July 2024
Welcome to our privacy notice and thank you for taking the time to read it. We hope it provides you with the information you are looking for, but if you need more, please reach out to us at [email protected], or any other local email address provided in Section 16.
We understand how important privacy and the security of your personal data are to you. They are important to us too. We adopt a privacy by design approach in everything we do. This means we develop our business strategies, products, services, websites and applications with your privacy in mind.
This privacy notice aims to give you useful information about how we process your personal data. This privacy notice applies to you if you are:
If you are, seek to be or were previously engaged by Sage as a colleague or contractor, you should consult our Sage Privacy Notice for Potential, Current and Former Colleagues and Other Workers.
Depending on where you are located, additional regional content may apply to you. Please consult Section 16 below to find supplemental information describing how we process personal data in your region.
We may update this privacy notice from time to time and will publish revised versions on our Website.
How to navigate this notice
Whilst we encourage you to read all of this privacy notice, we appreciate you may find some content more relevant to you. For easier navigation, we have split this privacy notice into sections. You can expand any section by clicking on it; that way, you can quickly find and explore the areas that are of most interest to you.
Download a PDF version of the Sage Privacy Notice.There are some terms we use in this privacy notice to be concise, and this is what they mean:
Solutions means our software products, features, services, and applications, including in the context of a trial.
Websites means Sage.com, any linked pages and any other website controlled by Sage.
You or your means you (the person reading this) or the individual whose personal data is processed by us.
We, us, our, or Sage means Sage Group plc and its affiliate companies (the Group). Sage is made up of several group companies across the world. This privacy notice is issued on behalf of all the Sage entities in the Group and will provide information about each Sage entity's use of personal data. Depending on where you are located, a different Sage company or companies will be processing your personal data. You will find here the list of all relevant Sage companies by region. Please note that other Sage companies may also process your personal data depending on which Sage company you enter a contract with or otherwise engage with as part of your relationship with Sage.
We have appointed a Chief Data Protection Officer for the Group, who is supported by a network of privacy experts, including local Data Protection Officers (“DPOs”). For any privacy related request contact our local privacy experts or DPOs using the contact details provided in Section 16. If in doubt, please contact [email protected].
If you provide us with personal data about someone else, you are responsible for ensuring that you are permitted to share that personal data and comply with any applicable legal obligation. This may include explaining to that individual why you are collecting their personal data and what you are doing with it and obtaining their consent if relevant under applicable law. We also recommend that you direct them to read this privacy notice.
To the extent permitted under applicable law, we may collect personal data about you and any other individual either directly or indirectly, if that data is provided to us by another party.
We collect your personal data when: |
|
You interact with us directly |
This can be through our Websites, Solutions, forms (including where you only complete them partially, in which case we may use your personal data to contact you to remind you to complete any outstanding information and/or for marketing purposes), surveys, competitions, use social media, or contact us by phone, email, chatbots, fax or post. |
You use our Websites and Solutions |
We may collect your personal data using cookies or similar technologies (as described in our Cookie Policy). |
You or your organisation provide(s) services to us |
In this context, we may collect basic personal data about you (mainly professional contact details). |
Third parties provide us with personal data about you |
This can happen where:
|
In the context of corporate acquisitions |
For example, where we acquire a business that had an existing relationship with you. |
You participate in events organised by us |
This happens where you attend seminars, learning, training or other events organised by Sage virtually or in person, or where you attend our premises for an event. |
We collect the following categories of personal data:
This only applies to the extent you, your employer, customer or provider are using the Solutions listed below.
This section describes the purposes for which Sage processes your personal data and the corresponding lawful basis for that processing.
The lawful basis is our legal justification to process your data for the purposes of data privacy laws applicable in the European Economic Area (“EEA”), the United Kingdom and South Africa. The “Lawful basis” column below is not relevant to you if you are located outside these regions.
Purpose |
Category of individual |
Lawful basis |
Establishing you as a customer on our systems, providing you with any information or Solutions that you have requested or purchased and sending you updates or service-related communications about these Solutions. |
Customers and/or their main contacts, |
Performance of our contract with you or our legitimate interests |
Managing and administering your account, your billing and payments, and our relationship with you (for example, customer service and support activity, including troubleshooting or managing complaints). |
Customers and/or their main contacts, Solutions and Websites users |
Performance of our contract with you or our legitimate interests |
Providing Sage University Services (facilitating the use of Sage U, processing orders for Solutions, provisioning solutions you have purchased, answering customer service requests, displaying reviews, images and other content and media you submit, maintaining and administering your account). We share your personal data with Cornerstone, which hosts Sage U on our behalf. Cornerstone is an independent data controller in respect of personal data and processes such personal data pursuant to its own privacy notice hosted at http://sageu.com/legal/. |
Customers and/or their main contacts, |
Performance of our contract with you or our legitimate interests relating to providing you with services |
Provide Solutions involving the use of Artificial Intelligence and Machine Learning; see Section 8 below “Artificial Intelligence and Machine Learning?” and Section 9 below “Sage Network” for more information. |
Customers and/or their main contacts, their vendors and customers (or their main contacts), |
Our legitimate interests relating to providing a service |
Create and administer your Sage ID. If you create a Sage ID to access our Solutions, it is attached and relates to you. If you use it to access your Sage Solution, it will exist regardless of that Solution, and you may be able to use it with another of our Solutions. Likewise, if your employer uses one of our Solutions and you create a Sage ID to access your payslips online, you will retain that Sage ID regardless of your employment or your employer’s relationship with us. You will create your username which will be an email address of your choice. Data collected within Sage ID is used for audit, access, service improvement, and support purposes, but it is not available for any marketing, surveys or other outreach to you. When you use your Sage ID, Sage will authenticate you by sending the product your personal data in the form of a ‘JWT Token’. This is a technically necessary piece of information which includes your first name, last name, current email address and a unique ID (which is how we can track users and authenticate users) i.e., this ID will not change, but you might change your Sage ID credentials. We may also capture the region selected so we can provide the Solution in the appropriate language and our Solutions need this personal data to correctly address you and communicate with you. |
Customers and/or their main contact, |
Our legitimate interest relating to providing a service |
Purpose |
Category of individual |
Lawful basis |
Monitoring, measuring, improving, and protecting our content, Websites, Solutions, and providing you with an enhanced, personalised user experience. |
Customers, Solutions and Websites users |
Consent (if using cookies) or our legitimate interests |
Undertaking internal testing of our Website, Solutions, systems and associated services to test and improve their security, provision and performance. |
Customers, Solutions and Websites users |
Our legitimate interests |
Carry out research and development activities to improve our Solutions (including by seeking and obtaining your feedback) see sections 8 “Artificial Intelligence and Machine Learning?” and 9 “The Sage Network” below for more information. |
Customers and/or their main contacts, their vendors and customers (or their main contacts) |
Our legitimate interests |
Carry out research and development activities to design and develop new Solutions; see sections 8 “Artificial Intelligence and Machine Learning?” and 9 “The Sage Network” below for more information. |
Customers and/or their main contacts, their vendors and customers (or their main contacts) |
Our legitimate interests |
Monitoring and carrying out statistical analysis and benchmarking regarding the use of our Websites, platforms, and Solutions, as permitted by applicable law. See section 7 “Profiling and automated decision making” below for more information. |
Customers, |
Consent (if using cookies) or our legitimate interests |
Maintaining, checking, and improving the security and integrity of our Websites, Solutions, systems, platforms, and communications (and detecting and preventing actual or potential threats to the same). |
Customers, |
Our legitimate interests or our legal obligations |
Purpose |
Category of individual |
Lawful basis |
Conducting surveys for customer research, benchmarking, improvement and marketing purposes, which may involve us sharing your personal data with trusted third parties who assist us with these activities. |
Customers, Solutions and Websites users, Prospects |
Consent (if for marketing purposes) or our legitimate interests |
Providing you with any information as required to comply with our legal or regulatory obligations. |
Customers and/or their main contact |
Legal obligation |
Sending newsletters to you. |
Customers and/or their main contacts, |
Our legitimate interests if you have requested the newsletter or your consent if not |
Posting testimonials or reviews in relation to our Solutions which you have supplied to us. |
Customers and/or their main contact, |
Consent |
Sending you electronic direct marketing communications, analysing how you engage with our electronic marketing communications (including whether you open them and click through to access their contents). |
Customers and/or their main contacts, Prospects, |
Consent |
Organising and managing events or contacting you if you have attended a Sage event or an event partnered by Sage. We may share personal data about your attendance with trusted third parties. We, or a trusted third party, may also contact you after an event to get some feedback about the event to help us improve our future events. |
Customers and/or their main contact, |
Consent or contract |
Delivering joint content and services with third parties with which you have a separate relationship, for example, social media providers including LinkedIn or Instagram. |
Customers and/or their main contact, Prospects |
Consent or our legitimate interests |
Monitoring and carrying out statistical analysis and benchmarking regarding the use of our Websites, platforms, and Solutions, as permitted by applicable law. See section 7 “Profiling and automated decision making” below for more information. |
Customers, |
Consent (if using cookies) or our legitimate interests |
We may use your personal data to contact you with details about our business, our Solutions or other offers which we feel may be of interest to you or which you have asked for. We may also share your personal data with other companies in our Group and carefully selected third parties so that they (or we) may contact you with information about their products or services which we feel may be of interest to you. We or they may wish to contact you for this purpose by telephone, within a Solution, by post, SMS message or email, or other communication platform.
We will only contact you by email or SMS message in line with your marketing preferences. You can unsubscribe from email marketing using the links provided in the emails we send to you.
Purpose |
Category of individual |
Lawful basis |
Performing due diligence reviews. |
Customers and/or their main contacts, |
Our legitimate interests or legal obligation |
Detecting, preventing, investigating, reporting, or remediating any criminal, illegal or prohibited activities (including fraud and money laundering), or to otherwise protect our legal rights (including liaison with official bodies, regulators, and law enforcement agencies for these purposes). |
Customers, Solutions and Websites users, |
Our legitimate interests |
Obtaining legal or other professional advice and establishing, defending, and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings). |
Customers and/or their main contacts, |
Our legitimate interests |
Managing, planning, and delivering our global business and marketing strategies (including collating management information and recording and reporting on our business development activities). |
Customers, |
Our legitimate interests |
Purchasing, maintaining, and claiming against our insurance policies. |
Customers and/or their main contact, |
Our legitimate interests |
Training our staff, supporting their learning, development, and performance. |
Customers and/or their main contacts, |
Our legitimate interests |
Managing any proposed sale, purchase, restructuring, transfer or merging of any or all part(s) of our business or another business, including to respond to queries from the prospective buyer or merging organisation. |
Customers and/or their main contacts, |
Our legitimate interests |
Managing, publicising, and participating in corporate social responsibility and Environmental Social and Governance (ESG) initiatives. For example, we may anonymise and/or aggregate your personal data to create reports or dashboards and share those with trusted third parties or on our Websites, to raise awareness on topics that are important to us, such as supporting the growth of small and medium businesses. |
Customers and/or their main contacts, |
Our legitimate interests |
Comparing information for accuracy, to categorise it, and to verify it with our systems or third parties. |
Customers, |
Our legitimate interests or legal obligation |
Complying with any of our legal or regulatory obligations (including our responsibilities under codes of conduct and anti-bribery laws). |
Customers and/or their main contacts, |
Legal obligation |
Complying with instructions, orders and requests from law enforcement agencies, regulatory bodies, supervisory authorities, any court or otherwise as required by law. |
Customers and/or their main contacts, |
Legal obligation |
Monitoring and recording communications with you, including e-mails, webchats and phone and other voice or video conversations (after informing you of the monitoring and/or recording during that call and before the recording starts), for training purposes. |
Customers and/or their main contacts, |
Consent |
Protecting our assets, our customers, and their assets, and protecting our employees and other workers from unacceptable behaviour, fraudulent or other harmful communications or actions by using CCTV video surveillance, monitoring and recording in or around our premises. |
Customers and/or their main contacts, |
Our legitimate Interests |
Enhancing personal data we collect from you with data we obtain from third parties that are entitled to share that data; for example, data from credit agencies, search information providers or public sources (e.g., for customer due diligence purposes, or to improve accuracy of our records), but in each case as permitted by applicable law. |
Customers and/or their main contacts, their vendors and customers (or their main contacts) |
Our legitimate Interests |
Purpose |
Category of individual |
Lawful basis |
Delivering targeted advertising and marketing campaigns (which may include in-Solution messaging) or sharing information with which may be useful to you, based on your use of our Website, Solutions, or any other data we hold about you. |
Customers and/or their main contacts, |
Consent or our legitimate interests |
Providing you with location-based services, for example, targeted advertising and other personalised content, where we collect geo-location data. |
Customers and/or their main contacts, |
Consent |
Ensuring our advertisements match the potential interest of users, tracking the efficiency of ads and optimising the effectiveness of our campaigns. We use Conversion APIs provided by Meta, Google and LinkedIn. An API is a software intermediary allowing two applications to talk to each other, when using a conversion API, we allow our server to communicate with these third-party servers. Where you consent to “Targeting technologies” on our website, we collect information about your usage of our website from our server logs and share this information with these third parties for the abovementioned purposes. We also share what we call “offline” data, which is information we collected from our interactions with you that took place outside of our website and can help us understanding your entire experience with Sage. This data includes your hashed contact details, as well as information about your organisation and information about your interactions with Sage (e.g. whether you are interested in a product, which product it is, how interested you are). When using the Meta Conversion API, Sage is a joint controller of personal data with Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta”) for the purpose of creating, displaying and improving targeted ads. We have concluded a joint-controllership of personal data agreement with Meta which can be accessed here, to determine the respective responsibilities for compliance with the obligations under the UK and EU General Data Protection Regulations (together “GDPR”) with regard to the joint processing of data. Under this agreement, Sage and Meta have agreed that Meta would be responsible for enabling data subject rights of individuals with regards to the personal data stored by Meta after the joint processing. The contact details of Meta can be found here, as well as further information on how Meta processes personal data, including the lawful basis Meta relies on and how individuals can exercise their data subject rights. You can deactivate this tool by withdrawing your consent to “Targeting technologies”. |
Website users |
Consent |
Profiling
Profiling activities consist of using personal data of individuals to predict their interests and likely behaviours. This is usually carried out using behavioural information and, amongst other uses, helps us to inform our decisions about marketing audiences. This allows us to send the right message to the right audience.
We may use personal data generated when you use our Solutions and Websites to improve them, and give you the best service and experience. This means that we may use personal data (including data collected using cookies and similar technologies) to evaluate and predict your personal preferences and interests. Please note that this is subject to your consent where required by applicable law.
We may conduct profiling activities to:
Please be aware that, in connection with the purposes above, we may use the personal data of your customers, suppliers, employees, and other individuals, whose personal data you input into our Websites or Solutions.
Automated decision-making
We do not conduct any automated decision-making with a significant or legal effect, or otherwise, about you or any individuals.
Sage is committed to innovation and is constantly evaluating new ways to improve its Solutions and develop new ones. Using Artificial Intelligence (“AI”) and Machine Learning (“ML”) allows us to improve our Solutions, giving you access to new, functionalities and automated features (e.g. automatic processing of invoices).
ML is a type of AI which uses data and algorithms to recognise patterns, drawing inspiration from the way humans learn. It provides systems the ability to automatically learn and improve from experience, without being explicitly programmed. It usually works with ML models, which are programs trained to recognise patterns in previously unseen data sets.
Sage uses ML in some Solutions and may process personal data listed in Section 5(9), “Data processed using Solutions”, to deliver these ML powered services. For the purposes of delivering ML powered services, personal data is generally used for the purpose of:
(1) Building an ML model, and continuously training it
We build and train ML models using data including personal data, so they can perform the task they have been designed to perform. For example, to design a service allowing the automatic processing of invoices, we would create an ML model designed to recognise specific data fields in an invoice and train this ML model on a number of invoices so it can learn where these fields are located and what they are likely to contain. This ML model would then continually be updated and trained based on new invoices. The purpose of this processing is to create an accurate ML model and continuously ensure its accuracy.
(2) Providing the Solution
Personal data entered in the Solution is consumed by the ML model to deliver the service it has been programmed to deliver. For example, an ML model designed to automatically process invoices would, once trained, be applied to new invoices to automatically recognise fields and populate them into a Sage Solution.
The purpose of our use of AI and ML at Sage is not to make decisions about individuals. Our purpose is to automate manual and time-consuming processes for the benefit of our customers and other parties.
Sage has created a trusted network, the Sage Network, with the purpose of interconnecting our Solutions, as well as our partner solutions. The aim of the Sage Network is to provide additional, innovative and integrated Solutions to you (the “Sage Network Services”), to help automate your workflows and improve your customer/user experience. For this purpose, data inputted into our Solutions, and listed in in Section 5(9), “Data processed using Solutions”, may be shared with other Solutions and platforms (together the “Sage Network Platform”), to facilitate provision of the Sage Network Services.
Sage is mostly acting on behalf of its customers in the context of the Sage Network (as a data processor under European Union – “EU”- and UK data protection laws), and the processing of personal data to provide Sage Network Services is covered by our Data Protection Agreement.
Data processed in the Sage Network Platform may however be processed by Sage for the following purposes (as a data controller under EU and UK data protection laws):
Processing of personal data by Sage as a data controller under EU and UK data protection laws in the context of the Sage Network will be carried out in accordance with this privacy notice.
We may obtain personal data through mobile applications that you or your users install on mobile devices to access and use our Websites or Solutions, or which you or your users use to provide other services related to that mobile application (for example, to sync information from our Solution with that mobile application).
These mobile applications may be our own Solutions or be provided by third parties. Where the mobile application is operated by a third party, you must read that third party’s own privacy notice which applies to your use of that third party mobile application. We are not responsible for those third party mobile applications or the use of your personal data by those third parties.
Mobile applications may provide us with personal data related to your use of that mobile application and / or our Websites or Solutions accessed through that mobile application. We may use this personal data to provide and improve the mobile application or our own Website or Solution. For example, activity undertaken within a mobile application may be logged for review.
You can configure application privacy settings on your mobile device, but this may affect the performance the application and the way it interacts with our Websites and Solutions.
Sometimes we may need to share your personal data with third parties. This will usually be because you have asked us to, we are required to by law, or because a third party integrates with our Solution or provides us or you with a service. You will find in the table below a list of third parties with which we may share your personal data and why.
Third parties |
Reason |
Our service providers and agents (including their sub-contractors) or third parties which process personal data on our behalf (e.g., internet service, cloud storage and platform providers, payment processing providers and those organisations we engage to help us send communications to you); third parties with which you request that we share personal data with for your own or their purposes. |
Helping us to provide you with the Solutions and information you have requested or which we believe is of interest to you. |
Partners, including system implementers, resellers, value-added resellers, independent software vendors and developers. |
Allowing partners to provide you the Solutions, services, and information you have requested or which they believe is of interest to you. |
Another company within our Group. |
Helping us to provide you with the Solutions and information you have requested or which we believe is of interest to you, or in the context of a restructuring. |
Third parties used to facilitate payment transactions, for example clearing houses, clearing systems, financial institutions, and transaction beneficiaries. |
Helping us to ensure payment for Solutions. |
Other parties who may also be controllers of the data we share with them, for example, academic or research organisations. |
Research necessary for our own or another organisation’s legitimate interests (e.g., to deliver valuable insights to our customers or enable us to improve the service we offer you). In these circumstances, we will take additional steps to protect your personal data, for example pseudonymisation, or anonymisation and aggregation prior to sharing the data, to protect your privacy and the confidentiality of your data. |
Third parties where you have a relationship with that third party, such as social media providers, partners, and other third parties with which we work and whose products or services we think will interest you in the operation of your business activities. |
Marketing and targeting purposes. |
Credit reference and fraud prevention agencies; government bodies and departments, regulators and any other third party necessary to meet your or Sage Group’s legal, regulatory, and reporting obligations; law enforcement agencies so that they may detect or prevent crime including fraud or prosecute offenders including statutory or regulatory reporting or the detection or prevention of unlawful acts; any third party in the context of actual or threatened legal proceedings; professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities. |
To comply with applicable laws and regulations and to protect our business. |
Another organisation if we sell or buy (or negotiate to sell or buy) any business or assets, another organisation to whom we may transfer our agreement with you. |
In the context of an acquisition, sale or restructure. |
When we share personal data with third parties which are providing us with services, or providing services to you on our behalf, we always have an agreement in place to ensure protection of your personal data i.e., that it is only used for agreed purposes and in accordance with applicable laws.
More information can be found in our specific cookie policies relating to Websites and Solutions, but it is worth mentioning here that our Website and Solutions may contain technology that enables us to:
The cookie policy for the Sage.com website can be found here. For those Solutions using cookies and similar technologies, a cookie policy will be made available to you directly in the Solution, usually in the Solution Help Centre.
If you follow a link which takes you away from our Website or Solutions, our privacy notice does not apply when you arrive at your new online destination, and we are not responsible for the handling of your personal data after you have left our Website or Solution. Please read the privacy information of the third party responsible for the new online location which you have linked to.
Data privacy rights differ from one region to another. Please consult the relevant part of Section 16 below dealing with data privacy rights to obtain more information on your local rights.
We will keep your personal data secure by applying appropriate technical and organisational measures against its unauthorised or unlawful access or use and against its accidental loss, destruction, or damage. You can find more information on our technical and organisational security measures on our Trust and Security Hub.
We will do our best to protect your personal data, but we cannot guarantee the security of your personal data while it is being transmitted to our Website or Solutions or to other websites, applications and services via an internet or similar connection. If we have given you (or you have chosen) a password to access certain areas of our Websites or Solutions, please keep this password safe, and when choosing your own password please ensure it is strong and do not use variations of previously used passwords, and with all passwords, do not write them down or leave them accessible to unauthorised persons.
If you believe your personal data has been compromised in connection with your use of Sage Solutions or Websites or otherwise in connection with Sage, please contact us at [email protected].
Key data protection laws
The key data protection laws in the United Kingdom are the UK General Data Protection Regulation (“UK GDPR”), UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.
The key data protection laws in the Republic of Ireland are the General Data Protection Regulation, the Data Protection Act 2018 and the S.I. No. 336/2011 - European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.
Controllers and processors
This privacy notice describes our processing of your personal data in our capacity as a “data controller” under applicable law in the UK and the Republic of Ireland. A data controller decides how and why your personal data is processed. Depending on the country in which you are located, a different Sage company may be the data controller of your personal data. You will find here the list of all Sage affiliate companies, by region.
Where we process personal data on behalf of another individual, for example our customers, partners, or other parties, we do not decide how and why to process that personal data. In those instances, we are a “data processor” under applicable law rather than a data controller. Where we are a data processor of your personal data, we use it in accordance with the data controller’s instructions to us. Those instructions include the terms and conditions applicable to the product or service you or your employer are using, and our Data Processing Agreement here which forms part of those terms.
If we are a data processor of your personal data, then you should also read the relevant data controller’s privacy notice. Make sure that you familiarise yourself with the privacy notice of your own employer, accountant, business, or other organisation that you have a direct relationship with, and which may share your personal data with Sage.
European Union representative
European Union (“EU”) data protection laws require non-EU organisations to have a representative in the EU. The role of the EU representative is to be the point of contact for individuals and authorities for all EU member states.
In the UK, we have appointed Sage Global Services (Ireland) Limited as our EU representative. Sage Global Services (Ireland) Limited’s contact details are:
Number One Central Park
Leopards town
Dublin 18
662898
Ireland
You can also contact [email protected] if you have any questions about or for our EU representative.
Your data protection rights
If you are based within the UK or the Republic of Ireland, you have the following data protection rights:
Please note that in some circumstances the exercise of the above rights may be limited by legal restrictions and exemptions. If relevant, we will explain this when responding to a request to exercise data protection rights.
If you think we hold any personal data about you which is incorrect or if there are any changes to your personal data, please let us know so that we can keep our records accurate and up to date.
If you wish to exercise your data protection rights as an individual, please access the Individual Rights Request Form on the Trust and Security Hub or contact us at [email protected].
If you do not want us to use your personal data for purposes set out in our privacy notice, we may not be able to provide you with access to all or parts of our Website or Solutions.
International transfer of personal data
Personal data in EU member states and the UK is protected by data protection laws, but other countries do not necessarily protect your personal data in the same way. You can find a list of countries that the European Commission considers provide an equivalent level of data protection to that which exists within the European Economic Area (EEA) (“Adequate countries”) here.
Our Website and some of our Solutions, or parts of them, may be hosted outside the EEA or UK, which means that we may transfer personal data to third countries which do not have an EU or UK adequacy determination in some circumstances. In addition, we may use service providers located outside the EEA or UK to help us provide our Websites, Solutions or other services to you and this means that we may transfer your personal data to these regions.
We take steps to ensure that where your personal data is transferred outside of the EEA or the UK, appropriate measures and controls are in place to protect that data in accordance with applicable data protection laws. All Sage Group companies are subject to an internal Personal Data Protection governance policy and related procedures designed to protect personal data in accordance with EU, EU member state and UK data protection laws. In each case, such transfers are made in accordance with applicable data protection laws and may be based on the use of (i) the European Commission’s Standard Contractual Clauses for transfers of personal data outside the EEA, or (ii) the UK’s International Data Transfer Agreement and/or the European Commission’s Standard Contractual Clauses and/or the UK Addendum for transfers of personal data outside the UK.
For more information on international transfer of personal data, please contact [email protected].
How can you contact us?
If you have any question about this privacy notice, or wish to exercise your data privacy rights as an individual, you can contact our Chief Data Protection Officer at by sending an email to [email protected] or by postal mail at Sage Group plc, C23 5 & 6 Cobalt Park Way, Cobalt Business Park, Newcastle-Upon-Tyne, Tyne & Wear, NE28 9EJ.
Give Feedback