search icon

Expert Privacy Support by Sage

Stay in control when it comes to managing and protecting personal data. Explore our privacy resources.

Managing data privacy

Data privacy principles help reduce the risk of non-compliance by setting clear expectations for how personal data should be handled. This applies whether you’re new to running a business or an experienced small business owner, and covers the personal data of customers and employees.

Data privacy fundamentals

Learn more about the seven foundational principles that underpin our handling of personal data. These principles reflect our commitment to the highest standards of data privacy.
What this means for you: We're open and honest about how we use your data.

We only collect and use your personal data when we have a valid legal reason to do so—such as your consent, to fulfil our contract with you, or based on our legitimate business interests balanced against your privacy rights. We'll never use your data in ways you wouldn't reasonably expect or that could unfairly impact you. You'll always find clear information about how we use your data in our privacy notices on our websites and products, including our cookie banners.
What this means for you: We only use your data for the reasons we told you about.

When we collect your personal data, we're clear about why we need it. For example, when you purchase a Sage product, we use your contact and payment details to process your order and send you confirmation—not for unrelated purposes like marketing, unless you've opted in. If we ever need to use your data for a new purpose, we'll make sure it's compatible with our original reason or ask for your permission first.
What this means for you: We only collect what we actually need.

We don't ask for more information than necessary. For instance, if you're registering for a Sage webinar, we'll ask for your name and email address, but we won't request unnecessary details like your home address. This approach protects your privacy, makes our systems more efficient, and means we're only holding data that's genuinely useful for providing you with our services.
What this means for you: We keep your information correct and up to date.

Accurate data means better service for you and helps us meet our legal obligations. We have processes in place to check and maintain the accuracy of your personal data, and we regularly review our databases to correct any errors. If you spot something that's wrong or out of date, you can contact us at any time to update or correct your information.
What this means for you: We don't keep your data longer than necessary.

We only retain your personal data for as long as we need it for the purpose we collected it, or as long as the law requires. Once it's no longer needed, we securely delete or anonymise it. We maintain clear retention schedules so we know exactly how long to keep different types of data. This reduces risk, keeps our records relevant and up to date, and respects your privacy.
What this means for you: Your data is protected with robust security measures.

We take data security seriously. We use encryption, firewalls, strong access controls, and regular security audits to protect your personal data from unauthorised access, loss, or damage. Our dedicated global security team works continuously to keep your data safe. Only colleagues with a legitimate business need can access your information, and we train our teams to recognise and report any security concerns immediately.
What this means for you: We take responsibility for protecting your data.

Data privacy is a priority at Sage. We have a comprehensive data privacy framework, supported by our Privacy Office team, and local data protection officers. We build privacy into our products and services from the start (data protection by design), conduct impact assessments for high-risk processing, and maintain detailed records of how we handle data. You can trust that we're committed to doing the right thing with your personal data.

Mastering privacy management

Effective privacy management brings together people, processes, and practical decision‑making to ensure personal data is handled appropriately across a business.

Responding to complaints

Customer experience should always be a priority when handling data protection and privacy-related complaints. Clear, helpful, and informative responses ensure individual concerns are taken seriously and handled appropriately.

Managing data requests

Managing data requests effectively supports timely and accurate responses when customers, employees, or other individuals exercise their rights to access their personal data. Clear processes and consistent handling help reduce effort and avoid unnecessary delays.