Dropbox Sign Privacy Policy
Posted: 2 October 2023
Effective as of: 2 October 2023
Introduction
This Privacy Policy describes how Dropbox collects, uses, discloses or otherwise handles your personal data when you visit or use the Dropbox Sign, Dropbox Forms and Dropbox Fax websites, software and services (collectively ‘Dropbox Sign Services’).
Sections
1. INFORMATION WE COLLECT
Information you provide to us. When registering for or using the Dropbox Sign Services we collect personal information provided by you. For example, when you create a Dropbox Sign account, you may provide us with your name, account name, alias, employment-related information (to the extent you are using an employer’s business account), email address and a password, your phone number, your address and an electronic image of your signature (‘Account information’).
You may provide us with personal information about other individuals when you use our Service, such as when you send or receive a signature request/workflow transaction, share information about such transactions or ask others to electronically sign documents (‘Your content’). You may also provide us with access to your contacts (‘Contacts’) to make it easy for you to do things like share and collaborate with others, send messages and invite others to use the Services. Contacts’ information may include personal information such as a real name, alias or email address. If you share your contacts with us, we will store those contacts on our servers for you to use.
Information that we collect automatically. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, creating and signing documents) (‘Usage information’). We use this information to provide, improve and promote our Services and to protect users of the Dropbox Sign Services. We also collect information from and about the devices you use to access the Dropbox Sign Services. This includes things like IP addresses, unique personal identifiers or online identifiers, the type of browser and device you use, the web page you visited before coming to our sites and identifiers associated with your devices (‘Device information’). Your devices (depending on their settings) may also transmit location information to the Dropbox Sign Services. For example, we use device information to detect abuse and identify and troubleshoot bugs.
Information that we collect from third parties. We may share and/or collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer to better serve you. We collect information like your purchasing or consuming history or tendencies, including products or services purchased, obtained or considered (“Commercial information”). For example:
- Analytics: We use services like Google Analytics and Heap, which use cookies and other tracking technologies to gather usage data that allows us to improve our products and services.
- Advertising: We use certain Google advertising features including Google Analytics Demographics and Interest Reporting and Remarketing. Third-party vendors, including Google, may show ads for the Dropbox Sign Services on sites across the Internet. You may opt out at any time here (myadcenter.google.com). We and third-party vendors, including Google, use first- and third-party cookies together to inform, optimise and serve ads based on someone’s past visits to our website.
- We partner with third parties to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies to provide you advertising based on your browsing activities and interests. If you wish to opt out of interest-based advertising, click www.aboutads.info/choices [or if located in the European Union click www.youronlinechoices.eu]. Please note you may continue to receive generic ads.
- Mobile: We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data and where the application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within the application.
Information we collect and process on behalf of you. The use of information collected through the Dropbox Sign Services shall be limited to the purpose for which you have engaged Dropbox. When you use the Dropbox Sign Services, we process and store certain information on your behalf as a data processor. For example, when you upload documents for review or signature, we act as a data processor and process information on your behalf and in accordance with your instructions. In this situation, you are the data controller.
If you are Customer that is based in the United States, its territories and possessions, Canada or Mexico, Dropbox, Inc. acts as your service provider. For all other Customers, Dropbox International Unlimited Company acts as a processor of your data.
Dropbox acknowledges that you have the right to access your personal information. Dropbox has no direct relationship with the individuals whose personal data it processes. An individual who seeks access or who seeks to correct, amend or delete data should direct their questions to Dropbox’s customers (the data controller). If requested to remove data we will respond within a reasonable time frame. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.
Cookies and other technologies. We use technologies like cookies and pixel tags (more information available here: https://help.dropbox.com/security/cookies) to provide, improve, protect and promote the Dropbox Sign Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with the Dropbox Sign Services and improving them based on that information. We may also use third-party service providers that set cookies and similar technologies to promote the Dropbox Sign Services.
Dropbox and its partners use cookies or similar technologies to analyse trends, administer the website, track users’ movements around the website and to gather demographic information about our user base. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on the Dropbox Sign Services. To manage Flash cookies, please click here (www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html).
We do not recognise or respond to browser-initiated Do Not Track signals.
2. HOW WE USE YOUR INFORMATION
We may use the information we collect through our products for a number of reasons, including to:
- provide, improve, protect and promote our products and services;
- set your account(s);
- send you records of your use of the service, including for purchases or other events;
- understand how you use our products and customise your experience;
- send you marketing communications (in accordance with your subscription preferences);
- record details about your electronic signature requests, workflows and other transactions (such as when they were opened, signed and when/where this took place);
- provide customer support;
- respond to your enquiries and requests;
- fix issues or problems with our products and services;
- prevent abuse of the products and services we offer; and
- carry out other lawful purposes about which we will notify our users and customers.
We may also combine the information we collect (or that is otherwise provided to us) through aggregation and other means to limit the identification of any particular individual to help with our business goals (such as research and marketing).
We give users the option to use some of the Dropbox Sign Services free of charge. These free Dropbox Sign Services are made possible by the fact that some users upgrade to one of our paid Dropbox Sign Services. If you register for the Dropbox Sign Services, we may, from time to time, send you information about upgrades. Users who receive these marketing materials can opt out at any time. If you don’t want to receive a particular type of marketing material from us, click the ‘unsubscribe’ link in the corresponding emails, or contact us using the contact details provided below (if using the contact details please provide your complete name, email address and any other relevant information that may be required to respond to your request). Please note that such marketing opt-out does not impact any transactional or operational notices that we may need to send you.
We sometimes contact people who don’t have a Dropbox Sign account. For recipients in the EU, we or a third party will obtain consent before reaching out. If you receive an email and no longer wish to be contacted by Dropbox Sign, you can unsubscribe and remove yourself from our contact list via the message itself.
Bases for processing your information. We collect and use the personal data described above in order to provide you with the Dropbox Sign Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent that we process your personal data for other purposes, we ask for your consent in advance or require our partners to obtain such consent.
If you have questions about, or need further information concerning, the lawful bases for processing your data, please contact us using the contact details provided under the 'How to contact us’ heading below.
4. RETENTION OF INFORMATION
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful purposes.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. HOW WE PROTECT YOUR INFORMATION
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at privacy@dropbox.com.
6. YOUR CHOICES ABOUT YOUR INFORMATION
You have control over your personal data and how it’s collected, used and shared. For example, you can:
- Delete your stuff in your Dropbox Sign account. You can learn more about how to delete files saved on Dropbox Sign here.
- Change or correct personal data. You can manage your account and the content contained in it, as well as edit some of your personal data, through your account settings page.
- Access and take your data elsewhere. You can access your personal data from your Dropbox Sign account and you can download a copy of your content in a machine readable format as outlined here. You can also ask us for a copy of personal data you provided to us or that we’ve collected, the business or commercial purpose for collecting it, the types of sources we got it from and types of third parties we’ve shared it with.
- Object to the processing of your personal data. Depending on the processing activity, you can request that we stop or limit processing of your personal data.
If you would like to submit a data access request, request that your personal data be deleted or object to the processing of your personal data, please email us at privacy@dropbox.com.
7. CHILDREN’S PRIVACY
The Dropbox Sign Services are not intended for use by or directed to minors. We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use the Dropbox Sign Services. Any person who provides their information to Dropbox through the account login page for new customers, sign-up page or any other part of the Dropbox Sign Services represents to Dropbox that they are of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms. We will delete any information we discover is collected from a minor without permission from their parent(s) or legal guardian(s). Please contact us using the contact details below if you believe you may have provided Dropbox with a minor’s information without permission from their parent(s) or legal guardian(s).
8. WHERE WE MAY STORE, PROCESS OR TRANSMIT YOUR INFORMATION
General. By using the Dropbox Sign Services you acknowledge and agree that: (i) your information will be processed as described in this Privacy Policy; and (ii) you consent to have your information transferred to us and our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Policy.
Around the world. To provide you with the Dropbox Sign Services, we may store, process and transmit data in the United States and locations around the world – including those outside your country. Data may also be stored locally on the devices you use to access the Dropbox Sign Services.
Data Transfers. When transferring data from the European Union, the European Economic Area, the United Kingdom and Switzerland, Dropbox relies upon a variety of legal mechanisms, such as contracts with our customers and affiliates, Standard Contractual Clauses, the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework and the European Commission’s adequacy decisions about certain countries, as applicable.
Data Privacy Frameworks. Dropbox complies with the EU-US and Swiss-US Data Privacy Frameworks, as well as the UK Extension to the EU-US Data Privacy Framework, as set forth by the US Department of Commerce regarding the processing of personal data transferred from the European Union, the European Economic Area, the United Kingdom and Switzerland to the United States. Dropbox has certified to the US Department of Commerce that it adheres to the Principles of these Data Privacy Frameworks with respect to such data. If there is any conflict between this Privacy Policy and the Data Privacy Framework Principles, the Principles shall govern. In accordance with the Principles, Dropbox shall remain liable for onward transfers if a processor processes personal data in a manner inconsistent with the Principles. To learn more about the Data Privacy Framework, and to view our certification, visit https://www.dataprivacyframework.gov.
Dropbox is subject to oversight by the US Federal Trade Commission. JAMS is the US-based independent organisation responsible for reviewing and resolving complaints about our Data Privacy Framework compliance – free of charge to you. We ask that you first submit any such complaints directly to us via privacy@dropbox.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/dpf-dispute-resolution. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration as set forth in Annex I of the Data Privacy Framework Principles.
9. CHANGES TO THIS POLICY
We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.
10. HOW TO CONTACT US
For questions or concerns regarding the collection, use or disclosure of your information, you can contact us by sending an email to privacy@dropbox.com.