PRIVACY POLICY ON DATA PROCESSING FOR THE STERIS CAREER PORTAL
STERIS CAREERS
Applicant Personal Data Protection Notice
STERIS CAREERS
Applicant Personal Data Protection Notice
LAST UPDATED: August, 2021
STERIS plc and its affiliates (together “STERIS,” “we,” “us,” or “our”) are committed to collecting and processing the Personal Data of our job applicants (“Applicants,” “you,” or “your”) responsibly and in compliance with applicable data protection laws. This Applicant Personal Data Protection Notice (“Notice”) describes how we collect, share, and use any information from you when you access or use our careers website or apply for a position with STERIS. This Notice also sets out the rights you may have in relation to the Personal Data we process about you and how you can exercise them.
This Notice applies to the processing activities of your Personal Data when you (i) use the STERIS Careers website (available at careers.steris.com), such as when you create a candidate profile which, among other functions, serves to store your application data, (ii) apply for or inquire about a specific job posting from STERIS and its affiliates, (iii) interview with us, or (iv) elect to stay informed about career opportunities (collectively, the “Services”). Personal Data submitted elsewhere on our web sites, for example, when subscribing to our general email list, will be used in accordance with the STERIS Online Privacy Notice or other posted STERIS notice. Please take the time to read this Notice carefully. By using the Services, your Personal Data will be handled and protected in accordance with this Notice. If you have any questions regarding your Personal Data or need to contact us for any other reason, please use the contact information provided in Section 12 (“Contact Us”) below.
If you are currently employed or contracted with STERIS, internal privacy policies also may apply. Please contact dataprotection@STERIS.com for more information about our internal privacy notices for employees.
1. Identifying the Controller of Your Personal Data
Whenever a company or affiliate of STERIS collects, uses or transfers your Personal Data for its own purposes, that company or affiliate is considered a controller of the Personal Data and therefore, is primarily responsible for meeting the requirements of applicable data privacy and protection laws. Unless you are informed otherwise, the controller is the legal entity to which you are applying for a position. If you are applying for several jobs, then each legal entity is the controller for the respective job application. For further information regarding controllers of your data, please contact dataprotection@STERIS.com.
2. What Personal Data We Collect
When you create a candidate profile, log into the STERIS Careers website, apply for a position, interview with us, or otherwise use our Services, STERIS collects certain information that, alone or combination with other information, refers to you (“Personal Data”), including:
Background Checks: Additionally, as part of the application process, you may be asked questions about your work authorization, your willingness to submit to a background or criminal record check, and/or medical examination as permitted by applicable law.
Sensitive Personal Data: Depending on the jurisdiction in which you reside, we generally do not require you to submit what is considered sensitive personal information or “special categories of personal data” under applicable data privacy laws (herein referred to as “Sensitive Personal Data”). Sensitive Personal Data refers to data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health or data concerning a person’s sex life or sexual orientation. Unless otherwise expressly requested, you are not required to submit this type of data as part of your candidate profile creation or online resume and application submission. If you decide to transmit Sensitive Personal Data to us during the application process or in connection with the Services, we reserve the right to delete such information from our databases.
Third-Party Consent: If you provide us with Personal Data of a reference or of any other individual as part of your application, you are responsible for obtaining consent from that individual prior to providing the information to STERIS.
3. How We Collect Your Personal Data
Information We Collect Directly From You
Your provision of Personal Data in connection with your job application is generally voluntary. If we require any of your Personal Data—for example, to complete submission of a job application—we will inform you before we collect it, as well as the consequence(s) if you do not provide us with such information (if any).
STERIS may collect your Personal Data from you when you use the Services in the following ways:
We also may collect your Personal Data from others, including from:
4. Why We Process Your Personal Data
STERIS values your privacy and processes your Personal Data in accordance with applicable data protection laws. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
STERIS will use your Personal Data in order to assess your suitability for a position with us and to perform the tasks relating to your possible hire. We will evaluate your credentials for available job opportunities or for a specific job opportunity you select. The following sets out the business purpose for which STERIS may process your Personal Data, if hired, and the legal basis for the processing (as may be required in the country in which you reside).
STERIS will process your Personal Data in order to administer and manage your application and for other purposes set out in this Notice. Specifically, STERIS needs to process your Personal Data in order to potentially enter into an employment contract or other contractual relationship with you. This includes for the following business purposes:
Original Documents: We may require you to provide original documents containing Personal Data to verify your employment eligibility and identification, which may be processed in the same manner. This activity may be done by the local STERIS affiliate or by STERIS on behalf of the affiliate with the position for which you applied or for which you are being considered.
Automated Decision Making or Profiling: We engage in automated decision making only in the US. We do not engage in profiling.
5. Who Has Access to Your Personal Data
STERIS will only grant access to Personal Data on a need-to-know basis, and such access will be limited to the Personal Data that is necessary to perform the business function for which such access is granted. In the preceding twelve (12) months, we have disclosed or shared your Personal Data as follows:
6. Cross-Border Data Transfers
Due to the global nature of STERIS’ operations, we may transfer your Personal Data to STERIS companies and affiliates in locations outside the country in which you reside. These countries may have data protection laws that are different from the laws of your own country (and, in some cases, may not be as protective).
Unless prohibited by applicable law, Personal Data will be transferred to STERIS companies and affiliates in locations outside the country in which you reside, where the data protection regime may be different than in the country in which you are located, specifically to the United States (and other jurisdictions where STERIS is operational). Where required by applicable law (including in the EU), the transfer will be based on a legally adequate transfer method.
To comply with EU data protection laws, including the General Data Protection Regulation, STERIS has entered into an Intercompany Data Transfer Agreement, under the terms of which all data importers outside the EU are obligated to process and protect all Personal Data received from the EU in accordance with the controller-to-controller standard contractual clauses (the “Clauses”), as approved by the European Commission. STERIS also has entered into data transfer agreements as may be required in those countries that do not recognize the Clauses, or otherwise has sought your consent for the transfer of your Personal Data in accordance with this Notice. To obtain a copy of the Clauses, please contact your Data Protection Officer/Company Contact dataprotection@STERIS.com.
The transfers of Personal Data to third-party vendors are secured by implementing the safeguards required under the applicable data protection law (including contractual arrangements entered into with a third-party vendor). Third-party service providers are expected to protect the confidentiality and security of Personal Data, and only use Personal Data for the provision of services to STERIS, and in compliance with applicable law.
7. How We Protect your Data
STERIS is committed to maintaining the security of your Personal Data it processes. We maintain appropriate physical, procedural, administrative, organizational and technical security measures intended to prevent loss, misuse, unauthorized access, disclosure, or modification of your Personal Data under STERIS’ control. If you have reason to believe that your Personal Data is no longer secure, please notify the Company immediately using the contact information supplied in Section 12 (“Contact Us”), below.
8. Retention Period
Personal Data collected for the purposes set out herein will only be retained for as long as (i) it is necessary for a particular application and/or (ii) your registration on the portal and for a transitional period (i.e. as long as STERIS' data retention obligations under applicable law so require or as long as the retention of the data is permitted by law). Your profile and application Personal Data will be deleted after a period of inactivity as outlined below by country:
Even if you are not selected for the position for which you applied or if you did not apply for a specific position, if you elect, we may retain your Personal Data for the purpose of considering whether your skills are suitable for other job opportunities, in which case we would invite you to apply, provided you granted your consent into such extended retention. Otherwise, your Personal Data will only be retained for the period necessary to assess your candidacy, and as may be required under applicable statute of limitations and statutory data retention obligations, as the case may be.
Personal Data relating to you will only be retained in a form that permits your identification for as long as we deem necessary to archive them for the purposes for which the data was originally collected or processed, or as required by applicable data retention laws or as permitted by applicable law.
9. Your Data Protection Rights
Depending on the jurisdiction in which you reside, you may have certain rights regarding the collection and use of your Personal Data.
For Applicants in the European Union / European Economic Area
To the extent required by applicable law, you are entitled to obtain information on the processing of your Personal Data, to object to processing of your Personal Data, make use of your right to data portability and to have your Personal Data rectified or deleted or their processing restricted. You also may be entitled to withdraw any consent that you might have given with respect to the processing of your personal data at any time with future effect. These are known as “Data Subject Rights.”
If you are not satisfied with our response or believe that your Personal Data is not being processed in accordance with the law, you also may contact or lodge a complaint with the competent supervisory authority or seek other remedies under applicable law.
For Applicants in California
Depending on your relationship with STERIS, the California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100, et seq.) provides you with specific rights regarding your Personal Data. The Personal Data we collect from you in your capacity as a job applicant or contractor of STERIS may not be subject to the rights identified below.
Where applicable, your rights as a California resident include a right to be informed about collection, sale or disclosure, right to access and obtain a copy of your Personal Data, right to delete Personal Data, right to opt-out of the sale of Personal Data (where applicable), and right to equal service for exercising your privacy rights.
For Applicants in Mexico
You have the right to: (i) access your Personal Data in our possession and know the details of its processing; (ii) rectify your Personal Data if it is inaccurate or incomplete; (iii) cancel the Personal Data when you consider it is not required for the purposes set forth in this privacy notice, when it is being used for non-consented purposes, or when the contractual or service relationship has ended, or (iv) oppose to the processing of your Personal Data for specific purposes, as set forth in the Mexico Data Protection Act (jointly, the “Arco Rights”).
To exercise your ARCO Rights, you must present a request (the “ARCO Request”) to the Privacy Officer to email address dataprotection@STERIS.com, along with the following information and documentation:
STERIS may refuse (the “Refusal”) to grant a request for the exercise of the ARCO Rights in the events permitted by the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (the “DP Act), but you should be informed on the reason behind this decision.
The Refusal may be partial, in which case STERIS will grant the access, rectification, cancelation or opposition with respect to those aspects that were approved.
The exercise of ARCO Rights will be free of charge; however, if you repeat your ARCO Request within 12 months since the date of the last ARCO Request the cost of the subsequent ARCO Request will be equivalent to three days of Mandatory Minimum Wages Applicable in the Federal District, plus Value Added Tax, unless there are material changes to the privacy notice that justify the subsequent ARCO Requests. You will have to pay the justified cost of delivery or the cost of reproduction of copies or other media, and if applicable, the cost of document certification.
If you consider that your Personal Data protection rights have been impaired by any behavior of our employees or by our proceedings or responses, or you allege that there is a breach to the provisions of the DP Act with regards to the processing of your Personal Data, you may submit the corresponding complaint or lawsuit before the National Institute of Transparency, Access to Information and Personal Data Protection.
For Applicants in Other Jurisdictions
Where permitted by applicable law, you may request access, correction and deletion of the Personal Data STERIS has about you.
10. Account Management and Updating Your Personal Data
There are several ways in which you can manage the type and amount of information we collect from you.
STERIS strives to maintain your Personal Data in a manner that is accurate, complete and up-to-date. However, you have an obligation to keep your Personal Data up-to-date and inform STERIS of any significant changes to your Personal Data.
11. Inclusion of Your Application in the STERIS Applicant Pool
When you create a candidate profile or sign up for the STERIS Talent Community, you will have the option to release your Personal Data for the applicant pool, allowing us to consider you for additional open positions at STERIS. If you choose to do so, employees from all the HR and responsible departments within the STERIS group of companies will be able to access your profile according to this Notice and contact you. We also will send you notifications of new job advertisements and/or information about career opportunities. You can withdraw your consent by changing your account settings so that you no longer wish to receive notifications of new job postings and/or information about career opportunities.
12. Contact Us
If you have any questions or concerns regarding this Notice, STERIS’ processing of your Personal Data or to exercise your Data Subjects Rights as outlined in Section 9 (“Your Data Protection Rights”) above, please contact us at dataprotection@STERIS.com.
13. Update of This Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take the appropriate steps to notify you, given the significance of the changes we make. We will ask for your consent to any material changes to this Notice if this is required by applicable data protection laws.
MEXICO APPLICANT PERSONAL DATA PROTECTION NOTICE ACKNOWLEDGMENT & CONSENT
Please acknowledge that you have read and understand the terms of the Applicant Personal Data Protection Notice as provided below.
I acknowledge that I have read and understand the terms of the Applicant Personal Data Protection Notice (“Notice”). To the extent applicable, I understand that I am responsible for informing my Dependents (as defined in the Notice) whose personal data I provide to the Company about the content of the Notice. I further represent and warrant that I am authorized by my Dependents to disclose their personal data to the Company for the purposes set forth in the Notice.
I acknowledge that the request of my consent to process my personal data in terms of this Notice is not indicative of an employment relationship with or job offer by the company.
I further grant my express consent for the processing and transfer of my personal data, including my sensitive personal data. I understand that I may revoke my consent for the processing and transferring of my personal data anytime by contacting dataprotection@steris.com. I do not give consent for the transfer of my personal data to the following third parties (please specify)____________________________(NOTE: Refusal to consent to the processing of your personal data may result in the inability continue with your application process).
STERIS plc and its affiliates (together “STERIS,” “we,” “us,” or “our”) are committed to collecting and processing the Personal Data of our job applicants (“Applicants,” “you,” or “your”) responsibly and in compliance with applicable data protection laws. This Applicant Personal Data Protection Notice (“Notice”) describes how we collect, share, and use any information from you when you access or use our careers website or apply for a position with STERIS. This Notice also sets out the rights you may have in relation to the Personal Data we process about you and how you can exercise them.
This Notice applies to the processing activities of your Personal Data when you (i) use the STERIS Careers website (available at careers.steris.com), such as when you create a candidate profile which, among other functions, serves to store your application data, (ii) apply for or inquire about a specific job posting from STERIS and its affiliates, (iii) interview with us, or (iv) elect to stay informed about career opportunities (collectively, the “Services”). Personal Data submitted elsewhere on our web sites, for example, when subscribing to our general email list, will be used in accordance with the STERIS Online Privacy Notice or other posted STERIS notice. Please take the time to read this Notice carefully. By using the Services, your Personal Data will be handled and protected in accordance with this Notice. If you have any questions regarding your Personal Data or need to contact us for any other reason, please use the contact information provided in Section 12 (“Contact Us”) below.
If you are currently employed or contracted with STERIS, internal privacy policies also may apply. Please contact dataprotection@STERIS.com for more information about our internal privacy notices for employees.
1. Identifying the Controller of Your Personal Data
Whenever a company or affiliate of STERIS collects, uses or transfers your Personal Data for its own purposes, that company or affiliate is considered a controller of the Personal Data and therefore, is primarily responsible for meeting the requirements of applicable data privacy and protection laws. Unless you are informed otherwise, the controller is the legal entity to which you are applying for a position. If you are applying for several jobs, then each legal entity is the controller for the respective job application. For further information regarding controllers of your data, please contact dataprotection@STERIS.com.
2. What Personal Data We Collect
When you create a candidate profile, log into the STERIS Careers website, apply for a position, interview with us, or otherwise use our Services, STERIS collects certain information that, alone or combination with other information, refers to you (“Personal Data”), including:
- Identification Data and Contact Details: Your full name (last, first, middle), date of birth, country of residence, physical address, e-mail address(es), telephone number(s), government identifiers such as your national ID number or work permits to work in the jurisdiction for which you applied as well as your photo or image (where required).
- Education and Training Details: Your area of study, highest education level, institution and whether you graduated, transcripts, language skills, and other similar education and training details.
- Professional or Employment-Related Information: Your resume or CV, employment background and history, job qualifications, the position for which you would like to apply, geographic mobility (willingness to relocate or travel overnight for work), or any other information you elect to provide, including information about previous applications you have submitted or your current/prior work experience with STERIS.
- Log In Details: Your e-mail address(es), and username and password when you sign into the Career’s website; the date and time of your logins so that you can check when you were last logged in, and so that we can notify you if your account is about to be deleted due to prolonged inactivity (see Section 8 (“Retention Period”) below).
- Financial Characteristics: Desired Pay (optional field).
- Household Composition: This may include an emergency contact or details of next of kin.
- Affiliations: Information about professional affiliations or memberships, depending on the jurisdiction in which you reside and as allowed under applicable data protection laws.
- Third-Party Personal Data: The name and contact details of your recruitment agency (if applicable) or your third-party employment references or referrals.
- Other Information You Choose to Provide: STERIS may receive any data you elect to provide, such as the job categories that primarily interest you.
Background Checks: Additionally, as part of the application process, you may be asked questions about your work authorization, your willingness to submit to a background or criminal record check, and/or medical examination as permitted by applicable law.
Sensitive Personal Data: Depending on the jurisdiction in which you reside, we generally do not require you to submit what is considered sensitive personal information or “special categories of personal data” under applicable data privacy laws (herein referred to as “Sensitive Personal Data”). Sensitive Personal Data refers to data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health or data concerning a person’s sex life or sexual orientation. Unless otherwise expressly requested, you are not required to submit this type of data as part of your candidate profile creation or online resume and application submission. If you decide to transmit Sensitive Personal Data to us during the application process or in connection with the Services, we reserve the right to delete such information from our databases.
Third-Party Consent: If you provide us with Personal Data of a reference or of any other individual as part of your application, you are responsible for obtaining consent from that individual prior to providing the information to STERIS.
3. How We Collect Your Personal Data
Information We Collect Directly From You
Your provision of Personal Data in connection with your job application is generally voluntary. If we require any of your Personal Data—for example, to complete submission of a job application—we will inform you before we collect it, as well as the consequence(s) if you do not provide us with such information (if any).
STERIS may collect your Personal Data from you when you use the Services in the following ways:
- Online: When you create a candidate profile, apply for a job online, join the STERIS Talent Community, or use our Services, we may collect all of the categories of Personal Data identified in Section 2 (“What Personal Data We Collect”), above.
- By Email: When you provide your Identification Data and Contact Details, Education and Training Details, and/or Professional or Employment-Related Information (including your CV, resume, job application, and other information you choose to provide) directly to a STERIS via email.
- In Person: When you hand deliver or send physical copies of your Personal Data to any of our managers or hiring personnel at one of the STERIS sites or interview with STERIS.
- Social Media: When you apply for a specific job opening using your LinkedIn social media profile, certain Personal Data is shared with STERIS consistent with your settings within the social media service, including your Identification Data and Contact Details, Education and Training Details, and/or Professional or Employment-Related Information, and any information you make available on your profile.
We also may collect your Personal Data from others, including from:
- Recruiters and Referrals: This includes information we receive about you from authorized third parties (e.g., recruitment agencies that are authorized to provide us with Personal Data about you).
- Publicly Available Sources: STERIS also collects your Personal Data from publicly available sources.
- From your employer: This includes references for employment outside of the STERIS group of companies.
- Offline: When you hand deliver your resume, CV, job application and other information to any of our managers or hiring personnel at one of our affiliates.
4. Why We Process Your Personal Data
STERIS values your privacy and processes your Personal Data in accordance with applicable data protection laws. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
STERIS will use your Personal Data in order to assess your suitability for a position with us and to perform the tasks relating to your possible hire. We will evaluate your credentials for available job opportunities or for a specific job opportunity you select. The following sets out the business purpose for which STERIS may process your Personal Data, if hired, and the legal basis for the processing (as may be required in the country in which you reside).
STERIS will process your Personal Data in order to administer and manage your application and for other purposes set out in this Notice. Specifically, STERIS needs to process your Personal Data in order to potentially enter into an employment contract or other contractual relationship with you. This includes for the following business purposes:
- Process your application for employment or to render services to us;
- Communicate with you and undergo preparatory steps as necessary to enter into a contract with you;
- Provide you with services and respond to your inquiries, including through the STERIS Careers website and portal;
- Assess your qualifications for a particular position (including to interview, screen, and evaluate your candidacy);
- Verify your identity and employment eligibility; and
- Verify employment references and referrals.
- Manage record-keeping and reporting obligations in connection with our applicant pool;
- Process potential reimbursements for any expenses incurred for travel during the interview process;
- Share information with STERIS affiliates in accordance with this Notice as necessary for global management purposes;
- If you are offered a position, to conduct criminal, medical, and credit background checks (as relevant to the respective function of your potential job); and
- Operate and manage STERIS IT systems (both internally and externally managed systems).
- Comply with legal and other requirements, such as record-keeping and reporting obligations, conducting audits and investigations in order to prevent and/or detect fraud or corruption, complying with government inspections and other requests from government or other public authorities, responding to legal processes such as subpoenas, pursuing legal rights and remedies, defending litigation, and complying with internal policies and procedures.
Original Documents: We may require you to provide original documents containing Personal Data to verify your employment eligibility and identification, which may be processed in the same manner. This activity may be done by the local STERIS affiliate or by STERIS on behalf of the affiliate with the position for which you applied or for which you are being considered.
Automated Decision Making or Profiling: We engage in automated decision making only in the US. We do not engage in profiling.
5. Who Has Access to Your Personal Data
STERIS will only grant access to Personal Data on a need-to-know basis, and such access will be limited to the Personal Data that is necessary to perform the business function for which such access is granted. In the preceding twelve (12) months, we have disclosed or shared your Personal Data as follows:
- Group Companies: In light of STERIS’ global corporate structure, various group companies may receive your Personal Data in order to process your application in a manner consistent with this Notice. We take precautions to restrict access to Personal Data to employees with a legitimate business need and contractually prohibit them from using Personal Data for other purposes. STERIS entities who may receive your Personal Data include: (i) the STERIS entity or entities to which you are applying for a position; (ii) other STERIS group companies whose responsible departments or HR departments are involved in processing your application; (iii) STERIS as the operator of the applicant platform and candidates portal; and (iv) technical service providers that process data for STERIS. If you are hired, your Personal Data is transferred from the recruitment platform to the HR administration system of the respective STERIS entity with which your employment or working relationship is formally established. If local legislation requires Sensitive Personal Data to be processed, such data will only be transferred outside your country if permitted by applicable law.
- Select Service Providers: We may share your Personal Data with our third-party suppliers, service providers and partners who provide us with a data processing service, or who process Personal Data for the purposes described in this Notice, or who are notified to you at the time of collection of your Personal Data. This includes disclosures to third-party vendors and other service providers that we use in connection with the services they provide to us, including to support us in areas such as resume management, computer platform management or support services, infrastructure and application services, marketing, data analysis, business travel service providers, payroll processing services and health care benefits.
- Recruiters, References, or Referrals: We may share Personal Data with other third parties, such as recruiters, references, or referrals, agencies that facilitate background checks, or consultants when it is necessary to involve a third-party service provider to facilitate or extend recruitment services, background check processing, and similar services or when explicitly requested by you.
- Public and Governmental Authorities: We may share Personal Data with any applicable law enforcement agency, regulator, government agency, court, or other third party, where we believe that disclosure is necessary (i) under applicable laws or regulations, (ii) to exercise, establish or defend our rights, or (iii) to protect your vital interests or those of any other person.
- Professional Advisors: We may share Personal Data with our auditors, legal representatives and similar agents in connection with consulting services they provide to us for legitimate business purposes and pursuant to a contractual prohibition to use the Personal Data for other purposes.
- Corporate Transaction: We may share Personal Data with a prospective purchaser (and its agents and advisors), in connection with a proposed purchase, merger or acquisition of part of our business, provided that we inform the purchaser that it must use your Personal Data only for the purposes described in this Notice.
6. Cross-Border Data Transfers
Due to the global nature of STERIS’ operations, we may transfer your Personal Data to STERIS companies and affiliates in locations outside the country in which you reside. These countries may have data protection laws that are different from the laws of your own country (and, in some cases, may not be as protective).
Unless prohibited by applicable law, Personal Data will be transferred to STERIS companies and affiliates in locations outside the country in which you reside, where the data protection regime may be different than in the country in which you are located, specifically to the United States (and other jurisdictions where STERIS is operational). Where required by applicable law (including in the EU), the transfer will be based on a legally adequate transfer method.
To comply with EU data protection laws, including the General Data Protection Regulation, STERIS has entered into an Intercompany Data Transfer Agreement, under the terms of which all data importers outside the EU are obligated to process and protect all Personal Data received from the EU in accordance with the controller-to-controller standard contractual clauses (the “Clauses”), as approved by the European Commission. STERIS also has entered into data transfer agreements as may be required in those countries that do not recognize the Clauses, or otherwise has sought your consent for the transfer of your Personal Data in accordance with this Notice. To obtain a copy of the Clauses, please contact your Data Protection Officer/Company Contact dataprotection@STERIS.com.
The transfers of Personal Data to third-party vendors are secured by implementing the safeguards required under the applicable data protection law (including contractual arrangements entered into with a third-party vendor). Third-party service providers are expected to protect the confidentiality and security of Personal Data, and only use Personal Data for the provision of services to STERIS, and in compliance with applicable law.
7. How We Protect your Data
STERIS is committed to maintaining the security of your Personal Data it processes. We maintain appropriate physical, procedural, administrative, organizational and technical security measures intended to prevent loss, misuse, unauthorized access, disclosure, or modification of your Personal Data under STERIS’ control. If you have reason to believe that your Personal Data is no longer secure, please notify the Company immediately using the contact information supplied in Section 12 (“Contact Us”), below.
8. Retention Period
Personal Data collected for the purposes set out herein will only be retained for as long as (i) it is necessary for a particular application and/or (ii) your registration on the portal and for a transitional period (i.e. as long as STERIS' data retention obligations under applicable law so require or as long as the retention of the data is permitted by law). Your profile and application Personal Data will be deleted after a period of inactivity as outlined below by country:
| Country | Data is deleted… |
| France | After 2 years of inactivity |
| Germany | After 6 months of inactivity |
| Netherlands | After 1 year of inactivity |
| United Kingdom | After 6 months of inactivity |
| United States | After 2 years of inactivity |
| Mexico | After 1 year of inactivity |
| All Others | After 1 year of inactivity (unless otherwise required by law) |
Even if you are not selected for the position for which you applied or if you did not apply for a specific position, if you elect, we may retain your Personal Data for the purpose of considering whether your skills are suitable for other job opportunities, in which case we would invite you to apply, provided you granted your consent into such extended retention. Otherwise, your Personal Data will only be retained for the period necessary to assess your candidacy, and as may be required under applicable statute of limitations and statutory data retention obligations, as the case may be.
Personal Data relating to you will only be retained in a form that permits your identification for as long as we deem necessary to archive them for the purposes for which the data was originally collected or processed, or as required by applicable data retention laws or as permitted by applicable law.
9. Your Data Protection Rights
Depending on the jurisdiction in which you reside, you may have certain rights regarding the collection and use of your Personal Data.
For Applicants in the European Union / European Economic Area
To the extent required by applicable law, you are entitled to obtain information on the processing of your Personal Data, to object to processing of your Personal Data, make use of your right to data portability and to have your Personal Data rectified or deleted or their processing restricted. You also may be entitled to withdraw any consent that you might have given with respect to the processing of your personal data at any time with future effect. These are known as “Data Subject Rights.”
If you are not satisfied with our response or believe that your Personal Data is not being processed in accordance with the law, you also may contact or lodge a complaint with the competent supervisory authority or seek other remedies under applicable law.
For Applicants in California
Depending on your relationship with STERIS, the California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100, et seq.) provides you with specific rights regarding your Personal Data. The Personal Data we collect from you in your capacity as a job applicant or contractor of STERIS may not be subject to the rights identified below.
Where applicable, your rights as a California resident include a right to be informed about collection, sale or disclosure, right to access and obtain a copy of your Personal Data, right to delete Personal Data, right to opt-out of the sale of Personal Data (where applicable), and right to equal service for exercising your privacy rights.
For Applicants in Mexico
You have the right to: (i) access your Personal Data in our possession and know the details of its processing; (ii) rectify your Personal Data if it is inaccurate or incomplete; (iii) cancel the Personal Data when you consider it is not required for the purposes set forth in this privacy notice, when it is being used for non-consented purposes, or when the contractual or service relationship has ended, or (iv) oppose to the processing of your Personal Data for specific purposes, as set forth in the Mexico Data Protection Act (jointly, the “Arco Rights”).
To exercise your ARCO Rights, you must present a request (the “ARCO Request”) to the Privacy Officer to email address dataprotection@STERIS.com, along with the following information and documentation:
- Your name, address and e-mail for delivery of the response to your ARCO Request;
- Copy of the documents that evidence your identity (copy of your voter´s identification card, passport or other official identification) or, if applicable, the documents that evidence your legal representation. The original copy must be submitted in order to receive the response from STERIS;
- A clear and succinct description of the Personal Data with which you wish to exercise any of the ARCO Rights;
- Any document or information that facilitates the location of your Personal Data; and
- In the event of requesting a rectification of your Personal Data, you must also indicate the modifications to be made and provide the documentation supporting your request.
STERIS may refuse (the “Refusal”) to grant a request for the exercise of the ARCO Rights in the events permitted by the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (the “DP Act), but you should be informed on the reason behind this decision.
The Refusal may be partial, in which case STERIS will grant the access, rectification, cancelation or opposition with respect to those aspects that were approved.
The exercise of ARCO Rights will be free of charge; however, if you repeat your ARCO Request within 12 months since the date of the last ARCO Request the cost of the subsequent ARCO Request will be equivalent to three days of Mandatory Minimum Wages Applicable in the Federal District, plus Value Added Tax, unless there are material changes to the privacy notice that justify the subsequent ARCO Requests. You will have to pay the justified cost of delivery or the cost of reproduction of copies or other media, and if applicable, the cost of document certification.
If you consider that your Personal Data protection rights have been impaired by any behavior of our employees or by our proceedings or responses, or you allege that there is a breach to the provisions of the DP Act with regards to the processing of your Personal Data, you may submit the corresponding complaint or lawsuit before the National Institute of Transparency, Access to Information and Personal Data Protection.
For Applicants in Other Jurisdictions
Where permitted by applicable law, you may request access, correction and deletion of the Personal Data STERIS has about you.
10. Account Management and Updating Your Personal Data
There are several ways in which you can manage the type and amount of information we collect from you.
- You can delete your entire account at any time.
- You can delete all or selected information in your profile.
- You can withdraw an application.
- You can change your settings.
STERIS strives to maintain your Personal Data in a manner that is accurate, complete and up-to-date. However, you have an obligation to keep your Personal Data up-to-date and inform STERIS of any significant changes to your Personal Data.
11. Inclusion of Your Application in the STERIS Applicant Pool
When you create a candidate profile or sign up for the STERIS Talent Community, you will have the option to release your Personal Data for the applicant pool, allowing us to consider you for additional open positions at STERIS. If you choose to do so, employees from all the HR and responsible departments within the STERIS group of companies will be able to access your profile according to this Notice and contact you. We also will send you notifications of new job advertisements and/or information about career opportunities. You can withdraw your consent by changing your account settings so that you no longer wish to receive notifications of new job postings and/or information about career opportunities.
12. Contact Us
If you have any questions or concerns regarding this Notice, STERIS’ processing of your Personal Data or to exercise your Data Subjects Rights as outlined in Section 9 (“Your Data Protection Rights”) above, please contact us at dataprotection@STERIS.com.
13. Update of This Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take the appropriate steps to notify you, given the significance of the changes we make. We will ask for your consent to any material changes to this Notice if this is required by applicable data protection laws.
MEXICO APPLICANT PERSONAL DATA PROTECTION NOTICE ACKNOWLEDGMENT & CONSENT
Please acknowledge that you have read and understand the terms of the Applicant Personal Data Protection Notice as provided below.
I acknowledge that I have read and understand the terms of the Applicant Personal Data Protection Notice (“Notice”). To the extent applicable, I understand that I am responsible for informing my Dependents (as defined in the Notice) whose personal data I provide to the Company about the content of the Notice. I further represent and warrant that I am authorized by my Dependents to disclose their personal data to the Company for the purposes set forth in the Notice.
I acknowledge that the request of my consent to process my personal data in terms of this Notice is not indicative of an employment relationship with or job offer by the company.
I further grant my express consent for the processing and transfer of my personal data, including my sensitive personal data. I understand that I may revoke my consent for the processing and transferring of my personal data anytime by contacting dataprotection@steris.com. I do not give consent for the transfer of my personal data to the following third parties (please specify)____________________________(NOTE: Refusal to consent to the processing of your personal data may result in the inability continue with your application process).