Privacy Policy

Last Updated: June 12, 2025

This Privacy Policy (“Policy”) describes how Stericycle Inc. and its affiliates, now part of the WM group, including Waste Management Service Center, Inc. and its affiliates (collectively, “we,” “our,” or “us”) practices relating to the collection, use, disclosure, protection and other processing of “personal data” related to uses of our websites, mobile applications, services and other interactions with you as well as business contacts, suppliers, current and prospective customers (together, “you” or “your”).

Please note that this Policy only applies to those websites, domains and URLs, the delivery of our services, and other interactions with you (collectively, the “Sites”) that post a link to this Policy. When you access any external links from our Sites, such external websites may have different privacy policies from the Sites and we are not responsible for the privacy practices of such external websites. We encourage you to read all privacy policies posted on the websites that you visit.

Depending on where you are located or where you are a resident, applicable laws may require additional disclosures or provide you with additional rights to your personal data. Please review this Policy carefully to understand what we do with regards to your personal data and where applicable, the following additional privacy notices:

In addition to reading this Policy, please review our policy, which governs your use of the Sites. If you do not agree to our Terms of Use and the ‎collection, use and sharing of your information as detailed in this privacy policy, please do not ‎access or otherwise use the Sites.‎

In this Policy, you can find out more about each of the following (as applicable to you):

Contents of this Policy

1. Personal Data We Collect

2. How We Collect Personal Data

3. Our Use of Personal Data

4. How We Disclose Personal Data

5. Our Use of Cookies and Other Online Marketing Practices

6. How Long We Keep Personal Data

7. Security of Personal Data

8. Children’s Personal Data

9. Your Rights and Choices

10. International Transfers of Personal Data

11. Additional Information for Accessibility

12. Additional Information for California Residents

13. Additional State-Specific Disclosures

14. Additional Information for Canadian Residents

15. Additional Disclosures for EU and UK Residents

16. Additional Disclosures for Business Customers and Service Provider

17. Changes to this Policy

18. Contact Us

    1. Personal Data We Collect 

    We may collect information that alone or in combination with other information could be used to identify you, which we refer to as “personal data.”

    Depending on how you interact with us, such as if you are a Site visitor, customer (including business customers) or service providers, we or our service providers may collect the following categories of personal data:

    • Identifiers and Contact Information. Such information may include your name, telephone number, e-mail address, date of birth, driver’s license number, Social Security number and home or business and mailing address.
    • Payment Information. Information such as credit or debit card, expiration date, bank routing and account number.
    • Commercial Information. This includes information about products and services considered or purchased, primary usage, amount of product ordered, reseller/promo code, auto-delivery selection and marketing preferences.
    • Business Information. Information such as your employment contact, job title, work email.
    • Device Information. This information includes information collected from your use of our Sites such as your device model, operating system, unique device identifiers, mobile network information, server logs, IP address or MAC address.
    • Digital or Technical Information. Such information may include visits to our Sites , pages visited, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, broad geographical information, navigation patterns.
    • Communication Logs. Such information may include phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information.
    • Certain Specialized Information. If you use certain Sites, we may collect and store information locally on your device such as browser web storage (including HTML 5) and application data caches.
    • Images or Videos. Such information may include photos and videos from cameras on our trucks to analyze the use and delivery of our services (for example, to determine whether containers have been overfilled or damaged and whether there is contamination, and to enforce our terms of service with you) and we use CCTVs at our buildings and facilities.
    • Other Information You Share With Us. This includes information you provide through your communications with us or customer support, including the nature of an enquiry or other information shared.

    Please note that in certain cases, the provision of your personal data is not required by a statutory or contractual obligation. However, where applicable, the provision of your personal data will be necessary to enter into a contract or other arrangement with us or to receive our services and products as requested by you. If you choose not to provide your personal data in such circumstances, some features and services may not be fully functional.  

    We may also collect information that cannot be used to identify you. For example, we may aggregate non-personal data about you and other consumers who use our Sites. Aggregated information will not contain any information that can be linked directly back to you.

    2. How We Collect Personal Data

    We collect personal data from or about you in connection with the products and services that we provide to you, and some of this information may be collected directly from you or automatically from your interactions with us.

    Information You Provide to Us

    We or our service providers may collect personal data directly from you, when you:

    • Visit and use our Sites.
    • Purchase our products or services.
    • Register for an account on one of our Sites.
    • Participate in one of our promotions.
    • Sign up to receive communications from us.
    • Contact us directly (via phone, email, etc.) or engage with us through an available chat feature on a Site or App.
    • Visit our social media pages.
    • Interact with us in-person (e.g., visit one of our physical locations, engage with us at an in-person event, etc.).

    Information We Collect Automatically

    When you access and engage with our Sites, or interact with our online media and content (including advertisements), we automatically collect information about your browser, device, and activity.   We (and our service providers) may use various tracking technologies (e.g., cookies, pixel tags (or web beacons), etc.) to collect information automatically. The information collected may include details about your behavior on our Site, including how you move and scroll through the Site, your keystrokes, the links you choose to click, and how you interact with forms. These technologies may also be used to collect information about you over time and across different websites, mobile applications, and devices. 

    To learn more about our use of cookies and other similar tracking technologies and how you can control them, please review Our Use of Cookies and Other Online Marketing Practices.

    Information From Other Sources

    We may receive your personal data from other sources, as permitted by law, including the following categories of parties:

    • Our service providers (such as companies that support our business, such as waste vendors, business vendors including HR employment-related vendors, payment processors, information technology vendors, financial institutions).
    • Third parties, including our service providers and business contacts, such as companies and municipalities that co-sponsor our promotions.
    • Our analytics and advertising providers, including online advertising networks and analytics providers.
    • Social media platforms (note that the personal data we receive from the platforms is dependent upon their policies and your settings on each platform).
    • Third-party sites, including those that allow you to integrate your third-party account with us.
    • Other companies that provide personal data to supplement what we already know about you, including data aggregators.
    • Cities, municipalities, state and other governmental entities and agencies to which we provide services.
    • From affiliates and subsidiaries and their employees. 

    3. Our Use of Personal Data

    Depending on how you interact with us, including what services you are using or requesting, we may use your personal data for the following purposes:

    • Contact You. To contact or otherwise communicate with, including providing customer service and responding to requests, and providing you with information about our products and services.
    • Provide Our Products, Services and Customer Support: To provide the products and services you request, service accounts, fulfill orders and process transactions and returns (as applicable).
    • Maintain Our Services: We use your personal data to provide, administer and manage our Sites, and services.
    • Protect Our Company and Interests: To help protect us and our Internet service providers from fraud and other crimes.
    • Comply with Law: To comply with applicable legal requirements.
    • Business Operations: To help with our operations such as troubleshooting, operational support, data analysis, surveys, testing, audits, assessments, events management and research and development.
    • Consent: We may use your personal data with your consent (as required by applicable law).

    We may also use non-personal aggregate information to improve our Sites and our products and services offerings. For example, our Internet Service Providers may report to us that there were a particular number of visitors to a certain area of our Sites, or that a certain number of businesses or a certain number of individuals completed our registration forms in particular areas of our Sites. Such information may also be used to analyze the effectiveness of our business and advertising models.

    4. How We Disclose Personal Data

    We do not sell, lease, or license your personal data to third parties for monetary compensation. Please note that selling or sharing may have different meanings under certain state privacy laws. Please see Additional Information for California Residents and Additional State-Specific Disclosures below for further information.

    We may disclose your personal in the following ways:

    • Within our Group Companies. Your personal data may be shared between different group entities within our company or our affiliates. We make such transfers of data where it is necessary to provide you with our services or to manage our business.
    • Where Permitted or Required by Law. Your personal data may be shared with law enforcement agencies, governmental authorities, or other public authorities (or entities appointed by them) where required under applicable laws. This includes disclosures to comply with a subpoena or court order, cooperate with law enforcement or other government agencies. Additionally, where permitted by law, certain information may be provided to property owners. We may disclose personal data as otherwise required or permitted by applicable law.
    • To Protect Our and Others’ Rights. Your personal data may be shared to: (a) establish or exercise our legal rights; (b) protect the property or safety of our company and employees, contractors, service providers, suppliers, and customers; (c) defend against legal claims; or (d) help with internal and external investigations.
    • With Third Parties Who Help Manage Our Business and Deliver Services. We may share personal data with services providers such as legal services, website service providers, marketing service providers, IT and HR support service providers, fulfillment providers, delivery service providers, email administrators, payment processors, and customer service providers. We take commercially reasonable steps to ensure these service providers adhere to the security standards we apply to your personal data and that your information is not used for their own marketing purposes.
    • Sale of Our Business or Assets. We may disclose your information to others in connection with the sale, merger, acquisition or financing of one or our companies, or in connection with any transaction that involves the sale or assignment of some or all of our assets, including during the diligence process.
    • At Your Direction or With Your Consent. We may also disclose your personal data when you have directed us to or if we have obtained your consent (where required by applicable law).

    We reserve the right to provide non-personal data, such as aggregated data, to third parties.

    5. Our Use of Cookies and Other Online Marketing Practices 

    Cookies and Online Tracking Technologies

    We and our service providers may use any number of tools to collect information about you, your computer access points, mobile devices, and the web browser that you use to connect to our Sites or digital applications such as cookies, pixel tags, widgets, web beacons, clear gifs and other online tracking technologies, including some that may provide “session replay” services (collectively “Cookies” or “Tracking Technologies”). Cookies are tiny text files that we place on your computer or mobile device when you visit our Sites. We may use Cookies for a variety of purposes including to personalize your interactions with our Sites such as the pages you visit and promotion or advertisements that you click on or to provide you with certain marketing communications. We may also use certain third-party cookies and technologies that collect aggregated information that we use for our operational and business purposes, including collecting measurements about your interactions with our advertisements.

    We and our service providers may use analytics providers like Google Analytics, to help us analyze use of the Sites. To learn more about Google’s privacy practices, click here.

    We use different types of cookies that provide various services, including:

    • Essential Cookies. We may use cookies or other Tracking Technologies that are necessary for our Sites to function and cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Some of these cookies do not collect personal data. We also use other first-party cookies to collect certain measurement data that are necessary to help us manage our business activities and that do not collect your personal data and certain tracking technologies that are required to play video on the Sites. You can set your browser to block or alert you about these cookies, but some parts of the site may not work properly.
    • Performance/Analytics Cookies. We may use cookies or other Tracking Technologies that collect information about your use of our Sites and allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the Sites. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our Sites, and will not be able to monitor its performance.
    • Functional Cookies. We may use cookies or other Tracking Technologies that collect information about your choices on our Site you are visiting and enable the Site to provide enhanced functionality and personalization such as your choice of language or region. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
    • Targeting Cookies. We may use Tracking Technologies to display advertisements or display targeted promotions or to manage our advertising. They collect information about your activities on websites. These cookies may be set through our Site by our advertising providers. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal data, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
    • Session Replay Cookies. We may use Tracking Technologies, which may be provided by our service providers, for purposes of session replay. These cookies record your interactions with our Site, including mouse movements, text, and other information, associated with your visit to our Site. This information is used to help us improve our website and better provide you with information you are interested in when you visit our website. They may be set by us or by third party providers whose services we have added to our pages. This information is used to help us improve our Site and better provide you with information you are interested in when you visit our Site.
    • Social Media. We may use certain social media cookies that are set by a range of social media services that we have added to the Site to enable you to share our content with your friends and networks on those platforms. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

    Managing Your Tracking Technology Preferences

    You can withdraw your consent to allow for our use of certain cookies, change your browser settings, ‎and delete ‎the cookies already stored on your computer at any time. We do not currently respond to "do not track" signals.

    You can control cookies in several ways:

     Please note ‎that if you delete, or choose ‎not to accept, cookies, you may not be able to utilize ‎the features of the Sites ‎to their fullest potential. 

    6. How Long We Keep Personal Data

    We keep personal data for as long as reasonably necessary for the purposes described in this Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.

    7. Security of Personal Data

    You use our Sites at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect personal data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Sites or e-mail. Please keep this in mind when disclosing any personal data to us via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Site or third-party websites.

    8. Children’s Personal Data

    Our Sites are general audience websites. Our Site’s content is not directed toward children who are under the age of 13. We do not knowingly collect personal data from children or minors. If we or our Internet service providers become aware that a child has provided us with personal data without parental consent, we will endeavor to delete that information from our databases. If you have questions about personal data that may have been submitted by a child, please email us at DataProtection@Stericycle.com.

    9. Your Rights and Choices 

    Depending on how you interact with us, you have certain rights regarding your personal data. Please note any rights described in this Policy are subject to exemptions and other limitations under applicable law.

    Requesting Access or Changes to Personal Data

    We take reasonable steps to keep your data accurate and complete. If you would like us to consider providing you access to, or making a correction to, your personal data maintained in our records, please send your request to us at DataProtection@Stericycle.com.

    Marketing Communications Choices

    We may use your personal data to inform you about our products or services that we believe will be of interest to you and/or to provide you with our newsletter. We may contact you by email, post, or telephone, or through other communication channels.  In all cases, we will respect your preferences regarding how you would like us to manage marketing activity with you.   

    You can manage your marketing preferences in several ways:

    • Direct Marketing. You can ask us to stop direct marketing at any time.  You can ask us to stop sending email marketing by clicking on the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact DataProtection@Stericycle.com. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g., email).
    • Cookies and Online Tracking. As noted above in You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained above in Our Use of Cookies and Other Online Marketing Practices.

    Each commercial e-mail that we send to you will offer you the opportunity to opt-out of continuing to receive such messages. We may take up to 10 business days to process your opt-out requests. In some instances, we may have already shared your information with one of our authorized third parties before you changed your information preferences, and you may briefly continue to receive e-mail even after you have opted out. FTC e-mail compliance guidance allows us to send you transactional and relationship e-mail without offering you the opportunity to opt-out of receiving those types of e-mail. You may also write to us at:

    Stericycle, Inc.
    Attn: Data Protection Office
    2355 Waukegan Road
    Bannockburn, IL 60015

    Jurisdiction-Specific Rights

    Depending on where you are located or where you are a resident, you may have certain additional rights to your personal data. For a description of your rights, please see the appropriate policy for additional disclosures:

    • California Residents:  Please review this Policy and see Additional Information for California Residents below, which provides additional information about your privacy rights, including your right to submit a “Do Not Sell or Share My Personal Information” request. Residents of California may also, under §1798.83, known as the “Shine the Light” law, request ‎‎‎and obtain from us, once a year and free of charge, information about categories of personal ‎‎‎‎information (if any) we disclosed to our affiliates for direct marketing purposes and the number of affiliates with which we shared personal information in the immediately ‎‎‎preceding ‎calendar year. As stated above, we do not sell your personal information to third parties for monetary compensation or as that term is traditionally defined. Please see our California-specific policy available here for further information. If you are a California resident and would like to make such a request, ‎‎‎please submit your ‎request and identify that you are requesting information under “Shine The Light” and send the request in writing to us at DataProtection@Stericycle.com.
    • Residents of Nebraska and Texas: Please review this Policy and see Additional State-Specific Disclosures below.
    • Canadian Residents: Please review this Policy and see Additional Information for Canadian Residents below. 
    • EU and UK Visitors: Please Review this Policy and see Additional Disclosures for EU and UK Residents below.
    • Indian Residents: For residents of India, click here for applicable privacy terms.

    10. International Transfers of Personal Data

    The personal data that we collect or receive about you may be transferred to and processed by recipients who are located in a jurisdiction where the level of data protection may not be equivalent to the level of protection applicable at your location.

    Where local laws require, we will take steps to ensure that any transfer of personal data outside of the originating jurisdiction is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place.  If your location lacks international data transfer instructions or standard forms from the local supervisory authority, we may use other legally acceptable mechanisms from other jurisdictions.  We have also established an intra-group data transfer agreement to regulate cross-border transfers of personal data within our group companies. 

    11. Additional Information for Accessibility

    In compliance with the American Disabilities Act Amendment (ADAAA), Accessibility for Ontarians with Disabilities Act (AODA) and other state or province accessibility laws and regulations, if you use a screen reader and need help with this website or have feedback or inquiries about accessing material on this website because of a disability, contact DataProtection@Stericycle.com

    12. Additional Information for California Residents 

    This section of the Policy provides additional information for California residents and describes our information practices pursuant to applicable California privacy laws, including the California Consumer Privacy Act, as amended (the “CCPA”). This section does not address or apply to our handling of publicly available information or personal information that is otherwise exempt under the CCPA. Depending on how you interact or engage with us, we may provide you with other privacy notices with additional details about our privacy practices.

    Categories of Personal Information Collected and Disclosed

    The table below identifies, generally, the categories of personal information we have collected about California residents subject to this policy (“Personal Information”), as well the categories of third parties to whom we may disclose this information for a business or commercial purpose, as more fully described in the How We Disclose Personal Data above.

    Personal Information Collected

     Categories

     Description

    Categories of Third-Party Entities to Whom We May Disclose this Information

    Identifiers

     

     

    Includes identifiers, such as name, alias user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers; and other similar identifiers. 

     

     

    • advisors and agents
    • government entities and law enforcement
    • affiliates and subsidiaries 
    • advertising networks
    • data analytics providers
    • social networks
    • internet service providers
    • operating systems and platforms
    • business customers/clients

    Customer Records

     

     

     Includes Personal Information, such as name, account name, user ID, contact information, education and employment information, account number, and financial or payment information, that individuals provide us in order to purchase or obtain our products and services.  For example, this may include information collected when an individual registers for an account, purchases or orders our products and services, or enters into an agreement with us related to our products and services.

    • dvisors and agents
    • government entities and law enforcement
    • affiliates and subsidiaries 
    • advertising networks
    • data analytics providers
    • internet service providers
    • operating systems and platforms
    • business customers/clients

    Commercial Information

     

     

    Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. For example, this may include demographic information that we receive from third parties to better understand and reach our customers.

     

     

    • advisors and agents
    • government entities and law enforcement
    • affiliates and subsidiaries 
    • advertising networks
    • data analytics providers
    • internet service providers
    • operating systems and platforms
    • business customers/clients

    Internet or Other Electronic Network Activity Information

     

     

     Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites, and other Services, and our marketing emails and online ads.

     

     

    • advisors and agents
    • government entities and law enforcement
    • affiliates and subsidiaries 
    • operating systems and platforms
    • business customers/clients 

    Geolocation Data

     

     

    		 Includes location information about a particular individual or device.
    • advisors and agents
    • government entities and law enforcement
    • affiliates and subsidiaries 
    • advertising networks
    • data analytics providers
    • social networks

    Professional or Employment-related information

     

     

    Includes professional and employment-related information (such as current and former employer(s) and position(s), business contact information and professional memberships).

     

     

    • advisors and agents
    • government entities and law enforcement
    • affiliates and subsidiaries 
    • business customers/clients

    Sensitive Personal Information  

     

    Includes ACH/eCheck payment information, login credentials for customer portals.

    In some circumstances, we may collect payment information and login credentials for our customer portal.

    • affiliates and subsidiaries

    Sources of Personal Information

    In general, we may collect Personal Information from the following sources:

    • Directly or indirectly from you.  
    • Vendors and service providers.
    • Advertising networks.
    • Data analytics providers.
    • Social networks.
    • Internet service providers.
    • Operating systems and platforms.
    • Government entities.
    • Data brokers.
    • Business customers.

    Purposes for Collecting and Disclosing Personal Information

    In general, we collect, process and disclose the above categories of Personal Information for the following business and commercial purposes, as more fully described in the Personal Data We Collect and Our Use of Personal Data, section above:

    • Operate our business;
    • Communicate with you;
    • Marketing and promotions;
    • Customization and personalization;
    • Research and development;
    • Surveys and feedback;
    • Promotions and contents;
    • Planning and managing events;
    • Audits and assessments;
    • Compliance and legal process;
    • Auditing, reporting, and other internal operations; and
    • General business and operational support.

    Generally, we may disclose the Personal Information we collect in order to provide our Services to you, respond to and fulfill your orders and requests, as otherwise directed or consented to by you, and for the purposes otherwise described in the How We Disclose Personal Data section above, including:

    • Services and support
    • Analytics and improvement
    • Marketing, advertising, and campaign management
    • In support of business transfers
    • Compliance, governance and legal requirements
    • Security and protection of rights

    Retention

    We retain your Personal Information as described in How Long We Keep Personal Data. Additionally, rather than delete your data, we may also de-identify it in accordance with the CCPA, by removing identifying details. If we de-identify data, we will not attempt to re-identify it.

    Sensitive Personal Information

    Notwithstanding the purposes described above, we do not collect, use, or disclose “Sensitive Personal Information” (as defined in the CCPA) beyond the purposes authorized by applicable privacy law. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

    Sales and Sharing of Personal Information 

    CCPA defines "sale" as disclosing or making available to a third-party Personal Information in exchange for monetary or other valuable consideration, and “sharing” as disclosing or making available Personal Information to a third party for purposes of cross-context behavioral advertising. While we do not “sell” Personal Information to third parties in the traditional sense (e.g., for money), our use of third-party analytics and advertising cookies may be considered “selling” or “sharing” under CCPA.

    We may “sell”/ “share” the following with third parties: identifiers and Internet or other electric network activity information to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising.

    We do not sell or share Sensitive Personal Information, nor do we sell or share any Personal Information about individuals who we know are under sixteen (16) years old.

    California Residents’ Rights

    The CCPA provides California residents with certain rights regarding Personal Information. This section describes those rights and how to exercise them. California residents can make CCPA requests up to twice a year and subject to certain exceptions and carveouts. CCPA provides the following rights, subject certain conditions and exceptions: 

    • Right to Opt-Out of Sales and Sharing: You have the right to opt-out of “sales” and “sharing” of your Personal Information, as those terms are defined under the CCPA, including by using an opt-out preference signal such as GPC. While we do not “sell” Personal Information in the traditional sense (i.e., for money), our use of third-party analytics and advertising cookies may be considered “selling” and “sharing” under CCPA.  

    To exercise your right to opt-out of the “sale” or “sharing” of your Personal Information, please click on the “Manage Consents” cookie icon on a Stericycle webpage or by using the Individual Privacy Rights Request Page.

    We honor your right to opt out of “sales” and “sharing” as signaled by a universal opt out signal or Global Privacy Control (“GPC”). To enable GPC, you can visit the Global Privacy Control page at https://globalprivacycontrol.org. If you download a supported browser or extension and exercise your privacy rights with GPC, we will turn off third-party advertising cookies on our website after our website detects a GPC signal. 

    Please note these preferences are device and browser specific. If you visit our website from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device.

    • Right to Delete: You have the right to request we delete your Personal Information.
    • Right to Correct: You have the right to request that we correct inaccuracies in your Personal Information.
    • Right to Know: You have the right to request that we correct inaccuracies in your Personal Information.
      • The categories of Personal Information we collected about you;
      • The categories of sources from which we collected your Personal Information;
      • The business or commercial purpose for collecting, selling, or sharing your Personal Information; 
      • The categories of third parties to whom we have disclosed your Personal Information; and
      • The specific pieces of Personal Information we have collected about you.
    • Right to Limit Use: You have the right to limit the use and disclose of your Sensitive Personal Information. We do not engage in uses or disclosures of Sensitive Personal Information that would trigger the right to limit use of Sensitive Personal Information under the CCPA.
    • Right to Non-Discrimination: You have the right not to be subject to discriminatory treatment for exercising your rights under the CCPA.  

    Submitting CCPA Requests

    California residents may exercise their CCPA rights through the following methods: 

    Verification

    Before responding to your request, we must first verify your identity using the Personal Information you have provided to us. You must provide us with your full name and email address. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

    Authorized Agents

    You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. 

    We reserve the right to reject: (1) authorized agents who have not fulfilled the above requirements, or (2) automated CCPA requests where we have reason to believe the security of the requestor’s Personal Information may be at risk.

    For more information about our California-privacy practices, you may Contact Us using the information in the section above. 

    13. Additional State-Specific Disclosures

    Residents of Texas and Nebraska, may have additional rights under the Texas Data Privacy and Security Act (“TDPSA”) and Nebraska Data Privacy Act (“NDPA”), subject to certain limitations, which may include:

    • Access. The right to confirm whether we are processing their personal information and to obtain a copy of their personal information in a portable and, to the extent technically feasible, readily usable format.
    • Delete. The right to delete their personal information provided to or obtained by us.
    • Correct. The right to correct inaccuracies in their personal information, taking into account the nature and purposes of the processing of the personal information.
    • Opt-Out. The right to opt out of certain types of processing, including: (i) to opt out of the “sale” of their personal information, as such term is defined under the TDPSA and NDPA; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of personal information for purposes of making decisions that produce legal or similarly significant effects.

    If you are a Texas or Nebraska resident, you may submit a request to exercise most of your privacy rights under the TDPSA or NDPA online using our Individual Privacy Rights Request Page or by contacting us at DataProtection@Stericycle.com

    To opt out of sales and targeted advertising by us, you can adjust your cookies settings by clicking on the “Manage Consents” cookie icon on a Stericycle webpage or download an opt-out preference signal, such as the GPC. We will respond to your request as required under applicable privacy law. If we deny your request, you may appeal our decision by emailing us at DPO@Stericycle.com.

    14. Additional Information for Canadian Residents 

    This section of the Policy provides additional information for Canadian residents. ‎

    Limits on Collection, Use, Disclosure, and Retention

    We will limit collection of ‎personal data to ‎that ‎which is reasonable and necessary and as otherwise authorized by law.  We will only use or disclose your personal ‎data for the purposes set out above and as required or authorized by law. We ‎will retain your personal data as long as is reasonable to serve the original ‎purpose for which we collected the ‎‎data, and for so long as retention is ‎necessary for a legal or business purpose‎.‎

    Consent

    We will process your personal data only with your knowledge and consent, ‎except where exempted, required or permitted by applicable laws. The form of ‎consent may vary depending on the circumstances and the type of data being ‎requested. 

    ‎Your consent can be express, implied, or given through an authorized representative‎. ‎Consent may be ‎provided orally, in writing, electronically, through inaction (such as ‎when you fail to ‎notify ‎us that you do ‎not wish your personal data collected or ‎used for various purposes ‎after you ‎have received notice ‎of those purposes) or ‎otherwise.‎ ‎Taking into account the sensitivity of your personal data, purposes ‎of collection, and your reasonable expectations, we will obtain the form of consent that ‎is appropriate to the personal data being processed. 

    By using our services, or ‎otherwise by choosing to provide us with your personal data, you acknowledge ‎and consent to the processing of your personal data in accordance with this ‎Policy and as may be further identified when the personal data is collected. ‎When we process your personal data for a new purpose, we will document that ‎new purpose and, if required, ask for you consent again.‎

    If you do not consent to the processing of your personal data in accordance ‎with this Policy, please do not access or continue to use any aspect of the services or ‎otherwise provide any personal data to us.‎

    You may refuse to provide consent or notify us at any time that you wish to withdraw ‎or change your consent to the processing of your personal data, without ‎penalty, subject to legal or contractual restrictions and reasonable notice. However, if ‎you withdraw or change your consent, we may not be able to provide you with the ‎applicable services and you may not be able to use certain features or functionality of our services or websites.‎

    Disclosure and Cross-Border Transfer of Personal Data

    As described in more ‎detail under the How We Disclose Personal Data section above, we may transfer and ‎disclose personal data to third parties for ‎storage and processing. Those third parties may be ‎located in jurisdictions outside of ‎your province of residence in Canada, or outside of Canada. ‎Applicable ‎‎laws in any ‎such jurisdictions might permit that jurisdiction’s governments, courts, law ‎‎enforcement or ‎‎regulatory agencies to ‎‎access the data in that jurisdiction.‎ In ‎these cases, we will comply with applicable local law requirements relating to the conditions for disclosure or release of personal data. ‎

    We may also disclose your personal data without your consent if authorized or ‎required by law.‎

    Right to Access Your Personal Data

    You have the right to access your personal data in our custody or control.‎

    Upon written request, we will provide you with access to your personal data in ‎our custody or control, information about the ways in which that data is ‎being used, and ‎a description of the individuals and ‎organizations to whom that ‎data has been disclosed. ‎

    We may need to request specific information from you to help us confirm your identity ‎and your ‎right to access the information (or to exercise any of your other ‎rights). 

    In some situations, we may not be able to provide access to certain personal ‎data (for example, if ‎‎disclosure would reveal personal data about another ‎individual, or if the personal data is ‎‎protected by solicitor/client privilege).  We ‎may also be prevented by law from providing access to certain personal ‎‎data.‎ If ‎we refuse an access request, we will notify you in writing, document the reasons for ‎refusal, and ‎‎outline further steps that are available to you.‎

    Right to Correct Your Personal Data

    We will make a reasonable effort to ensure that the personal data we are using or ‎disclosing is ‎‎accurate and complete.  ‎If you demonstrate the inaccuracy or incompleteness of your personal data in ‎our custody or control, we will update the ‎‎data as required.  If required by applicable law, we ‎will send the amended data to third parties to whom ‎‎the data has been ‎disclosed.  ‎

    If a challenge regarding the accuracy of your personal data is not resolved to ‎your satisfaction, ‎we ‎will annotate the personal data under our control with a ‎note that the correction was requested ‎‎but not made.‎

    Quebec Residents

    If you are a resident of the province of Quebec, the following specific provisions ‎and ‎‎rights apply to you under the Act respecting the protection of personal information ‎in the ‎private ‎sector, (CQLR c. P-39.1). Unless otherwise specified, these are in addition ‎to the other provisions, rights and protections set out in this Policy and that apply to ‎all residents of Canada. ‎

    Consent

    We will only collect your personal data with your clear, free and informed ‎consent. We will not collect your personal data automatically without your ‎consent.‎

    We will not knowingly or specifically solicit or collect personal data from minors ‎under the age of 14 residing in Quebec. If you believe we have unintentionally ‎collected such personal data, please notify us as set out in in the Contact Us section.

    Privacy Rights

    In addition to the rights set out above, Quebec residents have the ‎right ‎to: ‎

    • Request, in certain circumstances, that we cease disseminating your personal data or to de-index any hyperlink that allows access to that personal data by technological means, if such dissemination contravenes ‎applicable law or a court; and ‎
    • Request that a copy of your personal data that we hold be communicated to ‎you in a structured, commonly used ‎‎technological format, and that this ‎information be communicated to any person or organization authorized by law to ‎collect such data.‎

    15. Additional Disclosures for EU and UK Residents

    The EU General Data Protection Regulation (2016/679) (“EU GDPR”) and the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”, and, together with the EU GDPR, the “GDPR”), imposes certain obligations on us, as a data controller, and grants certain rights to data subjects located in the EEA or UK (“data subject,” “you” or “your”). “Personal data” and other terms as used in this section have the same meaning provided in the GDPR.

    Legal Basis for Processing Personal Data

    We will only collect, use, and share your personal data when we have an appropriate legal basis. We carry out the processing of your personal data on the following legal bases:  

    • The processing is necessary for the performance of a contract to which you are a party or to take steps, at your request, prior to entering into a contract. For example, when you purchase our products or services, we will collect your payment information to process your payment and your address to facilitate delivery of the product or service. We will also collect your email address and phone number to update you on the progress of your purchase and to answer any of your queries. 
    • The processing is necessary for compliance with a legal obligation to which we are subject. For example, to set you up as a business customer or business partner, we are obliged to carry out certain “know-your-customer checks” to prevent money laundering and fraudulent activities. This will involve the collection and verification of your personal data. 
    • You have provided your consent to us to use your personal data. For example, if you have agreed to receive marketing communications. 
    • The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, namely, to provide you with our products and services, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, we use personal data in the aggregate to understand how users of our Sites use our services and the resources provided on our websites and use this information to improve our services. We will also have a legitimate interest to process the personal data of a contact person to facilitate the development of a contractual relationship. 

    In most cases, the provision of your personal data is not required by a statutory or contractual obligation. However, where applicable, the provision of your personal data will be necessary to enter into a contract with Stericycle or to receive our services and products as requested by you. In such situations, not providing your personal data may likely result in disadvantages for you, e.g., you may not be able to use the full functionalities of our Sites or receive the products and services requested by you. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you. 

    Transfers of Personal Data Outside the EEA or the UK

    As noted above in International Transfers of Personal Data, our activities and the jurisdictions in which we are established are such that it may be necessary for personal data that we obtain from you to be transferred and/or processed outside of the EEA or the UK, chiefly but not limited to the United States. Personal data may be accessible by employees and other persons working on our behalf, located outside of the EEA or the UK, including to certain service providers (including but not limited to technical service providers and electronic data storage providers) who may process the information you give us. Transfers of personal data from the UK or EEA to third countries will be made pursuant to Standard Contractual Clauses or other legally acceptable mechanisms approved by the relevant supervisory authority with jurisdiction over the relevant exporter, including any intra-group transfers between our entities. For more information on the appropriate safeguards in place or to obtain a copy, please contact us at DataProtection@Stericycle.com.

    Rights Applicable to Certain EEA or UK Data Subjects

    Under the GDPR and any other applicable EU or UK data privacy laws, data subjects have a right to:

    • Request access to your personal data.
    • Correct personal data that we hold where it is incomplete or inaccurate.
    • Restrict the processing of your personal data in certain circumstances.
    • Object to the processing of your personal data in certain circumstances, including where we process personal data for direct marketing purposes or where we have processed such data on the basis of our legitimate interests
    • Request that we erase your personal data under certain circumstances
    • Ask for a copy of your personal data to be provided to you, or to a third party, in a digital form.
    • Withdraw your consent to the processing of your personal data (where applicable).
    • Lodge a complaint with your local supervisory authority.

    Please note that the aforementioned rights might be limited under the applicable national data protection law in your jurisdiction.

    How to Exercise Your Rights Under the GDPR

    To exercise your rights, please contact us using the information in Contact Us and include “Data Subject Request” in the subject line. Subject to legal and other permissible considerations, we will make every reasonable effort to promptly honor your request or inform you if we require further information in order to fulfil your request. 

    When you request to enforce your rights as a data subject, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested. We reserve the right to charge a fee to fulfil your request, where permitted by law, if your request is manifestly unfounded or excessive.

    We may not always be able to fully address your request, for example if it would impact the duty of confidentiality that we owe to others or if we are legally entitled to deal with the request in a different way.

    16. Additional Disclosures for Business Customers and Service Provider 

    Depending on the services we are providing, we may collect and process personal data from or on behalf of our business customers, where we are acting a service provider or having another business relationship with a third party, such as a service provider.

    Customer’s Users

    When providing certain services to a customer to which you are related to (e.g., if you are an employee, a contractor, an apprentice, a trainee, a patient, etc., of our customer), we may have to process the following personal data about you (as applicable, depending on the specific service provided): identification data, contact data, and professional data. Most of the personal data is obtained from our customers.  

    We process such personal data in the context of the provision of services to a customer. Please note that in such situations, our customer is the controller of your personal data and you should refer to the Customer’s privacy notice to understand how your personal data is handled.  

    Business Arrangements

    If you work with us in business arrangement or as a service provider, we will collect personal data from you, your representative, and/or your contact person such as your full name, job title, email address, and phone number. 

    Most of the personal data is obtained directly from you. In addition, we will collect personal data from other sources such as credit reference agencies (e.g., Dun & Bradstreet Credit) who compile information from numerous sources, including publicly available information. 

    We use this information for the following reasons: to review/assess your suitability for a business arrangement or service provider; to comply with our legal obligations; to detect, investigate, report, and seek to prevent fraud (i.e., through know-your-customer checks); Anti-Money Laundering (AML) screening; and other identity checks. To meet our obligations under any contracts we have with you, we may also need to conduct credit and fraud checks on your business and certain officers or directors of your business.

    17. Changes to this Policy

    We reserve the right to and may update this Policy from time to time. We will notify you of any changes by changing the “Last Updated” date at the beginning of this Policy, unless other notice is required by applicable law. You should take the time to review this Policy each time that you visit or use one of our Sites.  

    18. Contact Us

    If you have questions or comments about our efforts to protect your personal privacy, or if you require additional information about our privacy commitments, please contact us at:

    For all other questions or comments, please contact us at: DataProtection@Stericycle.com