These Terms and Conditions of Service, along with our Services overview, Plans & Pricing, Policies, and other information on our website (collectively referred to herein as the “Agreement”) outline the terms and conditions regarding your use of our products and services. This Agreement is a legally binding contract between you and Iron Mountain so please read carefully. We agree to make the services available to you only upon your acceptance of this Agreement. If you do not accept this Agreement, do not purchase, register for, or use any of the services. By purchasing, registering for, and/or using our services you expressly acknowledge that you understand and have accepted this Agreement.
As used herein and as the context requires, the term “we”, “us”, “our”, and “Iron Mountain” shall mean Iron Mountain Information Management, LLC, and its affiliates and subsidiaries that may perform any services. The term “you”, “your”, and “Customer” shall mean the person or entity who accesses or uses the services and any person or entity who purchases services or creates an account for the services. The term “services” shall mean all products and services offered by Iron Mountain which are further described on the Iron Mountain website, including but not limited to the Customer Account Dashboard, the Site, product offerings such as service plans and all other services. The term “Deposits” and “items” means any of your records, media, materials, images and electronically stored information, computer hardware and electronic equipment, and other items stored with or processed by Iron Mountain as part of the services.
“CCPA” means the California Consumer Privacy Act of 2018.
“Personal Information” means any data or information that is received by Iron Mountain from Customer, subject to the services under the Agreement, that relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular natural person who is a California resident or household. Personal Information does not include publicly available information.
“Process” means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means.
This Business Associate Agreement (“BAA”) is an addendum to your Agreement with Iron Mountain and is incorporated therein by reference. It is intended to supplement and amend the Agreement only in the event and to the extent Iron Mountain meets, with respect to you, the definition of a Business Associate set forth at 45 C.F.R. §160.103 and may Use and/or Disclose PHI on your behalf, as a Covered Entity. Except to the extent modified in this BAA, all terms and conditions set forth in the Agreement shall remain in full force and effect and govern the services.
Iron Mountain and Customer are entering into this BAA in order for both parties to meet their respective obligations as they become effective and binding upon the parties under the HIPAA Privacy, Security, and Breach Notification Rules along with any implementing regulations including those implemented as part of the Omnibus Rule (collectively referred to as the “HIPAA Rules”), under which Customer is a “Covered Entity” or “Business Associate” and Iron Mountain is a “Business Associate” of Customer. For purposes of this Agreement, any references hereinafter to Business Associate shall be deemed references to Iron Mountain.