STERIS Website Privacy Policy

Last Updated: April 2024

Translated Versions

This Privacy Policy (“Policy”) applies to the personal data that the STERIS group of companies (collectively, “STERIS”, “we”, “our”, or “us”) may process through our online properties, including www.STERIS.com, our online and mobile services, other websites and online services offered by STERIS (the “Services” ), and any online applications that link to any STERIS websites (collectively the “Site”). This Policy outlines the types of personal data we may collect when you access the Site, how we use this personal data, your rights and choices in relation to your personal data, and the steps we take to safeguard personal data.

This Policy is incorporated into our Terms of Use, which applies when you use our Site. By accessing our Site or voluntarily providing your personal data to us, you are acknowledging that your data will be processed pursuant to this Policy.

Data Controller

When you access our Site and/or use our Services, STERIS acts as the “Controller” or “Business” that is responsible for the processing of your personal data.

Personal Data Collected by STERIS

We may obtain personal data about you when you visit our Site, including:

• Identifiers, such as your real name, alias, postal address, account name, account log-in/password/credentials, address, telephone number, fax number, email address, internet protocol (IP) address (where personally identifying), unique personal identifier, and online identifier.
• Personal records, such as credit card numbers and expiration dates.
• Commercial information, such as purchase and ordering history and products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Internet or other electronic network activity information, such as browsing history, search history, IP address, internet service provider and information regarding your interaction with our Site.
• Audio, Electronic, Visual, or Similar Information, including photos.
• Geolocation data, such as approximate location inferred from your IP address.
• Characteristics of protected classifications, such as date of birth.
• Professional or employment-related information, such as company name, occupational role, work history, professional accreditations, responses to screening questions, references and recommendations, and any personal data provided as part of an application for employment.
• Education information, such as schools attended, and degrees achieved.
• Inferences drawn from any of the information identified above to create a profile reflecting your preferences.
• Other information that you voluntarily provide, including through surveys, webforms, and other communications.

For certain activities or types of personal data, we may provide you with further details about our processing at the time of collection.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Please contact us with any concerns.

In certain circumstances, we may require personal data by law or to provide our Services and if you fail to provide that personal data when requested, we may not be able to perform contracted services (for example, to provide you with goods or Services).

How STERIS Collects Personal Data

STERIS collects personal data about you directly from you, automatically when you access our Site, and from vendors or other parties, where applicable, including when you:

• Register, subscribe, or create an account with STERIS;
• Navigate our Site;
• Purchase products through our Site;
• Open or respond to our email offers;
• Take an online training course with us;
• Voluntarily provide us with information through our customer surveys;
• Contact Customer service, use our “Live Chat” feature to communicate with a STERIS representative, or otherwise make use of our Customer support tools;
• Sign up for educational materials, marketing materials, updates, and newsletters;
• Connect, link or “share” our Site via social networking sites; and
• Join our Talent Network or apply for a position with STERIS.

We may combine personal data we collect about you with personal data we have obtained from other sources.

Cookies and Other Tracking Technologies

We, and our vendors, may automatically collect information through cookies and other tracking technologies (referred to in this Policy as “Cookies”) when you interact with the Site. As you navigate through our Site, we may use automatic collection technologies to collect certain information about your equipment, browsing actions, and patterns, including, the details of your Site visits (e.g., resources that you access, traffic data, location data, logs, language); date and time of access; frequency, and other communication data; and information about your computer and internet connection, including your operating system, host domain, and browser type or detail. STERIS uses this information as statistical data to help us improve our Site and deliver a better and more personalized service including helping us determine traffic patterns, count the number of Site visits, determine traffic sources, and determine the frequency and last date of your visit to our Site.

Third-party vendors show STERIS's ads on sites across the internet, and they may use Cookies to serve ads based on past visits to STERIS's website. We may combine automatically collected information with other personal data we obtain about you, which may include data we obtain from other sources. Cookies on our Site may be used to collect personal data about your online activities over time and across different online services.

For more information about the types of Cookies used by the Site, access the Privacy Preference Center.

We may engage third-party web analytics services, such as Google Analytics, that use Cookies to help us analyze and understand how visitors use the Site, administer and improve our Site, and advertise on our behalf across the internet. The information generated about your use of the Services will be transmitted to and stored by Google. We may use information collected from Google Analytics to implement Google advertising features such as interest-based advertising, audience targeting, dynamic remarketing, behavioral reporting, demographics, user segment analysis, interests reporting and display advertising.

We may contract with service providers, to help us analyze activity on our websites, our chat functionality, and mobile apps as applicable, through session replay technologies to help us understand and analyze how visitors use our Site, and to improve the Site. These technologies may collect the following types of information, among others: IP address; screen size; device type (unique device identifiers); browser information; geographic location; and preferred language.

Some vendors that we work with offer more information about their processing of personal data, as well as opportunities to opt out or limit their use of Cookies:

• Google: For more information on how Google Analytics uses data, visit https://support.google.com/analytics/answer/6004245.

  For information about opting out of Google Analytics Cookies, visit https://myadcenter.google.com/ and https://tools.google.com/dlpage/gaoptout/.

  You also can opt out from being tracked by Google Analytics by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: (click here https://tools.google.com/dlpage/gaoptout?hl=en-GB)

• Microsoft: For more information regarding Microsoft’s privacy practices, visit https://privacy.microsoft.com/privacystatement.

Some vendors we work with may participate in the Digital Advertising Alliance (“DAA”) and its AdChoices opt-out program or the Network Advertising Initiative (“NAI”). For more information about the DAA and its opt-out tool, visit youradchoices.com (for web browsers) or aboutads.info/appchoices (for mobile apps). To learn more about the NAI and its opt-out tool, visit networkadvertising.org/choices (for web browsers or networkadvertising.org/mobile-choice (for mobile apps).

The “Your Choices” section below contains more information about your choices related to Cookies, including methods to opt out of tracking.

How STERIS Processes Your Personal Data

We may process your personal data to render Services to you or to fulfill a current or anticipated contractual agreement with you when you visit our Site. This includes to:

• Deliver products or services you have requested and provide Customer service and other related assistance;
• Process online purchase orders and keeping you informed about the status of your order;
• Consider an application for employment, including review of your supplied resume, and manage our recruitment process; and
• Send you reminders, updates, support, service bulletins, and requested information.

We may process your personal data to comply with our legal obligations, including responding to court orders or subpoenas, complying with regulations, and otherwise fulfilling legal requirements.

We may also process your personal data where it is necessary for our legitimate interests, including to:

• Operate, maintain, and improve our Site, Services, and products;
• Manage our everyday business needs, such as administration of the Site;
• Communicate with you;
• Perform analytics and conduct customer research;
• Prevent, identify, investigate, and respond to fraud, illegal or malicious activities, and other liabilities;
• Protect our Site from cyber risks, authenticate Site users, and provide a secure experience on our Site;
• Maintain internal records;
• Enforce our corporate reporting obligations, Terms of Use, Terms of Sale, or other policies;
• Identify your preferences so we can notify you of new or additional products, services, and promotions that might be of interest to you;
• Advertise and market to you;
• Administer online surveys either from us or through third-party business partners; and
• Defend or participate in litigation or other legal action.

We may process personal data with your consent. When processing your personal data based on consent, we will provide additional notice where required by applicable law.

How STERIS Safeguards Personal Data

STERIS takes appropriate steps to safeguard your personal data and our Site. We have implemented appropriate technical, physical, and organizational measures to ensure a level of security appropriate to your data (considering technology, cost, and the nature of processing).

Still, no method of transmission over the internet or method of electronic storage is 100% secure; therefore, STERIS cannot guarantee that your personal data is absolutely secure. If you have any questions about the security of our Site, you can contact us as set out in the “Contact Us” section below.

External Websites

Our Site may contain links to external websites. We cannot control and are not responsible for the information-collection practices of such websites, which may differ from our privacy practices. We encourage you to review and understand the privacy policies of these websites before providing any information to them.

Interactive Features and Integrations

We may engage vendors to provide certain interactive features on our Site. Your use of these interactive features is voluntary, and we may retain the information that you submit through these features.

We may offer an interactive chat feature on our Site to answer questions and for other customer service purposes. When you participate in an interactive chat, either with a virtual or live agent, the contents of the chat may be captured and kept as a transcript. By using these features, you understand that our vendors may process the information obtained through the feature to provide the service on our behalf. For example, if you opt to speak with a STERIS representative using our live chat feature, we may collect information (including personal data) provided by you during the live chat and as part of any follow-up surveys regarding the quality of our service.

Certain social media features available on the Site may be hosted by third parties and permit interactions between the Site and external service that you initiate. For example, some social networking services allow you to share products and services from our Site via your social networking profile. Our Site also allows you to apply for available jobs at STERIS through your LinkedIn account. If you choose to connect to third-party social media services (such as Facebook, Twitter or LinkedIn), we may receive personal data about you, such as your name and email address that you have made available through those services. Information you post or provide access to may be publicly displayed by the third-party service you use. We encourage you to visit those third-party social networking services’ privacy policies and review your privacy settings directly on those services. Any data we receive through third-party social media services may be used as described in this Policy.

Cross-border Transfers

STERIS is a global company. Your personal data may be stored and processed in any country where we have STERIS facilities, affiliates, vendors, service providers, and other entities that support our business. By using our Site, you acknowledge that we may transfer your personal data across borders, including to the United States, and that these jurisdictions may not have the same data protections as your country of residence.

Where required by applicable law, STERIS will implement appropriate safeguards in relation to the transfer including, where required, the Standard Contractual Clauses. For more information regarding such safeguards, please contact us as set out in the “Contact Us” section below.

How STERIS Discloses Personal Data

We may disclose your personal data for the uses described in this Policy to the following recipients:

• STERIS affiliates to support our business operations.
• Distributors, contractors, vendors, suppliers, service providers, and other entities who provide services such as data analysis and storage, payment processing, order fulfillment, infrastructure provision, IT services, customer service, adtech and online marketing, email and direct mail delivery services, credit card processing, fraud prevention services, and other services in order to enable our business operations.
• Law enforcement, government entities, regulators, professional advisors, and other authorized parties in order to comply with laws, regulations, subpoenas, court orders, or other legal obligations; assist in investigations; protect and defend our rights and property or the rights or safety of other parties; enforce our Terms of Use, this Privacy Policy, or agreements with third parties; or prevent crime or misconduct.
• Parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
• Parties with whom you instruct us to share your personal data.

Retention of Your Personal Data

STERIS retains your personal data for the period necessary to fulfill the purposes outlined in the Policy and our data records retention schedule, unless a longer retention period is required or permitted by law or to fulfill a legal obligation. We generally maintain personal data for as long as: the personal data is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the information; the personal data is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the personal data was collected; or the personal data is reasonably required to protect or defend our rights or property.

Where information is used for more than one purpose, we will retain it until the purpose with the latest period expires. For more information about our retention policies, please contact us using the contact details in the “Contact Us” section below.

Your Choices

Commercial emails

You may opt out of receiving commercial emails or other educational materials from us about our products and services by following the instructions contained in any of the emails that we send or by signing into your account and adjusting your email preferences. Please note that even if you unsubscribe from commercial email messages, we may still send you non-commercial emails for lawful purposes, including to manage any account you have with us, respond to your requests, execute agreements with you and manage your transactions on the Site.

You can opt out of receiving offerings directly from our business partners by following the instructions in the emails or other materials that they send you.

Cookies and tracking technologies

You may manage, including opting out of, Cookie tracking through the Privacy Preference Center by clicking the cookie icon in the lower corner of the screen.

You may also have the option to review and delete Cookies on your device and/or disable or otherwise prevent Cookies from being placed on your device by changing the settings in the options menu of your browser. Deleting or disabling Cookies may affect your personalized Site experience and may invalidate opt outs that rely on Cookies to function. Browsers are different, so please refer to the instructions in your browser to learn about Cookies and other privacy and security settings that may be available.

Do Not Track

Web users may have the option to set Do Not Track as a privacy preference in their browsers. When the Do Not Track signal is set, the browser sends a message to websites asking them not to track the user while browsing the website. For information about Do Not Track, visit https://allaboutdnt.com. STERIS does not respond to Do Not Track browser settings or signals.

In addition, STERIS may use other standard technology to track visitors to our Site. As described in the “Cookies and Other Tracking Technologies” section of this Privacy Policy, those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal.

Mobile Apps

You can control whether our mobile application sends you push notifications by changing your notification settings on your mobile device.

Access and Connections to Social Media

If you are connected or linked to us via your social media profile, you can manage the permissions granted to such social media services by accessing your user settings under your account. You also can remove our access to your social media account or control what information these social media services share with us at any time by accessing the privacy settings in your social media account.

Regional Disclosures and Rights

Under applicable data protection laws and depending on the jurisdiction where you access the Site, you may have certain rights in relation to the data we hold about you.

For individuals located in the EEA, UK, or other jurisdictions governed by the GDPR

Offline Collection: We may also obtain the categories of personal data set out in the “Personal Data Collected by STERIS” section from offline sources.

Marketing and Educational Communications: If you are located in the EEA or the General Data Protection Regulation (“GDPR”) otherwise applies to you, we only send you direct marketing emails or other educational materials where permitted to do so by law, for example, where marketing is necessary for our legitimate interests and we have obtained your email address in the course of a sale or negotiation of a sale of a product or service and where the commercial emails are marketing similar products or services, or where we have your consent.

Rights: You may request to access, delete, amend, or correct your personal data, object to the processing of your personal data, have your personal data transmitted from us to another controller (data portability) and request not to be subject to automated decision making, in each case in accordance with applicable law. You also have the right to object to our processing of your personal data, including direct marketing, and withdraw any consent to processing that you have previously given. To exercise any of these rights, contact STERIS at the address in the “Contact Us” section below. We will respond in accordance with applicable law.

Complaints: You have the right to make a complaint at any time to the relevant data protection authority. We would, however, appreciate the chance to try to resolve your concerns before you approach any authority so, please contact us in the first instance.

For California residents

Personal Data: Personal data shall have the same meaning as “personal information” as defined in the California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100).

Offline Collection: We may also obtain the categories of personal data set out in the “Personal Data Collected by STERIS” section from offline sources.

Selling and Sharing Personal Data: Under California law, selling personal data can refer to disclosures of personal data to third parties who may use the information for their own purposes and sharing personal data refers to disclosing personal data to third parties for cross-context behavioral advertising, such as Cookie providers. In this context we sell and share the following categories of personal data: identifiers, internet or other electronic network activity, geolocation data, and inferences. We have sold and shared personal data to third parties, including our vendors and other parties for cross-context behavioral advertising and other marketing and advertising services that we utilize on our Site. We do not have actual knowledge that we sell or share the personal data of consumers under 16 years of age.

Rights: Depending on your relationship with STERIS, the CCPA provides you with specific rights regarding your personal data. These include the rights to: be informed of the categories of personal data that we collect about you; access your personal data; delete your data (subject to certain exceptions); correct inaccuracies; limit use of sensitive personal information; know what personal data the business has collected (including the categories of personal data, the categories of sources from which the personal data is collected, the business or commercial purpose for collecting, selling, or sharing personal data, the categories of third parties to whom the business discloses personal data, and the specific pieces of personal data the business has collected); and to opt out of or limit the sale, sharing, or disclosure of your personal data. Please note, we do not use sensitive personal information for purposes to which the right to limit use and disclosure applies under the CCPA.

Exercise Rights: To exercise the rights described above, you may contact us as set out in the “Contact Us” section below. To opt out of Cookies, please follow the guidance in the “Your Choices: Cookies and Tracking Technologies” section above. It may be necessary for us to verify your identity or authority to make the request and confirm the personal data relates to you. Only you, or a person authorized to act on your behalf, may make a verifiable consumer request related to your personal data. You also may make a verifiable consumer request on behalf of your minor child.

Non-Discrimination: We will not unlawfully discriminate against you for exercising any of your privacy rights under CCPA or applicable law. See the STERIS Code of Business Conduct for further information regarding our anti-retaliation policy. Any questions regarding the STERIS Data Protection & Privacy Policy can be requested by contacting dataprotection@STERIS.com.

For residents in Mexico

Rights: You have the right to:

(i) access your personal data in our possession and know the details of its processing;

(ii) rectify your personal data if it is inaccurate or incomplete;

(iii) cancel the personal data when you consider it is not required for the purposes set forth in this privacy notice, when it is being used for non-consented purposes, or when the contractual or service relationship has ended, or

(iv) oppose to the processing of your personal data for specific purposes (jointly, the “ARCO Rights”).

Exercise Rights: To exercise your ARCO Rights, you must present a request (the “ARCO Request”) at the address in the “Contact Us” section below, along with the following information and documentation. We will respond in accordance with applicable law:

1. Your name, address and email for delivery of the response to your ARCO Request;

2. Copy of the documents that evidence your identity (copy of your voter´s identification card, passport or other official identification) or, if applicable, the documents that evidence your legal representation;

3. A clear and succinct description of the personal data with which you wish to exercise any of the ARCO Rights;

4. Any document or information that facilitates the location of your personal data; and

5. To rectify your personal data, the modifications to be made and provide the documentation supporting your request.

Use of Site by Minors

The Site is not intended for use by individuals sixteen years of age or younger, and we do not knowingly collect any personal data from children under sixteen. If we become aware that we have received personal data from a person under the age of sixteen, we will delete the data in accordance with applicable laws.

Changes to this Policy

Our Policy may change from time to time. We will post any Policy changes on this page and update the Last Updated date.

Contact Us

If you have any questions or concerns about the use of your personal data, please contact us at dataprotection@STERIS.com or by writing to us at:

STERIS Data Protection Officer
5960 Heisley Road
Mentor, OH 44060 USA

California residents may contact STERIS at 1-888-783-7476 regarding your personal data or to exercise your rights.

STERIS’s local data protection officers can be reached at dataprotection@STERIS.com.

Download Translated Versions of the STERIS Website Privacy Policy