search icon

Privacy Policy for the Sage Intacct Services

South Africa

Effective Date: December 19, 2023

This policy describes how the companies within the Sage group collect and handle personal information that customers provide through or in conjunction with the Sage Intacct financial management software-as-a-service business application (the “Sage Intacct Services”). It also describes your rights regarding the use, access and correction of your personal information within Sage Intacct Services. The Privacy Policy of the Sage Intelligent Time timekeeping services (the “Timekeeping Services”) describes the collection and handling of customer-provided personal information within those services. Other products and services that you buy from Sage, even if you buy them alongside the Sage Intacct Services, may have separate privacy policies. If that product or service is operated by a company within the Sage group, then the general privacy notice available here applies. If the product or service is operated by a third party, then that third party’s privacy policy applies. 

The Sage Intacct Services are generally operated by Sage Intacct, Inc. and its subsidiaries. Sage Intacct is an indirect subsidiary of the Sage Group plc, a UK-headquartered publicly traded company. Sister companies of Sage Intacct within the Sage group administer sales and customer relationship management for customers of the Sage Intacct Services in certain territories : Sage Business Solutions Pty Ltd for customers in Australia, Sage Software Canada Limited for certain customers in Canada, Sage (UK) Ltd for customers in the United Kingdom and Ireland, and Sage SAS for customers in France. Sister companies of Sage Intacct also deliver certain functionality and features that integrate or interoperate with the Sage Intacct Services. The operations of these sister companies are governed by the general privacy notice of the Sage group, available here.

This policy does not apply to information collected through the corporate website for the Sage group of companies (https://www.sage.com) or outside the operation of Sage Intacct Services. The Sage Privacy Notice describes Sage’s practices with respect to information collected from websites linking to that privacy notice. If you are considering applying for a job with Sage, currently work for Sage, or have worked for Sage, then the HR Privacy Notice applies to information we collect or have collected as a part of those relationships.
 
This policy refers to Sage Intacct, Inc. and its subsidiaries as “Sage Intacct,” “we,” “us” and “our.” References to “you” and “your” are to the controllers of the data input into the Sage Intacct Services. This generally is our customers, the companies and organizations that have subscribed to the Sage Intacct Services, and their users. In some cases, this may be our partners with respect to data provided by them in the course of their use of the Sage Intacct Services. If you are an individual whose data is controlled by a customer or partner of ours and input into the Sage Intacct Services by that customer or partner, please direct your privacy-related inquiries to them. You can find further details in “Your Responsibilities and Rights” below. 

Information Provided by You

You provide us with several kinds of information : Customer Data, Administrative Data, and Billing Data.

Customer Data is the information submitted into the Sage Intacct Services when you use the Sage Intacct Services, when the Sage Intacct Services interoperate with third party applications, or when you receive customer support. This includes accounting information, transactions (for example, with suppliers or customers), bank account information and other financial information, as well as information derived by the operation of the Sage Intacct Services from those submissions at your instruction, such as reports. Customer Data may be submitted directly by you or indirectly through our partners.

Our system processes and stores Customer Data on your behalf in order to provide you the Sage Intacct Services and as otherwise provided in our agreement with you. We restrict our employees’ access to Customer Data in production and backup environments to (1) support, client services and technical staff, who with your permission may have access to your Customer Data to provide customer support, technical troubleshooting, error fixing and professional services, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data as your processor to provide you with Sage Intacct Services and to address customer support requests and technical problems. We also use Customer Data for product research, development, and innovation. We will not otherwise use Customer Data for our own purposes without your consent unless we are required to do so by applicable law. Please see your agreement(s) for further details.

The Privacy Policy of the Timekeeping Services describes the collection and handling of Customer Data in the Timekeeping Services.

Administrative Data is information you provide during sign-up, purchase, or administration of the Sage Intacct Services. This includes (i) company name, address, email, and phone number, and (ii) individual users’ names, job titles, emails, phone numbers and account credentials.

We collect, store and use Administrative Data as a controller in the context of providing our products and services to you, including to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative Data to provide the Sage Intacct Services to you, administer your account, administer your subscriptions and renewals and contact you to discuss your subscription needs, provide customer support and professional services, keep a record of our dealings with you, notify you of changes, updates and availability of the Sage Intacct Services, understand your experience using the Sage Intacct Services (for example, by sending you surveys), conduct research, improve the Sage Intacct Services, plan and host events, contact you with marketing communications, notify you of new product offerings, and identify and prevent fraud.

The Privacy Policy of the Timekeeping Services describes the collection and handling of Administrative Data in the Timekeeping Services. 

Billing Data is the financial qualification and billing information you provide as our customer when you purchase, subscribe to, renew or expand the Sage Intacct Services. This includes company name (and in some cases the name of a contact person for billing matters), billing address, credit card information, financial checks (business credit references), and other financial data.

We use Billing Data as a controller in the context of providing our products and services to you, including entering into a contract with you and/or for our legitimate business interests : to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.

If you do not wish to provide Administrative Data and/or Billing Data to us, we will not be able to provide the Sage Intacct Services to you or administer them for your account with us.

Information Collected by Us

In relation to the use of Sage Intacct Services, we collect the following information for our legitimate business purposes :

Cookies and similar technologies: Cookies are small data files that websites associate with visitors to facilitate the proper, efficient, or secure operation of the website. The Sage Intacct Services use the following types of cookies 

Type Description Expiry
Session Identification (Required)

These cookies are required to access the Sage Intacct Services and for secure operation of the Sage Intacct Services. When a user logs in, a cookie with encrypted information tied to the user account is placed onto the browser. These cookies allow us to identify the user when he/she is logged in to perform online requests. One required cookie is also used to prevent the same user from logging into the Sage Intacct Services from multiple browsers at the same time.

When browser the is closed, or in some cases on the earliest of session timeout, the user logout or when browser is closed.

Persistent User Identification These cookies allow the Sage Intacct Services to remember information a user has entered such as username, company name, and trusted device for 2-step verification. The Sage Intacct Services place these cookies onto the browser when a user selects “remember me” tick box (opt in). Some of these cookies expire in 90 days and others in 1 year.
Non-Persistent User Identification The Sage Intacct Services place these cookies onto the browser during user login. These cookies allow temporary identification of the user for various functional purposes such as verification of single sign-on (SSO) login, enablement of the “collaborate” feature, and keeping track of SSO. In 5 minutes.
Functional

This cookie is placed to keep track of printed invoice records.

On the earliest of session timeout, the user logout or when the browser is closed.

User Interface Functionality

These cookies enable various user interface features (such as arranging components on the dashboard) by providing information about the browser screen’s width and height or keeping track of current selected menu in the user interface.

Some of these cookies expire immediately and others expire in 2 minutes.
Integration Functionality The Sage Intacct Services use these cookies to remember the user session during the cloud storage authentication. In 5 minutes.
Data Import Functionality The Sage Intacct Services use these cookies to remember the user's last import settings. The next time a user imports data, the previous data import options are populated for the user in the user interface. In 1 year.
Performance The Sage Intacct Services use these cookies to measure the client response time to improve the performance and user experience. In 2 seconds.
Infrastructure These cookies are used by infrastructure components such as load balancer and content delivery network (CDN) and do not collect any customer or user specific information. When user closes the browser.
Maintenance These cookies are placed to show the system maintenance message page. When user closes the browser.
CDN These cookies are used to track session state, store origin server IP to facilitate CDN service, and for testing purposes. Some of these cookies expire immediately and others expire in 1 year.
Web Security These cookies are used to detect malicious visitors to our website and minimize blocking legitimate users. In up to 7 days.
Media Playback These cookies enable viewing of videos and other media content related to product functionality. These cookies do not collect any customer or user specific information. In 1 hour.
Pendo Cookies We use Pendo to provide help and guidance within the product. These cookies allow us to display these guides in the product at the right time. These cookies collect information in a way that does not identify anyone. The Pendo privacy policy is available here. In up to 100 days.

The cookies above are essential for the proper operation of the Sage Intacct Services ; without them, the Sage Intacct Services will lack major functionality. We do not provide an opt out for cookies identified as “Required” in the table above. In your browser, you can opt out of or delete the other cookies. We do not recommend opting out of cookies, as this will adversely impact the functionality of and your access to, the Sage Intacct Services and the Sage Intacct Services may not operate as intended without these cookies

In addition, we use Google Analytics for certain pages on our product website. If you look for them in your browser, they all begin with “_ut” or “_ga”. Google Analytics helps us understand how often users visit our product website and what pages they visit. We use this information to analyse how our website is used and for website and product development and improvement. We have set the Google Analytics tool to anonymize IP addresses. The cookies collect information in an anonymous form, including the number of visitors to the Sage Intacct website, where visitors have come to the website from and the pages they visited. You can opt out of Google Analytics across all sites by using this tool.

IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the Sage Intacct Services. We use IP addresses for added security of the Sage Intacct Services, to optimize the delivery and/or performance of the Sage Intacct Services, and to monitor compliance with export and sanctions laws and our related internal policies. A security feature of the Sage Intacct Services allows a customer’s administrator to review the list of IP addresses from which the customer’s Sage Intacct account has been accessed.

Statistical and Usage Data: When you use the Sage Intacct Services, we may collect statistical information (metadata), server log files, usage patterns and frequency, and volume and value of transactions. That statistical information does not include Customer Data. We may use this statistical information for product improvement and billing. We may also share your statistical information with your partner (if applicable) for billing and marketing purposes. In addition, features of the Sage Intacct Services collect audit trail data, which includes records of each user’s manipulation of Customer Data (for example, creation, editing, reporting, deletion) and, if you subscribe for advanced audit trail functionality, further includes each user’s viewing of, and access to, specific objects containing Customer Data.

Product Development Data: If our agreements with you permit us, we may use elements of Customer Data for product research, development and innovation. Unless otherwise agreed by you, personal data contained in Customer Data in a personally identifiable form will only be used as described in the “Information Provided by You – Customer Data” disclosures above.

Aggregate Data: If Statistical and Usage Data is used by us for any purpose not described in this policy , we aggregate this data in a way that does not identify or otherwise permit the identification of you or any of your users. We may use and disclose Aggregate Data for training, quality assurance, product development, marketing, promotion, statistical analysis, market analysis, financial analysis, benchmarking, and other business purposes.

Do Not Track signals: Some browsers contain features that signal that the user does not want to be tracked, known as “Do Not Track” or DNT. The Sage Intacct Services currently do not respond to those signals.

Third-Party Provided Data: We partner with third parties (for example, payment service providers) who provide products and services within, or related to, the Sage Intacct Services. These third parties may provide us with your Customer Data or Billing Data. We treat this information in the same manner as we treat Customer Data and Billing Data that you provide directly to us.

Audio and Video Information: With your knowledge and consent, we may record phone or video conversations with our professional services or support personnel that include your voice and likeness. We use this information to provide you and the business that you represent implementation services, customer support, to assess the compliance, quality, and effectiveness of our customer support program, to collect feedback on our products, and for training purposes.

Sage Intacct Community

The Sage Intacct Community is a community forum where customers and partners may share information about Sage Intacct Services. You should be aware that any information you provide in the Community may be read, collected, and used by others who access the Community. To request removal of your personal information from the Community, contact us as described in “Further Information” below. 

Data Retention

We retain Customer Data for the duration of your subscription to the Sage Intacct Services. After your subscription expires, we retain Customer Data for at least 90 days and may store it for up to an additional 90 days. Customer Data may be retained beyond that period in data backups, which may be stored for up to 5 years. We retain Customer Data as necessary to exercise our rights and obligations under our agreement with you, comply with our legal obligations, or resolve disputes.

We keep Administrative Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes. We retain credit cardholder data for no longer than 90 days from the card expiration date. We do not store card-verification codes or values (CVV). 

Please refer to the table above for information on cookie expiration. We currently do not delete a set schedule of IP  addresses, Statistical Data, Product Development Data, Aggregate Data, and call recordings.

Disclosure of Information

We will disclose your information to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.

  • When you authorise third-party access to the Sage Intacct Services or use our API or third-party applications accessed through the Sage Intacct Services, you may disclose Customer Data to third parties. That use is under your control, in that it is a disclosure initiated and directed by you.
  • The Sage Intacct Services may enable you to use services provided by third parties, such as supplier payment processing. In addition, you may authorise the use of third-party service providers, such as implementers or application providers. If you subscribe for any of those services, we may disclose necessary Customer Data, Administrative Data and/or Billing Data to the third-party service provider to enable its services to you. That data will be governed by the respective third-party provider’s privacy policy/notice and service terms.
  • We may contract with other companies to provide services or functions on our behalf. If we do so, we may share Customer Data and/or Administrative Data with those providers to the extent necessary for their engagement. In such cases, we will require those providers to maintain the confidentiality of your information and to use it only for the purposes of their engagement by us. Disclosures to those third parties are covered by the provisions in this policy in the “Your Responsibilities and Rights” section and our agreement(s) with you.
  • We may store Customer Data and backups in facilities provided by third parties. These third parties do not have the right to access that data.
  • We may disclose Administrative Data to third-party providers of products and services within, or related to, the Sage Intacct Services for billing and for administering the Sage Intacct Services and those third-party products and services.
  • We may disclose Administrative Data to companies within the Sage group in the context of our providing our products and services to you for customer relationship management, customer support, product compatibility and improvements, and to provide you with any information, applications, products or services that you have requested.
  • We may, in accordance with applicable law, share Administrative Data and Usage Data for marketing purposes with our partners and other third parties whose products or services we think may interest you in the operation of your business activities.
  • We may disclose Billing Data to payment processors to complete our transactions with you and to payment processors and other third parties to prevent fraud or for collections.
  • Aggregate Data does not identify you or your users and, therefore, we may disclose it to third parties as appropriate to support our business needs.
  • We also may disclose your information if we believe in good faith that it is necessary to (1) respond, in accordance with applicable law, to a court order or request by government authorities or comply with any law, regulation, legal process, administrative or other government proceeding, (2) protect against misuse or unauthorized use of the Sage Intacct Services, (3) prevent or address fraud ; (4) enforce our rights, policies and agreements or defend ourselves in legal or government proceedings ; or (5) protect our rights, property or safety, or those of third parties.
  • Unless we are prohibited from doing so by law, we will, where appropriate, notify you of any request to disclose your Customer Data to the authorities or any other party and, where appropriate, refer such requests directly to you.
  • We may transfer some or all of our assets, including data, in connection with a merger, acquisition, or sale of assets, or if we dissolve, reorganize our business, or cease operating as a going concern (for example, in the event of insolvency or bankruptcy).

Information Security

We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of your Customer Data that are consistent with industry standards. You can learn more about our Information Security Management Program here.

Information Location and Transfers

Generally, we store, Administrative Data and Billing Data for all our offerings in the United States. We store Customer Data as follows :

Sage Intacct Services: Production, backup, and disaster recovery copies of Customer Data are stored in the following regions :

  • Australia: Customer Data of Australian customers is stored in Australia. A copy of production data of Australian customers participating in a customer preview will be transferred to the United States and stored for an eight (8) week preview period.
  • Canada: Production and backup Customer Data of Canadian customers is stored in Canada. For disaster recovery purposes for Canadian customers, we synchronize Customer Data of Canadian customers to servers in the United States.
  • France: Customer Data of customers in France is stored in the European Union.
  • South Africa: Customer Data of South African customers is stored in the European Union.
  • United Kingdom: Customer Data of customers in the United Kingdom is stored in the European Union.
  • United States: Customer Data of customers in the United States is stored in the United States.

Certain customer support cases initiated by a customer (i.e., debugging requests) may require copying Customer Data to storage locations located in the United States.

Other Modules: Customer Data stored in AI/ML (artificial intelligence/machine learning) applications and modules, such as the Timekeeping Services, is stored and processed in the United States, the United Kingdom, and the European Union. Customer Data for the Sage Intacct Planning module is also stored and processed in the United States for all customers, except those in the United Kingdom, South Africa, and Australia. Planning module Customer Data for customers in the United Kingdom, South Africa, and Australia is stored and processed in the European Union. Customer Data for solutions delivered by the systems integration group  (i.e., market place products and customizations made at a customer’s request by our professional services teams) is stored and processed in the United States.

Sage Colleagues: As part of our global operations, Sage Intacct colleagues or colleagues from companies in the Sage group may access information from other locations outside the United States. All Sage group companies are subject to Sage group data protection policies designed to protect data in accordance with applicable data protection laws.

If you do not want your personal data to be transferred outside the EEA you should not use our website, applications or services.

Your Responsibilities and Rights

We are a processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all data protection laws and regulations applicable to you as a user of the Sage Intacct Service and controller of Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that individuals have the right to access their personal information. An individual who seeks access/port, or who seeks to correct, amend, or delete inaccurate data, or who wishes to restrict or object to processing of Customer Data, should direct his or her query to you, our customer (the controller). If requested to remove the data, we will respond to the individual within a reasonable timeframe and direct the request to you, our customer.

Upon request, we will provide individuals with information about whether we hold any of their personal information in Administrative Data or Billing Data. If you (as a customer) want to edit and/or change any Administrative Data or Billing Data (other than company ID or user ID, which cannot be changed without creating a new account and/or new user), you can do so at any time by using your company ID, user ID, and password to access your account. Please contact Sage Intacct support via the Sage Intacct Communities page for further instructions about deleting or deactivating your Sage Intacct account.

You can opt out of our marketing messages by clicking on the “unsubscribe” link included in them or by contacting your Sage Intacct account manager. That opt out will not extend to transactional or relationship messages. If you wish to opt out from us sharing Administrative Data with third parties for marketing purposes, please contact your Sage Intacct account manager.

Individual Rights

As an individual, you have the following rights pursuant to laws that may apply to you or us, such as the General Data Protection Regulation (GDPR) :

  • to be told how your information is used and obtain access to your information ;
  • to have your information rectified or erased or place restrictions on processing your information ;
  • to object to the processing of your information (e.g. for direct marketing purposes or where our use is based on legitimate interests) ;
  • to have the digital information you provided and which we process on the basis of your consent or a contract with you returned to you in a structured, commonly used and machine-readable format, or sent directly to another company, where technically feasible (“data portability”) ;
  • not to be subject to a decision based on the automated processing of your personal data, including profiling ;
  • where processing of your information is based on your consent, to withdraw that consent at any time ;
  • to file a complaint with the applicable supervisory authority responsible for data protection matters.

If you are a California resident, you have the following rights if you submit a verifiable consumer request :

  • To receive disclosure of :
  • the categories of personal information that we have collected about you ;
  • the categories of sources of the personal information we have collected about you ;
  • the business or commercial purpose for our collecting of personal information about you ;
  • the categories of third parties with whom we share your personal information, including categories of third parties to whom we sell personal information or disclose personal information for a business purpose ; and
  • the specific pieces of personal information that we have collected about you.
  • To request deletion of your personal information by us, subject to the exceptions provided by the CCPA ;
  • To be free of discrimination on the basis of having exercised your rights under the CCPA.

Please see “Administrative Data,” “Billing Data” and “Information Collected by Us” above for a description of the specific pieces of personal information we may collect about individuals and the business and/or commercial purposes for which the personal information is used. The personal information we collect falls into the following categories under the CCPA’s definition of “personal information” :

  • personal identifiers (e.g., name, email, etc.),
  • professional information (e.g., title),
  • audio and visual information (e.g., when we record a telephone call) and
  • internet activity information of users (e.g., via the audit trail functionality of the Sage Intacct Services).

We obtain this data either directly from you, or from the administrator of your company’s Sage Intacct account who gives you access to the Sage Intacct Services, or from your interaction with the Sage Intacct Services. We do not sell consumers’ personal information. In the preceding 12 months, we have disclosed for a business purpose the following categories of personal information : personal identifiers (e.g., name, email, etc.), professional information (e.g., title), and internet activity information of users (e.g., via the audit trail functionality of the Sage Intacct Services). Please refer to “Disclosure of Information” above.

You may submit requests pursuant to this paragraph using the means described in “Further Information” below.

Changes to This Policy

We may update this policy to reflect changes to our information practices. If we make any material changes that adversely affect you, we will notify you by email (sent to the email address of your Sage Intacct subscription representative on record with us) or by a notice posted in the Sage Intacct Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.

Further Information

If you have any questions about how we handle your information, the contents of this policy, your rights under local law, how to update your records or how to obtain a copy of the information that we hold about you, please write to [email protected].

Give Feedback