These Terms and Conditions of Service (including any exhibits or addenda attached hereto), along with our Services overview, Plans & Pricing, Policies, and other information on our website (collectively referred to herein as the “Agreement”) outline the terms and conditions regarding your use of our products and services. This Agreement is a legally binding contract between you and Iron Mountain so please read carefully. We agree to make the services available to you only upon your acceptance of this Agreement. If you do not accept this Agreement, then do not purchase, register for, or use any of the services. By purchasing, registering for, and/or using our services you expressly acknowledge that you understand and have accepted this Agreement.
As used herein and as the context requires, the term “we”, “us”, “our”, and “Iron Mountain” shall mean Iron Mountain Information Management, LLC, and its affiliates and subsidiaries that may perform any services. The term “you”, “your”, and “Customer” shall mean the person or entity who accesses or uses the services and any person or entity who purchases services or creates an account for the services. The term “services” shall mean all products and services offered by Iron Mountain which are further described on the Iron Mountain website, including but not limited to the Customer Account Dashboard, www.express.ironmountain.com (the "Site"), product offerings such as service plans and all other services. The term “Deposits” and “items” means any of your records, media, materials, images and electronically stored information, computer hardware and electronic equipment, and other items stored with or processed by Iron Mountain as part of the services.
This Personal Information Privacy Addendum (“Addendum”) is an addendum to your Agreement with Iron Mountain and is incorporated therein by reference. It is intended to supplement the Agreement, including the Privacy Policy. Pursuant to the Agreement, Iron Mountain may Process Personal Information on behalf of Customer in connection with the services. To the extent that Iron Mountain Processes Personal Information on behalf of Customer, this Addendum sets forth the rights and obligations of the parties with respect to the CCPA, under which Customer is a “Business” and Iron Mountain is a “Service Provider” of Customer.
“CCPA” means the California Consumer Privacy Act of 2018.
“Personal Information” means any data or information that is received by Iron Mountain from Customer, subject to the services under the Agreement, that relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular natural person who is a California resident or household. Personal Information does not include publicly available information.
“Process” means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means.
This Business Associate Agreement (“BAA”) is an addendum to your Agreement with Iron Mountain and is incorporated therein by reference. It is intended to supplement and amend the Agreement only in the event and to the extent Iron Mountain meets, with respect to you, the definition of a Business Associate set forth at 45 C.F.R. §160.103 and may Use and/or Disclose PHI on your behalf, as a Covered Entity. Except to the extent modified in this BAA, all terms and conditions set forth in the Agreement shall remain in full force and effect and govern the services.
Iron Mountain and Customer are entering into this BAA in order for both parties to meet their respective obligations as they become effective and binding upon the parties under the HIPAA Privacy, Security, and Breach Notification Rules along with any implementing regulations including those implemented as part of the Omnibus Rule (collectively referred to as the “HIPAA Rules”), under which Customer is a “Covered Entity” or “Business Associate” and Iron Mountain is a “Business Associate” of Customer. For purposes of this Agreement, any references hereinafter to Business Associate shall be deemed references to Iron Mountain.
This Addendum for Policy Center Essential (“Addendum”) is an addendum to your Agreement with Iron Mountain and is incorporated therein by reference. It is intended to supplement the Agreement to include additional terms and conditions applicable to Policy Center Essential. With respect to Policy Center Essential only, these additional terms and conditions supersede any conflicting terms in the Agreement. For the avoidance of doubt, Policy Center Essential shall be considered “services” for purposes of the Agreement.
1. Iron Mountain grants you the non-exclusive and non-transferable right and permission to access and use the information and material provided as part of the services for your internal business use only. You shall not: (i) modify, port, translate, localize, or create derivative works of the services; or (ii) transfer, sell or use commercially any of the information and material obtained through the services.
2. Iron Mountain shall bear no liability whatsoever arising out of or in connection with the services, regardless of the cause of action and whether arising in contract, tort, indemnity, warranty or any other legal theory.
3. Iron Mountain and its suppliers are the sole and exclusive owner of all right, title, and interest in and to the services (excluding any open source third-party software), and all copies thereof including all derivations and modifications thereto including, but not limited to, ownership of all intellectual property rights (collectively, “Intellectual Property”). Use of the services does not provide you with title or ownership of the Intellectual Property, but only a right of limited use.
4. You understand and acknowledge that your access to and use of the information contained in the services does not constitute legal advice and is not provided as part of the practice of law. The legal data and information contained in the services is intended to provide you with information to inform decisions regarding your record keeping requirements. Iron Mountain does not warrant the accuracy or completeness of the information provided as part of the services and that information is, among other things, subject to change. Further, the record retention periods do not take into account your particular circumstances and there may be exceptions or additional record keeping requirements that apply. Accordingly, you should make your own inquiries or seek advice from an appropriate professional advisor regarding the record keeping requirements that may apply in your particular circumstances.
5. Notwithstanding anything to the contrary in the Agreement, either party may terminate GRCS at any time without penalty, by providing notice of cancellation in accordance with the Agreement.