Privacy Policy

At the SAS Group of Companies Limited (“SAS”), we take your right to privacy seriously and respect any personal data that you provide to us. This Privacy Policy sets out the steps that we take to ensure that any data provided to us is kept secure and confidential and used only for the purposes for which it is provided.

SAS complies with the General Data Protection Regulations and the Data Protection Act 2018.

This policy applies where we are acting as a Data Controller with respect to any personal data.

“SAS” and “we” includes SAS Global Communications Limited (02364950) and SAS Managed Applications Limited (08402293)

  1. Personal Data

The only personal data that we will collect is the personal data that you provide to us when you register your request for information. This includes your full name, phone number, job title and email address.  We will also keep records of how you use our website and the any requests you make of us. We do not send promotional emails; however you may receive services and/or product related emails relating to your account or request for information. 

From time to time, we may also collect information that pertains to you indirectly through other sources, such as list vendors. When we do so, we ask the third party to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it.

Where a contract exists between us for the delivery of services, we will need to collect personal data for the purposes of fulfilling that contract. Where we need to pass on such information to our own suppliers to enable them to assist us, we will ensure that your information is protected to the same level as described in this policy.

Our privacy policy for employees is contained in their contracts of employment or staff handbook.

  1. Legal Basis for processing your data

Any personal data that you provide to us will only be used for the purposes for which you have provided it to us.

We may process your personal data in the following way;

  • In compliance with a legal obligation or regulatory authority.
  • In performance of a contract in order to deliver the product and/or services that we have agreed to provide you with.
  • To pursue a Legitimate Interest.
  • Where you have specifically consented to us using the data. 

We may sometimes be entrusted with your personal data by a company that is delivering services to you and has an arrangement with ourselves to contribute to the delivery of those services. We are contractually bound in such circumstances to only process data in accordance with their instructions and not to use it for any other reason, and to keep that data secure. In such cases, SAS will be the Data Processor and the other company will be the Data Controller with respect to such personal data, and you should take any privacy questions and concerns directly to them.

The Legitimate Interests pursued by us, are in order to improve customer experience and develop our products & services for commercial use.

  1. Disclosure

Your personal data may be shared with other members of the SAS group but only in compliance with this Privacy policy. Other than strictly for the purposes of fulfilling requests you make of us, or on the lawful request of authorities, we will not pass any of your personal data to any third party without your consent.

  1. Revisions to Consent

You may at any time ask us to remove your personal details from our mailing lists or otherwise revise the communications preferences you have told us about by sending an email to privacy@sas.co.uk.

  1. Accuracy

We will endeavour to maintain the information we hold about you as accurate and up to date as possible. We may ask you to reconfirm details from time to time with this aim in mind. You can check the information that we hold about you by emailing us at privacy@sas.co.uk (please title the email “Subject Access Request”). If you find any inaccuracies, please let us know and we will delete or correct it promptly. Where the information is held by us on the basis of consent, you may require us to delete it.

  1. Your Rights

You have certain rights in relation to the personal data we hold about you. Some of these rights only apply in certain circumstances. In order to exercise these rights please contact us at privacy@sas.co.uk. Please note that we will require proof of identity as part of this request and most rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.

  • Right of Access. You have the right at any time to ask us for a copy of the data that we hold about you and how it is used.
  • Right of Rectification. If the data that we have collected is incomplete or inaccurate, you have the right to update it taking in to account the purposes of the processing.
  • Right of Erasure. In certain circumstances, you have the right to request that information we hold about you is erased. This usually applies if the data is no longer necessary for the purpose that it was collected for, or you withdraw your consent for its processing and request its erasure.
  • Right to Object to or Restrict Processing. If you wish to restrict our processing of your data in certain circumstances or if you wish to object to the processing of your data.
  • Right of Data Portability.  You have a right to receive any personal data in a machine-readable format and request that we transfer your data to another data processor where technically feasible.
  1. Retention

We will hold such information for such period as is necessary for us to meet our contractual, financial and legal obligations to do.  If we hold your personal data as a Legitimate Interest we shall hold such information until the Legitimate Interest is no longer valid.

Where we hold information about you that we need to service and record requests you have made of us, you may object to our continued retention of that information.

  1. Security

The personal data we hold will be held securely. The security of our information management systems is externally certified to ISO 27001.

  1. Location of Data

All personal data collected about you is stored in the European Union or under jurisdictions or arrangements agreed as acceptable by the European Union (e.g. under the Privacy Shield schemes in the USA and Switzerland). Information will not be otherwise transferred outside the UK without seeking your consent.

  1. Children

This website is not intended for use by users under the age of 13, and is unlikely to be of interest to them. However, should we detect such use, we will deny access unless parental consent is provided to us.

  1. Cookies

We may use technology to track the patterns of behaviour of visitors to our site, this can include using a "cookie" which would be stored on your browser. Please see our Cookie Policy for further details about the cookies we use and their functions, plus the control over their use that you have.

  1. Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will post the changes here. However, if we make material changes to the way we use your personal data we will ask for your consent to do so.

 

Version: September 2018