SAS complies with the General Data Protection Regulations and the Data Protection Act 2018.
This policy applies where we are acting as a Data Controller with respect to any personal data.
“SAS” and “we” includes SAS Global Communications Limited (02364950) and SAS Managed Applications Limited (08402293)
The only personal data that we will collect is the personal data that you provide to us when you register your request for information. This includes your full name, phone number, job title and email address. We will also keep records of how you use our website and the any requests you make of us. We do not send promotional emails; however you may receive services and/or product related emails relating to your account or request for information.
From time to time, we may also collect information that pertains to you indirectly through other sources, such as list vendors. When we do so, we ask the third party to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it.
Where a contract exists between us for the delivery of services, we will need to collect personal data for the purposes of fulfilling that contract. Where we need to pass on such information to our own suppliers to enable them to assist us, we will ensure that your information is protected to the same level as described in this policy.
Any personal data that you provide to us will only be used for the purposes for which you have provided it to us.
We may process your personal data in the following way;
We may sometimes be entrusted with your personal data by a company that is delivering services to you and has an arrangement with ourselves to contribute to the delivery of those services. We are contractually bound in such circumstances to only process data in accordance with their instructions and not to use it for any other reason, and to keep that data secure. In such cases, SAS will be the Data Processor and the other company will be the Data Controller with respect to such personal data, and you should take any privacy questions and concerns directly to them.
The Legitimate Interests pursued by us, are in order to improve customer experience and develop our products & services for commercial use.
You may at any time ask us to remove your personal details from our mailing lists or otherwise revise the communications preferences you have told us about by sending an email to firstname.lastname@example.org.
We will endeavour to maintain the information we hold about you as accurate and up to date as possible. We may ask you to reconfirm details from time to time with this aim in mind. You can check the information that we hold about you by emailing us at email@example.com (please title the email “Subject Access Request”). If you find any inaccuracies, please let us know and we will delete or correct it promptly. Where the information is held by us on the basis of consent, you may require us to delete it.
You have certain rights in relation to the personal data we hold about you. Some of these rights only apply in certain circumstances. In order to exercise these rights please contact us at firstname.lastname@example.org. Please note that we will require proof of identity as part of this request and most rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
We will hold such information for such period as is necessary for us to meet our contractual, financial and legal obligations to do. If we hold your personal data as a Legitimate Interest we shall hold such information until the Legitimate Interest is no longer valid.
Where we hold information about you that we need to service and record requests you have made of us, you may object to our continued retention of that information.
The personal data we hold will be held securely. The security of our information management systems is externally certified to ISO 27001.
All personal data collected about you is stored in the European Union or under jurisdictions or arrangements agreed as acceptable by the European Union (e.g. under the Privacy Shield schemes in the USA and Switzerland). Information will not be otherwise transferred outside the UK without seeking your consent.
This website is not intended for use by users under the age of 13, and is unlikely to be of interest to them. However, should we detect such use, we will deny access unless parental consent is provided to us.
Version: September 2018