www.stericycle.com Open in urlscan Pro
151.101.131.10  Public Scan

Form analysis
0 forms found in the DOM

Text Content

STERICYCLE INC. PRIVACY NOTICE

This Privacy Notice ("Notice") describes how Stericycle Inc. and its affiliates
(collectively referred to as "Stericycle," “Stericycle Group,” "we," "us," or
"our") collects, uses and shares personal data collected in the context of our
websites, business contacts, suppliers, current and prospective customers who
use Stericycle services or products or users affected by our services (together
referred to as "you" or "your"). To the extent that these rights apply in your
jurisdiction, this Notice also explains your ability to edit, update, correct,
or delete your personal data and the security procedures that we have
implemented to protect personal data. 

California Residents: If you are a California resident, please refer to the
Additional Information for California Residents  section below for important
information about the “Personal Information” we collect, process, and disclose,
as well as your rights under California privacy laws, including your right to
submit a “Do Not Sell or Share My Personal Information” request (i.e., to opt of
the “sale” or “sharing” of your Personal Information by us). 

Dosimetry Service Users: If you are a user of our dosimetry services (currently
available in Portugal, Romania and Spain), please refer to the Additional
Information for Dosimetry Service Users section of this Notice for important
information about how we process your personal data. 


 * When we collect personal data, the types of personal data we collect and the
   purposes for which personal data is collected
 * Purposes and Legal Basis for Which Personal Data is Collected
 * Direct Marketing and how you can manage your marketing preferences
 * How we share information within Stericycle and with our service providers,
   regulators and other third parties
 * International Transfers of Personal Data (if applicable)
 * Cookies and third-party links
 * How long we store and protect personal data
 * Privacy Rights for European Economic Area and UK
 * Modifications to this Notice
 * Contact Us
 * Additional Information for California Residents
 * Additional Information for Dosimetry Service Users


CONTROLLER


IMPORTANT INFORMATION ABOUT STERICYCLE

The Stericycle entity responsible for your personal data will be the Stericycle
Group company that originally collects information from or about you.  

You can find out more about Stericycle at
https://www.stericycle.com/international or by contacting us using the
information in the Contact Us section. 


WHEN WE COLLECT PERSONAL DATA, THE TYPES OF PERSONAL DATA WE COLLECT AND THE
PURPOSES FOR WHICH PERSONAL DATA IS COLLECTED


WHEN WE COLLECT PERSONAL DATA


We may collect personal data about you if you:


 * use one of our websites or online services, you are a registered user or
   chose to register on our websites (Website Users);
 * purchase one of our services (Customers);
 * are affected by our services (Users);
 * work with us as a business partner (Business Partners);


THE TYPES OF PERSONAL DATA WE COLLECT AND HOW WE USE PERSONAL DATA


WEBSITE USERS

Personal data collected from Website Users is used to personalize your
experience of our websites. We may use such information in the aggregate to
understand how you use our services and the resources provided on our websites.
We may also use the feedback you provide to improve our services.


A.   UNREGISTERED WEBSITE USERS

You may use our websites as an unregistered user without (directly) providing
any personal data. In this case, Stericycle collects the following metadata that
result from your usage of our websites: referral page, date and time of access,
type of web browser, IP address, geographic location as determined by your IP
address, operating system and interface, language and version of browser
software, and session information (such as download errors and page response
times).

Your IP address will be used to enable your access to our websites. The metadata
will be used to improve the quality and services of our websites by analyzing
the usage behavior of Website Users.

If you commence direct communications via our websites’ enquiry form, by
telephone or writing to us, the nature of the enquiry (e.g., as tick box
selection from service type/careers/other options) and your message will also be
collected and processed to respond to it and improve our services.

B.   REGISTERED WEBSITE USERS

If you are a registered Website User or choose to register on a Stericycle
website, we will process the data referred to in (a) above, and you may be asked
to provide the following personal data: first and last name, work phone number,
company name, email address, personal telephone number, Stericycle Customer No.
or Ship to ID, postal address, and primary usage. 

Stericycle will process such personal data in order to provide you with the
services for registered Website Users, verify the legitimacy of your account,
avoid fraudulent accounts being opened, provide you with our products, customer
support, compliance trainings, business communications solutions (e.g.,
answering services, appointment reminders, follow-up services, virtual
receptionists), contact form, marketing materials as selected by you, inform you
about system issues, comply with legal obligations, and defend, establish and
exercise legal claims.


CUSTOMERS

If you purchase products from Stericycle, either via a Stericycle website or
offline, you may be asked to provide the following personal data about you, your
representative, and/or your contact person: first and last name, suffix,
credentials, work phone number, personal phone number, fax number, email
address, job title, mailing address, tax identification number, credit card
information, ACH/eCheck payment information, billing address, types and amount
of products ordered, reseller/promo code, auto-delivery selection, marketing
preferences, and  job information. Stericycle will use such personal data to
process your order; deliver the products or services ordered; provide customer
care services; provide marketing materials you selected; provide you with
Stericycle updates and/or newsletters; maintain our client relationship
management systems; detect, investigate, report and seek to prevent fraud and
anti-money laundering, including know-your-customer checks, AML screening and
other identity checks; comply with other legal obligations; defend, establish
and exercise legal claims. We may also need to conduct credit and fraud checks
on business customers and certain directors and officers of your business.


USERS

When providing certain services to a Customer to which you are related to (e.g.,
if you are an employee, a contractor, an apprentice, a trainee, a patient, etc.,
of our Customer), Stericycle may have to process the following personal data
about you (as applicable, depending on the specific service provided):
identification data, contact data, and professional data. Most of the personal
data is obtained from our Customers. 

We process such personal data in the context of the provision of services to a
Customer. Please note that in such situations, our Customer is the controller of
your personal data and you should refer to the Customer’s privacy notice to
understand how your personal data is handled. 

If you are a user of our dosimetry services (currently available in Portugal,
Romania, and Spain), please refer to the Additional Information for Dosimetry
Service Users section of this Notice.


BUSINESS PARTNERS

If you work with us as a Business Partner or a service provider, we will collect
personal data from you, your representative, and/or your contact person such as
your full name, job title, email address, and phone number.

Most of the personal data is obtained directly from you. In addition, we will
collect personal data from other sources such as credit reference agencies
(e.g., Dun & Bradstreet Credit) who compile information from numerous sources,
including publicly available information.

We use this information for the following reasons: to review/assess your
suitability as a Business Partner or service provider; to comply with our legal
obligations; to detect, investigate, report, and seek to prevent fraud (i.e.,
through know-your-customer checks); Anti-Money Laundering (AML) screening; and
other identity checks. To meet our obligations under any contracts we have with
you, we may also need to conduct credit and fraud checks on your business and
certain officers or directors of your business.


PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA (IF APPLICABLE)

We will only collect, use, and share your personal data when we have an
appropriate legal basis. We carry out the processing of your personal data on
the following legal bases:  

 * The processing is necessary for the performance of a contract to which you
   are a party or to take steps, at your request, prior to entering into a
   contract. For example, when you purchase our products or services, we will
   collect your payment information to process your payment and your address to
   facilitate delivery of the product or service. We will also collect your
   email address and phone number to update you on the progress of your purchase
   and to answer any of your queries.
 * The processing is necessary for compliance with a legal obligation to which
   we are subject. For example, to set you up as a business customer or business
   partner, we are obliged to carry out certain “know-your-customer checks” to
   prevent money laundering and fraudulent activities. This will involve the
   collection and verification of your personal data.
 * You have provided your consent to us to use your personal data. For example,
   if you have agreed to receive marketing communications.
 * The processing is necessary for the purposes of the legitimate interests
   pursued by us or by a third party, namely, to provide you with our products
   and services, except where such interests are overridden by your interests or
   fundamental rights and freedoms. For example, we use personal data in the
   aggregate to understand how Website Users use our services and the resources
   provided on our websites and use this information to improve our services. We
   will also have a legitimate interest to process the personal data of a
   contact person to facilitate the development of a contractual relationship.

In most cases, the provision of your personal data is not required by a
statutory or contractual obligation. However, where applicable, the provision of
your personal data will be necessary to enter into a contract with Stericycle or
to receive our services and products as requested by you. In such situations,
not providing your personal data may likely result in disadvantages for you,
e.g., you may not be able to use the full functionalities of our websites or
receive the products and services requested by you. However, unless otherwise
specified, not providing your personal data will not result in legal
consequences for you.

If you would like to find out more about the legal basis for which we process
personal data, please contact us at dataprotection@stericycle.com


DIRECT MARKETING AND HOW YOU CAN MANAGE YOUR MARKETING PREFERENCES

How we use personal data to keep you up to date with our products and services

We may use your personal data to inform you about our products or services that
we believe will be of interest to you and/or to provide you with our newsletter.
We may contact you by email, post, or telephone, or through other communication
channels.  In all cases, we will respect your preferences for how you would like
us to manage marketing activity with you.  

We will obtain your consent prior to sending you marketing materials unless such
consent is not required under applicable law.

How you can manage your marketing preferences

To protect privacy rights and to ensure you have control over how we manage
marketing with you:


 * You can ask us to stop direct marketing at any time.  You can ask us to stop
   sending email marketing by clicking on the "unsubscribe" link you will find
   on all the email marketing messages we send you. Alternatively, you can
   contact DataProtection@Stericycle.com. Please specify whether you would like
   us to stop all forms of marketing or just a particular type (e.g., email).
 * You can change the way your browser manages cookies, which may be used to
   deliver online advertising, by following the settings on your browser as
   explained in our Cookie Policy.


HOW WE SHARE INFORMATION WITHIN STERICYCLE AND WITH OUR SERVICE PROVIDERS,
REGULATORS AND OTHER THIRD PARTIES

We share your personal data in the manner and for the purposes described below:


 * With other Stericycle entities within our group
   Your personal data may be shared between different Stericycle entities. We
   make such transfers of data where it is necessary to provide you with our
   services or to manage our business. For example, we transfer your data to
   Stericycle, Inc. in the US to operate our websites. See International
   Transfers section below for more information.
 * Where Required by Law
   Your personal data may be shared with law enforcement agencies, governmental
   authorities, or other public authorities (or entities appointed by them)
   where required under applicable laws. 
 * With Third Parties Who Help Manage Our Business and Deliver Services
   Stericycle engages external service providers such as legal services, website
   service providers, marketing service providers, IT support service providers,
   fulfillment providers, delivery service providers, email administrators,
   payment processors, and customer service providers. When providing such
   services, the external service providers have access to and process your
   personal data on our behalf. 

Those external service providers are contractually required to implement and
apply security safeguards to ensure the privacy and security of your personal
data. These third parties have agreed to confidentiality restrictions and to use
any personal data we share with them or which they collect on our behalf solely
for the purpose of providing the contracted service to us, except where they are
required by law to use the personal data for other purposes. In the event of a
corporate merger and acquisition, your personal data will be transferred to the
third parties involved in the merger and acquisition in accordance with
applicable law.


INTERNATIONAL TRANSFERS OF PERSONAL DATA (IF APPLICABLE) 

The personal data that we collect or receive about you may be transferred to and
processed by recipients who are located in a jurisdiction where the level of
data protection may not be equivalent to the level of protection applicable at
your location.  

Where local laws require, we will take steps to ensure that any transfer of
personal data outside of the originating jurisdiction is carefully managed to
protect your privacy rights and ensure that adequate safeguards are in place. 
Transfers of personal data from the UK or EEA to third countries will be made
pursuant to Standard Contractual Clauses or other legally acceptable mechanisms
approved by the relevant supervisory authority with jurisdiction over the
relevant Stericycle exporter. If your location lacks international data transfer
instructions or standard forms from the local supervisory authority, we may use
other legally acceptable mechanisms from other jurisdictions.   

Stericycle has also established an intra-group data transfer agreement to
regulate cross-border transfers of personal data within the Stericycle Group.

Where applicable, you are entitled to receive a copy of the relevant agreements
(such as the Standard Contractual Clauses) that provide proof that appropriate
safeguards have been taken to protect your personal data during such transfer.
You can obtain a copy by contacting us at dataprotection@stericycle.com. 
However, please note that we are not required to share details of safeguards
where sharing such details would affect our commercial position or create a
security risk.  

Some recipients outside of the UK or EEA are located in countries for which the
European Commission (or the applicable supervisory authority) has issued an
adequacy decision. For example, the European Commission recognized Canada  (only
for non-public organizations subject to the Canadian Personal Information
Protection and Electronic Documents Act (PIPEDA))  as providing an adequate
level of data protection for personal data.

Contact dataprotection@stericycle.com for additional information regarding the
identity, industry, sector and location of the relevant data recipients.


COOKIES AND THIRD-PARTY LINKS

Stericycle websites use cookies. Generally, we use cookies to understand how our
services are used, to track bugs and errors, improve our services, verify
account credentials, allow logins, track sessions, prevent fraud, and protect
our services. Additionally, we also use cookies for targeted marketing and
advertising, to personalize content and for analytics purposes.  For further
information please view our Cookie Policy or
contact dataprotection@stericycle.com.

Our websites contain links to websites operated and maintained by third parties
over which Stericycle has no control. Any information you provide to third-party
websites will be governed under the terms of each website’s privacy policy, and
we encourage you to investigate and ask questions before disclosing any
information to the operators of third-party websites. We have no responsibility
or liability whatsoever for the content, actions, or policies of third-party
websites. The inclusion of third-party websites on our site in no way
constitutes an endorsement of such websites’ content, actions, or policies.


HOW LONG WE STORE AND PROTECT PERSONAL DATA

How long does Stericycle keep your personal data?

Your personal data will be retained for as long as it is required for the
purposes for which the data was collected, e.g., as necessary to provide you
with the services and products requested. 

We retain your contact details and interests in our products or services for a
longer period of time if you have agreed to receive Stericycle marketing
materials. We also retain your personal data if needed to establish, exercise,
or defend a legal claim, only on a need-to-know basis. 

Personal Data Security

As technology continues to develop, we are committed to using our technological
resources to provide privacy protection services that keep our customers and
users confident about the security of their personal data. However, Stericycle
is not responsible for any harm that you or any other person may suffer as a
result of breach of confidentiality caused by your use of the Internet.

We have adopted appropriate data collection, storage, and processing practices,
as well as technical, organizational, and security measures designed to protect
against unauthorized access, alteration, disclosure, or destruction of the
personal data that you share with us.  For example, such measures include the
following:

 * placing confidentiality requirements on our staff members and service
   providers; 
 * removing or anonymizing personal data if it is no longer needed for the
   purposes for which it was collected (subject to the exceptions explained
   above); 
 * following security procedures in the storage and disclosure of your personal
   data to prevent unauthorized access to it; and
 * using encryption algorithms aligned with accepted industry standards for
   transmitting data that is sent to us.  

As the security of information depends in part on the security of the computer
you use to communicate with us and the security you use to protect user IDs and
passwords, please take appropriate measures to protect this information.



PRIVACY RIGHTS FOR EUROPEAN ECONOMIC AREA AND UK

Where required by applicable law, we will take steps to keep your personal data
accurate, complete, and up to date. 

Where permitted under applicable law, you can object to the use of your personal
data which has our legitimate interests as its legal basis for processing,
including for the purposes of marketing, without incurring any costs other than
the transmission costs. Your rights are listed below.

(i) Right of confirmation and right of access: You have the right to obtain
confirmation as to whether or not Stericycle is processing your personal data
and, where that is the case, to request access to that personal data as well as
information on who we share your personal data with (public and private
entities). The accessed information will include the purposes of the processing,
the categories of personal data concerned, and the recipients or categories of
recipient to whom the personal data have been or will be disclosed. 

You have the right to obtain a copy of your personal data undergoing processing.
If you request additional copies, we may charge a reasonable fee for the
administrative costs to produce those documents, where permitted by applicable
laws.

(ii) Right to rectify and complete personal data: You can request to rectify
inaccurate, outdated, or your incomplete personal data that Stericycle
processes. You can submit a supplementary statement that includes the
corrections to your personal data. We will inform relevant third parties to whom
we have transferred your data about the rectification and completion if we are
legally obligated to do so.

(iii) Right to erasure (or right to be forgotten, as applicable): You have the
right to request the erasure of your personal data in limited circumstances
where:

 * it is no longer needed for the purposes for which it was collected; or
 * you have withdrawn your consent (where the data processing was based on
   consent); or
 * following a successful request to object to processing; or
 * it has been processed unlawfully; or
 * the data must be erased to comply with a legal obligation to which Stericycle
   is subject.

We are not required to comply with your request to erase personal data if the
processing of your personal data is necessary for:

 * compliance with a legal obligation; or
 * the establishment, exercise, or defense of legal claims. 

(iv) Right to restriction of processing: You have the right to restrict
processing your personal data. In this case, the respective data will be marked
and only be processed by us for certain purposes. This right can only be
exercised where:

 * the accuracy of your personal data is contested, to allow us to verify its
   accuracy; or
 * the processing is unlawful, but you do not want the personal data erased; or
 * it is no longer needed for the purposes for which it was collected, but you
   still need it to establish, exercise, or defend legal claims; or
 * you have exercised the right to object, and verification of overriding
   grounds is pending.

We can continue to use your personal data following a request for restriction,
where:

 * we have your consent; or
 * to establish, exercise or defend legal claims; or
 * to protect the rights of another natural or legal person.

(v) Right to data portability: You have the right to receive the personal data
you have provided to us in a structured, commonly used, and machine-readable
format.  Also, you have the right to transmit that data to another entity
without hindrance from us, but only where:

 * the processing is based on your consent or on the performance of a contract
   with you; and
 * the processing is carried out by automated means.

(vi) Right to object: At any time, you have the right to object to any
processing of your personal data where the processing is legally based on our
legitimate interests. You may exercise this right without incurring any costs.

If you raise an objection to the processing of your personal data, we will have
an opportunity to demonstrate that we have compelling legitimate interests which
override your right to object. 

The right to object does not exist, in particular, if the processing of your
personal data is necessary to take steps prior to entering into a contract or to
perform a contract already concluded.

(vii) Right to object to how we use your personal data for direct marketing
purposes: You can request that we change the manner in which we contact you for
marketing purposes. You can request that we not transfer your personal data to
unaffiliated third parties for the purposes of direct marketing or any other
purposes.

(viii) Right to withdraw consent: If you have given us your consent for the
processing of your personal data, you have the right to withdraw your consent at
any time, without affecting the lawfulness of processing based on consent before
its withdrawal.

(ix) Right to obtain a copy of personal data safeguards for transfers outside
your jurisdiction: You can ask to obtain a copy of or reference to the
safeguards under which your personal data is transferred outside the UK or EEA.
We may redact data transfer agreements to protect commercial terms.

(x) Right to lodge a complaint with your local supervisory authority: You have a
right to lodge a complaint with your local supervisory authority if you have
concerns about how we are processing your personal data.

Please note that the aforementioned rights might be limited under the applicable
national data protection law in your jurisdiction.

When you request to enforce your rights as a data subject, we may ask you for
additional information to confirm your identity and for security purposes,
before disclosing the personal data requested. We reserve the right to charge a
fee to fulfil your request, where permitted by law, if your request is
manifestly unfounded or excessive.

To exercise your rights please Contact Us using the contact information below.
Subject to legal and other permissible considerations, we will make every
reasonable effort to promptly honor your request or inform you if we require
further information in order to fulfil your request.  

We may not always be able to fully address your request, for example if it would
impact the duty of confidentiality that we owe to others or if we are legally
entitled to deal with the request in a different way. 


MODIFICATIONS TO THIS NOTICE

Stericycle reserves the right to change this Notice at any time. Any changes to
this Notice will be effective immediately when posting the latest version on our
websites. 


CONTACT US

The primary points of contact for all issues arising from this Notice can be
contacted in the following way:

 * Initial Email: dataprotection@stericycle.com
 * Escalation Email: DPO@stericycle.com
 * Phone: +1-847-367-5910
 * Mail: Stericycle, Inc. | Attn: Data Protection Office | 2355 Waukegan Road |
   Bannockburn | IL | 60015
   

If you have any questions, concerns or complaints regarding our compliance with
this Notice, the information we hold about you or if you wish to exercise your
rights, we encourage you to first contact dataprotection@stericycle.com. We will
investigate and attempt to resolve complaints and disputes and make every
reasonable effort to honor your wish to exercise your rights as quickly as
possible and, in any event, within the timescales provided by data protection
laws. 

Residents of European Economic Area and United Kingdom have a right to lodge a
complaint with their local data protection supervisory authority (i.e., local to
your place of habitual residence, your place of work, or the place of an alleged
infringement). Please attempt to directly resolve any issues with us before you
contact your local supervisory authority. 


Last updated: May 1, 2023


ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS


In this section, we provide additional information to California residents
(“you” or “your”) about how we handle your Personal Information, as required
under California privacy laws including the California Consumer Privacy Act, as
amended by the California Privacy Rights Act, and the regulations issued thereto
(the “CCPA”). 

For purposes of this Notice, “Personal Information” means information that
identifies, describes, or is reasonably capable of being associated with you or
your household. This section applies to Personal Information whether collected
online or offline.  

This section does not address or apply to our information practices that are not
subject the CCPA or that may be subject to other disclosures, including:

 * Publicly available information. Information that is lawfully made available
   from government records, information we have a reasonable basis to believe is
   lawfully made available to the general public by you or by widely distributed
   media, or by a person;
 * De-identified Information. Information that is de-identified in accordance
   with applicable laws;
 * Aggregated Information. Information that relates to a group from which
   individual identities have been removed;
 * Protected Health Information. Information governed by the Health Insurance
   Portability and Accountability Act or California Confidentiality of Medical
   Information Act;
 * Activities Covered by the Fair Credit Reporting Act. This includes
   information we receive from consumer reporting agencies that are subject to
   the Fair Credit Reporting Act;
 * Employee and Applicant Personal Information. Personal Information we collect
   about job applicants, independent contractors, or current or former
   full-time, part-time, and temporary employees and staff, officers, directors,
   or owners of Stericycle; or

Our collection, use and disclosure of your Personal Information varies depending
on our interactions or relationship with you. For more information about our
information practices related to our Services, please review the WHEN WE COLLECT
PERSONAL DATA, THE TYPES OF PERSONAL DATA WE COLLECT AND THE PURPOSES AND LEGAL
BASIS FOR WHICH PERSONAL DATA IS COLLECTED and the HOW WE SHARE INFORMATION
WITHIN STERICYCLE AND WITH OUR SERVICE PROVIDERS, REGULATORS, AND OTHER THIRD
PARTIES sections above. 

A. Personal Information Under the CCPA 

Our collection, use, and disclosure of Personal Information varies based upon
our relationship and interactions with you. In this section we describe,
generally, how we have collected, processed and disclosed Personal Information
about California residents in the prior 12 months. 


Categories of Personal Information Collected and Disclosed 


The table below identifies, generally, the categories of Personal Information we
have collected about California residents subject to this policy, as well the
categories of third parties to whom we may disclose this information for a
business or commercial purpose, as more fully described in the HOW WE SHARE
INFORMATION WITHIN STERICYCLE AND WITH OUR SERVICE PROVIDERS, REGULATORS AND
OTHER THIRD PARTIES section above. 


Previous
 1. 
 2. 

Next
Personal Information Collected
Categories
Identifiers
Customer Records
Commercial Information
Internet or Other Electronic Network Activity Information
Geolocation Data
Professional or Employment-related information
 
Description
Includes direct identifiers, such as name, alias user ID, username, account
number or unique personal identifier; email address, phone number, address and
other contact information; IP address and other online identifiers; and other
similar identifiers.
Includes Personal Information, such as name, account name, user ID, contact
information, education and employment information, account number, and financial
or payment information, that individuals provide us in order to purchase or
obtain our products and services. For example, this may include information
collected when an individual register for an account, purchases or orders our
products and services, or enters into an agreement with us related to our
products and services.
Includes records of personal property, products or services purchased, obtained,
or considered, or other purchasing or use histories or tendencies. For example,
this may include demographic information that we receive from third parties to
better understand and reach our customers.
Includes browsing history, clickstream data, search history, access logs and
other usage data and information regarding an individual’s interaction with our
websites, mobile apps and other Services, and our marketing emails and online
ads.
Includes location information about a particular individual or device.
Includes professional and employment-related information (such as current and
former employer(s) and position(s), business contact information and
professional memberships).
Categories of Third-Party Entities to Whom We May Disclose this Information
 
• advisors and agents
• government entities and law enforcement
• affiliates and subsidiaries
• advertising networks
• data analytics providers
• social networks
• internet service providers
• operating systems and platforms
• business customer/client

• advisors and agents
• government entities and law enforcement
• affiliates and subsidiaries
• advertising networks
• data analytics providers
• internet service providers
• operating systems and platforms
• business customer/client

• advisors and agents
• government entities and law enforcement
• affiliates and subsidiaries
• advertising networks
• data analytics providers
• internet service providers
• operating systems and platforms
• business customer/client

• advisors and agents
• government entities and law enforcement
• affiliates and subsidiaries
• operating systems and platforms
• business customer/client

• advisors and agents
• government entities and law enforcement
• affiliates and subsidiaries
• advertising networks
• data analytics providers
• social networks

• advisors and agents
• government entities and law enforcement
• affiliates and subsidiaries


Sources of Personal Information

In general, we may collect Personal Information from the following sources:

 * Directly or indirectly from you.  
   
 * Vendors and service providers.
 * Advertising networks.
 * Data analytics providers.
 * Social networks.
 * Internet service providers.
 * Operating systems and platforms.
 * Government entities.
 * Data brokers.
 * Business customers.

Purposes for Collecting and Disclosing Personal Information

In general, we collect, process and disclose the above categories of Personal
Information for the following business and commercial purposes, as more fully
described in the WHEN WE COLLECT PERSONAL DATA, THE TYPES OF PERSONAL DATA WE
COLLECT AND THE PURPOSES AND LEGAL BASIS FOR WHICH PERSONAL DATA IS COLLECTED
section above:

 * Operate our business;
 * Communicate with you;
 * Marketing and promotions;
 * Customization and personalization;
 * Research and development;
 *  Surveys and feedback;
 * Promotions and contents;
 * Planning and managing events;
 *  Audits and assessments;
 * Compliance and legal process;
 * Auditing, reporting, and other internal operations; and
 * General business and operational support.

Generally, we may disclose the Personal Information we collect in order to
provide our Services to you, respond to and fulfill your orders and requests, as
otherwise directed or consented to by you, and for the purposes otherwise
described in the HOW WE SHARE INFORMATION WITHIN STERICYCLE AND WITH OUR SERVICE
PROVIDERS, REGULATORS AND OTHER THIRD PARTIES section above, including:

 * Services and support
 * Analytics and improvement
 * Marketing, advertising, and campaign management
 * In support of business transfers
 * Compliance, governance and legal requirements
 * Security and protection of rights

Retention

We retain your Personal Information for as long as needed, or permitted, based
on the reason we obtained it (consistent with applicable law). When deciding how
long to keep your Personal Information, we consider whether we are subject to
any legal obligations (e.g., any laws that require us to keep records for a
certain period of time before we can delete them) or whether we have taken any
legal positions (e.g., issued any legal holds or otherwise need to preserve the
information). Rather than delete your data, we may also de-identify it in
accordance with the CCPA, by removing identifying details. If we de-identify
data, we will not attempt to re-identify it.

Sales and Sharing of Personal Information 

CCPA defines "sale" as disclosing or making available to a third-party Personal
Information in exchange for monetary or other valuable consideration, and
“sharing” as disclosing or making available Personal Information to a third
party for purposes of cross-context behavioral advertising. While we do not
“sell” Personal Information to third parties in the traditional sense (e.g., for
money), our use of third-party analytics and advertising cookies may be
considered “selling” or “sharing” under CCPA. We may “sell”/ “share” the
following with third parties: identifiers and Internet or other electric network
activity information to third-party advertising networks, analytics providers,
and social networks for purposes of marketing and advertising. We do not sell or
share Sensitive Personal Information, nor do we sell or share any Personal
Information about individuals who we know are under sixteen (16) years old.


The CCPA provides California residents with certain rights regarding Personal
Information. This section describes those rights and how to exercise them.
California residents can make CCPA requests up to twice year and subject to
certain exceptions and carveouts. CCPA provides the following rights: 

 * Right to Opt-Out of Sales and Sharing: You have the right to opt-out of
   “sales” and “sharing” of your Personal Information, as those terms are
   defined under the CCPA, including by using an opt-out preference signal.
   While we do not “sell” Personal Information in the traditional sense (i.e.,
   for money), our use of third-party analytics and advertising cookies may be
   considered “selling” and “sharing” under CCPA. 

To exercise your right to opt-out of the “sale” or “sharing” of your Personal
Information, please click here or by use the Do Not Sell or Share My Personal
Information link at the bottom of our website.

 * Right to Delete: Subject to certain conditions and exceptions, you have the
   right to request we delete your Personal Information.
   
 * Right to Correct: Subject to certain conditions and exceptions, you have the
   right to request that we correct inaccuracies in your Personal Information.
   
 * Right to Know: With respect to the Personal Information that we have
   collected about you in the prior 12 months, California residents have the
   right to request that we disclose the following:
   
   * The categories of Personal Information we collected about you;
     
   * The categories of sources from which we collected your Personal
     Information;
   * The business or commercial purpose for collecting, selling, or sharing your
     Personal Information; 
   * The categories of third parties to whom we have disclosed your Personal
     Information; and
   * The specific pieces of Personal Information we have collected about you.
 * Right to Non-Discrimination: You have the right not to be subject to
   discriminatory treatment for exercising your rights under the CCPA.  
   

Submitting CCPA Requests. California residents may exercise their CCPA rights
through the following methods: 


 * By completing our online request form: California Rights Request Page
 * Calling us at 1-866-783-7422 (toll free).

Verification. Before responding to your request, we must first verify your
identity using the Personal Information you recently provided to us. At a
minimum, you must provide us with your full name and email address. We will take
steps to verify your request by matching the information provided by you with
the information we have in our records. In some cases, we may request additional
information in order to verify your identity, or where necessary to process your
request. If we are unable to verify your identity after a good faith attempt, we
may deny the request and, if so, will explain the basis for the denial.

Authorized Agents. You may designate someone as an authorized agent to submit
requests and act on your behalf. Authorized agents will be required to provide
proof of their authorization in their first communication with us, and we may
also require that the relevant consumer directly verify their identity and the
authority of the authorized agent. 

We reserve the right to reject (1) authorized agents who have not fulfilled the
above requirements, or (2) automated CCPA requests where we have reason to
believe the security of the requestor’s Personal Information may be at risk.

Your Privacy Rights Under California Shine the Light Law. Under California’s
“Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who
provide certain Personal Information are entitled to request and obtain from us,
free of charge, information about the personal information (if any) we have
shared with third parties for that entity’s own direct marketing use.  Such
requests for information about any relevant third-party sharing may be made once
per calendar year, for the prior calendar year. To submit a “Shine the Light”
request, email us at DataProtection@Stericycle.com, and include your current
California address and your attestation that you are a California resident in
your request.  

Changes to this Policy. The Policy is current as of the last updated date set
forth below. We may change, update, or modify this Policy from time to time, so
please be sure to check back periodically. We will post any updates to this
Policy here. If we make any changes to this Policy that materially affect our
practices regarding our use of the Personal Information that we have previously
collected from you, we will notify endeavor to provide you with notice.


For more information about our privacy practices, you may Contact Us using the
information in the section above. 


Last updated: February 10, 2023


ADDITIONAL INFORMATION FOR DOSIMETRY SERVICE USERS

In this section, we provide additional information to dosimetry service users
about how we handle their personal information.  

Controller: To the extent we process your personal data as a controller in
relation to our dosimetry services, we will provide you with a separate privacy
notice that sets out the full name of the Stericycle entity that controls the
processing of your personal data. We will also provide you with the specific
contact information for the controller’s data protection officer.   

Personal Data Processed: The categories of personal data processed in relation
to the dosimetry services includes identification data, data relating to your
physical characteristics, data relating to your employment, dosimetry monitoring
data and health data.

Sources of the Data: Generally, the data is provided to Stericycle by the
radiological practice, activity, or source to which you are related to, by your
employer or, where applicable, directly by you.  

Purpose: We process this data to provide technical assistance and consultancy
services in radiological protection to the extent that such services have an
impact on you. We also process the data to fulfil our reporting obligations to
public authorities and pursuant to legal obligations applicable to controllers
providing such services.  

Legal Basis: We process your data to comply with legal obligations incumbent on
dosimetry service providers and for reasons of public interest in the area of
public health. The storage and provision of your personal data is a statutory
requirement which we must comply with and/or is necessary in the public interest
of measuring radiation.  

Recipients: We will disclose your data to the public authorities legally
responsible for radiological protection (or to the entities appointed by public
authorities). To perform our activities, we engage external service providers
such as IT support service providers and email administrators. When providing
such services, the external service providers will have access to and process
your personal data. We require those external service providers to implement and
apply security safeguards to ensure the privacy and security of your personal
data. These service providers have agreed to confidentiality restrictions and to
use of any personal data we share with them or which they collect on our behalf
solely for the purpose of providing the contracted services to us. 

Retention Period: Your personal data will be retained for the period strictly
necessary to provide the services of technical assistance, consultancy, and
radiological protection, except if other statutory retention periods apply.

Rights: Your rights are as set out in this Notice. You also have the right, at
any time, to lodge a complaint with your local supervisory authority.

Additional Information: For more information about how we process and secure
personal data, please refer to the additional privacy notice issued by your
dosimetry service provider.  


Last updated: February 8, 2022



ADDITIONAL INFORMATION FOR ACCESSIBILITY

In compliance with the American Disabilities Act Amendment (ADAAA),
Accessibility for Ontarians with Disabilities Act (AODA) and other state or
province accessibility laws and regulations, if you use a screen reader and need
help with this website or have feedback or inquiries about accessing material on
this website because of a disability, contact Accessibility@stericycle.com or
866-783-7422.

Our policy is available in accessible formats upon request.