YOUR PRIVACY IS IMPORTANT TO IRON MOUNTAIN
Policy last updated: 01 Nov 2016
This Policy is adopted by Iron Mountain Incorporated, its European subsidiaries (including former Recall entities) and joint venture partners which are part of the Iron Mountain service system, and other entities which directly or indirectly are controlled by Iron Mountain (each, an Affiliate, with Iron Mountain and its Affiliates being collectively referred to as Iron Mountain).
Iron Mountain understands your concerns about the privacy of data you may submit through this Iron Mountain Web site (“Site“). This policy provides you information about what type of information is gathered and tracked on the Site, how the information is used, and with whom the information is shared. You should also review Iron Mountain’s Privacy Principles set out below which contain our commitment to protecting our customers’ privacy, online and offline. In the event that any inconsistencies should arise with respect to this policy and the Privacy Principles concerning online privacy, the terms of this policy shall prevail.
THE INFORMATION WE COLLECT
Personal and Aggregate Information
Iron Mountain collects two types of information from users: “Personal Information“ (anything which identifies you as an individual, either on its own or by reference to other information) and “Aggregate Information“ (non-personally identifiable and anonymous data).
Personal Information (such as your name, address, telephone number, or email address) is collected when you voluntarily submit it through a Site form, such as during a request for product information or a download of a study or whitepaper. Other information that may also constitute Personal Information (such as your browser type, operating system, IP address, domain name, number of times you visited the Site, dates you visited the Site, and the amount of time you spent viewing the Site) may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate Information (such as how many times visitors log onto this Site) may also be collected.
Please read this policy carefully to learn how you can verify the accuracy of any Personal Information we have concerning you and how you can request that Iron Mountain stop using or update your Personal Information. You can also change your contact or marketing preferences at any time by contacting us as set out in this policy. By providing your Personal Information to Iron Mountain via this Site, you must agree to the terms and conditions of this policy.
HOW WE USE THE INFORMATION WE COLLECT
The Personal Information collected through this Site will not be used for any other purpose than provided by this policy. We will use the information you supply:
(a) to answer your specific inquiry. For example if you contact us with a technical question, we will use your contact information and technical information to resolve the issue;
(b) at your option, to send you additional marketing materials relating to Iron Mountain. We will only send you such materials if, when you are presented the option at various points on our Site, you “opt in” to receiving them. In case you have not given your “opt in” consent to be contacted by Iron Mountain, your Personal Information (only to the extent that is absolutely required) will be retained on a “do not contact” list. Your Personal Information will be stored by us only as long as you do not change your mind to receive such materials from Iron Mountain, in order to avoid the future contact with you for marketing purposes;
(c) to administer and enhance the Site;
(d) for our general business purposes, such as the administration of your customer account, or marketing or sales purposes;
(e) in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division;
(f) to satisfy legal or regulatory requirements; and
(g) as otherwise described in this policy.
In order to provide you with a better service, we would like to use your Personal Information to provide you with information about products and services which we think may be of interest to you.
We will only send you emails/SMS/faxes where you have given us your prior express consent to receive such communications (“opt in”). We may send you mailings by post or call you unless you have told us that you do not want to be contacted in this way.
If you opted to receive any communications from us and any of our Affiliates at the time you registered on this Site, but subsequently change your mind, you may opt out at any time via http://www.ironmountain.com/Utility/Forms/Opt-Out-Form.aspx or by writing to the Director of Privacy, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A or our Chief Compliance Officer, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A
HOW WE USE INFORMATION COLLECTED THROUGH COOKIES AND OTHER TRACKING TECHNOLOGIES
A cookie is a small text file that is downloaded to your computer when visiting a web site. It allows that web site to recognize your computer when you return, enabling it to display personalized settings and other user preferences. Cookies also help web sites improve the relevance of the advertising you see online. Other tracking technologies (including “web beacons” and “transparent GIF files”) are technical mechanisms that enable our service providers to gather information on your response to our advertisements, e-mails, and other online marketing materials.
You may choose not to accept the cookies, however, this may restrict the services that you can access at the Web site.
THE INFORMATION WE DISCLOSE
Iron Mountain will at all times comply with the local applicable data protection legislation.
We and our service providers (as defined below) disclose and share your Personal Information:
Among Iron Mountain and our Affiliates;
To third party service providers (“Service Providers”) that perform services for us or on our behalf (including those which may process job applicant information, host investor relations content, provide courier services, or distribute marketing materials). Such Service Providers are required to handle your Personal Information in accordance with applicable laws and principles related to privacy and data protection;
For credit card payments we employ a third party to process these payments on our behalf. This third party will only have access to the Personal Information which you provide directly to them when you make a credit card payment. They are required under their contract with us to process this Personal Information securely and in accordance with all relevant Data Protection laws. We will not collect or store any credit card details; this third party being the sole data controller of that data. When you pay for any goods, you will be taken to a link to this third party’s website in order to conclude the sale. The data you provide to this third party will be processed in accordance with the terms and conditions on its website;
To a third party in connection with a proposed or actual sale, merger, or transfer of all or a portion of a business or division; and
To other persons as permitted or required by applicable law or regulation.
Any access to such information will be limited to the purpose for which such information was provided to us or our Service Providers. Iron Mountain’s Affiliates and Service Providers are located throughout the world. Accordingly, your Personal Information may be sent to countries which have different levels of data protection laws than your country of residence. For instance, if you inquire about services we provide in France and in Brazil, we will forward your inquiry to our office in such countries. By requesting information regarding services in a country outside your residence, you thereby consent to the transfer of your Personal Information to that country. We will, at your request, provide you with details of companies and countries to which your information has been sent. In countries with data protection laws that do not have a data protection standard equivalent to the laws where you live, any receiver of your Personal Information is obliged by us to comply with the standards of data protection set out in this policy and by your country of residence.
LINKS AND THIRD-PARTY WEB SITES
Applicability of This Policy
Third Party Advertisements
We may use third party advertisements on this Site. Cookies and other tracking technologies may be associated with these advertisements. Note: Iron Mountain is not responsible for the functionality of and actions taken by cookies and other tracking technologies created and placed by our third party service providers.
HOW TO OPT OUT OR REQUEST CHANGES
You are entitled to request that we:
provide you with a copy of your Personal Information that we hold and you have the right to be informed of; (a) the source of your Personal Information; (b) the purposes and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entity to whom your Personal Information may be transferred;
cease processing your Personal Information, in whole or in part, as you direct us, for any purpose, save to the extent it is lawful to do so without consent;
do not transfer your Personal Information to unaffiliated third parties for the purposes of direct marketing or any other purposes;
change the manner in which we contact you for marketing purposes;
correct any errors in your Personal Information; and
update your Personal Information as required.
If, after you have given your permission, you wish to opt out of receiving marketing related communications from us, please send your request to http://www.ironmountain.com/Utility/Forms/Opt-Out-Form.aspx.
If you would like to receive a copy of your Personal Information we have about you as submitted to us via this Site or if your Personal Information is incorrect or incomplete, please let us know by contacting us at: email@example.com and we will make every reasonable effort to correct or update it promptly (unless we require further information from you in order to fulfil your request). You may also ask us to remove your name and other Personal Information from our databases. In each of the foregoing cases, we will make all reasonable efforts to honour your request promptly, subject to legal and other permissible considerations.
NOTIFICATION OF CHANGES
We recommend that you check this policy every time you visit our Site as we may update this policy from time to time, by posting the amended policy on this Site. Any changes will be effective when posted and your continued use of the Site will indicate your acceptance of any changes.
HOW WE PROTECT AND STORE YOUR INFORMATION
We take the security of the information we collect seriously. We have implemented technology and security policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the data concerned.
Personal Information collected via this Site is stored on servers in the UK and USA. You should be aware that your Personal Information once collected will be transferred to our servers, and the USA currently does not have uniform data protection laws. Iron Mountain Incorporated and its United States subsidiaries - including former Recall entities - which include, but are not limited to: Iron Mountain Global, LLC., Iron Mountain Information Management, LLC, Iron Mountain Intellectual Property Management, Inc., Iron Mountain Fulfillment Services, Inc., Iron Mountain Secure Shredding, Inc., Iron Mountain Information Management Services, Inc., Fontis International, Inc. and Crozier Fine Arts comply with the EU-U.S. Privacy Shield Framework as set forth by the European Comission regarding the collection, use, discourse, retention and destruction of personal information transferred from the European Economic Area (EEA) to the United States.
All personal data that Iron Mountain transfers either as a data controller or data processor from the EEA to the U.S. (or accesses from the US in the EEA) will be processed pursuant to the applicable Privacy Shield Principles. However, Iron Mountain often processes customer information as data processor, without knowing the content or origin of such data.
For the types of personal data and the purposes for which such data is transferred and processed, as well as the third parties with which such data may be shared, please review Iron Mountain’s Privacy Shield certification statement.
Access, Recourse (Dispute Resolution), Enforcement and Liability
If you have any questions, concerns or complaints regarding our compliance with this Policy and the Privacy Shield Principles or if you wish to exercise your rights of access, choice, rectification or deletion, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with this Policy. For any complaints that cannot be resolved with us directly, Iron Mountain in the US has chosen to cooperate with EU data protection authorities (DPAs) and comply with their advice (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA contacts.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, Iron Mountain in the US is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If a third party service provider in the US providing services on Iron Mountain’s behalf processes personal data from the EEA in a manner inconsistent with the Privacy Shield Principles, Iron Mountain will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
Iron Mountain may disclose personal data in special cases to conform to legal requirements or to respond to lawful requests by public authorities, including meeting national security or law enforcement requirements or to protect and defend our rights or property.
U.S.-Swiss Safe Harbor Framework
Iron Mountain also complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, discourse, retention and destruction of personal information from Switzerland. Iron Mountain has certified that it adheres to the U.S.-Swiss Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Iron Mountain's certification, please visit www.export.gov/safeharbor/.
We are concerned about the safety of children when they use the Internet, and will never knowingly collect Personal Information from minors (children under 13 years of age, or any other age defined under applicable law). If we become aware that a minor is attempting to or has submitted Personal Information via this Site, we will notify the user that we may not accept his or her Personal Information. We will then remove any such Personal Information from our records.
QUESTIONS REGARDING THIS POLICY
If you have questions concerning this policy, please contact our Chief Compliance Officer at 1-800-935-6966, ext. 8477 (if calling from within the USA) or 1-617-535-8477 (if calling from outside the USA) or via e-mail at firstname.lastname@example.org or by writing to the Chief Compliance Officer, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A.
Iron Mountain’s Privacy Principles
Iron Mountain commits to the following:
Iron Mountain process Personal Information fairly and lawfully. Iron Mountain only collects and uses personal information based on legitimate grounds and in ways a concerned individual would reasonably expect and without unjustified adverse effects. In addition, Iron Mountain will use reasonable efforts to be transparent about how it intends to use the information and to provide individuals with appropriate privacy notices when collecting their personal data.
Iron Mountain only collects information that is needed.
From its valued customers, Iron Mountain collects information that will enable it to administer customer accounts, to provide marketing information about Iron Mountain’s services and products, to provide “white papers” containing articles that may be useful to customers, to obtain information that may be helpful to Iron Mountain in administering and enhancing its Site, and to fulfill any regulatory or legal requirement. Iron Mountain keeps its customers informed as to what information it is collecting and how that information will be used. The Personal Information will not be used for any other purpose than provided by this policy.
From its valued employees (including prospective and former employees), Iron Mountain collects information that will enable it to manage employee benefits and related benefit plan administration, for human resources management purposes and staff training and for immigration purposes, as well as to fulfill any regulatory or legal requirement, including audits.
Customers must “opt in” prior to Iron Mountain using Customer information for marketing purposes. You have the option of determining whether to supply Iron Mountain with information that it may use for purposes of sending you information, whether it is sent through online marketing efforts, by telephone, by fax, by email or by mail. At any time, you may “opt out,” and Iron Mountain will accordingly cease using the Personal Information you previously supplied for marketing purposes but it may use your Personal Information to avoid marketing contacts in the future. In connection with the offline activities of Iron Mountain, you may simply notify Iron Mountain that you wish to cease receiving additional information from Iron Mountain (“opt out”), and Iron Mountain will honour any such request.
Iron Mountain uses security procedures and safeguards that it considers appropriate for the level of Personal Information our customers or employees are providing to Iron Mountain. Iron Mountain’s goal is to prevent unauthorized access, maintain data accuracy, ensure the appropriate use of information and use professional industry standards to protect against the loss, misuse or alteration of information under Iron Mountain’s control in connection with its information management services.
Release of Information. In addition to using customer or employee information to fulfill requests received from its respective customers or employees, Iron Mountain discloses information provided to it when required to do so by law or by a regulatory body. In addition, Iron Mountain may share, as appropriate, with its Affiliates, with unaffiliated third parties that are under contract to perform services for or on behalf of Iron Mountain (who are required to uphold and maintain policies with respect to privacy and the treatment of your Person Information) and/or to a third party in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division.
Iron Mountain ’s expectations for its Service Providers. Iron Mountain expects its Service Providers, who may have access to Personal Information furnished to us by our customers or employees for purposes of providing services to Iron Mountain, to honour the privacy principles set forth herein, whether such Service Providers are accessing customer or employee information and considers a Service Provider’s commitment to privacy and security as part of its decision-making process as to which Service Providers it selects as its business partners.