homepage
Call Open menu
Request Info Apply Now

Additional Information About your Data Protection Rights

Residents of the European Union and the United Kingdom

If you are a resident of the European Union (E.U.) or United Kingdom (U.K.), the E.U. or U.K. General Data Protection Regulation (collectively, the “GDPR”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy . Under the GDPR, you have a number of rights. For example, you can request to see a copy of the personal information we process about you, to delete or rectify your personal information, or to transfer your personal information elsewhere. You also have the right to make a complaint to your local supervisory authority and in the first instance to our Data Privacy Department.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the United States of America (U.S.A.) and other jurisdictions outside of the U.S.A., the E.U.- or the U.K.

We want to assure you that SANS is fully committed to compliance with the GDPR when it comes to international data transfers. We take data privacy seriously and apply the necessary safeguards to ensure the protection of your data. Specifically, we utilize the Standard Contractual Clauses (SCC) for our E.U.-based transfers and the International Data Transfer Agreement (IDTA) for our U.K.-based transfers, to guarantee that your data is transferred securely and in accordance with GDPR requirements. Your privacy and data security are of utmost importance to us, and we are dedicated to upholding the highest standards in this regard.

Residents of Australia

If you are a resident of Australia, the Privacy Act (“TPA”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy. Under the TPA, individuals have several rights including:

  • Right to Anonymity and Pseudonymity: Individuals have the right to interact with us without revealing their true identity or by using a fictitious name, unless this is impractical or legally prohibited for the specific transaction.
  • Right to Opt Out of Direct Marketing: Individuals have the right to opt out of receiving direct marketing communications at any time. Opt-out rights can be exercised by clicking here, by contacting privacy@sans.org, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.
  • Right to Access Personal Data: Individuals may request a copy of their personal data from us in a clear and readable format.
  • Right to Request Personal Data Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Notice of Data Collection: Individuals must be notified by us when we collect their information detailing the purpose of collection, potential disclosures and consequences of not providing the data.

You have the right to make a complaint with the Office of the Australian Information Commissioner. You also have the right to make a complaint to our Data Privacy Department.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of the Australia. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of Brazil

If you are a resident of Brazil, the General Personal Data Protection Law (“LGPD”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy. Under the LGPD, you have several rights that you can exercise free of charge and through a facilitated procedure, including:

  • Right to Confirmation of Processing and Access to Data: Individuals have the right to know if their data is being processed by us and to access that data in a clear format.
  • Right to Request Personal Data Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Anonymization, Blocking, or Deletion: Individuals may request the anonymization, blocking, or deletion of unnecessary or non-compliant data held by us.
  • Right to Data Portability: Individuals may request that their data be transferred to another service provider in a structured, machine-readable format.
  • Right to Deletion of Consent-Based Data: Individuals may request the deletion of data processed based on consent, with some exceptions.
  • Right to Request Information on Data Sharing: Individuals have the right to be informed about entities with which their data has been shared.
  • Right to Information on Consequences of Denying Consent: Individuals have the option to deny consent to the processing of certain information by us and may request information on its potential impacts.
  • Right to Revocation of Consent: Individuals may withdraw consent to the processing of their data by us at any time.
  • Right to Review of Automated Decisions: Individuals may request a review of our decisions based solely on automated data processing that affect them.
  • Right to Complain: Individuals may file complaints with the national data protection authority (ANPD) or consumer defense bodies. Individuals may also file a complaint to our Data Privacy Department.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of Brazil. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of Japan

If you are a resident of Japan, the Act on the Protection of Personal Information (“APPI”) regulates our handling of your personal data. Under the APPI, our use of your personal information must adhere to strict guidelines regarding the collection, use, and storage of personal data, including obtaining your consent before processing your data and ensuring that adequate security measures are in place to protect your personal information. Under the APPI, you have several rights, including:

  • Right to Access: Individuals may request access to their personal data held by us. This includes not only the data itself (which can be requested in hard or digital copy) but also information regarding the purpose of use and records of any third-party transfers.
  • Right to Request Personal Data Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Cessation of Use:Individuals may request that we stop using or delete their personal information if (i) the data is being used beyond the specified purpose without consent, (ii) the data was collected unlawfully or by deceitful means, (iii) a data breach has occurred that infringes on their rights, or (iv) the data is no longer necessary for the original purpose.
  • Right to Object to Third-Party Transfer: Individuals may request that their data not be transferred to a third party, especially if done without proper consent or a legal basis.
  • Right to Withdraw Consent: Where data processing is based on consent, individuals may withdraw that consent at any time.
  • Right to be Informed: We must provide individuals with information about the collection, purpose of use, and any potential third party recipients of individuals’ personal data.
  • Right to Complain:Individuals may file a complaint with our Data Privacy Department and with the Japanese supervisory authority, the Personal Information Protection Commission (PPC).

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of Japan. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of The Kingdom of Saudi Arabia

If you are a resident of the Kingdom of Saudi Arabia (“K.S.A.”), the Personal Data Protection Law (“PDPL”) is applicable to our use of your personal information. There are two connected regulations – the “Implementing Regulations to the PDPL” and the “Regulations on Personal Data Transfers Outside the Kingdom” (“Transfer Regulations”). The PDPL guarantees individuals several rights regarding their personal data, including:

  • Right to be Informed: Individuals must be informed of the legal justification for collecting their personal data, the purpose of the collection, the identity and reference address of the data collector, the entities to which the personal data may be disclosed, and their capacity; whether the personal data will be transferred, disclosed, or processed outside the KSA, the potential risks and consequences of not completing the data collection process, and the rights of the individual.
  • Right to Access: Individuals may request a copy of their personal data from us in a clear and readable format.
  • Right to Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Request Destruction: Individuals may request that we destroy any of their personal data that is no longer needed.
  • Right to Withdraw Consent to Processing: Individuals may withdraw their consent for us to process their personal data at any time, except in cases stipulated by the Personal Data Protection Law and its implementing regulations.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of the K.S.A. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of Singapore

If you are a resident of Singapore, the Personal Data Protection Act (“PDPA”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy. Under the PDPA, you have several rights, including:

  • Right to Access: Individuals may request access to their personal data and information on our use or disclosure of such personal data in the past year. A reasonable fee may apply for access requests.
  • Right to Correction: Individuals may request corrections to their data held by us. We must make corrections promptly and notify relevant parties.
  • Right to Withdraw Consent: Individuals may withdraw consent for the collection, use, or disclosure of personal data by us with reasonable notice. Note, there may be consequences to individuals who withdraw consent for the processing of data by us. We can explain those consequences upon receipt from an individual of a request for withdrawal of consent.
  • Right to be Informed: Individuals have the right to be informed about the purposes of data collection by us at the time it is collected.
  • Right to Data Portability: Individuals may have the right to obtain personal information in a format that allows the individual to transmit the information to another entity easily, and to the extent technically feasible, individuals have the right to have the personal information delivered in a readily usable format.
  • Right to Complain: Individuals may complain to our Data Privacy Department and, if unresolved, to the Personal Data Protection Commission (PDPC), without fear of discrimination.

SkillsFuture Program

Please note that SANS Training PTE Limited (“SANS Singapore”) participates in the Singapore SkillsFuture program, and that if you utilize a SkillsFuture Credit to assist in payment of a SANS course or GIAC certification, SANS Singapore as required by law may collect and provide certain information about you to the SkillsFuture Singapore Agency including your NRIC and/or passport number, attendance record at SANS courses, course assessments and GIAC examination results.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org. You may also reach out to singapore@sans.org to reach a local Data Protection Officer representative.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of Singapore. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of the United Arab Emirates

If you are a resident of the United Arab Emirates (“UAE”), the UAE Data Protection Law, officially known as Federal Decree Law No. (45) of 2021 (“PDPL”) establishes a comprehensive framework for the protection of personal data, ensuring privacy rights and accountability in data processing. You have several rights under the PDPL, including:

  • Right to be Informed: Individuals must be informed by us regarding data collection purposes, data sharing with third parties, data storage duration, and safeguards for international data transfers before processing occurs.
  • Right to Access: Individuals may request their personal data from us in a clear and machine-readable format.
  • Right to Rectification: Individuals may ask for the correction, completion, or updating of their personal data by us if it is inaccurate or outdated.
  • Right to Erasure: Individuals may request the deletion of their personal data held by us, particularly if it is no longer necessary for its original purpose, if consent is withdrawn, or if processing is unlawful.
  • Right to Restriction of Processing: Individuals may request the suspension or limitation of processing of their personal data by us in certain situations, such as when they dispute data accuracy or object to processing.
  • Right to Object to Processing: Individuals may object to their personal data being processed by us, especially direct marketing or statistical surveys (unless public interest applies), or if it violates PDPL principles.
  • Right to Data Portability: Individuals may request to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transfer it to another data controller if technically feasible.
  • Rights regarding Automated Decision-Making: Individuals have the right not to be subject to decisions based solely on automated processing that have legal or significant effects on them and can request human involvement and challenge the decision.
  • Right to Withdraw Consent: Individuals may withdraw consent easily and at any time, without affecting prior processing.
  • Right to Complain: Individuals may file a complaint with our Data Privacy Department and, if necessary, with the UAE Data Office if they believe their rights have been infringed upon.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of the UAE. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

United States – State Privacy Rights

Residents of California

If you are a California resident, the California Consumer Privacy Act (“CCPA”) may grant you the following rights:

  • Right to Know: You may request from a business that collects personal information about you disclose the following: (1) the categories of personal information it has collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting, selling, or sharing personal information; (4) the categories of third parties to whom the business discloses personal information; and (5) the specific pieces of personal information it has collected about you. California residents may make a Request to Know up to two times every 12 months.
  • Right to Correction: You may request that a business correct inaccurate personal information that the business mains about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to Deletion: You may request that a business delete any personal information about you which the business has collected from you.
  • Right to Opt Out of Selling and Sharing: You may request that a business not sell your personal information to a third party or share your personal information with a third party for purposes of cross-context behavioral advertising. Opt-out rights can be exercised by clicking here or by contacting privacy@sans.org, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.
  • Right to Non-Discrimination: You may not be discriminated against because you exercised any of your CCPA rights.

If you are a California resident, you may specifically instruct us not to sell or share your personal information as described above. Please note, neither SANS, GIAC nor the SANS Technology Institute sells or shares the personal information of individuals under the age of 16. If you are a California resident and would like to make a request to exercise your rights under the CCPA, please contact privacy@sans.org. We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth in the Section entitled “Contact Us” in our Privacy Policy.

Process to verify Requests to Know, Requests to Delete, and Requests to Correct: We will acknowledge receipt of your Consumer Request, verify it using processes required by law, then process and respond to your request as required by law. To verify such requests, we may ask you to provide the following information: 

  • For a Request to Know categories of personal information which we collect, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you against information in our systems that is considered reasonably reliable for the purposes of verifying a consumer’s identity.
  • For a Request to Know specific pieces of personal information, Requests to Delete, Requests to Correct, we will verify your identity to a high degree of certainty by matching at least three pieces of personal information provided by you to personal information maintained in our systems and also by obtaining a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request.

An authorized agent can make a request on a California resident’s behalf by providing a power of attorney valid under California law, or by providing: (1) proof that the consumer authorized the agent to do so; (2) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete, as outlined above; and (3) direct confirmation that the consumer provided the authorized agent permission to submit the request.

Residents of the United States (excluding the State of California)

Certain U.S. state consumer data protection laws provide residents with rights regarding their personal information. If you reside in a state with such a law, you may have the following rights, subject to applicable exceptions:

  • Right to Access: You may confirm whether a business is processing personal information and, where applicable, to access such personal information.
  • Right to Data Portability: You may obtain personal information in a format that allows you to transmit the information to another entity easily, and to the extent technically feasible, to have the personal information delivered in a readily usable format.
  • Right to Correction: You may correct inaccuracies in the personal information that a business has stored, taking into consideration the nature of the personal information and the purposes of the processing.
  • Right to Deletion: You may request that a business delete personal information about you that has been collected by the business.
  • Right to Opt Out: You may opt out of the processing of your personal information by a business for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Opt-out rights can be exercised by clicking here, by contacting privacy@sans.org, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

Appeals

If we decline to act on your request within a reasonable time frame, you may appeal our decision in accordance with applicable U.S. state law. We may respond to your request within 45 days of receipt and may subsequently extend that deadline by an additional 45 days when reasonably necessary. Should we need to extend the deadline, we will notify you of such need to extend within the initial 45-day response period.

Submitting Requests

Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests and Right to Appeal Requests, may be submitted by contacting us at privacy@sans.org. Right to Opt Out Requests may also be made by clicking here or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences. Unless a state law provides otherwise, you may exercise your rights outlined above once per 12-month time period free of charge. For additional requests, we may charge a fee in accordance with applicable law.

We will use the following process to verify Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests, and Right to Appeal Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, and then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Sensitive Data

We do not intentionally collect sensitive data. “Sensitive data” means personal information that, due to its nature, merits higher protection. This generally includes information regarding an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data used for identification, health information, sexual orientation or information, precise geolocation, information about children (under 16 years of age), government-issued identification numbers, citizenship status, financial account credentials and any other information that applicable law designates as sensitive or requiring a higher level of protection.

If you voluntarily provide us with sensitive data - for example, when requesting an accessibility accommodation - we will only use it for the purpose of responding to that request and will keep such information only as long as necessary to address the request or as required for regulatory or audit obligations.