Other Covered Entities

Crozier Fine Arts
Fontis International, Inc.
Iron Mountain Global, LLC
Iron Mountain Incorporated
Iron Mountain Information Management Services, Inc.
Iron Mountain Information Management, LLC
Iron Mountain Intellectual Property Management, Inc.
Iron Mountain Secure Shredding, Inc.

Industries

  • Information and Communications Technology

Participation

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 5/15/2017
Next Certification Due Date: 2/16/2019
Data Collected: HR, NON-HR

EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 12/7/2016
Next Certification Due Date: 2/16/2019
Data Collected: HR, NON-HR

Purpose of Data Collection

Human Resources Personal Data may be transferred or accessed on behalf of current, former and potential job applicants, employees (temporary or permanent), contractual workers, retirees, dependents or others whose personal data have been given to an Iron Mountain entity by such persons. It relates to e.g., compensation and benefit administration and management; recruitment and staffing, including background checks; worker and organization development; internal investigation, audit management, legal and corporate enforcement and compliance; and data administration and workforce management. For each purpose, different categories of personal data are collected, e.g., contact information, date and place of birth, tax identification numbers, dependent information, salary and benefit information, banking details, appraisals, individual demographic information in compliance with law requirements, such as marital status, nationality, work permit information. In limited circumstances sensitive data may processed, such as data relating to sick or medical leave, union membership data to comply with collective bargaining agreements and laws or suspected or actual criminal activities to comply with US and local laws and to protect the company, its employees, visitors, customers and each of their rights and assets. HR data may also be processed in the context of merger and acquisition activities and shared processed by affiliates and third parties for the purposes listed above. Non-HR Data: Business/Customer Personal Data may be transferred or accessed on behalf of current, former and potential customers, suppliers, vendors and agents. It relates to e.g., sales and marketing (including providing customers and prospective customers with marketing information on services and products), analysis of customer and prospective customer data in order to provide enhanced customer service and more effective communications, website content selection, website user friendliness and navigation, for purposes of managing the Organization's inventory management systems, including potential personal data of customers recorded in such inventory management systems, for purposes of digital imaging, electronic vaulting or digital archiving or other forms of electronic storage or transmittal of data, including potential personal data stored by customers with the Organization in connection with any of the foregoing services; as well as the physical transfer of documents or media of the Organization or that of its customers that may contain personal data.

Privacy Policy

HR Data

European Employment Data Protection Guideline
Description:

The European Employment Data Protection Guideline together with the global Privacy and Data Protection policy describe the collection, use and disclosure of personal employment data. The documents are available to all employees on Iron Mountain’s internal sites and from the local HR departments.

Effective Date: 12/5/2016
Global Priavcy Policy
Description:

The Global Privacy Policy together with the European Employment Data Protection Guideline describe the collection, use and disclosure of personal employment data. The documents are available to all employees on Iron Mountain’s internal sites and from the local HR departments.

Effective Date: 12/20/2016

HR and Non-HR Data

Description:

This notice is adopted by: Iron Mountain Incorporated, its participating subsidiaries (including former Recall entities) and joint venture partners which are part of the Iron Mountain service system, and other entities which directly or indirectly are controlled by Iron Mountain (each, an Affiliate, with Iron Mountain and its Affiliates being collectively referred to as Iron Mountain).

Effective Date: 4/26/2017

Verification Method

Self-Assessment

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Iron Mountain Incorporated at:

Michael Zurcher
Dirctor Privacy & Compliance
Iron Mountain Incorporated
One Federal Street
Boston, Massachusetts 02110

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Iron Mountain Incorporated to your question or complaint, please contact the independent recourse mechanism listed below


NON-HR RECOURSE MECHANISM



Appropriate statutory body with jurisdiction to investigate any claims against Iron Mountain Incorporated regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission