How we handle and protect your business data
At Sage we know that handling your data must be done with full recognition of discretion, transparency and clarity. We are governed by our code of ethics in terms of what we retain, what we delete and how we handle all your information.
Types of data:
Personal Data: email addresses, names, addresses, ID info, e.g. birthday
Product usage data and analytics: identifiable or anonymised data that records actions a user takes within the programme, to understand user habits and user experience
Business financial details: Payment method and details
Spend data: Your business’s purchase ledger and full list of transactions
Business operational data: module information, mostly manually input into the programme.
How do we look after your data?
When you sign in to your Sage Earth Carbon Accounting account, your Sage ID is your secure identifier. This is governed by our secure Sage data policies.
The Sage Earth Carbon Accounting Terms and Conditions must be accepted before a user can begin to use Sage Earth Carbon Accounting. Those terms and conditions declare our ethical principles which govern data handling.
Your business information, including the defining sector of your business, annual revenue and other information, is processed and anonymised before it is used for any wider analysis. With aggregated data on business sectors that Sage Carbon Accounting serves, we can start to build up a picture of differences in business sector behaviour.
Enabling or allowing a business’s total carbon footprint to be shared across sectors, industries, countries and beyond will mean that over time, the emissions factors we have tied to business SIC codes become deeper in insight and more meaningful.
Your payment methods and details are out of scope for this document but covered by full Sage security measures. We will never reach out and ask you to confirm payment details.
Part of the way Sage Carbon Accounting calculates your business’s carbon footprint relies on what you purchase/spend money on. Through the API, we pull your business’s purchase ledger, i.e. spend records. Our engine will analyse your spend amounts according to supplier and transaction descriptions.
Data storage and retention FAQs for Sage Earth Carbon Accounting
What happens to Sage Earth Carbon Accounting data if I cancel and no longer use the product?
You'll lose access to the product and the data contained within at the end of the contracted term
From this point, we'll hold the data for 90 days in line with Sage's standard process for cloud products.
When the 90 days expires, all data in the account is permanently destroyed.
This will happen automatically as part of the cancellation process.
Is Sage Earth Carbon Accounting GDPR compliant? How does it meet the requirements?
Yes, it is GDPR compliant.
GDPR specifies that data must only be stored for as long as is required to meet a need. Beyond the requirements of GDPR for personal data, Sage's general stance on data retention is to only retain data as long as is required to meet a need.
Sage Earth Carbon Accounting stores data about a customer's business and all such datapoints are ultimately needed by the software to measure emissions and generate a carbon footprint, for supporting functionality or to enable our team to effectively support and improve the product.
The point at which a customer cancels and discontinues use of the software is the point at which their data is no longer needed. They then fall into a retention period, after which their data is permanently destroyed.
GDPR specifies that a data subject can request visibility of the data that a platform provider holds about them
If any such request is received, this should be raised as soon as possible to the Sage Earth Carbon Accounting product and engineering team who can identify and export copies of the relevant data
GDPR specifies that a data subject can invoke their right to be forgotten and force a platform provider to delete all data held about them
If the data subject is a customer, this request cannot be met without the customer also cancelling and discontinuing use of the software; it is not possible for Sage Earth Carbon Accounting to delete all data about a customer and continue to measure their emissions and carbon footprint
After the customer has cancelled, their data is automatically deleted 90 days later.
If a right to be forgotten request is raised from a customer who has cancelled less than 90 days ago or if the right to be forgotten request comes from a data subject who is not the customer themselves (for example, a supplier who the customer works with), this should be raised as soon as possible to the Carbon Accounting product and engineering team who can identify the relevant data and take action to ensure it is deleted or anonymised.
What data does Sage Earth Carbon Accounting process or store?
Note: Additional data is stored and processed by Sage for the purposes of account provision, user management etc. For details of the data stored and processed by the Sage Experience Platform, Global Model Office or sage.com pages, refer to the relevant privacy policies and documentation for those solutions.
Sage Earth Carbon Accounting processes data about a customer's business and the business's activities. This includes:
Business profile:
Company name
Financial year start date
Revenue per financial year
Workplace records (name and postcode)
Industry and industry division
Financial accounts integration (optional), imported via API connection:
Company name
Accounts provider
Authentication tokens
Financial spend transactions
Record identifier, transaction type, date, currency, amount, nominal code name, supplier name, transaction description, tax status
Category of transaction
User data
Name
Role & permissions
Email address
Business activities
Details of Usages (what the company did) or Spends (what the company spent money on)
Confirmation that emissions were or were not present for an activity for a financial quarter
Activities by Module:
Energy (amount used, amount spent, category, mechanism of purchase)
Process emissions (co2e, activity and amount processed)
Fugitive emissions (gas type and weight)
Vehicles usage (fuel amount used, fuel amount spent, category, ownership status)
Purchased goods (category, amount purchased, spend amount, capital goods status)
Purchased services (amount spent and category)
Water (amount used, amount spent, category, council tax band of building)
Distribution (transport type, distance, spend on transport, spend on warehousing)
Waste (category, weight, cost of disposal)
Business travel (mode of transport, cost)
Hotels (location, room nights)
Employee commuting (workplace postcode, number of employees, % split office vs home/remote work).
Target setting
Baseline year
Carbon emissions data
Emissions per business activity (emission amount kg co2e, GHG sub-scope, PCAF score)
Product metrics
Usage data, e.g. rate of logins, pages visited
Does Sage Earth Carbon Accounting store or process any PII or Sensitive data?
Some of the data stored and processed by Sage Earth Carbon Accounting is classed as personally identifiable information (PII). None of the data stored or processed is classed as Sensitive information. Relevant PII data is:
User name
Provided to Sage Earth Carbon Accounting's backend as part of identity provision
User email address
Provided to Sage Earth Carbon Accounting's backend as part of identity provision
Company name or supplier company name
In some cases a business name can be a name of an individual, such as a sole trader or the business founder
Company name is used in the frontend and backend as an identifier of the overall owner of the account and all data within
Supplier company name is used in the processing of spend transactions for purposes including filtering and AI categorisation of spends
Transaction descriptions
Description fields for financial spends are not intended or specified to contain PII but as free text fields these descriptions can and occasionally do contain PII data.
The description field is used in processing the AI categorisation of spends
Find out more: