SAS complies with the General Data Protection Regulations and the Data Protection Act 2018.
This policy applies where we are acting as a Data Controller with respect to any personal data.
“SAS” and “we” includes SAS Global Communications Limited (02364950) and SAS Managed Applications Limited (08402293)
The only personal data that we will collect is the personal data that you provide to us when you register your request for information. This includes your full name, phone number, job title and email address. We will also keep records of how you use our website and any requests you make of us. We use the information you provide to contact you about relevant content, products and services, or about matters relating to your account or to respond to requests for information.
From time to time, we may also collect information that pertains to you indirectly through other sources, such as list vendors. When we do so, we ask the third party to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it.
Where a contract exists between us for the delivery of services, we will need to collect personal data for the purposes of fulfilling that contract. Where we need to pass on such information to our own suppliers to enable them to assist us, we will ensure that your information is protected to the same level as described in this policy.
Legal Basis for processing your data
Any personal data that you provide to us will only be used for the purposes for which you have provided it to us.
We may process your personal data in the following way;
- In compliance with a legal obligation or regulatory authority.
- In performance of a contract in order to deliver the product and/or services that we have agreed to provide you with.
- To pursue a Legitimate Interest.
- Where you have specifically consented to us using the data.
We may sometimes be entrusted with your personal data by a company that is delivering services to you and has an arrangement with ourselves to contribute to the delivery of those services. We are contractually bound in such circumstances to only process data in accordance with their instructions and not to use it for any other reason, and to keep that data secure. In such cases, SAS will be the Data Processor and the other company will be the Data Controller with respect to such personal data, and you should take any privacy questions and concerns directly to them.
The Legitimate Interests pursued by us, are in order to improve customer experience and develop our products & services for commercial use.
Revisions to Consent
You may at any time ask us to remove your personal details from our mailing lists or otherwise revise the communications preferences you have told us about by sending an email to firstname.lastname@example.org.
We will endeavour to maintain the information we hold about you as accurate and up to date as possible. We may ask you to reconfirm details from time to time with this aim in mind. You can check the information that we hold about you by emailing us at email@example.com (please title the email “Subject Access Request”). If you find any inaccuracies, please let us know and we will delete or correct it promptly. Where the information is held by us on the basis of consent, you may require us to delete it.
You have certain rights in relation to the personal data we hold about you. Some of these rights only apply in certain circumstances. In order to exercise these rights please contact us at firstname.lastname@example.org. Please note that we will require proof of identity as part of this request and most rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
- Right of Access. You have the right at any time to ask us for a copy of the data that we hold about you and how it is used.
- Right of Rectification. If the data that we have collected is incomplete or inaccurate, you have the right to update it taking in to account the purposes of the processing.
- Right of Erasure. In certain circumstances, you have the right to request that information we hold about you is erased. This usually applies if the data is no longer necessary for the purpose that it was collected for, or you withdraw your consent for its processing and request its erasure.
- Right to Object to or Restrict Processing. If you wish to restrict our processing of your data in certain circumstances or if you wish to object to the processing of your data.
- Right of Data Portability. You have a right to receive any personal data in a machine-readable format and request that we transfer your data to another data processor where technically feasible.
We will hold such information for such period as is necessary for us to meet our contractual, financial and legal obligations to do. If we hold your personal data as a Legitimate Interest we shall hold such information until the Legitimate Interest is no longer valid.
Where we hold information about you that we need to service and record requests you have made of us, you may object to our continued retention of that information.
The personal data we hold will be held securely. The security of our information management systems is externally certified to ISO 27001.
Location of Data
All personal data collected about you is stored in the European Union or under jurisdictions or arrangements agreed as acceptable by the European Union (e.g. under the Privacy Shield schemes in the USA and Switzerland). Information will not be otherwise transferred outside the UK without seeking your consent.
This website is not intended for use by users under the age of 13, and is unlikely to be of interest to them. However, should we detect such use, we will deny access unless parental consent is provided to us.
Version: April 2019