Last Updated: May 12, 2020
Asia-Pacific Economic Cooperation (“APEC”)
APEC Cross Border Privacy Rules (“CBPR”) System: Box, Inc.’s privacy practices, described in the Privacy Notice, comply with the APEC CBPR System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Data transferred among participating APEC eco nomies. More information about the APEC framework can be found at: http://www.apec.org/Groups/Committee-on-Trade-and-Investment/~/media/Files/Groups/ECSG/CBPR/CBPR-PoliciesRulesGuidelines.ashx.
APEC Privacy Recognition for Processors (“PRP”) System: Box, Inc.’s privacy practices, described in this Privacy Notice, comply with the APEC PRP System . The APEC PR P S ystem provides a framework for data processors to demonstrate their ability to effectively implement a data controller’s privacy requirements . More information about the APEC PRP framework can be found at: https://www.apec.org/~/media/Files/Groups/ECSG/2015/APEC PRP Rules and Guidelines.pdf.
Binding Corporate Rules: Box, Inc., and the Box group of companies use Box’s Processor and Controller Global Binding Corporate Rules ("BCRs") as the basis for Box’s approach to global data privacy protection. Box’s Processor BCRs and Controller BCRs were authorized by the European data protection authorities, as will be listed at the European Commission website.
Box’s Processor BCRs ena ble Box to transfer Personal Data that Box processes on behalf of Customers from European Economic Area ("EEA") countries to non - EEA countries. Box’s Controller BCRs enable Box to transfer Personal Data within the Box group of companies globally, where Box acts as a data controller. Box’s BCRs will be available at:
EU - U.S. Privacy Shield and Swiss - U.S. Privacy Shield: Box, Inc. participates in and has certified its compliance with the EU - U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework.
California Residents: Under California law, California Residents who have an established business relationship with Box may choose to opt out of Box’s disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt out at any time after granting approval, please email firstname.lastname@example.org.
Starting January 1, 2020, under the California Consumer Privacy Act (CCPA), California Residents have the right to request the following information from Box by emailing email@example.com and Box will provide such information to you upon verification of your request:
- The categories of personal information Box collects about you;
- The categories of sources from which your personal information is collected;
- The business purpose for collecting your personal information;
- The categories of third parties with whom Box shares your personal information; and
- The specific pieces of personal information Box has collected about you.
In addition, you can find the following information in the corresponding Box Privacy Notice Sections:
|Privacy Notice Section||Categories of Information|
|Collection of Information||The categories of personal information Box collects about you.|
|The categories of sources from which your personal information is collected.|
|Use of Information||The business purpose for collecting your personal information.|
|Sharing and Disclosure of Information||The categories of third parties with whom Box shares your personal information.|
If you elect to exercise any of your rights under CCPA, Box will not deny services, provide a different price or rate for our services, or provide a different level of service to you because you exercised such rights. Under the current definition of CCPA, Box does not sell your personal information.