Box Privacy Notice
We collect certain information in the following ways:
Information You Provide
- We collect information directly from you when you: Register with Box for an account, create or modify your profile and account, access and use the Box Services (including but not limited to when you upload, download, collaborate on or share files or other information), use features of the Box Services, participate in a survey, contest, promotion, sweepstakes, activity or event, make a purchase, request customer support, or communicate with us via third-party social media. We also store the files or other information that you upload or provide to the Box Services (“Content”) in order to provide you with the Box Services.
- The types of information we may collect directly from you include:
- Your name;
- User name;
- Email address;
- Your picture;
- Postal address;
- Phone number;
- Information about your data storage preferences;
- Employer’s name;
- Job title;
- Transactional information (including services purchased or subscribed to and billing address); as well as
- Any contact or other information you choose to provide.
- We also collect the information of third parties you provide to enable the use of certain functionality and features of the Box Service. For example, if you invite a user into the Box Service, we will collect the email address you provide in order to invite that user to collaborate on the Content you shared.
Information We Collect Automatically
Information We Collect Through Your Use of the Box Services
- Usage Information: We monitor user activity in connection with the Box Services and collect information about the applications and features you use, the Box websites you visit, the sizes and names of the files or folders you upload, download, share, or access while using the Box Services, the Content you access, and any actions taken in connection with the access and use of your information and Content in the Box Services.
- Log Information: We log information about you when you access and use the Box Services, including: Your Internet Protocol ("IP") address, access times, browser type and language, Internet Service Provider ("ISP"), the Box web pages that you visit, the Content you use, and the URL of the web page you visited before navigating to one of the Box Services.
- Device Information:We collect information about any device (e.g., computers, mobile devices, etc.) used to access Box Services, including: The hardware model, operating system and version, unique device identifiers, mobile network information, or platform information. If you experience an error or crash in any of the Box Services, we may collect information (using first or third-party products) and logs from your device including information such as your device’s IP address, device name, operating system version, application configuration(s), the time and date, and other statistics. We collect your location-based information from your mobile device, with your consent, through our mobile apps to enable certain features and functionality. You can enable or disable this functionality in the Box mobile application settings.
Information Collected by Cookies and Similar Tracking Technologies: We (and the service providers working on our behalf) use various technologies to collect information. This may include saving cookies to your computer or mobile device. For information on what cookies are, which ones we use, why we use them, and how you can manage their use, please see our Cookie Notice.
Information We Collect from Other Sources
- We may also obtain information from third party applications and combine that with other information we collect through the Box Services. Any access or restrictions that we may have to such information from such a third party is in accordance with the privacy notice and authorization procedures determined by that third party.
Your information may be used to perform a variety of purposes, such as:
- Provide, operate, maintain, and improve the Box Services;
- Enable you to access and use the Box Services, including uploading, downloading, collaborating on and sharing Content, and sending emails on your behalf;
- Send you technical notices, updates, security alerts, and support and administrative messages;
- Provide and deliver the services and features you request, process and complete transactions and send you related information, including purchase confirmations and invoices;
- Respond to your comments, questions, and requests, and provide customer service and support;
- Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about Box and our select partners;
- Process and deliver contest or sweepstakes entries and rewards;
- Monitor and analyze trends, usage, and activities in connection with the Box Services and for sales, marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to the Box Services, and other illegal activities;
- Personalize and improve the Box Services, and provide Content, features, and/or advertisements that match your interests and preferences or otherwise customize your experience on the Box Services;
- Send you push notifications from time-to-time in order to update you about events or activities related to the Box Services. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we collect certain information about your device such as operating system and user identification information;
- Link or combine with other information we receive from third parties to help understand your needs and provide you with better service; and
- Enable you to collaborate on and share files with users you designate.
We may share information about you as follows:
- Vendors, Consultants, and Other Service Providers: We share information with third-party vendors, consultants, and other service providers who are working on our behalf and require access to your information to carry out that work, such as to process billing, provide customer support, etc. These service providers are authorized to use your information only as necessary to provide services to Box and/or Box Services.
We also share your information with third-party vendors to understand which areas and features of the Box Services are most popular and/or to improve the overall effectiveness of Box’s Services and features. In addition, Box uses subprocessors for certain Box Services. For more information on Box’s subprocessors, please refer to our Subprocessor Page.
- Business Account: If you have an individual Box account and your account email domain is owned or managed by your employer or another organization, your employer or that organization may be provided with access to information relating to your account.
- For Collaboration: We share your information with third parties you choose when using collaboration or sharing features in the Box Services. The personal information we may share includes: your name, email address, information from your profile and online account (including your photo), and any Content you choose to share will be shared with such third parties, and such third parties may communicate with you (such as by posting comments or emailing you) in connection with your use of the collaboration features of the Box Services.
- Third Party Applications: Box provides you with opportunities to connect with third-party applications or services, such as through our Box application partner ecosystem or integration partners. If you choose to use any third-party applications or services, we share information about you including your username and any Content you choose to use in connection with those applications and services, and such third parties may contact you directly.
Note, this Privacy Notice does not apply to your use of such third-party applications and services, and we are not responsible for how those third parties collect, use, and disclose your information and Content. We encourage you to review the privacy notices of those third parties before connecting to or using their applications or services to learn more about their information and privacy practices.
- Compliance with Laws: We may disclose your information to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; (b) to enforce our agreements and policies with our users and customers; (c) to protect the security or integrity of the Box Services; (d) to protect Box, our users and customers, or the public from harm or illegal activities; (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person, or (f) to any other third party with your prior consent.
- Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with third parties.
Retention of Personal Information
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice and in order to provide you the Box Services, and for as long as your account is active or as needed to provide you services. We will also retain your information to comply with our legal obligations, resolve disputes, and enforce of our agreements.
- Account Information: You may update, correct, or delete your personal information at any time by logging into your account and modifying your personal information or by emailing us at firstname.lastname@example.org. You may also submit an access request by emailing email@example.com, and Box will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. We will respond to your access request within 30 days.
- Deactivating or Deleting Your Account: If you have an individual Box account and wish to deactivate your account, please check on Box Community for instructions, but note that we may retain certain information, including cached or archived copies, as required by law or for legitimate business purposes. If you have an Organization Box account, please email your Box Services administrator appointed by your Organization for information regarding cancelling your account.
- Collaboration and Sharing Features: The Box Services offer collaboration and sharing features and support Box and third-party integrations, which allow you to share your Content or other information through the Box Services. You can set permissions and change your settings at any time for files and folders through your account. For more information about collaboration and sharing features and on how you can manage your permissions and defaults please see Box Community.
- Community Forums and Blogs: Some of our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others.
To request removal of your personal information from our blog or testimonials, please submit a ticket with Contact Support on Box Community. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
- Advertising: You may opt out of personalized ads anytime by deleting your browser's cookies. In addition, you may opt-out of interest-based advertising from some third-party partners by visiting http://optout.aboutads.info/, http://optout.networkadvertising.org/, or the third-party provider’s websites. Residents of the European Economic Area (“EEA”) please visit http://www.youronlinechoices.eu. For more information, please review our Cookie Notice.
- Links to Third-Party Websites: We may link to third-party websites in the Box Services. When you click on a link to a third-party website from our website, your activity and use on the linked website is governed by that website’s policies, not by those of Box. We encourage you to visit their websites and review their privacy and user policies.
- Promotional and Newsletter Communications: You may opt out of receiving promotional and newsletter emails from Box by following the opt-out instructions provided in those emails. You may also opt out of receiving promotional emails and other promotional communication from us at any time by emailing firstname.lastname@example.org with your specific request. If you opt out, we will still send you non-promotional communications, such as security alerts and notices related to your access to or use of the Box Services or those about your online account or our ongoing business relations.