub-processor. The data
|
||
exporter acknowledges that any requirements applicable to the data
|
||
importer under the Clauses in respect of agreements with
|
||
sub-processors shall be satisfied in full provided that the
|
||
sub-processing agreement between the data importer and the
|
||
sub-processor provides at least the level of data protection
|
||
required under the Dropbox Business Agreement.
|
||
C. Liability. The Clauses shall be subject to the limitations and
|
||
exclusions of liability contained in the "Limitation of Liability"
|
||
section of the Dropbox Business Agreement, such that the total
|
||
liability of the data importer and Dropbox Ireland, in aggregate,
|
||
shall not exceed the limitations set out in the Dropbox Business
|
||
Agreement. For the avoidance of doubt, the data exporter shall not
|
||
be entitled to recover from both the data importer and Dropbox
|
||
Ireland in respect of the same loss.
|
||
__________________________________________________________________
|
||
|
||
Appendix 1 to the Standard Contractual Clauses
|
||
|
||
This Appendix forms part of the Clauses and must be completed and
|
||
signed by the parties.
|
||
|
||
The Member States may complete or specify, according to their national
|
||
procedures, any additional necessary information to be contained in
|
||
this Appendix.
|
||
|
||
Data exporter
|
||
|
||
The data exporter is (please specify briefly your activities relevant
|
||
to the transfer):
|
||
|
||
The Customer to the Dropbox Business Agreement with Dropbox Ireland.
|
||
|
||
Data importer
|
||
|
||
The data importer is (please specify briefly activities relevant to the
|
||
transfer):
|
||
|
||
Dropbox, Inc., a global provider of cloud services for individuals and
|
||
business. Dropbox, Inc., and its affiliates provide a website, software
|
||
and mobile applications that allow people to store files, synchronize
|
||
files across multiple devices, and collaborate with others. Dropbox,
|
||
Inc.'s service may also be accessed by Application Programming
|
||
Interfaces (APIs).
|
||
|
||
Data subjects
|
||
|
||
The personal data transferred concern the following categories of data
|
||
subjects (please specify):
|
||
|
||
The data exporter and data exporter's affiliates' end users including
|
||
employees, consultants and contractors of the data exporter, as well as
|
||
any individuals collaborating or sharing with these end users using the
|
||
services provided by data importer.
|
||
|
||
Categories of data
|
||
|
||
The personal data transferred concern the following categories of data
|
||
(please specify):
|
||
|
||
End users identifying information and organization data (both on-line
|
||
and off-line) as well as documents, images and other content or data in
|
||
electronic form stored or transmitted by end users via data importer's
|
||
services.
|
||
|
||
Processing operations
|
||
|
||
The personal data transferred will be subject to the following basic
|
||
processing activities (please specify):
|
||
|
||
The data importer or its sub-processors will use and process personal
|
||
data and the data exporter instructs the data importer to use and
|
||
process personal data in order to provide the Services under the
|
||
Dropbox Business Agreement.
|
||
__________________________________________________________________
|
||
|
||
Appendix 2 to the Standard Contractual Clauses
|
||
|
||
This Appendix forms part of the Clauses and must be completed and
|
||
signed by the parties.
|
||
|
||
Description of the technical and organisational security measures
|
||
implemented by the data importer in accordance with Clauses 4(d) and
|
||
5(c) (or document/legislation attached):
|
||
|
||
Data Privacy Contact
|
||
|
||
The data privacy officer of the data importer can be reached at
|
||
privacy@dropbox.com
|
||
|
||
Security Measures
|
||
|
||
The data importer has implemented and will maintain appropriate
|
||
administrative, technical and physical safeguards to protect personal
|
||
data as further described in the Dropbox for Business Security
|
||
Whitepaper (available as of the Effective Date at:
|
||
[78]https://www.dropbox.com/…/Security_Whitepaper.pdf) and additionally
|
||
set forth below. The data importer may update these security measures
|
||
from time to time, with the most recent version available at the above
|
||
URL (or other URL as communicated by data importer), provided however
|
||
that data importer will notify data exporter if data importer updates
|
||
the security measures in a manner that materially diminishes the
|
||
administrative, technical or physical security features described
|
||
therein or in this Appendix 2.
|
||
1. Service Security
|
||
1. Dropbox Architecture. The data importer's service is designed
|
||
with multiple layers of protection, covering data transfer,
|
||
encryption, network configuration and application-level
|
||
controls that are distributed across a scalable, secure
|
||
infrastructure. End users of data importer's service can
|
||
access files and folders at any time from the desktop, web and
|
||
mobile clients. All of these clients connect to secure
|
||
services to provide access to files, allow file sharing with
|
||
others, and update linked devices when files are added,
|
||
changed or deleted. The service can be utilized and accessed
|
||
through a number of interfaces. Each has security settings and
|
||
features that process and protect the data while ensuring ease
|
||
of access.
|
||
2. Reliability. The data importer's service is developed with
|
||
multiple layers of redundancy to guard against data loss and
|
||
ensure availability.
|
||
3. Encryption. To protect the data in transit between the data
|
||
exporter and data importer, data importer uses Secure Sockets
|
||
Layer (SSL)/Transport Layer Security (TLS) for data transfer,
|
||
creating a secure tunnel protected by 128-bit or higher
|
||
Advanced Encryption Standard (AES) encryption. File data at
|
||
rest is encrypted using 256-bit AES encryption. The data
|
||
importer's encryption key management infrastructure is
|
||
designed with operational, technical and procedural security
|
||
controls with very limited direct access to keys. Encryption
|
||
key generation, exchange and storage are distributed for
|
||
decentralized processing.
|
||
4. User Management Features. End users of data importer's service
|
||
have the ability to restore lost files and recover previous
|
||
versions of files, ensuring changes to those files can be
|
||
tracked and retrieved. The data importer's service allows for
|
||
the use of a two-step authentication procedure which adds an
|
||
extra layer of protection.
|
||
5. Data Centers. The data importer's corporate and production
|
||
systems are housed at third-party subservice organization data
|
||
centers located in the United States. The data importer
|
||
reviews all subservice organization data center Service
|
||
Organization Control (SOC) 1 and/or SOC 2 reports at a minimum
|
||
annually for sufficient security controls.
|
||
2. Information Security.
|
||
1. Policies. The data importer has established a thorough set of
|
||
security policies covering areas of information security,
|
||
physical security, incident response, logical access, physical
|
||
production access, change management and support. These
|
||
policies are reviewed and approved at least annually. The data
|
||
importer personnel are notified of updates to these policies
|
||
and are provided security training.
|
||
2. Personnel Policy and Access. The data importer's internal
|
||
policies require onboarding procedures that include background
|
||
checks (as allowed by local laws), security policy
|
||
acknowledgement, communicating updates to security policy, and
|
||
non-disclosure agreements. All personnel access is promptly
|
||
removed when an employee or contractor leaves the company. The
|
||
data importer employs technical access controls and internal
|
||
policies to prohibit employees or contractors from arbitrarily
|
||
accessing file data and to restrict access to metadata and
|
||
other information about end users' accounts. In order to
|
||
protect end user privacy and security, only a small number of
|
||
employees or contractors have access to the environment where
|
||
end user files are stored. A record of access request,
|
||
justification and approval are recorded by management and
|
||
access is granted by appropriate individuals.
|
||
3. Network Security. The data importer maintains network security
|
||
and monitoring techniques that are designed to provide
|
||
multiple layers of protection and defense. The data importer
|
||
employs industry-standard protection techniques, including
|
||
firewalls, network security monitoring, and intrusion
|
||
detection systems to ensure only eligible traffic is able to
|
||
reach data importer's infrastructure.
|
||
4. Change Management. The data importer ensures that
|
||
security-related changes have been authorized prior to
|
||
implementation into the production environments. Source code
|
||
changes are initiated by developers that would like to make an
|
||
enhancement to a data importer application or service. Changes
|
||
to data importer's infrastructure are restricted to authorized
|
||
personnel only. Changes to the application level of the
|
||
services are required to go through automated quality
|
||
assurance ("QA") testing procedures to verify that security
|
||
requirements are met. Successful completion of QA procedures
|
||
leads to implementation of the change.
|
||
5. Compliance. The data importer, its data center providers, and
|
||
its managed service provider undergo regular security audits
|
||
which are performed by an independent third party. The data
|
||
importer will continue to participate in regular ISO/IEC
|
||
27001:2013 and ISO/IEC 27018:2014 audits. Data importer also
|
||
reviews SOC 1 and/or SOC 2 reports for all subservice
|
||
organizations. In the event a subservice organization's SOC 1
|
||
and/or SOC 2 report is unavailable, data importer performs
|
||
security site visits to verify applicable physical,
|
||
environmental, and operational security controls satisfy
|
||
control criteria and contractual requirements. The data
|
||
importer evaluates additional certifications and compliance
|
||
attestations, as made available to data importer by the
|
||
subservice providers, on an ongoing basis.
|
||
3. Physical Security
|
||
1. Infrastructure. Physical access to subservice organization
|
||
facilities where production systems reside are restricted to
|
||
personnel authorized by data importer, as required to perform
|
||
their job function. Any individuals requiring additional
|
||
access to production environment facilities are granted that
|
||
access through explicit approval by appropriate management.
|
||
2. Office. The data importer maintains a physical security team
|
||
that is responsible for enforcing physical security policy and
|
||
overseeing the security of data importer's corporate offices.
|
||
Access to areas containing corporate services is restricted to
|
||
authorized personnel via elevated roles granted through the
|
||
badge access system.
|
||
__________________________________________________________________
|
||
|
||
Footnotes
|
||
|
||
1. Parties may reproduce definitions and meanings contained in
|
||
Directive 95/46/EC within this Clause if they considered it better
|
||
for the contract to stand alone. [79]↩
|
||
2. Mandatory requirements of the national legislation applicable to
|
||
the data importer which do not go beyond what is necessary in a
|
||
democratic society on the basis of one of the interests listed in
|
||
Article 13(1) of Directive 95/46/EC, that is, if they constitute a
|
||
necessary measure to safeguard national security, defence, public
|
||
security, the prevention, investigation, detection and prosecution
|
||
of criminal offences or of breaches of ethics for the regulated
|
||
professions, an important economic or financial interest of the
|
||
State or the protection of the data subject or the rights and
|
||
freedoms of others, are not in contradiction with the standard
|
||
contractual clauses. Some examples of such mandatory requirements
|
||
which do not go beyond what is necessary in a democratic society
|
||
are, inter alia, internationally recognised sanctions,
|
||
tax-reporting requirements or anti-money-laundering reporting
|
||
requirements. [80]↩
|
||
3. This requirement may be satisfied by the subprocessor co-signing
|
||
the contract entered into between the data exporter and the data
|
||
importer under this Decision. [81]↩
|
||
|
||
Dropbox DMCA Policy
|
||
|
||
Dropbox (“Dropbox”) respects the intellectual property rights of others
|
||
and expects its users to do the same. In accordance with the Digital
|
||
Millennium Copyright Act of 1998, the text of which may be found on the
|
||
U.S. Copyright Office website at
|
||
[82]http://www.copyright.gov/legislation/dmca.pdf, Dropbox will respond
|
||
expeditiously to claims of copyright infringement committed using the
|
||
Dropbox service and/or the Dropbox website (the “Site”) if such claims
|
||
are reported to Dropbox’s Designated Copyright Agent identified in the
|
||
sample notice below.
|
||
|
||
If you are a copyright owner, authorized to act on behalf of one, or
|
||
authorized to act under any exclusive right under copyright, please
|
||
report alleged copyright infringements taking place on or through the
|
||
Site by completing the following DMCA Notice of Alleged Infringement
|
||
and delivering it to Dropbox’s Designated Copyright Agent. Upon receipt
|
||
of Notice as described below, Dropbox will take whatever action, in its
|
||
sole discretion, it deems appropriate, including removal of the
|
||
challenged content from the Site.
|
||
|
||
DMCA Notice of Alleged Infringement (“Notice”)
|
||
|
||
1. Identify the copyrighted work that you claim has been infringed, or
|
||
- if multiple copyrighted works are covered by this Notice - you
|
||
may provide a representative list of the copyrighted works that you
|
||
claim have been infringed.
|
||
2. Identify the material or link you claim is infringing (or the
|
||
subject of infringing activity) and to which access is to be
|
||
disabled, including at a minimum, if applicable, the URL of the
|
||
link shown on the Site or the exact location where such material
|
||
may be found.
|
||
3. Provide your company affiliation (if applicable), mailing address,
|
||
telephone number, and, if available, email address.
|
||
4. Include both of the following statements in the body of the Notice:
|
||
+ “I hereby state that I have a good faith belief that the
|
||
disputed use of the copyrighted material is not authorized by
|
||
the copyright owner, its agent, or the law (e.g., as a fair
|
||
use).”
|
||
+ “I hereby state that the information in this Notice is
|
||
accurate and, under penalty of perjury, that I am the owner,
|
||
or authorized to act on behalf of, the owner, of the copyright
|
||
or of an exclusive right under the copyright that is allegedly
|
||
infringed.”
|
||
5. Provide your full legal name and your electronic or physical
|
||
signature.
|
||
|
||
Deliver this Notice, with all items completed, to Dropbox’s Designated
|
||
Copyright Agent:
|
||
Copyright Agent
|
||
Dropbox Inc.
|
||
333 Brannan Street
|
||
San Francisco, CA 94107
|
||
[83]copyright@dropbox.com
|
||
[84]Submit DMCA notice
|
||
|
||
Dropbox Acceptable Use Policy
|
||
|
||
Dropbox is used by millions of people, and we're proud of the trust
|
||
placed in us. In exchange, we trust you to use our services
|
||
responsibly.
|
||
|
||
You agree not to misuse the Dropbox services ("Services") or help
|
||
anyone else to do so. For example, you must not even try to do any of
|
||
the following in connection with the Services:
|
||
* probe, scan, or test the vulnerability of any system or network;
|
||
* breach or otherwise circumvent any security or authentication
|
||
measures;
|
||
* access, tamper with, or use non-public areas or parts of the
|
||
Services, or shared areas of the Services you haven't been invited
|
||
to;
|
||
* interfere with or disrupt any user, host, or network, for example
|
||
by sending a virus, overloading, flooding, spamming, or
|
||
mail-bombing any part of the Services;
|
||
* access, search, or create accounts for the Services by any means
|
||
other than our publicly supported interfaces (for example,
|
||
"scraping" or creating accounts in bulk);
|
||
* send unsolicited communications, promotions or advertisements, or
|
||
spam;
|
||
* send altered, deceptive or false source-identifying information,
|
||
including "spoofing" or "phishing";
|
||
* promote or advertise products or services other than your own
|
||
without appropriate authorization;
|
||
* abuse referrals or promotions to get more storage space than
|
||
deserved;
|
||
* circumvent storage space limits;
|
||
* sell the Services unless specifically authorized to do so;
|
||
* publish or share materials that are unlawfully pornographic or
|
||
indecent, or that contain extreme acts of violence;
|
||
* advocate bigotry or hatred against any person or group of people
|
||
based on their race, religion, ethnicity, sex, gender identity,
|
||
sexual preference, disability, or impairment;
|
||
* violate the law in any way, including storing, publishing or
|
||
sharing material that's fraudulent, defamatory, or misleading; or
|
||
* violate the privacy or infringe the rights of others.
|