Privacy Policy | STERIS Sustainability Privacy Policy | STERIS Sustainability
STERIS Corporation - Helping to provide a healthier today and a safer tomorrow.

STERIS Website Privacy Policy

Updated October 2020

Translated Versions

It is the Policy of STERIS to only collect, store, transfer, or otherwise process personal data in compliance with applicable law.  STERIS and its subsidiaries are committed to protecting your privacy. This Privacy Policy ("Policy") applies to all who visit and use our website, www.STERIS.com, our online and mobile services, the other websites and online services offered by our affiliates/subsidiaries, and any online applications that link to any of these websites (collectively the “Site”). The Policy outlines the types of personal data we may collect when you use the Site, how we use this personal data, your rights in relation to your personal data and the steps we take to safeguard the personal data. 

This Policy is incorporated into our Terms of Use, which apply when you use our Site.  By accessing our Site or voluntarily providing your personal data to us, you are acknowledging that your data will be processed pursuant to this Policy.  

Data Controller

When this Policy mentions “STERIS”, "we", “our”, "us", it refers to the entity that is responsible for the collection and use of your personal data, which is generally the entity that obtains your personal data in the respective case. This entity also is referred to as the “Controller.”  A list of our affiliate entities can be viewed in our annual report, available at https://sterisplc.gcs-web.com/financials/annual-reports. When you access our Site and use our Services, your data is controlled by STERIS, 5960 Heisley Road, Mentor, OH,  44060 USA or one of its affiliated companies.

Personal Data Collected by STERIS:

This Site is not intended to receive personal information of a confidential nature from you. However, as part of the Policy, when you visit our Site, you may provide personal data about yourself.  We may collect personal data about you including your name, address, company name, occupational role, telephone number, fax number, email address, date of birth, internet protocol (IP) address (where personally identifying), credit card number and expiration date (which is stored by a third party, not at STERIS) and purchase and ordering history, and other information that you voluntarily provide.  For example, if you opt to speak with a STERIS representative using our live chat feature, we may collect information (including personal data) provided by you during the live chat and as part of any follow-up surveys regarding the quality of our service. We may provide you with further details about the types of personal data collected at the relevant time.

STERIS does not collect sensitive personal data (such as information related to racial or ethnic origin, political opinions, religion or other beliefs, health information, criminal background or trade union membership) without your explicit consent or as otherwise permitted by law.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Other Personal Data STERIS Collects

As you navigate through our Site, we may use automatic collection technologies to collect certain information about your equipment, browsing actions and patterns, including, the details of your Site visits (e.g., resources that you access, traffic data, location data, logs, language); date and time of access; frequency, and other communication data; and information about your computer and internet connection, including your operating system, host domain, and browser type or detail.

STERIS uses this information as statistical data to help us improve our Site and deliver a better and more personalized service by helping us determine traffic patterns, count the number of Site visits, determine traffic sources, and determine the frequency and last date of your visit to our Site. 

If You Fail to Provide Personal Data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel an order for product or service you have with us but we will notify you if this is the case at the time.

Cookies and Other Technologies

Another form of data we collect directly is through cookies. Cookies are small data files which store data about your visit to a STERIS website relating to how you entered our Site, where you navigate to and what data is of interest to you. We track and use this data for statistical purposes to help improve the products and services we provide to you. Third-party vendors show STERIS's ads on sites across the internet, and they use cookies to serve ads based on past visits to STERIS's website.
Below is a summary of the types of cookies used by the Site:

Session cookies: These cookies are used when you browse our site and expire when you close your browsing session. We use these cookies to determine how a user arrived at the Site and to improve the user's experience while browsing.

Performance or Analytical cookies: STERIS uses Google Analytics, among other search engine tools, to analyze how the Site is used and to monitor its performance. We use the data gathered to diagnose and correct technical issues with the Site and to make improvements based on what users find most interesting or useful.  

Google Analytics uses cookies, which are text files placed on your computer, to analyze how users interact with our Services. The information generated by the cookie about your use of our Services will be transmitted to and stored by Google. Google will use this information on our behalf for the purpose of evaluating your use of our Services, and compiling reports on activity relating to internet usage. 

In case IP anonymization is activated on the Services, your IP address will be truncated within the area of Member States of the European Union (“EU”) or other parties to the Agreement on the European Economic Area (“EEA”). Only in exceptional cases will the whole IP address be first transferred to a Google server in the United States and truncated there. The IP anonymization is active on the Services. The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of the Services.

How STERIS Collects Personal Data

STERIS collects personal data about you in a variety of ways, including when you:

  • Register, subscribe, or create an account with STERIS;
  • Purchase products through our Site;
  • Open or respond to our email offers;
  • Take an online training course with us; 
  • Voluntarily provide us with information through our Customer surveys which we may then link to personal data that we previously collected about you;
  • Contact customer service, use our “Live Chat” feature to communicate with a STERIS representative, or otherwise make use of our Customer support tools;
  • Sign up for educational materials, marketing materials, updates and newsletters;
  • Connect, link or “share” our Site via social networking sites;
  • Apply for a position with STERIS.

How We Use Your Personal Data

We only collect and process personal data when we have a legal basis to do so and in accordance with applicable law as set out below. 

We may process personal data where we have your consent to do so, including to provide you marketing communications and other materials that we think you might be interested in.

We may also use your personal data that we collect where this is necessary for our legitimate interests or those of another person provided that these are not overridden by your rights and freedoms.  Situations where processing may be necessary for such legitimate interests include: 

  • Operate, maintain and improve our Site, our services, and our products;
  • Manage our everyday business needs, such as administration of the STERIS Site; 
  • Perform analytics and conduct Customer research; 
  • Fraud prevention; 
  • Internal record keeping within STERIS;
  • Enforcement of our corporate reporting obligations and Terms of Use or Terms of Sale;
  • To comply with the law, regulations or court orders, subpoenas or other legal processes;
  • Identify your preferences so we can notify you of new or additional products, services, and promotions that might be of interest to you;
  • Administer online surveys either from us or through third party business partners;
  • Use third party service providers in relation to the above; 
  • In the event of litigation or other legal action 
We may also process your personal data to render services to you or in order to fulfil a contractual agreement with you when you visit our Site.  This includes to: 
  • Follow through to deliver products or services you have requested and provide Customer service;
  • Process online purchase orders and keeping you informed about the status of your order;
  • Consider an application for employment, including review of your supplied resume. The data may be saved in our files for future review and consideration. The data will be shared internally on a need-to-know basis, and will not be given to any third parties other than our service providers who process data on our behalf;
  • Send you reminders, updates, support, service bulletins, and requested information.
STERIS may use your personal data for marketing when we have your consent to do so or it is permitted to do so by law (for example, where it is able to rely on the “soft opt-in”), including to communicate and provide additional information and marketing materials that may be of interest to you about STERIS’s products and services.  It may also provide details of the services of third-party partners where we have your consent to do this.  If you do not want us to use your personal data to send you newsletters or other direct marketing materials, you can opt out at any time by contacting us (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA” below or unsubscribing using the link in the email that you receive). 
 

The Security of Your Personal Data

STERIS takes appropriate steps to maintain the security of your personal data and our Site. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to your data (taking into account technology, cost and the nature of processing).  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
 
Still, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, STERIS cannot guarantee that your personal data is under absolute security with the existing security technology. If you have any questions about the security of our Site, you can contact us (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA” below).
 

External Websites

Certain social media features available on the Site may be hosted by third parties. For example, some social networking services allow you to share products and services from our Site via your social networking profile. Our Site also allows you to apply for available jobs at STERIS through your LinkedIn account. If you choose to make use of third-party social media services (such as Facebook, Twitter or LinkedIn), we may receive personal data about you, such as your name and email address that you have made available through those services. We encourage you to visit those third-party social networking services' privacy policies and review your privacy settings directly on those services. Any data we receive through third-party social media services may be used as described in this Policy.
 

Cross-Border Transfers

STERIS is a global company.  Your personal data may be stored and processed in any country where we have STERIS facilities or service providers, and by using our Site, you acknowledge that we may transfer your personal data to countries outside your country of residence, including to the United States, and that these may provide different data protection rules than in your country and such rules may not be equivalent to those of the European Union.
 
Where we transfer data from the European Economic Area (EEA), Switzerland or the United Kingdom (as applicable), STERIS will implement appropriate safeguards to comply with applicable law in relation to the transfer including the EU Standard Contractual Clauses or other measures that comply with applicable law, for personal data is being transferred to places where the EEA, Switzerland and/or the United Kingdom have determined that an adequate level of protection is not guaranteed.  For more information regarding such safeguards, please contact us (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA” below).  
 

Recipients of Data

We may disclose your personal data collected under this Policy on a need-to-know basis with our affiliates, trusted third parties and service providers, and in other instances as required or permitted by law, as further explained below:

  • To our STERIS affiliates for the purposes described in this Policy. 
  • To our third-party distributors, contractors, vendors, service providers who provide services such as data analysis and storage, payment processing, order fulfillment, infrastructure provision, IT services, customer service, e-mail and direct mail delivery services, credit card processing, fraud prevention services, and other services in order to enable them to provide services.
  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

We will only share personal data with companies, organizations or individuals outside STERIS including where reasonably necessary to:

  • Meet any applicable law, regulation, legal process or enforceable governmental request.
  • Detect, prevent, or otherwise address fraud, security or technical issues.
  • Protect against harm to the rights, property or safety of STERIS, including to enforce our Terms of Use and/or Terms of Sale, our users or the public as required or permitted by law. 
  • In connection with a merger, acquisition, or other transaction or sell to a third party.  
  • When we have your consent to do so.  

STERIS does not collect or compile personal data for dissemination or sale to third parties for commercial purposes. 

Where your personal data is transferred to third parties, we will require such persons to protect your personal data in accordance with applicable law (including by putting in place appropriate contractual arrangements with the agreements between STERIS and third-party vendors).
 

Retention of Your Personal Data

STERIS retains your personal data for the period necessary to fulfill the purposes outlined in the Policy, unless a longer retention period is required by law or to fulfill a legal obligation.
 

Your Choices

California Do Not Track
 
Web users have the option to set Do Not Track as a privacy preference in their browsers. When the Do Not Track signal is set, the browser sends a message to websites asking them not to track the user while browsing the site. For information about Do Not Track, visit www.allaboutdnt.org. STERIS does not respond to Do Not Track browser settings or signals. In addition, STERIS may use other standard technology to track visitors to https://www.STERIS.com or one of the affiliated pages hosted at the STERIS domain. As described in the Cookies section of this Privacy Policy, those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.
 
Commercial Emails
 
You may opt out of receiving commercial emails or other educational materials from us about our products and services by following the instructions contained in any of the emails that we send or by signing into your account and adjusting your email preferences. Please note that even if you unsubscribe from commercial email messages, we may still send you non-commercial emails for lawful purposes, including to manage any account you have with us, respond to your requests, execute agreements with you and manage your transactions on the Site.  
You can opt out of receiving offerings directly from our third-party business partners by following the instructions in the e-mails or other materials that they send you. 
 
EU Users
 
If you are located in the EEA or the General Data Protection Regulation (GDPR) otherwise applies to you, we only send you direct marketing emails or other educational materials where permitted to do so by law, for example where marketing is necessary for our legitimate interests and we have obtained your email address in the course of a sale or negotiation of a sale of a product or service and where the commercial emails are marketing similar products or services, or where we have your consent.  
 
Cookies and Tracking
 
You have the option to disable cookies on your computer by changing the settings in the options menu of your browser.  Alternatively, you can opt out of a third-party's use of cookies by visiting the Network Advertising Initiative opt-out page. Disabling cookies may affect your personalized Site experience. 

Browsers are different, so please refer to the instructions in your browser to learn about cookies and other privacy and security settings that may be available. 

You also can opt-out from being tracked by Google Analytics by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: (click here https://tools.google.com/dlpage/gaoptout?hl=en-GB)

Mobile Apps

You can control whether our mobile application send you push notifications by changing your notification settings on your mobile device.

Access and Connections to Social Media 

If you connected, linked to us via your social media profile, you can manage the permissions granted to such third-party social media services by accessing your user settings under your account. You also can remove our access to your social media account or control what information these third-party social media services share with us at any time by accessing the privacy settings in your social media account.  

Your Data Rights

Under applicable data protection laws and depending on the jurisdiction where you reside, you may have certain rights in relation to the data we hold about you. 

For residents in the EEA or other situations where the GDPR applies 

You may request to access, delete, rectify or correct personal data, object to the processing of your personal data, have your personal data transmitted from us to another controller (data portability) and request not to be subject to automated decision making, in each case in accordance with applicable law.  You also have the right to object to marketing, withdraw any consent to processing that you have given or object to processing based on our legitimate interests.  To exercise any of these rights, contact  STERIS at the address below (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA”). We will respond in accordance with applicable law.  

You have the right to make a complaint at any time to the relevant data protection authority.  We would, however, appreciate the chance to deal with your concerns before you approach any authority so please contact us in the first instance. 

For residents in California

Depending on your relationship with STERIS, the California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100) provides you with specific rights regarding your personal data. These include the right to be informed of the categories of personal data that we collect about you, to access your personal data, to delete your data, and to opt out of the sale of your personal data, as set forth below. 

In the preceding twelve (12) months, and depending on our relationship with you, we may have collected from you the following categories of Personal Information as defined under the CCPA:

  • Identifiers, such as your first and last name, address and e-mail address, company name, occupational role, telephone number, fax number
  • Financial Details, such as your credit card number, expiration date, and purchase and ordering history
  • Protected Classifications, such as your age
  • Internet or Other Similar Network Activity, such as your browsing history, search history, and information on your interaction with our Site

We disclose for a business purpose each of the above categories of Personal Information with the categories of third parties described in the “Recipients of Data” section.

To exercise the rights described above, it may be necessary for us to verify your identity or authority to make the request and confirm the personal data relates to you. If you request information about the categories of personal data we collect about you, access to, or deletion of your personal data, we may require you to provide certain information to verify your identity, including: (i) your full name, (ii) postal address, (iii) email address, or (iv) telephone number. 

Only you or your authorized agent may make a verifiable consumer request related to your personal data. If you designate an authorized agent to make a request on your behalf, we may require one of the following: 

(i) your signed permission designating the authorized agent to act on your behalf. You must verify your identity with us and directly confirm with us that you have provided the authorized agent permission to submit the request; 

(ii) evidence that you have provided the authorized agent with power of attorney pursuant to the California Probate Code; or 

(iii) proof that the authorized agent is registered with the California Secretary of State and that you have authorized the individual to act on your behalf. 

You also may make a verifiable consumer request on behalf of your minor child.

Non-Discrimination: Unless permitted by applicable law, we will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law. 

Use of Site by Minors

The Site is not intended for use by individuals sixteen years of age or younger, and we request that these individuals not provide personal data through the Site.
 
If you are a parent or guardian of a child under the age of 16 and believe that he or she has disclosed his or her personal data to us, please contact us using the information provided under “Contact Us.”  
 

Changes to This Policy

Our Policy may change when necessary. We will post any Policy changes on this page. We will also keep prior versions of this Policy in an archive for your review.
 

Contacting STERIS About Your Personal Data

If you have any questions or concerns about the use of your personal data, please contact us at dataprotection@STERIS.com or by writing to us at:

STERIS Data Protection Officer
5960 Heisley Road
Mentor, OH 44060 USA
ATTN: Vicki Hradisky

California residents may contact STERIS at 1-888-783-7476 regarding your personal data.
For residents in Germany, STERIS’s local data protection officer can be reached at dataprotection@STERIS.com
 

Download Translated Versions of the STERIS Website Privacy Policy