Last Updated: Oct 21, 2015
Changes to This Policy
Information You Provide To Us. We collect information you provide directly to us.
- For example, we collect information when you register with Box for an account, create or modify your profile and online account, access and use the Box Services (including but not limited to when you upload, download, collaborate on or share files or other information), participate in any interactive features of the Box Services, participate in a survey, contest, promotion, sweepstakes, activity or event, make a purchase, apply for a job, request customer support, communicate with us via third-party social media sites or otherwise communicate with us.
- The types of information we may collect directly from you include your name, username, email address, your picture, postal address, phone number, information about your data storage preferences, employer’s name, job title, transactional information (including services purchased or subscribed to and billing address) as well as any contact or other information you choose to provide. Please be aware that the information you choose to provide in your Box profile may reveal or identify information that is not expressly stated (for example, if you choose to provide your picture, your picture may reveal your gender. We also store the files or other information that you upload or provide to the Box Services ("Content") in order to be able to provide you with the features and functionality of the Box Service.
- Unless you have purchased a Box Enterprise account or higher Box Service offering and you have entered into a Business Associate Addendum to the Box Service Agreement, you agree not to upload and/or collaborate Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability of 1996 Act as amended ("HIPAA"); Box disclaims all liability for such PHI.
Information We Collect Automatically When You Use the Box Services. When you access or use the Box Services, we may automatically collect information about you, including:
- Usage Information: We monitor user activity in connection with the Box Services and may collect information about the applications and features you use, the websites you visit, the sizes and names of the files or folders you upload, download, share or access while using the Box Services, the Content you access and any actions taken in connection with the access and use of your Content in the Box Services.
- Log Information: We log information about you when you access and use the Box Services including your Internet Protocol ("IP") address, access times, browser type and language, Internet Service Provider ("ISP"), the Web pages that you visit, the Content you use and the URL of the Web page you visited before navigating to the Box Services.
- Device Information: If you access the Box Services from a mobile device, we collect information about the device, including the hardware model, operating system and version, unique device identifiers, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type). We do not ask for, access or track any location based information from your mobile device at any time while downloading or using our mobile apps.
- Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, which may include saving cookies to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory that help us to improve the Box Services and your experience, customize your experience and preferences, allow you to access and use the Box Services without re-entering your member ID and/or password, understand which areas and features of the Box Services are most popular and count visits. We may also collect information using web beacons (also known as "tracking pixels"). Web beacons are electronic images (also called "gifs") that may be used in the Box Services or in emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. For more information about cookies and how to disable them, please see "Your Choices" below.
- Third Party clear gifs: Our third party partners employ clear gifs (a.k.a. Web Beacons/Web Bugs), images, and scripts that help them better manage content on our site. We do not tie the information gathered to our Customers’ or Users’ personal information.
- Local Shared Objects: Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.
- Google AdSense: We use Google AdSense to publish ads on this site. When you view or click on an ad a cookie will be set to help better provide advertisements that may be of interest to you on this and other Web sites. You may opt-out of the use of this cookie by visiting Google’s Advertising and Privacy page: http://www.google.com/privacy_ads.html
- Advertising Cookies: We partner with third parties to manage our advertising on other sites. Our third parties may use technologies such as cookies to gather information about your activities on this site and other sites you visit in order to provide you advertising based upon your browsing activities and interests.
- MediaMath - http://www.mediamath.com/privacy/
- Taboola - http://www.taboola.com/privacy-policy
- 33 Across - http://optout.33across.com/
- App Nexus – http://appnexus.com/platform-policy
- Google AdSense - http://www.google.com/policies/technologies/ads/
- Bizo - http://www.bizo.com/opt-out/
- Adobe - http://www.adobe.com/privacy/opt-out.html#4
Information We Collect From Other Sources. We may also obtain information from third parties and combine that with information we collect through the Box Services. For example, we may have access to certain information from a third-party social media service if you create or log into your online account through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third-party social media service is in accordance with the authorization procedures determined by the social media service.
Use of Information
We may use the information we collect about you for a variety of purposes, including to:
- Provide, operate, maintain and improve the Box Services;
- Enable you to access and use the Box Services, including uploading, downloading, collaborating on and sharing Content and sending emails on your behalf;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Provide and deliver the services and features you request, process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Respond to your comments, questions, and requests and provide customer service and support;
- Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about Box and our select partners;
- Process and deliver contest or sweepstakes entries and rewards;
- Monitor and analyze trends, usage, and activities in connection with the Box Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to the Box Services, and other illegal activities;
- Personalize and improve the Box Services, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customize your experience on the Box Services;
- Link or combine with other information we receive from third parties to help understand your needs and provide you with better service;
- Enable you to communicate, collaborate, and share files with users you designate; and
- For other purposes about which we notify you.
By accessing or using the Box Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries and territories, which may have different privacy laws from your country of residence.
Sharing and Disclosure of Information.
- Vendors, Consultants and Other Service Providers: We may share your information with third-party vendors, consultants and other service providers who are working on our behalf and require access to your information to carry out that work, such as to process billing, provide customer support, etc.
- Corporate Account: If you are an individual Box registered user and the domain of the primary email address associated with your Box account is owned by your employer and was assigned to you as an employee of that organization, and such organization wishes to establish a Box corporate account, then certain information concerning past use of your individual account may become accessible to that organization’s administrator including your email address.
- For Collaboration: We may share your information, including when you choose to use collaboration features in the Box Services that by their nature support sharing with third parties who you choose. Your name, email address, information from your profile and online account (including your photo), and any Content you choose to share will be shared with such third parties, and such third parties may communicate with you (such as by posting comments or emailing you) in connection with your use of the collaboration features of the Box Services. For example, third parties who you invite to collaborate with you as "Editors" using the collaboration features of the Box Services may also modify Content that you have shared, upload documents and photos to Content you have shared, share such Content outside of the Box Services, and provide other third parties with rights to view the Content you have shared.
- Compliance with Laws: We may disclose your information to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and Terms of Service, (c) to protect the security or integrity of the Box Services, (d) to protect Box, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
- Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Aggregated or Anonymized Data: We may also share aggregated or anonymized information with third parties that does not directly identify you.
Collaboration and Sharing Features
The Box Services offers collaboration features or other integrated tools, which allow you to share your Content through the Box Services. As a function of the collaborative nature of the Box Services and based on the permissions and settings you choose, the use of such features enables the sharing of Content with people you want to collaborate with or with the public. You can choose to change your settings at any time for a file or folder through your account. For more information about such collaboration and sharing features, we encourage you to review the information provided on support.box.com.
To help our customers continue to validate transfers of personal data under the EU data protection laws Box adheres to alternative methods for meeting the ‘adequate protection’ requirements of Article 25 of the EU Data Protection Directive (95/46/EC), such as standard contract clauses or Binding Corporate Rules (“BCRs”). To the extent that Safe Harbor is in effect, Box complies with the U.S.–E.U. Safe Harbor Framework and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from the from European Union member countries and Switzerland. Box has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Box’s certification, please visit http://www.export.gov/safeharbor/.
While no service is completely secure, Box takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. For example, we encrypt your Content when it is stored in our data centers. In addition, sensitive information such as credit card number and password that we request from you on the Box Services is protected with encryption, such as Secured Socket Layer (SSL) protocol, during transmission over the Internet.
The servers on which personal information is stored are kept in a controlled environment with limited access. While we take reasonable efforts to guard personal information we knowingly collect directly from you, no security system is impenetrable. In addition, we cannot guarantee that any passively-collected personal information you choose to include in documents you store on our systems are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
You may access your account information and our service only through the use of an individual user ID and password. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. Please advise us immediately if you believe your password has been misused. In addition, always logout and close your browser when you finish your session. Please note that we will never ask you to disclose your password in an unsolicited phone call or email.
Unless you have purchased a Box Enterprise subscription account or higher, you agree not to upload to or collaborate through the Box Services any Personal Health Information as defined by the Health Insurance Portability and Accountability Act of 1996 as amended (HIPAA).
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information to comply with our legal obligations, resolve disputes and enforce our agreements.
Promotional and Newsletter Communications. You may opt out of receiving promotional and newsletter emails from Box by following the opt-out instructions provided in those emails. You may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing firstname.lastname@example.org with your specific request. If you opt out, we may still send you non-promotional communications, such as security alerts and notices related to your access to or use of the Box Services or those about your online account or our ongoing business relations.
Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies or to prompt you before accepting such a cookie. Please note that, if you choose to remove or reject browser cookies, this could affect the availability or functionality of the Box Services.
California Residents. Under California law, California Residents who have an established business relationship with Box may choose to opt out of Box’s disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt-out at any time after granting approval email email@example.com.
You can log in to our site using sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities on this Web site to your profile page to share with others within your network.
Social Media Features and Widgets
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name.
Links to Third Party Websites
We may place links on the Box Services. When you click on a link to a third party website from our website, your activity and use on the linked website is governed by that website’s policies, not by those of Box. We encourage you to visit their websites and review their privacy and user policies.
Our Policy Toward Children
The Box Services is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.