Other Covered Entities
- Information and Communications Technology
Swiss-U.S. Privacy Shield Framework: Active
EU-U.S. Privacy Shield Framework: Active
Purpose of Data Collection
Human Resources Personal Data may be transferred or accessed on behalf of current, former and potential job applicants, employees (temporary or permanent), contractual workers, retirees, dependents or others whose personal data have been given to an Iron Mountain entity by such persons. It relates to e.g., compensation and benefit administration and management; recruitment and staffing, including background checks; worker and organization development; internal investigation, audit management, legal and corporate enforcement and compliance; and data administration and workforce management. For each purpose, different categories of personal data are collected, e.g., contact information, date and place of birth, tax identification numbers, dependent information, salary and benefit information, banking details, appraisals, individual demographic information in compliance with law requirements, such as marital status, nationality, work permit information. In limited circumstances sensitive data may processed, such as data relating to sick or medical leave, union membership data to comply with collective bargaining agreements and laws or suspected or actual criminal activities to comply with US and local laws and to protect the company, its employees, visitors, customers and each of their rights and assets. HR data may also be processed in the context of merger and acquisition activities and shared processed by affiliates and third parties for the purposes listed above. Non-HR Data: Business/Customer Personal Data may be transferred or accessed on behalf of current, former and potential customers, suppliers, vendors and agents. It relates to e.g., sales and marketing (including providing customers and prospective customers with marketing information on services and products), analysis of customer and prospective customer data in order to provide enhanced customer service and more effective communications, website content selection, website user friendliness and navigation, for purposes of managing the Organization's inventory management systems, including potential personal data of customers recorded in such inventory management systems, for purposes of digital imaging, electronic vaulting or digital archiving or other forms of electronic storage or transmittal of data, including potential personal data stored by customers with the Organization in connection with any of the foregoing services; as well as the physical transfer of documents or media of the Organization or that of its customers that may contain personal data.
The European Employment Data Protection Guideline together with the global Privacy and Data Protection policy describe the collection, use and disclosure of personal employment data. The documents are available to all employees on Iron Mountain’s internal sites and from the local HR departments.
HR and Non-HR Data
This notice is adopted by: Iron Mountain Incorporated, its participating subsidiaries (including former Recall entities) and joint venture partners which are part of the Iron Mountain service system, and other entities which directly or indirectly are controlled by Iron Mountain (each, an Affiliate, with Iron Mountain and its Affiliates being collectively referred to as Iron Mountain).
Questions or Complaints?
If you have a question or complaint regarding the covered data, please contact Iron Mountain Incorporated at:
Boston, Massachusetts 02110
Privacy Shield organizations must respond within 45 days of receiving a complaint.
If you have not received a timely or satisfactory response from Iron Mountain Incorporated to your question or complaint, please contact the independent recourse mechanism listed below
NON-HR RECOURSE MECHANISM
Appropriate statutory body with jurisdiction to investigate any claims against Iron Mountain Incorporated regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission