Updated October 2020
When this Policy mentions “STERIS”, "we", “our”, "us", it refers to the entity that is responsible for the collection and use of your personal data, which is generally the entity that obtains your personal data in the respective case. This entity also is referred to as the “Controller.” A list of our affiliate entities can be viewed in our annual report, available at https://sterisplc.gcs-web.com/financials/annual-reports. When you access our Site and use our Services, your data is controlled by STERIS, 5960 Heisley Road, Mentor, OH, 44060 USA or one of its affiliated companies.
This Site is not intended to receive personal information of a confidential nature from you. However, as part of the Policy, when you visit our Site, you may provide personal data about yourself. We may collect personal data about you including your name, address, company name, occupational role, telephone number, fax number, email address, date of birth, internet protocol (IP) address (where personally identifying), credit card number and expiration date (which is stored by a third party, not at STERIS) and purchase and ordering history, and other information that you voluntarily provide. For example, if you opt to speak with a STERIS representative using our live chat feature, we may collect information (including personal data) provided by you during the live chat and as part of any follow-up surveys regarding the quality of our service. We may provide you with further details about the types of personal data collected at the relevant time.
STERIS does not collect sensitive personal data (such as information related to racial or ethnic origin, political opinions, religion or other beliefs, health information, criminal background or trade union membership) without your explicit consent or as otherwise permitted by law.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
As you navigate through our Site, we may use automatic collection technologies to collect certain information about your equipment, browsing actions and patterns, including, the details of your Site visits (e.g., resources that you access, traffic data, location data, logs, language); date and time of access; frequency, and other communication data; and information about your computer and internet connection, including your operating system, host domain, and browser type or detail.
STERIS uses this information as statistical data to help us improve our Site and deliver a better and more personalized service by helping us determine traffic patterns, count the number of Site visits, determine traffic sources, and determine the frequency and last date of your visit to our Site.
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel an order for product or service you have with us but we will notify you if this is the case at the time.
Below is a summary of the types of cookies used by the Site:
Session cookies: These cookies are used when you browse our site and expire when you close your browsing session. We use these cookies to determine how a user arrived at the Site and to improve the user's experience while browsing.
Performance or Analytical cookies: STERIS uses Google Analytics, among other search engine tools, to analyze how the Site is used and to monitor its performance. We use the data gathered to diagnose and correct technical issues with the Site and to make improvements based on what users find most interesting or useful.
STERIS collects personal data about you in a variety of ways, including when you:
We only collect and process personal data when we have a legal basis to do so and in accordance with applicable law as set out below.
We may process personal data where we have your consent to do so, including to provide you marketing communications and other materials that we think you might be interested in.
We may also use your personal data that we collect where this is necessary for our legitimate interests or those of another person provided that these are not overridden by your rights and freedoms. Situations where processing may be necessary for such legitimate interests include:
We may disclose your personal data collected under this Policy on a need-to-know basis with our affiliates, trusted third parties and service providers, and in other instances as required or permitted by law, as further explained below:
We will only share personal data with companies, organizations or individuals outside STERIS including where reasonably necessary to:
STERIS does not collect or compile personal data for dissemination or sale to third parties for commercial purposes.
Browsers are different, so please refer to the instructions in your browser to learn about cookies and other privacy and security settings that may be available.
You also can opt-out from being tracked by Google Analytics by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: (click here https://tools.google.com/dlpage/gaoptout?hl=en-GB)
You can control whether our mobile application send you push notifications by changing your notification settings on your mobile device.
Access and Connections to Social Media
If you connected, linked to us via your social media profile, you can manage the permissions granted to such third-party social media services by accessing your user settings under your account. You also can remove our access to your social media account or control what information these third-party social media services share with us at any time by accessing the privacy settings in your social media account.
Under applicable data protection laws and depending on the jurisdiction where you reside, you may have certain rights in relation to the data we hold about you.
For residents in the EEA or other situations where the GDPR applies
You may request to access, delete, rectify or correct personal data, object to the processing of your personal data, have your personal data transmitted from us to another controller (data portability) and request not to be subject to automated decision making, in each case in accordance with applicable law. You also have the right to object to marketing, withdraw any consent to processing that you have given or object to processing based on our legitimate interests. To exercise any of these rights, contact STERIS at the address below (see “CONTACTING STERIS ABOUT YOUR PERSONAL DATA”). We will respond in accordance with applicable law.
You have the right to make a complaint at any time to the relevant data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach any authority so please contact us in the first instance.
For residents in California
Depending on your relationship with STERIS, the California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100) provides you with specific rights regarding your personal data. These include the right to be informed of the categories of personal data that we collect about you, to access your personal data, to delete your data, and to opt out of the sale of your personal data, as set forth below.
In the preceding twelve (12) months, and depending on our relationship with you, we may have collected from you the following categories of Personal Information as defined under the CCPA:
We disclose for a business purpose each of the above categories of Personal Information with the categories of third parties described in the “Recipients of Data” section.
To exercise the rights described above, it may be necessary for us to verify your identity or authority to make the request and confirm the personal data relates to you. If you request information about the categories of personal data we collect about you, access to, or deletion of your personal data, we may require you to provide certain information to verify your identity, including: (i) your full name, (ii) postal address, (iii) email address, or (iv) telephone number.
Only you or your authorized agent may make a verifiable consumer request related to your personal data. If you designate an authorized agent to make a request on your behalf, we may require one of the following:
(i) your signed permission designating the authorized agent to act on your behalf. You must verify your identity with us and directly confirm with us that you have provided the authorized agent permission to submit the request;
(ii) evidence that you have provided the authorized agent with power of attorney pursuant to the California Probate Code; or
(iii) proof that the authorized agent is registered with the California Secretary of State and that you have authorized the individual to act on your behalf.
You also may make a verifiable consumer request on behalf of your minor child.
Non-Discrimination: Unless permitted by applicable law, we will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law.
STERIS Data Protection Officer
5960 Heisley Road
Mentor, OH 44060 USA
ATTN: Vicki Hradisky