SAS Privacy Statement
Our Commitment to Privacy
Your privacy is important to us. SAS Institute Inc., together with our subsidiaries and affiliates ("SAS" or "we"), are providing this Privacy Statement to describe our online information collection practices and explain the choices you can make about the way your personal information is collected and used.
Scope of this Privacy Statement
This Privacy Statement applies to information we collect when you visit this website and our other websites and mobile apps that we operate and that reference this Privacy Statement (collectively, the “Websites”). We may also collect information from you in other ways, including information collected during technical support contacts, on registration forms, in person (e.g., business cards), and from third parties. If we provide a separate or supplemental notice when we collect personal information from you, that notice will control to the extent of any conflict.
Special notice for the EEA: Persons in the European Union should access the EEA version of this Privacy Statement applicable to processing of personal information subject to the General Data Protection Regulation.
This Privacy Statement does not apply to:
(i) Information included in the materials that we receive and process on our customers' behalf through our hosting and professional services activities (which are instead subject to the SAS Hosted Managed Services Privacy Policy);
or
(ii) Personal information in customer-controlled data to which SAS may be given access in connection with SAS' provision of technical support services, which is subject to SAS Technical Support Policies;
or
(iii) Personal information included in customer-controlled data to which SAS may be given access in connection with consulting services, which is subject to agreements between SAS and its customers.
The Information We Collect and How We Collect It
The information SAS may collect about you includes:
- Contact information such as your name, postal address, telephone number and email address.
- Information about your professional interests and experiences with our products or services.
- Business and marketing information that helps us provide our services to you, including your contact, language and marketing preferences.
- Transaction information, including purchase history, order and contract information, delivery and technical support details, and payment and billing information.
- Technical information, such as details about your device, your browser, how you use our website, including what pages of our websites you visit and when, and IP addresses.
- Security data used for authentication and fraud prevention.
SAS collects this information in several ways:
- Through information you provide in your SAS Profile.
- Through registration, surveys, and other online forms.
- As part of an ongoing sales process.
- While providing online technical support, consultation, live chat or product information.
- Through the process of maintaining and upgrading our products.
- Through automated means such as communications protocols, email communications, cookies, web beacons and pixels, and other related technologies in accordance with the SAS Statement on Cookies and Related Technologies.
- Through our mobile applications (some of which may be managed by third parties on behalf of SAS).
- Through your participation in surveys, contests and promotions.
- Through your use of social connectors and SAS-affiliated social networking areas, including interactions with us on third-party social media platforms.
- Through your interest in SAS ads placed on third-party sites.
- Through using statistical analysis or other automated means to make inferences about your interest in particular SAS products and services.
Personal information or other data we collect online may also be combined with information you provide to us through other channels such as product registration, call centers, or in conjunction with events such as trade shows, training seminars, contests and promotions, and conferences. Where permitted by applicable law, other information gathered from social media platforms and other published sources may be added to the data you provide.
How We Use Your Information
SAS may use your personal information in the following ways/for the following purposes:
- To fulfill subscription requests and orders for software and services made online and to provide other information you request.
- To provide customer support and communicate with you about your orders, purchases or accounts with us, requests, questions, and comments.
- To inform you about important news about SAS, our new products and services, product updates, technical support issues, events and special offers we think you may be interested in.
- To make the Websites easier for you to use, such as by identifying you across platforms or devices for a consistent user experience, and customizing content and advertising relevant to your interests through analytics and profiling technology.
- To facilitate the use of certain features of the Websites, including collaborative forums and online communication channels like SAS Support Communities, should you wish to use them.
- To protect the security and integrity of SAS Websites, systems, servers and other technical assets.
- To prevent and detect fraud or other prohibited or illegal activity.
- To contact you for customer satisfaction surveys or other market research activities.
- To process your registration for online and in-person events hosted by SAS or our business partners.
- To promote our products and services on our Websites and third-party websites.
- To operate, evaluate, and improve our business (including developing new products and services; managing our communications; and performing accounting, auditing, billing, reconciliation and collection activities).
- To meet legal requirements, or as required by a judicial process or a government request, and to establish, exercise, or defend a legal claim.
- To comply with industry standards and our policies.
In addition, we analyze our web services such as browser session page views, registrations, demos, downloads, and email responses in aggregate and sometimes at the individual level in order to improve the quality of those offerings and to better tailor our marketing to our customers' needs. We may also use statistical analysis to accomplish the purposes listed above, including to better understand your marketing preferences and tailor our offerings to you.
How We Share Your Information
We will not sell, rent or lease to others your personal information. There are, however, situations in which we may share the personal information we collect online with other parties. These may include disclosures that we make:
- To SAS subsidiaries and affiliates as necessary to accomplish the purposes described above.
- To our vendors, subcontractors, processors, and other business partners for purposes related to those described above, and who have agreed to abide by our privacy and data-security requirements.
- At your direction or with your consent, such as when you choose to make your personal information available to participants in SAS Support Communities and other online communication channels.
- To companies other than SAS entities in connection with a sale or transfer of all or part of our business or assets.
- In response to valid legal process, including from law enforcement or other governmental agencies.
- As we otherwise believe is necessary to protect our rights or property, including the security and integrity of the Websites.
Choice / Opt-Out
SAS offers you the choice of receiving different types of communication and information related to our company, products and services. You may subscribe to e-newsletters or other publications; you may also elect to receive marketing communications and other special offers from us via email. If at any time you would like to change your email communication preferences, we provide unsubscribe links and an opt-out mechanism for your convenience.
You may also access and make changes to your personal information specify your interests related to SAS products and services, opt in to email communications from SAS, and manage electronic newsletter subscriptions from your SAS Profile page.
In some cases, you may separately elect to receive marketing communications from other SAS business units and affiliates such as JMP; you may opt out from email communication about JMP products and services at any time.
Do Not Track (DNT)
Do not track is a privacy preference that you can set in your web browser. When you turn on the do not track signal, the browser sends a message to websites requesting them not to track you. For information about do not track, visit http://www.allaboutdnt.org. If you enable DNT, our cookie preferences tool will automatically turn off all targeting cookies on our websites in response to the signal from that browser or device.
Global Privacy Control (GPC)
Global privacy control is a browser-based technical specification that you can use to signal your privacy preference for behavioral advertising. Certain browsers and extensions will allow you to enable GPC or enable GPC by default; you can learn more at https://www.globalprivacycontrol.org . If you enable GPC, our cookie preferences tool will automatically turn off all targeting cookies on our websites in response to the signal from that browser or device.
You may choose to disable cookies or opt out of behavioral advertising. You can learn more about how we used cookies and related technologies by visiting our Statement on Cookies and Related Technologies.
To learn more about behavioral advertising or to opt out of this type of advertising, visit the Network Advertising Initiative website or Digital Advertising Alliance website.
Our Commitment to Data Security
SAS takes care to guard the security of your information. We use physical, technical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, or alteration; unauthorized disclosure or access; and against all other unlawful forms of processing. Although no information security system is impenetrable, SAS maintains a comprehensive information security program that is proportionate to the risks associated with the processing. We use enhanced security measures when processing any sensitive information, such as by employing encryption technology when collecting or transferring payment card information.
Data Subject Rights
You have certain rights regarding our processing of your personal data under applicable data protection laws. This section describes these rights and how you can exercise them. Please note these laws may provide limitations or exceptions that apply to these rights. We have described these rights generally, without noting all applicable jurisdictions, limitations, or exceptions. When you make a request to exercise any of these rights, we may provide more detailed information regarding any exceptions or limitations that apply.
- Right to know. You have the right to ask us to confirm whether or not we process your personal data, the categories of personal data we have collected and the sources from which we collect it, our purposes for collecting your personal data, the categories of third parties to whom we disclose your personal data, and the specific pieces of personal data we have collected about you.
- Right to access. You have the right to request a copy of your personal data and supplementary information.
- Right to correction/rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
- Right to erasure/deletion. You have the right to request that we erase or delete your personal data, under certain circumstances and subject to certain exceptions.
- Right to restriction of processing. You have the right to restrict the processing of your personal data, under certain circumstances.
- Right to data portability. You have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format that allows you to transmit the data to another controller without hindrance. You also have the right to request that we transmit this data directly to another controller.
- Right to withdrawal of consent. In the event our processing of your personal data is based on your consent, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object to processing. You have the right to object to the processing of your personal data at any time, under certain circumstances.
- Right to opt out of our processing, “sale,” or sharing of personal data for targeted or cross-context behavioral advertising. In certain jurisdictions, you have the right to opt out of our processing, “sale” (as that term is broadly defined in the California Consumer Privacy Act), or sharing of your personal data for targeted or cross-context behavioral advertising, which means displaying advertising to you based on personal data obtained or inferred from your activities over time across different websites, applications, and other online services we do not operate. As detailed in the Cookies section above, you may exercise this right by visiting our Cookie Preferences link to disable targeting cookies. You may also opt out of the processing or sharing of your personal data for targeted or cross-context behavioral advertising in a frictionless manner through the use of an opt-out preference signal such as Global Privacy Control or Do Not Track. Please see the SAS Statement on Cookies and Related Technologies for additional details on how to implement these settings and other advertising preferences. Please note that even if you opt out of allowing us to use or disclose your personal data for targeted or cross-context behavioral advertising, you may still see our ads on other websites, applications, and online services, and we may still base aspects of our advertising on your interactions with us and our websites.
- Non-Retaliation. You have a right not to receive discriminatory treatment for exercising the rights described above.
Exercising Your Rights
Except as otherwise noted above, to exercise any of the above rights or if you have any questions about this Privacy Notice, please submit them through our SAS Data Privacy Rights Request Form or by emailing privacyrights@sas.com.
- Making a Request; requests by others on your behalf. Only you, or someone legally authorized to act on your behalf (this includes an authorized agent), may make a verifiable consumer request related to your personal data using the methods described above. The response we provide will also explain the reason we cannot comply with a request, if applicable.
- Fees. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
- Information we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights, such as your first and last name, email address, mailing address, telephone number, or other information necessary to verify your identity or that your representative is authorized to act on your behalf. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to assist with our response. Any personal data provided to us for verification and fraud-prevention purposes will only be used for that purpose and such information will be deleted as soon as practical after processing your consumer request.
- Timing. We try to respond to all legitimate requests within one month of receipt of the request. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You may also make a complaint about our processing of your personal data to a relevant data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you do so.
External Links
Links to third-party websites from our Websites are provided solely as a convenience to you. If you use these links, you will leave this site. We have not reviewed these third-party sites and do not control them. SAS is not responsible for any of these sites, their content, or their privacy policies, and they are not subject to this Privacy Statement. SAS does not endorse or make any representations about them or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to our Websites, we encourage you to check their privacy policies and terms of use before providing your personal information to them.
Notice to Residents of the State of California
This section supplements the remainder of this Privacy Statement and applies solely to residents of the State of California, to the extent the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”) (collectively the “CCPA”), applies to SAS’ processing of their personal information (these individuals are referred to in this section as “California Consumers”). This section serves as the “Notice at Collection” required by the CCPA. As it relates to California Consumers:
The term “personal information,” when used in this Privacy Statement, has the same meaning as specified in the CCPA. Personal information does not include de-identified or aggregated information, or any other information the CCPA excludes from its scope.
Our statement that SAS “will not sell, rent or lease to others your personal information” includes any actions that meet the definition of a sale of personal information under the CCPA.
Additional Data Processing Disclosures:
The below table provides the categories of personal data we have sold, shared, or disclosed to third parties (as such terms are broadly defined by the CCPA), in the categories defined by the CCPA.
Categories of Personal Data Collected | California Privacy Rights Act Details: Categories of Third Parties to Whom Personal Data is “Sold or Shared” |
Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | Companies that operate Cookies and Tracking Technologies, described above, such as marketing and advertising partners.
Business partners who we partner with to jointly market or sell our products and Services, such as channel partners. |
Commercial information, including preferences, such as purchasing history or tendencies and transactional information. | None/not applicable |
Audio, electronic, visual, and other sensory information, such as recordings of your interactions with our technical support teams (e.g., for quality assurance or training purposes, in accordance with applicable laws); or customer support chat or messaging logs. | None/not applicable |
Internet or other electronic network activity information and device information, such as your browsing history, search history, device information, and other information (whether passive browsing or active engagement) regarding your interactions with us and use of our products, Services, emails, and other browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Companies that operate Cookies and Tracking Technologies, as described above, such as marketing and advertising partners. |
Geolocation information, such as approximate location based on your IP address, mobile device location, or information you provide to us (such as city and state). You may be able to control collection of this data through the settings of your device.
| Companies that operate Cookies and Tracking Technologies, described above, such as marketing and advertising partners. |
Inferences as defined by California law, such as marketing you are likely to positively react to. | None/not applicable |
CCPA Rights of California Consumers
The CCPA provides California Consumers with certain rights regarding their personal information. SAS will honor verified requests to exercise those rights, and will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.
- Accessing information SAS has collected about you
Upon request, SAS will provide California Consumers with information about our collection and use of your personal information over the last 12 months, including categories and specific pieces of personal information SAS has collected about you, our business purpose(s) for collecting them, and the categories of third parties with whom we share them. - Requesting that SAS delete your information
You may request that SAS delete any personal information it has collected about you. This right is not absolute, however, and under some circumstances SAS may decline to delete your personal information where permitted by the CCPA. - Opting Out of Sale or Sharing
We do not sell personal data to third parties in exchange for money. However, as we explain above, we share information with advertising partners and allow advertising partners to collect information from our websites. This exchange may be considered a “sale” or “sharing” under California law, and you have the right to opt out of this “sale” or “sharing” of personal data.
Exercising your CCPA rights
California Consumers can exercise their rights under the CCPA by visiting www.sas.com/privacyrights, where requests can be made in a web form, by email, or by telephone. Regardless of how you make your request, please provide sufficient detail for SAS to properly assess and respond to it. SAS may be unable to respond to incomplete or vague requests. SAS reserves the right not to respond to requests generated through third-party applications or automated processes without direct validation of the requests by data subjects using the resources provided by SAS for the exercise of these rights as described in this Statement.
Verification of Identity
SAS will require you to verify your identity before proceeding with your request. Requests made by someone acting on your behalf will require verification of the identity of you, the person acting on your behalf, and a valid power of attorney. Verification may require you or your representative to provide one or more forms of valid government identification.
Our Worldwide Practices
SAS is a global corporation with subsidiaries and affiliates and business partners in many countries, and with technical systems that cross borders. SAS may share your personal information among SAS affiliate entities. SAS has taken measures to ensure that all information is transferred among our affiliate entities in compliance with applicable law. Personal information collected on our site may be transferred across state and country borders and stored or processed in the United States or any other country in which SAS or its subsidiaries, affiliates, or business units maintain facilities for the purposes of data consolidation, storage, and simplified customer information management. SAS may also transfer your personal data to our subcontractors, vendors, or business partners in the United States and other countries who perform services on our behalf. By using the Websites, you consent to any such transfer of information outside of your country of residence or the country where the data was collected. SAS and our subsidiaries, affiliates, and business units will handle your information collected on our site in a consistent manner, as described here, even if the laws in some countries may provide less protection. For more information about practices specific to your jurisdiction, please visit the local privacy statements linked on this page.
International Data Transfers
SAS is a global organization, with legal entities, business practices, and technical systems that operate across borders. Your personal data may be collected, transferred to, and stored by us in the United States and by our subsidiaries and/or third-party service providers that are in other countries. Therefore, your personal data may be transferred and processed outside your jurisdiction and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (“EEA”). Where applicable law requires us to utilize a data transfer mechanism, we rely on adequacy decisions as adopted by the European Commission; standard contractual clauses issued by the European Commission; or pursuant to established derogations for specific situations.
For more information regarding international data transfers among affiliates, please visit www.sas.com/trust-center.
Changes to This Statement
If there are updates to the terms of this Privacy Statement, we will post those changes here and update the revision date in this document so that you will always know what information we collect online, how we use it, and what choices you have. Your continued use of the Websites following the posting of changes to this Privacy Statement means you accept those changes.
Your Acceptance of These Terms
By using the Websites, you accept and agree to the terms of this Privacy Statement.
How to Contact Us
SAS Institute Pte. Ltd.
1 Wallich Street, #16-01/02 Guoco Tower, Singapore 078881
Att. of Ms. Shiaw Lin Lew, Senior Legal Counsel & Data Protection Officer
January, 2023