Updated October 2020
When this Policy mentions “STERIS”, "we", “our”, "us", it refers to the entity that is responsible for the collection and use of your personal data, which is generally the entity that obtains your personal data in the respective case. This entity also is referred to as the “Controller.” A list of our affiliate entities can be viewed in our annual report, available at https://sterisplc.gcs-web.com/financials/annual-reports. When you access our Site and use our Services, your data is controlled by STERIS, 5960 Heisley Road, Mentor, OH, 44060 USA or one of its affiliated companies.
This Site is not intended to receive personal information of a confidential nature from you. However, as part of the Policy, when you visit our Site, you may provide personal data about yourself. We may collect personal data about you including your name, address, company name, occupational role, telephone number, fax number, email address, date of birth, internet protocol (IP) address (where personally identifying), credit card number and expiration date (which is stored by a third party, not at STERIS) and purchase and ordering history, and other information that you voluntarily provide. For example, if you opt to speak with a STERIS representative using our live chat feature, we may collect information (including personal data) provided by you during the live chat and as part of any follow-up surveys regarding the quality of our service. We may provide you with further details about the types of personal data collected at the relevant time.
STERIS does not collect sensitive personal data (such as information related to racial or ethnic origin, political opinions, religion or other beliefs, health information, criminal background or trade union membership) without your explicit consent or as otherwise permitted by law.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
As you navigate through our Site, we may use automatic collection technologies to collect certain information about your equipment, browsing actions and patterns, including, the details of your Site visits (e.g., resources that you access, traffic data, location data, logs, language); date and time of access; frequency, and other communication data; and information about your computer and internet connection, including your operating system, host domain, and browser type or detail.
STERIS uses this information as statistical data to help us improve our Site and deliver a better and more personalized service by helping us determine traffic patterns, count the number of Site visits, determine traffic sources, and determine the frequency and last date of your visit to our Site.
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel an order for product or service you have with us but we will notify you if this is the case at the time.
STERIS collects personal data about you in a variety of ways, including when you:
We only collect and process personal data when we have a legal basis to do so and in accordance with applicable law as set out below.
We may process personal data where we have your consent to do so, including to provide you marketing communications and other materials that we think you might be interested in.
We may also use your personal data that we collect where this is necessary for our legitimate interests or those of another person provided that these are not overridden by your rights and freedoms. Situations where processing may be necessary for such legitimate interests include:
We may also process your personal data to render services to you or in order to fulfil a contractual agreement with you when you visit our Site. This includes to:
STERIS may use your personal data for marketing when we have your consent to do so or it is permitted to do so by law (for example, where it is able to rely on the “soft opt-in”), including to communicate and provide additional information and marketing materials that may be of interest to you about STERIS’s products and services. It may also provide details of the services of third-party partners where we have your consent to do this. If you do not want us to use your personal data to send you newsletters or other direct marketing materials, you can opt out at any time by contacting us (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA” below or unsubscribing using the link in the email that you receive).
STERIS takes appropriate steps to maintain the security of your personal data and our Site. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to your data (taking into account technology, cost and the nature of processing). In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Still, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, STERIS cannot guarantee that your personal data is under absolute security with the existing security technology. If you have any questions about the security of our Site, you can contact us (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA” below).
Certain social media features available on the Site may be hosted by third parties. For example, some social networking services allow you to share products and services from our Site via your social networking profile. Our Site also allows you to apply for available jobs at STERIS through your LinkedIn account. If you choose to make use of third-party social media services (such as Facebook, Twitter or LinkedIn), we may receive personal data about you, such as your name and email address that you have made available through those services. We encourage you to visit those third-party social networking services' privacy policies and review your privacy settings directly on those services. Any data we receive through third-party social media services may be used as described in this Policy.
STERIS is a global company. Your personal data may be stored and processed in any country where we have STERIS facilities or service providers, and by using our Site, you acknowledge that we may transfer your personal data to countries outside your country of residence, including to the United States, and that these may provide different data protection rules than in your country and such rules may not be equivalent to those of the European Union.
Where we transfer data from the European Economic Area (EEA), Switzerland or the United Kingdom (as applicable), STERIS will implement appropriate safeguards to comply with applicable law in relation to the transfer including the EU Standard Contractual Clauses or other measures that comply with applicable law, for personal data is being transferred to places where the EEA, Switzerland and/or the United Kingdom have determined that an adequate level of protection is not guaranteed. For more information regarding such safeguards, please contact us (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA” below).
We may disclose your personal data collected under this Policy on a need-to-know basis with our affiliates, trusted third parties and service providers, and in other instances as required or permitted by law, as further explained below:
We will only share personal data with companies, organizations or individuals outside STERIS including where reasonably necessary to:
STERIS does not collect or compile personal data for dissemination or sale to third parties for commercial purposes.
Where your personal data is transferred to third parties, we will require such persons to protect your personal data in accordance with applicable law (including by putting in place appropriate contractual arrangements with the agreements between STERIS and third-party vendors).
STERIS retains your personal data for the period necessary to fulfill the purposes outlined in the Policy, unless a longer retention period is required by law or to fulfill a legal obligation.
California Do Not Track
You may opt out of receiving commercial emails or other educational materials from us about our products and services by following the instructions contained in any of the emails that we send or by signing into your account and adjusting your email preferences. Please note that even if you unsubscribe from commercial email messages, we may still send you non-commercial emails for lawful purposes, including to manage any account you have with us, respond to your requests, execute agreements with you and manage your transactions on the Site.
You can opt out of receiving offerings directly from our third-party business partners by following the instructions in the e-mails or other materials that they send you.
If you are located in the EEA or the General Data Protection Regulation (GDPR) otherwise applies to you, we only send you direct marketing emails or other educational materials where permitted to do so by law, for example where marketing is necessary for our legitimate interests and we have obtained your email address in the course of a sale or negotiation of a sale of a product or service and where the commercial emails are marketing similar products or services, or where we have your consent.
Cookies and Tracking
Browsers are different, so please refer to the instructions in your browser to learn about cookies and other privacy and security settings that may be available.
You also can opt-out from being tracked by Google Analytics by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: (click here https://tools.google.com/dlpage/gaoptout?hl=en-GB)
You can control whether our mobile application send you push notifications by changing your notification settings on your mobile device.
Access and Connections to Social Media
If you connected, linked to us via your social media profile, you can manage the permissions granted to such third-party social media services by accessing your user settings under your account. You also can remove our access to your social media account or control what information these third-party social media services share with us at any time by accessing the privacy settings in your social media account.
Under applicable data protection laws and depending on the jurisdiction where you reside, you may have certain rights in relation to the data we hold about you.
For residents in the EEA or other situations where the GDPR applies
You may request to access, delete, rectify or correct personal data, object to the processing of your personal data, have your personal data transmitted from us to another controller (data portability) and request not to be subject to automated decision making, in each case in accordance with applicable law. You also have the right to object to marketing, withdraw any consent to processing that you have given or object to processing based on our legitimate interests. To exercise any of these rights, contact STERIS at the address below (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA”). We will respond in accordance with applicable law.
You have the right to make a complaint at any time to the relevant data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach any authority so please contact us in the first instance.
For residents in California
Depending on your relationship with STERIS, the California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100) provides you with specific rights regarding your personal data. These include the right to be informed of the categories of personal data that we collect about you, to access your personal data, to delete your data, and to opt out of the sale of your personal data, as set forth below.
In the preceding twelve (12) months, and depending on our relationship with you, we may have collected from you the following categories of Personal Information as defined under the CCPA:
We disclose for a business purpose each of the above categories of Personal Information with the categories of third parties described in the “Recipients of Data” section.
To exercise the rights described above, it may be necessary for us to verify your identity or authority to make the request and confirm the personal data relates to you. If you request information about the categories of personal data we collect about you, access to, or deletion of your personal data, we may require you to provide certain information to verify your identity, including: (i) your full name, (ii) postal address, (iii) email address, or (iv) telephone number.
Only you or your authorized agent may make a verifiable consumer request related to your personal data. If you designate an authorized agent to make a request on your behalf, we may require one of the following:
(i) your signed permission designating the authorized agent to act on your behalf. You must verify your identity with us and directly confirm with us that you have provided the authorized agent permission to submit the request;
(ii) evidence that you have provided the authorized agent with power of attorney pursuant to the California Probate Code; or
(iii) proof that the authorized agent is registered with the California Secretary of State and that you have authorized the individual to act on your behalf.
You also may make a verifiable consumer request on behalf of your minor child.
Non-Discrimination: Unless permitted by applicable law, we will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law.
The Site is not intended for use by individuals sixteen years of age or younger, and we request that these individuals not provide personal data through the Site.
If you are a parent or guardian of a child under the age of 16 and believe that he or she has disclosed his or her personal data to us, please contact us using the information provided under “Contact Us.”
Our Policy may change when necessary. We will post any Policy changes on this page. We will also keep prior versions of this Policy in an archive for your review.
If you have any questions or concerns about the use of your personal data, please contact us at dataprotection@STERIS.com or by writing to us at:
STERIS Data Protection Officer
5960 Heisley Road
Mentor, OH 44060 USA
ATTN: Vicki Hradisky
California residents may contact STERIS at 1-888-783-7476 regarding your personal data.
For residents in Germany, STERIS’s local data protection officer can be reached at dataprotection@STERIS.com.