Policy last updated: 01 October 2013
This Policy is adopted by Iron Mountain Information Management of 745 Atlantic Avenue, Boston, USA and its participating European subsidiaries, holding companies and joint venture partners which are part of the Iron Mountain service system, and other entities which directly or indirectly are controlled by Iron Mountain (each an “Affiliate“, with Iron Mountain and its Affiliates being collectively referred to as Iron Mountain).
Iron Mountain understands your concerns about the privacy of data you may submit through this Iron Mountain Web site (“Site“). This policy provides you information about what type of information is gathered and tracked on the Site, how the information is used, and with whom the information is shared. You should also review Iron Mountain’s Privacy Principles set out below which contain our commitment to protecting our customers’ privacy, online and offline. In the event that any inconsistencies should arise with respect to this policy and the Privacy Principles concerning online privacy, the terms of this policy shall prevail.
THE INFORMATION WE COLLECT
Personal and Aggregate Information
Iron Mountain collects two types of information from users: “Personal Information“ (anything which identifies you as an individual, either on its own or by reference to other information) and “Aggregate Information“ (non-personally identifiable and anonymous data).
Personal Information (such as your name, address, telephone number, or email address) is collected when you voluntarily submit it through a Site form, such as during a request for product information or a download of a study or whitepaper. Other information that may also constitute Personal Information (such as your browser type, operating system, IP address, domain name, number of times you visited the Site, dates you visited the Site, and the amount of time you spent viewing the Site) may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate Information (such as how many times visitors log onto this Site) may also be collected.
Please read this policy carefully to learn how you can verify the accuracy of any Personal Information we have concerning you and how you can request that Iron Mountain stop using or update your Personal Information. You can also change your contact or marketing preferences at any time by contacting us as set out in this policy. By providing your Personal Information to Iron Mountain via this Site, you agree to the terms and conditions of this policy.
HOW WE USE THE INFORMATION WE COLLECT
The Personal Information collected through this Site will not be used for any other purpose than provided by this policy. We will use the information you supply:
(a) to answer your specific inquiry. For example if you contact us with a technical question, we will use your contact information and technical information to resolve the issue;
(b) at your option, to send you additional marketing materials relating to Iron Mountain. We will only send you such materials if, when you are presented the option at various points on our Site, you “opt in” to receiving them. In case you have not given your “opt in” consent to be contacted by Iron Mountain, your Personal Information will be retained on a “do not contact” list. Your Personal Information will be stored by us only as long as you do not change your mind to receive such materials from Iron Mountain, in order to avoid the future contact with you for marketing purposes;
(c) to administer and enhance the Site;
(d) for our general business purposes, such as the administration of your customer account, or marketing or sales purposes;
(e) in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division;
(f) to satisfy legal or regulatory requirements; and
(g) as otherwise described in this policy.
In order to provide you with a better service, we would like to use your Personal Information to provide you with information about products and services which we think may be of interest to you.
We will only send you emails/SMS/faxes where you have given us your prior express consent to receive such communications (“opt in”). We may send you mailings by post or call you unless you have told us that you do not want to be contacted in this way.
If you opted to receive any communications from us and any of our Affiliates at the time you registered on this Site, but subsequently change your mind, you may opt out at any time via http://www.ironmountain.com/Utility/Forms/Opt-Out-Form.aspx or by writing to the Vice President for Privacy and Compliance at Support
HOW WE USE INFORMATION COLLECTED THROUGH COOKIES AND OTHER TRACKING TECHNOLOGIES
A cookie is a small text file that is downloaded to your computer when visiting a web site. It allows that web site to recognise your computer when you return, enabling it to display personalised settings and other user preferences. Cookies also help web sites improve the relevance of the advertising you see online. Other tracking technologies (including “web beacons” and “transparent GIF files”) are technical mechanisms that enable our service providers to gather information on your response to our advertisements, e-mails, and other online marketing materials.
THE INFORMATION WE DISCLOSE
Iron Mountain will at all times comply with the local applicable data protection legislation.
We and our service providers (as defined below) disclose and share your Personal Information:
Among Iron Mountain and our Affiliates;
To third party service providers (“Service Providers”) that perform services for us or on our behalf (including those which may process job applicant information, host investor relations content, provide courier services, or distribute marketing materials). Such Service Providers are required to handle your Personal Information in accordance with applicable laws and principles related to privacy and data protection;
For credit card payments we employ WorldPay to process these payments on our behalf. WorldPay will only have access to the Personal Information which you provide directly to them when you make a credit card payment. They are required under their contract with us to process this Personal Information securely and in accordance with all relevant Data Protection laws. We will not collect or store any credit card details; World Pay being the sole data controller of that data. When you pay for any goods, you will be taken to a link to WorldPay’s website in order to conclude the sale. The data you provide to WorldPay will be processed in accordance with the terms and conditions on its website;
To a third party in connection with a proposed or actual sale, merger, or transfer of all or a portion of a business or division; and
To other persons as permitted or required by applicable law or regulation.
Any access to such information will be limited to the purpose for which such information was provided to us or our Service Providers. Iron Mountain’s Affiliates and Service Providers are located throughout the world. Accordingly, your Personal Information may be sent to countries which have different levels of data protection laws than your country of residence. For instance, if you inquire about services we provide in France and in Brazil, we will forward your inquiry to our office in such countries. By requesting information regarding services in a country outside your residence, you thereby consent to the transfer of your Personal Information to that country. We will, at your request, provide you with details of companies and countries to which your information has been sent. In countries with data protection laws that do not have a data protection standard equivalent to the laws where you live, any receiver of your Personal Information is obliged by us to comply with the standards of data protection set out in this policy.
LINKS AND THIRD-PARTY WEB SITES
Applicability of This Policy
Third Party Advertisements
We may use third party advertisements on this Site. Cookies and other tracking technologies may be associated with these advertisements. Note: Iron Mountain is not responsible for the functionality of and actions taken by cookies and other tracking technologies created and placed by our third party service providers.
HOW TO OPT OUT OR REQUEST CHANGES
You are entitled to request that we:
provide you with a copy of your Personal Information that we hold and you have the right to be informed of; (a) the source of your Personal Information; (b) the purposes and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entity to whom your Personal Information may be transferred;
cease processing your Personal Information, in whole or in part, as you direct us, for any purpose, save to the extent it is lawful to do so without consent;
do not transfer your Personal Information to unaffiliated third parties for the purposes of direct marketing or any other purposes;
change the manner in which we contact you for marketing purposes;
correct any errors in your Personal Information; and
update your Personal Information as required.
If, after you have given your permission, you wish to opt out of receiving marketing related communications from us, please send your request to http://www.ironmountain.com/Utility/Forms/Opt-Out-Form.aspx.
If you would like to receive a copy of your Personal Information we have about you as submitted to us via this Site or if your Personal Information is incorrect or incomplete, please let us know by contacting us at: email@example.com and we will make every reasonable effort to correct or update it promptly (unless we require further information from you in order to fulfil your request). You may also ask us to remove your name and other Personal Information from our databases. In each of the foregoing cases, we will make all reasonable efforts to honour your request promptly, subject to legal and other permissible considerations.
If you have submitted an inquiry to us and you do not receive acknowledgement of your inquiry from the firstname.lastname@example.org or our response to your inquiry is not satisfactory, you should contact Iron Mountain’s Vice President for Privacy & Compliance at email@example.com or write to the Vice President of Privacy & Compliance at Support.
NOTIFICATION OF CHANGES
We recommend that you check this policy every time you visit our Site as we may update this policy from time to time, by posting the amended policy on this Site. Any changes will be effective when posted and your continued use of the Site will indicate your acceptance of any changes.
HOW WE PROTECT AND STORE YOUR INFORMATION
We take the security of the information we collect seriously. We have implemented technology and security policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the data concerned.
Personal Information collected via this Site is stored on servers in the UK and USA. You should be aware that your Personal Information once collected will be transferred to our servers, and the USA currently does not have uniform data protection laws. Iron Mountain complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Iron Mountain has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
We are concerned about the safety of children when they use the Internet, and will never knowingly collect Personal Information from minors (children under 13 years of age, or any other age defined under applicable law). If we become aware that a minor is attempting to or has submitted Personal Information via this Site, we will notify the user that we may not accept his or her Personal Information. We will then remove any such Personal Information from our records.
QUESTIONS REGARDING THIS POLICY
Iron Mountain’s Privacy Principles
Iron Mountain commits to the following:
Iron Mountain process Personal Information fairly and lawfully. Iron Mountain only collects and uses personal information based on legitimate grounds and in ways a concerned individual would reasonably expect and without unjustified adverse effects. In addition, Iron Mountain will use reasonable efforts to be transparent about how it intends to use the information and to provide individuals with appropriate privacy notices when collecting their personal data.
Iron Mountain only collects information that is needed.
From its valued customers, Iron Mountain collects information that will enable it to administer customer accounts, to provide marketing information about Iron Mountain’s services and products, to provide “white papers” containing articles that may be useful to customers, to obtain information that may be helpful to Iron Mountain in administering and enhancing its Site, and to fulfill any regulatory or legal requirement. Iron Mountain keeps its customers informed as to what information it is collecting and how that information will be used. The Personal Information will not be used for any other purpose than provided by this policy.
From its valued employees (including prospective and former employees), Iron Mountain collects information that will enable it to manage employee benefits and related benefit plan administration, for human resources management purposes and staff training and for immigration purposes, as well as to fulfill any regulatory or legal requirement, including audits.
Customers must “opt in” prior to Iron Mountain using Customer information for marketing purposes. You have the option of determining whether to supply Iron Mountain with information that it may use for purposes of sending you information, whether it is sent through online marketing efforts, by telephone, by fax, by email or by mail. At any time, you may “opt out,” and Iron Mountain will accordingly cease using the Personal Information you previously supplied for marketing purposes but it may use your Personal Information to avoid marketing contacts in the future. In connection with the offline activities of Iron Mountain, you may simply notify Iron Mountain that you wish to cease receiving additional information from Iron Mountain (“opt out”), and Iron Mountain will honour any such request.
Iron Mountain uses security procedures and safeguards that it considers appropriate for the level of Personal Information our customers or employees are providing to Iron Mountain. Iron Mountain’s goal is to prevent unauthorised access, maintain data accuracy, ensure the appropriate use of information and use professional industry standards to protect against the loss, misuse or alteration of information under Iron Mountain’s control in connection with its information management services.
Release of Information. In addition to using customer or employee information to fulfill requests received from its respective customers or employees, Iron Mountain discloses information provided to it when required to do so by law or by a regulatory body. In addition, Iron Mountain may share, as appropriate, with its Affiliates, with unaffiliated third parties that are under contract to perform services for or on behalf of Iron Mountain (who are required to uphold and maintain policies with respect to privacy and the treatment of your Person Information) and/or to a third party in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division.
Iron Mountain ’s expectations for its Service Providers. Iron Mountain expects its Service Providers, who may have access to Personal Information furnished to us by our customers or employees for purposes of providing services to Iron Mountain, to honour the privacy principles set forth herein, whether such Service Providers are accessing customer or employee information and considers a Service Provider’s commitment to privacy and security as part of its decision-making process as to which Service Providers it selects as its business partners.
Iron Mountain complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Iron Mountain has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.