SAS Technical Support Policy Regarding Customer Materials in Support Files

SAS Institute Inc., our subsidiaries, and affiliates ("SAS" or "we" or “us”) understand that privacy, fair information practices, and compliance with applicable data privacy laws are a priority for our customers, just as they are for SAS. The purpose of the SAS Technical Support Policy Regarding Customer Materials in Support Files (the “Policy”) is to describe how SAS Technical Support handles customer-controlled data to which SAS might be given access in connection with providing technical support. It is important to understand that this Policy does not apply to any other data that might be collected from you during the technical support process, including your contact information that is used to communicate about your support issue. That information is subject to the SAS Privacy Statement.

It is SAS policy not to take Personal Information (defined as any information that relates to an identified or identifiable person) in materials provided by its customers except where truly necessary to provide effective support.

In most cases, technical support issues can be resolved without the need for our customers to send Personal Information to SAS. SAS does not wish to collect any Personal Information that is not necessary for the provision of technical support, and requests that customers remove any Personal Information that is not necessary for these purposes from any materials that they share with SAS. In some cases, however, the presence of Personal Information might be necessary, such as when system logs that a customer needs to send to SAS contain incidental Personal Information such as IP addresses, user IDs, or information about devices and browsers.

When customers send data to SAS that includes Personal Information, it is typically through one of the following methods:

  • within the content of log files generated by the SAS® software installation or environment
  • in the course of customer communication with the SAS Customer Contact Center and/or SAS Technical Support personnel, including electronic chat, telephone calls, emails, and associated attachments
  • in the contents of customer-controlled files or records that are shared with SAS by other means, including by upload to FTP or similar sites, remote access, or physical media
  • through permitting SAS remote access to a customer system

Customers are solely responsible for providing any required notices and obtaining any required consents needed for the disclosure of any Personal Information that they send to SAS, and for otherwise ensuring that any such disclosure is done in a manner that complies with applicable law.

How SAS Handles Personal Information in Materials That You Provide

If your technical support issue results in you needing to send materials to SAS that include Personal Information, it will be used solely to address your technical support issue or for training of SAS employees related to providing support for similar issues. SAS will not sell, rent, lease, or disclose Personal Information contained in such materials except as described in this Policy.

SAS is a global corporation with subsidiaries, and affiliates and business partners in many countries. SAS Technical Support records, including log files sent to SAS, are stored in the United States and are accessible by support personnel worldwide as needed to provide customer support. For a list of SAS offices, visit www.sas.com.

Information provided to SAS Technical Support could in some cases be transferred to third parties, including the following:

  • SAS vendors, subcontractors, and processors, and/or business partners who assist SAS in providing technical support
  • companies other than SAS entities in connection with a sale or transfer of all or part of our business or assets
  • law enforcement or other government officials upon request if we believe that such disclosure is necessary or appropriate
  • as we otherwise believe is necessary to protect our rights or property

Data Security and Specially Regulated Data

SAS maintains a comprehensive information security program and applies appropriate physical, technical, and organizational measures that are reasonably designed to protect information that customers provide in the technical support process against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.

Our ordinary technical support systems and processes are NOT, however, appropriate for the receipt of highly sensitive or specially regulated data, such as government identification numbers, health information, credit card numbers, or bank account numbers. If you believe that you have a data file that might contain regulated information of this sort and need it to be used for technical support, do not send the file without making further arrangements with the technical support team. In most cases, we can identify a safe, viable alternative such as data masking or obfuscation that enables customers to receive the support that they need without exposing sensitive information.

Data Retention

Customer support information, including log files used in connection with technical support issues, is kept with customer support records for reference in the event that further work on the issue is needed or related issues arise in technical support. Support records might be kept for any period of time as legally required or permitted by applicable law.

 

Version 2.0, published October 8, 2018, last revised October 8, 2018