SAS complies with the General Data Protection Regulations and the Data Protection Act 2018.
The only personal data that we will collect is the personal data that you provide to us when you register your request for information. We will also keep records of how you use our website and the request you make of us. SAS is the Data Controller of such information.
From time to time, we may also collect information that pertains to you indirectly through other sources, such as list vendors. When we do so, we ask the vendors to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it.
Where a contract exists with you for the delivery of services, we will need to collect personal data for the purposes of fulfilling that contract. Where we need to pass on such information to our own suppliers to enable them to assist us, we will ensure that your information is protected to the same level as described in this policy.
Any personal data that you provide to us will only be used for the purposes for which you have provided it to us.
We rely on the following legal basis for using your data.
We may sometimes be entrusted with your personal data by a company that is delivering services to you and has been arrangement with ourselves to contribute to the delivery of those services. We are contractually bound in such circumstances to only process data in accordance with their instructions and not to use it for any other reason, and to keep that data secure. In such cases, that company will be the Data Controller with respect to such personal data, and you should take any privacy questions and concerns directly to them.
You may at any time ask us to remove your personal details from our mailing lists or otherwise revise the communications preferences you have told us about by sending an email to firstname.lastname@example.org.
We will endeavour to maintain the information we hold accurate and up to date. We may ask you to reconfirm details from time to time with this aim in mind. You can check the information that we hold about you by emailing us at email@example.com (please title the email “Subject Access Request”). If you find any inaccuracies, please let us know and we will delete or correct it promptly. Where the information is held by us on the basis of consent, you may require us to delete it. Where we hold information about you that we need to service and record requests you have made of us, you may object to our continued retention of that information.
You have certain rights in relation to the personal data we hold about you. Some of these rights only apply in certain circumstances. In order to exercise these rights please contact us at firstname.lastname@example.org. Please note that we will require proof of identity as part of this request and most rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
We will hold such information for such period as is necessary for us to meet our contractual, financial and legal obligations to do.
Where we hold information about you that we need to service and record requests you have made of us, you may object to our continued retention of that information.
The personal data we hold will be held securely. The security of our information management systems is externally certified to ISO 27001.
All personal data collected about you is stored in the European Union or under jurisdictions or arrangements agreed as acceptable by the European Union (e.g. under the Privacy Shield schemes in the USA and Switzerland). Information will not be otherwise transferred outside the UK without seeking your consent.
This website is not intended for use by users under the age of 13, and is unlikely to be of interest to them. However, should we detect such use, we will deny access unless parental consent is provided to us.
Version: July 2018