Last Updated: March 19, 2020
This privacy notice describes how Stericycle processes personal information related to:
- the use of our websites and associated services that link to this privacy notice, including https://www.stericycle.com/ and other websites controlled by Stericycle (the “Websites”);
- our former, current and prospective clients;
- individuals who communicate with us;
- individuals who use our products and services (“Services”) and individuals whose personal information we receive in providing the Services.
Personal information. In this privacy notice, our use of the term “personal information” generally means any information that identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual.
2.Personal Information Collected
The personal information that we collect will vary depending upon the circumstances. For example, the personal information we may collect through our Websites and Services includes:
- your name, postal address, email address, phone number, date of birth, purchase history, occupation and other contact information;
- information regarding your interactions with us and related to your use of our Websites and Services, including information related to your use of our social media pages;
- interests you have in relation to our Services or our practice areas;
- information you may voluntarily submit to us by completing any form on our Websites;
- information about your usage of our Websites and Services.
Sources of personal information we collect. We may collect personal information directly from you, from our clients, automatically related to your use of our Websites and Services, and from third parties. For example, we collect personal information:
- from any form you may complete and submit through our Websites, for example information collected from the "Contact Us" page of our Websites;
- from the content of surveys that you may complete;
- from ‘cookies’ and other similar tools deployed on parts of our Websites;
- when you provide information in connection with us providing professional services to you on behalf of our clients;
- from other sources, such as public databases, data brokers joint marketing partners, social media platforms and from other third parties.
Categories of personal information we collect. The personal information we collect varies. As explained above, we may collect the following categories of personal information (subject to applicable legal requirements and restrictions):
- Name, contact information and other identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Usage data: internet or other electronic network activity Information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
When providing Services to clients, Stericycle may act as a “service provider” under applicable privacy and data protection laws. This means that we may receive or collect additional personal information about you or from our clients or directly from you, on behalf of our clients. For example, when providing our telephone answering services or automated appointment scheduling services, we may collect information about you as a patient or customer of our clients. As a service provider, we will only process such personal information on behalf of and subject to the instructions of our clients (who, from a privacy law perspective, are controllers or businesses with respect to the personal information we process on their behalf). Where we are acting as a “service provider,” our clients’ privacy notices (and not this one) will apply to and control the processing of personal information.
Generally, we collect your personal information on a voluntary basis. However, if you decline to provide certain personal information that is marked mandatory, you may not be able to access certain parts of our Website or Services or we may be unable to fully respond to your inquiries.
3.Purposes for Collecting Personal Information
The purposes for which we may process personal information will vary depending upon the circumstances in which we interact with you, but in general, we use personal information for the purposes set forth below.
- Providing support and services: including to provide our Services, operate our Websites, applications and online services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.
- Analyzing and improving our business: including to better understand how users access and use our Services and Websites, to evaluate and improve our Websites, Services and business operations, and to develop new features, offerings and services; to conduct surveys and other evaluations (such as client satisfaction surveys); and for other research and analytical purposes.
- Personalizing content and experiences: including to tailor content we send or display on our Websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences.
- Advertising, marketing and promotional purposes: including to reach you with more relevant ads and to evaluate, measure and improve the effectiveness of our ad campaigns; to send you newsletters, offers or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests.
- Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct.
- Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
- Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
- Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.
Aggregate and de-identified information. We may de-identify personal information and create anonymous and aggregated data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports on our industry and for other research, marketing and analytics purposes.
4.Disclosure of Personal Information
We disclose the personal information we collect as set forth in this section.
A. Purposes for which we disclose personal information
Stericycle may disclose your personal information to any Stericycle group company for the purposes set out above, including for marketing the products and services offered by other businesses across the Stericycle group (subject to applicable laws). We may also disclose your personal information for the following reasons:
- to third-party service providers such as entities providing customer service, email delivery, auditing, hosting our Websites;
- to third parties involved with events that you register for, to facilitate your participation in those events;
- if we are obliged to disclose your personal information under applicable law or regulation, which may include laws outside your country of residence;
- subject to applicable laws, to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence;
- in connection with the planning, due diligence and implementation of commercial transactions, including a reorganization, merger, sale of all or a portion of our assets, a joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)—in such cases, your personal information will be transferred to the acquiring entity;
- in accordance with the separate terms and conditions of use that may apply to you or with your explicit consent.
The processing of your personal information, as outlined above, may involve the transfer and/or storage of your personal information outside your country of residence and, thus, may result in your personal information being accessible to law enforcement and/or regulatory authorities in such foreign jurisdictions, accordingly to the applicable laws of such jurisdictions.
Aggregate and de-identified information. We may share aggregate or de-identified information, which does not identify and is not linked or linkable to a particular individual, with third parties for research, marketing, analytics and other purposes.
B. Categories of personal information disclosed
Certain privacy laws require that we disclose the categories of personal information that we have disclosed for a business purpose as well as the categories of personal information that we have “sold” (as that term is defined under applicable laws). (Please review the descriptions of the categories of personal information under the Personal Information Collected section above, for further descriptions of each category of personal information.
Personal information disclosed for a business purpose. In general, we may disclose the following categories of personal information in support of our business purposes identified above:
- Name, contact information and other identifiers;
- Usage data.
C. Categories of personal information sold. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available personal information to third parties, in order to receive certain services or benefits from them, such as when we allow third-party tags to collect information such as browsing history on our Websites, in order to improve and measure our ad campaigns. The CCPA defines a “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration. Pursuant to the CCPA, the categories of Personal Information that we may “sell” as defined under the CCPA includes:
- Name, contact information and other identifiers;
- Usage data.
5..Cookies and Tracking
Our Websites may use first party and third-party cookies, pixel tags, plugins and other tools to gather device, usage and browsing information when users visit our Websites or use our online Services. For instance, when you visit our Websites, our server may record your IP address (and associated location information) and other information such as the type of your internet browser, your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, and the pages you view and links you click on our Websites, as well as date and time stamps associates with your activities on our Websites.
We use the information for security purposes, to facilitate navigation, to personalize and improve your experience while using the Websites, to improve and measure our advertising campaigns and to better reach users with relevant advertising both on our Websites and on third-party websites. We also gather statistical information about use of the Websites in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them.
Pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Websites to, among other things, track the actions of users of the Websites (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Websites and response rates. We and our service providers also use pixel tags in HTML emails to our clients, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version and internet browser type and version. This information is gathered automatically and stored in log files.
Do-Not-Track signals. Please note that our Websites do not recognize or respond to any signal which your browser might transmit through the so-called 'Do Not Track' feature your browser might have. If you wish to disable cookies on our Websites, you should not rely on any 'Do Not Track' feature your browser might have. For more information about do-not-track signals, please click here.
Stericycle has implemented technical and organizational security measures to protect the personal information we collect. Despite this, the security of the transmission of information via the Internet cannot always be guaranteed and you acknowledge this in your access and use of our Websites. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the Contact Us section below.
7.Individual Rights and Choices
You may opt out from receiving marketing-related communications from us on a going-forward basis by contacting us at DataProtection@Stericycle.com or by using the unsubscribe mechanism contained in each email. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt out.
You may request access to, or correction of, the personal information we hold about you, subject to limited exceptions delineated under applicable law. If you wish to exercise this right, please contact us at DataProtection@Stericycle.com.
We will retain your personal information for the period necessary to fulfill the purposes outlined in this privacy notice unless a longer retention period is required or permitted by law.
9.Children and Minors
The Websites and Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect personal information from minors under the age of 16.
10.Changes to our Privacy Notice
11. Contact Us
If you have any questions or comments regarding this privacy notice, please contact us at DataProtection@Stericycle.com.
12. Additional Information for Residents in Certain Jurisdictions
In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how handle their personal information, whether collected online or offline. This section does not address or apply to our handling of:
- publicly available information made lawfully available by state or federal governments;
- personal information that is subject to an exemption under Section 1798.145(c) – (f) of the CCPA (such as protected health information that is subject to HIPAA or the California Medical Information Act, and non-public information subject to the Gramm-Leach Bliley Act or the California Financial Information Privacy Act);
- personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Stericycle;
- personal information about individuals acting for or on behalf of another company, to the extent the information relates to our transactions with such company, products or services that we receive from or provide to such company, or associated communications or transactions (except that such individuals have the right to opt-out of any sale of their personal information and to not be subject to any discrimination for exercising such right).
Categories of personal information that we collect and disclose. Our collection, use, and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. We describe the categories of personal information and their sources in the Personal Information Collected section above, and for the purposes described in the Purpose for Collecting Personal Information section above. In addition, the disclosure of personal information is described in the Disclosure of Personal Information section above.
Rights of California residents. California law gives consumers the following rights:
- The right to request a copy of the personal information that we have collected about you in the prior 12 months.
- The right to request details about the categories of personal information we collect, the categories of sources, the business or commercial purposes for collecting information, and the categories of third parties with which we share information.
- The right to request deletion of the personal information that we have collected about you, subject to certain exemptions.
- The right to opt-out of sale of your personal information.
To exercise your opt-out rights, please visit our Do Not Sell My Personal Information page or contact us at 1-866-783-7422 (toll free).
The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California consumers related to their personal information, unless the different prices, rates, or quality of goods or services are reasonably related to the value of the consumer’s data. We do not discriminate against consumers when they exercise their CCPA rights.