Privacy

YOUR CALIFORNIA PRIVACY RIGHTS

This document supplements the information contained in our Privacy Notice and applies solely to California Consumers, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).

Coronavirus / COVID-19 Update.

To protect you, your fellow visitors, and our employees and their families, Iron Mountain may collect limited health information to grant or deny access to our facilities, and/or to inform stakeholders of exposure to or positive testing for Covid-19. Information collected will be handled, as applicable, in accordance with this document and the Privacy Notice referenced above.

Information We Collect, Use, and Disclose.

Iron Mountain collects, uses, and discloses Personal Information about California Consumers for business purposes only, and which are consistent with applicable laws.  Where Iron Mountain discloses Personal Information to third parties, it requires that they only use the personal information for the business purposes described below.  It also requires that such parties maintain the personal information’s confidentiality, and that appropriate systems and processes are in place to ensure its security.  Iron Mountain does not and will not sell your Personal Information.

We collect, use, and where indicated, disclose the following categories of Personal Information:

CategoriesIdentifiers, such as your full name, title, function home address, email address, phone numbersYour name and bank account or credit card details; your user details to access our systemsThe information we need to deliver our services to youCookie identifiers; internet protocol addresses and IP address of your electronic devices
Is the data used for auditing / compliance purposes?YesYesYesYes
Is the data used for security Incidents management?YesNoYesYes
Is the data used to perform the services?YesYesYesYes
Is the data used for debugging purposes?NoNoNoYes
Is the data used for short-term, transient use?NoNoNoYes
Is the data used for internal research for technological development?YesNoYesNo
Is the data used for quality or safety purposes?YesYesYesNo
Service providers with whom the data is shared:Packing, transportation, restoration, installation, our payment processor, debt collection, marketing service providersOur payment processor, debt, collection.  Our payment processor is prohibited from using personal information for any other purpose and is contractually required to comply with all applicable laws and requirements, which may include Payment Card Industry Data Security Standards if they are processing payments for us.Packing, transportation, restoration, installation, our payment processor, debt collection, marketing service providersMarketing service providers; incident management support companies
Source of the data:ConsumerConsumerConsumerConsumer

Note that under the CCPA, Personal Information does not include:

Additional Purposes for Using Personal Information.

In addition to the uses set forth above, Iron Mountain may use and share the categories of Personal Information identified:

Do Not Track.

Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. At the present time, the World Wide Web Consortium (W3C) has not yet established universal standards for recognizable DNT signals and therefore, Iron Mountain and the Website do not recognize DNT.

 Your Rights and Choices.

In certain circumstances, in addition to the information provided above about the collection, use, and disclosure of Personal Information, the CCPA provides California Consumers with the following rights regarding their Personal Information:

Exercising Your Access and Deletion Rights.

To exercise the rights described above, please submit a Verifiable Consumer Request via the following interactive web form: https://www.ironmountain.com/contact/ccpa-opt-out.  You may also call 1 (800) 934-3453.  Note that under the CCPA, you may only make such a request twice within a 12 month period.  Iron Mountain will respond appropriately within the required timeframes of the CCPA.

When you exercise these rights and submit a request to us, we will verify your identity by asking you to log in to your account if you have one with us.  Or if you do not, we may ask for your email address and an order number from a previous order.  We also may use a third party verification provider to verify your identity.

Marketing Opt-Out Requests.

If you wish to opt out of receiving marketing related communications from us, please send a request to www.ironmountain.com/optout.

Non-Discrimination.

We will not discriminate against you for exercising your rights under the CCPA.  Unless permitted by the CCPA, we will not:

Changes.

We reserve the right to amend this notice at our discretion and at any time.  When we make changes to this notice, we will post the updated notice on the Website and update the notice’s effective date.  Your continued interaction with Iron Mountain following the posting of changes constitutes your acceptance of such changes.

Questions.

If you have questions concerning this notice, or to request this notice in another format, please contact our Global Privacy Officer at 1-800-935-6966, ext. 8477 (if calling from within the USA) or 1-617-535-8477 (if calling from outside the USA) or via e-mail at global.privacy@ironmountain.com or by writing to the Global Privacy Officer, Iron Mountain, 1 Federal Street, Boston, MA 02110, U.S.A.

This notice was last updated December 31, 2019.