Sage Qualifications takes its duty to process your personal data seriously. This policy explains how we collect, manage, use and protect your personal data.
1. This policy references Sage Qualifications Ltd (we, us, our), a company limited by guarantee (company registration number (England and Wales): 05713262).
2. We are the data controller of personal information about you. Our address is 554 Bradgate Road, Newtown Linford, Leicester LE6 0HB, United Kingdom
3. This privacy notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.
4. We have a designated Data Protection Officer. The contact details are in Section 11 below.
6. Sage Qualifications may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
8. For the avoidance of doubt, Sage Qualifications Ltd is an independent company, and is not part of Sage (UK) Ltd.
9. The policies are subject to the laws of England and Wales
2. Our online services
Sage Qualifications Ltd provide their service through three online sites:
- Website: www.sagequalifications.com
- Learning management system (LMS): portal.sagequalifications.com
- Learning management system (LMS): learn.sagequalifications.com
3. Our 'lawful basis' for collecting and holding information
Sage Qualifications Ltd provide accredited learning programmes and qualifications in computerised accountancy, bookkeeping and payroll using Sage software and enable users to gain internationally recognised qualifications to recognise their competence.
Certificates may need to be posted to successful candidates.
Given the context, the data we hold is the minimum required for us to provide our service.
Except in extreme circumstances we process this information on the basis of our legitimate interests.
Annex 1 below provides details of our legitimate interest.
4. Personal data we collect
Personal data we hold
The personal data we hold is:
- name and date of birth: held for the purposes of unique identification of users and for the issue of correct certificates
- username: held to ensure secure log-in to the portals
- email address: held to ensure secure log-in to the portals and contacts
- addresses: held for the sole purpose of mailing copies of certificates.
- progress and achievement data: held for the purpose of monitoring progress on courses and assessing whether the user has met the requirements for the relevant award.
- (in some cases) phone number to enable us to contact users.
How long we hold it for
Your individual data will be held for a period of six years after which it will be deleted. This is a legal requirement as we are in partnerships with accredited and professional Awarding Bodies.
Aggregated data (for example to allow us to calculate success rates and observe trends) may be held for longer.
Who we may share it with
We do not share data with any other organisations, other than the relevant awarding body, unless the user has previously agreed to this and/or in extreme circumstances for example, to aid a criminal investigation.
5. Other information we collect
It is important to us to continually improve the service we provide to users. To help us to do this we collect a range of information from our sites that informs future development.
This information includes (and is not limited to):
- the types of browser and version being used (anonymous)
- the type of device the user is using (anonymous)
- ip address to reveal where a user is located (anonymous)
- how users are navigating the various sites (anonymous)
- search terms they are using on the site (anonymous)
- sites that are referring users to our site (anonymous)
The browsing data is held by the service provider for up to 38 months.
We also gather data about how a user is using our Learning Management Systems (LMSs). Data we gather includes:
- when a user logged into a course (identified individual)
- time spent on a course (identified individual)
- data entered, any grading and certificates awarded.
6. How we use information about you
We will use the information you provide for personal identification purposes and to ensure the appropriate awarding of the certificates.
We will not sell or lease your personal information to third parties and we will only share your data with third parties when it is relevant to the qualification and the award. We may share your data with Sage (UK) Ltd if you have agreed to this contact on the portal by ticking the relevant box.
We will retain the data we collect for a period of 6 years as that is a legal requirement of all Awarding Bodies.
We are committed to ensuring that your information is secure.
1. All information you provide to us is stored on secure servers. Key information is encrypted. We adopt appropriate technical and organisational measures to protect the security of all personal data held by us. No payment transactions are handled by us. This is all done via a secure independent payment gateway.
2. The data that we collect from you is stored and processed in the UK and EEA.
8. Your rights
The General Data Protection Regulation (GDPR), gives everyone in the UK several important rights. These are set our below.
You have the right to:
1. make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy about the way your personal data is being used. If you would like to know more about your rights under the data protection law see the Information Commissioner's Office website.
2. transparency over how we use your personal information (right to be informed).
3. request a copy of the information we hold about you, which will be provided to you within one month (right of access).
4. update or amend the information we hold about you if it is wrong (right of rectification).
5. ask us to stop using your information (right to restrict processing).
6. ask us to remove your personal information from our records (right to be 'forgotten').*
7. “opt-out" to the processing of your information for marketing purposes (right to object).
8. obtain and reuse your personal data for your own purposes (right to data portability).
9. not be subject to a decision when it is based on automated processing (automated decision making and profiling).
*Note that as we work in partnership with accredited and professional Awarding Bodies it is a legal requirement that Sage Qualifications retains all relevant data for a period of six years. This is for quality assurance and fraud prevention purposes.
9. Links to other sites
1. Our website and learner management systems contains links to other websites. Sage Qualifications does not have any control over the content or security of other websites and cannot be responsible for your privacy and protection if you choose to visit these websites. You should exercise caution and look at the privacy statement applicable to the website in question.
2. For the avoidance of doubt, Sage Qualifications Ltd is an independent company, and is not part of Sage (UK) Ltd. Our sites include links to their website(s) which enables users to download their accounting software but that software is the sole responsibility of Sage (UK) Ltd. We do not warrant their software in any way shape or form.
3. For any issue related to installing, configuring and troubleshooting Sage software users should contact Sage (UK) Ltd.
4. Note that Sage (UK) Ltd have their own privacy statement which is available here.
1. It is important to Sage Qualifications that our websites are easy to use, accessible and reliable. To help users, small files, called cookies, place small amounts of information on your computer or other device used to access the internet, such as a mobile phone.
2. Cookies may be used on our sites to help personalise your visit, to improve how you use the site and to record your online activity. A cookie does not allow us to access you computer or the data about you except that which you share.
3. You can disable cookies by adjusting your browser settings, but some functions of the site may not work correctly.
5. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers.
6. In addition to Google Analytics, we also may use a range of other software to monitor user behaviour on our sites in order to optimise the service we provide. (for example Mouseflow which provides information on what attracts user attention on a site)
7. Where we have used Twitter ‘share’ buttons or widgets, Twitter will set cookies in the user’s browser. These cookies are pid, guest_id, k, and js.
9. Most users of this site are not required to sign up and log in as members. However, if you are a registered, logged-in member of this website, a ‘forms authentication cookie’ is used. This is a temporary (session) cookie, however on some sites users can make the cookie persistent by checking the "remember me" checkbox on the login control. A persistent ‘role’ cookie is also used for registered, logged-in members. While this cookie is persistent, it only exists for 1 minute. Its contents are encrypted and containing a site ID to make sure that the ID is only applied for this site. Where it is used we use the 1 minute expiry here because we want to be sure to refresh the users site roles to pick up any alterations that may have occurred e.g. if an admin has added the user to new roles.
10. It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website. All modern browsers allow you to change your cookie settings. You can usually find these settings in the 'options' or 'preferences' menu of your browser. To understand these settings, the following link may be helpful, or you can use the 'Help' option in your browser for more details.
The BBC website provides a user-friendly outline of cookies and how they work.
11. Please note Sage Qualifications is not responsible for the content on other websites.
11. Contacting us and who to complain to
1. If you would like to discuss anything in this policy, find out more about your rights or obtain a copy of the information we hold about you, please contact us.
2. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Lead who will investigate the matter. Contact details can be found below. Alternatively, you can complain directly to the Information Commissioner's Office (ICO).
3. Our Data Protection Officer is Elspeth Webb Elspeth.Webb@sagequalifications.com
Annex 1 – Legitimate Interest
The following are some examples of Sage Qualifications’ interests, outlining when and why we would use 'legitimate interest':
Note that when we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law.
Therefore, Sage Qualifications will not automatically override your personal data rights without your consent or just cause permitted by law.
1. Ordering online:
In order for us to process an order, payment has to be taken and contact information collected, including name, address and email address. This contact information helps us to ensure that access to the resources and sites are provided to the correct person, and access is not being gained fraudulently.
Note that all financial transactions are handled by an external Payment Gateway and Sage Qualifications does not collect or hold credit-card or bank account details on our sites or in our offices.
2. Responding to user enquiries
We hold some information so that should you need to contact us we can confirm we are dealing with the correct person and not an imposter.
3. Personalisation of our service:
In order to continually improve the service that we provide to our users we seek to enhance, modify, personalise and improve our online services.
For example if you have completed a course at a particular level you may find a course at a higher level of interest.
4. Optimising our sites
In order to ensure the structure on our sites is effective, and that users can rapidly navigate to relevant sections, we gather information about which sections of our sites are being visited, and about browsing journeys. We do this on a personalised as well as on an aggregated basis.
By reviewing this information we can make decisions about structure of the sites, and the navigation, and it allows us to provide you with the most relevant information.
5. Research and evidence:
Data we hold allows us to assess the effectiveness of our products, services, systems and relationships with you.
6. Due Diligence:
We will need to conduct investigations if we suspect that the site is being misused for example if we suspect some users are masquerading as other users.
Updated: June 2020