Iron Mountain Web Site Privacy Notice
YOUR PRIVACY IS IMPORTANT TO IRON MOUNTAIN.
This notice is adopted by: Iron Mountain Incorporated, its participating subsidiaries (including former Recall entities) and joint venture partners which are part of the Iron Mountain service system, and other entities which directly or indirectly are controlled by Iron Mountain (each, an Affiliate, with Iron Mountain and its Affiliates being collectively referred to as Iron Mountain).
Iron Mountain understands your concerns about the privacy of data you may submit through this Iron Mountain Web site. This notice provides you information about what type of information is gathered and tracked on the Web site, how the information is used, and with whom the information is shared. You may also want to review Iron Mountain's Privacy Principles which set forth the Company's commitment to protecting our customers' and employees' privacy, online and offline. In the event that any inconsistencies should arise with respect to this notice and the Privacy Principles concerning online privacy, the terms of this notice shall prevail.
Compliance with European Privacy Principles
Data Originating from the EEA, Switzerland and the UK
With respect to personal data that Iron Mountain receives either as a data controller or data processor from the European Economic Area (EEA), Switzerland and the United Kingdom (or accesses from the US in the EEA, Switzerland and the United Kingdom) Iron Mountain uses approved Standard Contractual Clauses. However, Iron Mountain often processes customer information as data processor, without knowing the content or origin of such data.
EU-U.S. and Swiss-U.S. Privacy Shields
All personal data that Iron Mountain receives either as a data controller or data processor from the EEA and Switzerland (or accesses from the US in the EEA or Switzerland) will be processed pursuant to the applicable Privacy Shield Principles. However, Iron Mountain often processes customer information as data processor, without knowing the content or origin of such data.
For the types of personal data and the purposes for which such data is transferred and processed, as well as the third parties with which such data may be shared, please review Iron Mountain’s Privacy Shield certification statement (https://www.privacyshield.gov/list).
Access, Recourse (Dispute Resolution), Enforcement and Liability
In compliance with the Privacy Shield Principles, Iron Mountain commits to resolve complaints about our collection or use of your personal information. European individuals with inquiries or complaints regarding our Private Shield policy should first contact Iron Mountain at:
Privacy & Compliance Group
One Federal Street
Boston, MA 02110, USA
+1 617 (617) 535-4766
Iron Mountain has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the American Arbitration Association (http://go.adr.org/privacyshield.html) for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
With regard to human resources data transferred from the EEA in the context of the employment relationship, Iron Mountain commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities. With regard to human resources data transferred from Switzerland, Iron Mountain commits to cooperate with the Swiss Federal Data Protection and Information Commissioner’s office and comply with the advice given by such office.
Finally, under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, Iron Mountain is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If a third party service provider providing services on Iron Mountain’s behalf processes personal data from the EEA or Switzerland in a manner inconsistent with the Privacy Shield Principles, Iron Mountain will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
To access Iron Mountain’s list of EU Personal Data Subprocessors, click here. (Note that this list applies to Iron Mountain’s customers and not the public.)
Iron Mountain may disclose personal data in special cases to conform to legal requirements or to respond to lawful requests by public authorities, including meeting national security or law enforcement requirements or to protect and defend our rights or property.
The information we collect.
Iron Mountain collects two types of information about users of this Web site; "Personal Information" (including, but not limited to, your name, address, telephone number and e-mail address) and non-personally identifiable and anonymous "Aggregate Information" (such as information about how many users log onto our Web site). Unless you provide it to us voluntarily or the information is collected via cookies in the manner described in this notice, Iron Mountain does not collect Personal Information in connection with your use of this Web site.
Please read this notice carefully to learn how you can verify the accuracy of any Personal Information we have concerning you and how you can request that Iron Mountain delete or update your Personal Information.
In order to accommodate your information request, we ask you to submit your name, title, company affiliation (if any), mailing address, telephone number and e-mail address. At your option, you may also provide us with the best time at which to contact you, the annual revenues of the company with which you are affiliated, the number of employees of the company you are affiliated with, and other relevant comments [if a comment field exists for the information you have requested]. By providing your personal information to Iron Mountain via its website, you agree to the terms of this notice and to receive communications from Iron Mountain.
How we use the information we collect.
We will use the information you submit (a) to answer your specific inquiry; (b) at your option, to send you additional materials relating to Iron Mountain and services that may be of interest to you; (c) in the administration of the Web site; and (d) as otherwise described in this notice.
Iron Mountain may, from time to time, share your Personal Information with marketing consultants, in which case, the consultants shall be prohibited from using your Personal Information except with respect to assisting Iron Mountain in the sale of its services and products, and the consultants shall also be required to comply with the terms of this notice.
General - When you visit this site, information about your browser type, operating system, IP address, and the domain name from which you access this site (e.g., yahoo.com) is collected. In addition, we may collect information about your browsing behavior, such as the number of times you have visited the site, the date you visited the site, and the amount of time you spent viewing the site. In addition, Iron Mountain may track your response to Iron Mountain's advertisements, e-mails and site content, determine your ability to receive HTML-based e-mail messages, learn how many users open an e-mail and allow our service providers to compile aggregated statistics about an e-mail campaign for Iron Mountain. This information is used solely for our internal purposes in managing the site and improving its functionality, as well as to assist us in better targeting interactive advertising, thereby enhancing customer support and site usability. The collection of such information, whether by us or by data aggregators, is subject to the terms set forth in this notice.
Transparent GIF Files - In addition to our own cookies, we use pixels, or transparent GIF files, on our sites to help manage our online advertising and e-mail marketing. These GIF files are provided by one or more third-party service providers, based on our specification as to where they are used. The files enable our service providers to recognize a unique cookie in your Web browser, which, in turn, enables us and our service providers to learn which advertisements and e-mails bring you to our website and how you use the site.
Examples of the ways in which Iron Mountain and our third-party service providers use GIF files include:
- Tracking customer response to our advertisements, e-mails and site content.
- Determining your ability to receive HTML-based e-mail messages. This capability helps us or our service providers send you e-mail in a format you can read.
- Knowing how many users open an e-mail, thereby enabling our service providers to compile aggregate statistics about an e-mail campaign for us.
- Allowing us to better target interactive advertising; enhancing customer support and site usability; and providing offers and promotions that we believe would be of interest to you, if you have given us permission to do so by opting-in to receive them.
To conduct these or other activities, we or our service providers sometimes may link Personal Information you previously provided us (such as, for example, your name and e-mail address) to the information the GIF files provide about how you arrive at, navigate through and leave our sites.
Do Not Track
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. At the present time, the World Wide Web Consortium (W3C) has not yet established universal standards for recognizable DNT signals and therefore, Crozier and the Website do not recognize DNT.
The information we disclose.
Subject to applicable law, we and our service providers (as defined below) disclose and share your personal information:
- Among Iron Mountain and its Affiliates;
- To unaffiliated third parties that are under contract to perform services for or on behalf of Iron Mountain (Service Providers), and are required to uphold and maintain policies with respect to privacy and the treatment of your Personal Information (e.g., vendors hosting the investor relations, Iron Mountain Fulfillment Services, Iron Mountain Digital Services, or Iron Mountain Intellectual Property Management aspects of this web site or other vendors providing services of the nature referred to in this notice);
- If a customer gives us written permission to do so, we may share de-identified data, which is deidentified using the HIPAA safe-harbor method, with third party partners;
- To a third party in connection with a proposed or actual sale, merger, or transfer of all or a portion of a business or division; and
- To other persons as permitted or required by applicable law or regulation.
- For credit card payments, we employ third parties to process these payments on our behalf. These third-party credit card processing parties will only have access to the personal information which you provide directly to them when you make a credit card payment. They are required under their contract with Iron Mountain to process this personal information securely and in accordance with the relevant privacy or data protection laws.
Any access to such information will be limited to the purposes for which such information was provided to us or our Service Providers. Iron Mountain, its Affiliates and Service Providers are located throughout the world. Accordingly, your Personal Information may be sent to countries which have a different level of privacy protection than the United States of America (USA) or your country of residence. For instance, if you inquire about services Iron Mountain provides in France and in Brazil, Iron Mountain will forward your inquiry to the Iron Mountain location in such countries. Iron Mountain will, at your request, provide you with details of companies and countries to which your information has been sent. Iron Mountain does not and will not sell your personal information.
Links and third-party websites.
This notice applies only to this Web site. This site includes links to both our Affiliated Web sites and to non-affiliated Web sites, including access to content, products and services of such Affiliated and non-affiliated sites. In some cases, these other sites are made available via "seamless experience" technology, and may appear to be part of our Web site. Although some of the entities controlling these sites are under contract with Iron Mountain, we urge you to familiarize yourself with the individual privacy and other terms for each linked Web site prior to submitting your personally identifiable information
You are entitled to request that Iron Mountain:
- provide you with a copy of your Personal Information that it holds;
- cease processing your Personal Information, in whole or in part, as you direct us, for the purposes of direct marketing;
- correct any errors in that Personal Information; and
- update that Personal Information as required.
You may have additional rights under law, such as those granted by some U.S. states. To inquire about these rights or to make a request pursuant to these rights, please contact firstname.lastname@example.org.
If you do not receive acknowledgement of your inquiry from the email@example.com, or your inquiry has not been satisfactorily addressed, you should first contact Iron Mountain's Director of Privacy at 1-800-935-6966, ext. 8332 (if calling from within the USA) or 1-617-535-8332 (if calling from outside the USA) or by writing to the Director of Privacy, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A. or our Chief Compliance Officer at 1-800-935-6966, ext. 8477 (if calling from within the USA) or 1-617-535-8477 (if calling from outside the USA) or by writing to the Chief Compliance Officer, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A. If you continue to have questions thereafter, then you may file a request for mediation of an online privacy issue with the American Arbitration Association at 335 Madison Avenue, 10th Floor, New York, New York 10017-4605, USA; telephone: 212-716-5800; fax: 212-716-5905 and e-mail: firstname.lastname@example.org. Any mediation shall take place at a location mutually agreed to as being convenient to both parties; if mutual agreement cannot be achieved, then it shall take place at a location convenient to the party which did not initiate the mediation request.
Notice to California Residents.
If you are a resident of the State of California, the California Consumer Privacy Act (CCPA) may grant you certain additional rights. Please visit the following page for more information: Your California Privacy Rights.
Coronavirus / Covid-19 Update.
To protect you, your fellow visitors, and our employees and their families, Iron Mountain may collect limited health information to grant or deny access to our facilities, and/or to inform stakeholders of exposure to or positive testing for Covid-19. Information collected will be handled, as applicable, in accordance with this Privacy Notice.
Iron Mountain may, in its sole discretion, update this notice at any time and from time to time, by posting the amended notice on this Web site. We urge you to refer back to this page regularly and especially prior to providing any Personal Information via this Web site. You can determine if this notice has been revised since your last visit by referring to the "last updated" legend at the bottom of this page. This notice may not be otherwise amended without the written consent of Iron Mountain.
As we provide more services on our websites and as privacy laws and regulations evolve, it may be necessary to revise or update our Privacy notice. You can determine if this Privacy notice has been revised since your last visit by referring to the "last updated" legend at the bottom of this page.
How we protect and store your information.
Iron Mountain takes seriously the security of the information it collects. Iron Mountain has therefore implemented technology and security policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the data concerned.
Personal Information collected via this Web site is stored on servers in the USA, and these servers are subject to Iron Mountain's IT security policies and procedures. If you are located in another jurisdiction, you should be aware that your Personal Information once collected will be transferred to our servers, and the USA currently does not have uniform data protection laws.
Iron Mountain is concerned about the safety of children when they use the internet, and will never knowingly collect Personal Information from minors (children under 13 years of age, or any other age defined under applicable law) [without prior verifiable parental consent]. If we become aware that a minor is attempting to or has submitted Personal Information via this Web site, we will notify the user that we may not accept his or her Personal Information. We will then remove any such Personal Information from our records.
Iron Mountain's Business Ethics Program.
Disclosures made pursuant to Iron Mountain's Business Ethics Program are covered by Iron Mountain's Code of Ethics and Business Conduct in lieu of this privacy notice.
Questions regarding this notice.
If you have questions concerning this notice, please contact our Chief Compliance Officer at 1-800-935-6966, ext. 8477 (if calling from within the USA) or 1-617-535-8477 (if calling from outside the USA) or via e-mail at email@example.com or by writing to the Chief Compliance Officer, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A.
Iron Mountain's Privacy Principles
Iron Mountain commits to the following:
- Iron Mountain only collects information that is needed. From its valued customers, Iron Mountain collects information that will enable it to administer customer accounts, to provide marketing information about Iron Mountain's services and products, to provide "white papers" containing articles that may be useful to customers, to obtain information that may be helpful to Iron Mountain in administering and enhancing its Web site, and to fulfill any regulatory or legal requirements, including protecting our visitors' safety and wellbeing. We keep our customers informed as to what information we are collecting and how that information will be used. From its valued employees (including prospective and former employees), Iron Mountain collects information that will enable it to manage employee benefits and related benefit plan administration, for human resources management purposes and staff training and for immigration purposes, as well as to fulfill any regulatory or legal requirements, including protecting our employees’ and their families’ safety and wellbeing.
- Customers must "opt in" prior to Iron Mountain using Customer information online. You have the option of determining whether to supply Iron Mountain with information that it may use for purposes of sending you information, whether it is sent through online marketing efforts, by telephone, by fax or by mail. At any time, you may "opt out", and Iron Mountain will use its best efforts to promptly cease processing the Personal Information you previously supplied. In connection with the offline activities of Iron Mountain, the Customer may simply notify Iron Mountain in writing that it wishes to cease receiving additional information from Iron Mountain ("opt out"), and Iron Mountain will use its best efforts to promptly honor any such request./li>
- Iron Mountain uses security procedures and safeguards that it considers appropriate for the level of Personal Information our customers or employees are providing to Iron Mountain. Iron Mountain's goal is to prevent unauthorized access, maintain data accuracy, ensure the appropriate use of information and use professional industry standards to protect against the loss, misuse or alteration of information under Iron Mountain's control in connection with its information management services.
- Release of Information. In addition to using customer or employee information to fulfill requests received from its respective customers or employees, Iron Mountain discloses information provided to it when required to do so by law or by a regulatory agency. In addition, Iron Mountain may share, as appropriate, with its Affiliates, with unaffiliated third parties that are under contract to perform services for or on behalf of Iron Mountain (Service Providers) (who are required to uphold and maintain policies with respect to privacy and the treatment of your Person Information) and/or to a third party in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division.
- Iron Mountain's expectations for its Service Providers. Iron Mountain expects its Service Providers, who may have access to Personal Information furnished to us by our customers or employees for purposes of providing services to Iron Mountain, to honor the privacy principles set forth herein, whether such Service Providers are accessing customer or employee information and considers a Service Provider's commitment to privacy and security as part of its decision-making process as to which Service Providers it selects as its business partners.
If you have any questions about our privacy notice, please contact our Chief Compliance Officer at 1-800-935-6966, ext. 8477 (if calling from within the USA) or 617 535 8477 (if calling from outside the USA) or via e-mail at firstname.lastname@example.org or by writing to the Director of Privacy, Iron Mountain, 1 Federal Street, Boston, MA 02110, USA.
This notice was last updated July, 2021.