• Information and Communications Technology
  • Software


Swiss-U.S. Privacy Shield Framework: Inactive - Lapse

Original Certification Date: 7/21/2017
Inactive Start Date: 10/14/2021

Purpose of Data Collection

SAS's Managed Hosted Customer Environments ("we", "us" and "our") is a business unit of SAS Institute Inc. offering software as a service (SaaS), enterprise hosting, remote managed services and other analytics solutions, and the subject-matter experts to manage them. To provide those offerings to our customers we collect, receive, access, use and disclose certain personal data. The types of personal data we process include Customer Information and Client Information. Customer Information is information that we receive from customers, or from third parties at their direction, about their data subjects. We collect only the Customer Information that customers provide to us or direct us to collect in order to provide services to them. Customer Information may include personal data about different types of individuals, including: consumers, employees, patients, students, donors, volunteers, business clients, suppliers and other business partners. Such personal data may include basic contact information, such as name, postal address, email address and phone number, as well as more sensitive personal information, such as financial information, personal health information, clinical trial data, demographic information, purchase information, market-research information, and employee and student performance information. We collect and process Customer Information only for the purpose of providing services to our customers and in accordance with our agreements with them. Client Information is personal data about people in our customers' organizations, such as account managers and users, who interact with SAS and its systems. Client Information usually is limited to name, work email address, work phone number and job title. We use Client Information to support customer accounts, maintain our business relationship with customers, respond to customer inquiries and perform accounting functions. Client Information may also include User Information. User Information is information generated by computers that interact with our systems. User Information may used to improve the content and navigation features of our sites, to identify future features and functions to develop for the sites, to provide better customer service, for authentication and security and/or to remember user settings. We may also use User Information to help us prevent and detect security threats, fraud or other malicious activity, and to ensure the proper functioning of our products and services. SAS may additionally use Customer Information and Client Information for the following purposes: (1) to maintain and upgrade a system, (2) to address performance and fix issues, and (3) to meet legal requirements. SAS may disclose personal data to business partners and subcontractors, as necessary, for the purpose of providing our offerings and performing other requested services, or as otherwise appropriate in connection with a legitimate business need. These companies are authorized to use personal data only as necessary to provide these services to us. We may also disclose personal data to a third party, as necessary, in connection with the sale or transfer of all or part of our business. Finally, we may disclose personal data as required or permitted by law, such as in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when we believe in our sole discretion that disclosure is otherwise required by law or necessary or appropriate to protect our rights.

Dispute Resolution

Questions or Complaints?

If you have a question or complaint, please contact SAS Institute Inc. at:

Lynn Leubuscher
Privacy Counsel
SAS Institute Inc.
SAS Campus Drive
Cary, North Carolina 27513

Appropriate statutory body with jurisdiction to investigate any claims against SAS Institute Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission