Sage's Privacy Policy

This privacy policy details how Sage collects, uses and shares your Personally Identifiable Information (‘Personal Information’).

The Sage entity that contracts with you or owns or administers the service provided to you, is typically the Data Controller of your Personal Information.

For information about our processing of Personal Information as required by applicable U.S. laws, see our U.S. Consumer Privacy Notice. 

Information we collect

Sage collects Personal Information either directly from you, or from third-parties. We may in some circumstances process special category personal information. When we do so this processing will be carried out in line with all applicable regulatory requirements.

Personal Information collected directly from you

The type of Personal Information that we collect directly from you will vary depending on your relationship with Sage. Personal Information collected by Sage may include, but is not limited to:

• Your name, social media handle, email address, home or postal address, telephone number;
• Usernames, passwords, profile and account information
• Educational and/or professional information regarding your field of expertise or area of interest;
• Payment information, such as a credit or debit card number;
• Communications preferences in respect of email marketing, or eToc alerts.

We may also collect information about how you interact with Sage, which may include information such as your IP address, browser and other technical identifiers. We collect this data through the use of cookies and other similar technologies. You can control cookies through your browser's settings and via our cookie banner. For full details, please visit our cookie policy.

Data from third parties

We may obtain Personal Information about you from other sources, some examples of which are listed below:

• The institution with which you are employed or affiliated;
• Partners with which we engage in marketing activities;
• Publicly available sources including but not limited to social networks, institutional or other webpages;
• Partners who help deliver our services to you.
• Companies or businesses that are acquired or sold by Sage as part of a share or asset purchase.

How we use your information

We use your personal information to:

• Perform and manage any contract you may have entered into with Sage;
• Enable, deliver, and manage your usage of Sage services;
• Engage in direct communications with you;
• Engage in communications about you to relevant third parties;
• Facilitate and manage payments to or from you;
• Provide technical support;
• Invite you to submit or review manuscripts;
• Monitor your use of certain Sage services;
• Enhance Sage’s services and notify you about relevant updates;
• Carry out marketing and promotional activities;
• Invite you to gatherings and events;
• Perform any other legitimate purpose as mandated or permitted by applicable law.

Sharing of your information

We share your Personal Information in the following ways and contexts.

For the purposes referred to in this policy and relying on the bases for processing as set out in this policy, we may share your Personal Information amongst entities within the Sage group from time to time, these entities include:

• Sage Publications, Ltd in the United Kingdom;
• Sage Publications, Inc in the United States;
• Sage Publications, PVT Ltd in India;
• Sage Publications, Pte Ltd in Singapore;
• Corwin Press, Inc. in the United States and
• Other Sage group entities.

We may also share your Personal Information with our business partners who are providing a service to us, or on behalf of us, examples include but are not limited to:

• carrying out a contract that we have with you;
• for the purposes of enabling access to a product;
• enabling access and use of a web-based platform;
• to perform a co-marketing agreement with a third-party vendor;
• to enable the use of web analytics services;
• To enable use of a  manuscript submission and peer review system;
• Or to otherwise provide services to you.

Where the products or services that you have accessed via Sage are provided by us on behalf of a third party such as an academic society or association, we may share your details with them.

We may also transfer relevant Personal Information to another publisher (e.g. detail of article authors, editors and board members/subscribers) in circumstances when publication rights transfer to another publisher.

We may also disclose your Personal Information to relevant parties if we have a good faith belief that such disclosure is legally permissible or mandated.

Your rights in respect of your personal information

You have the following rights:

• to obtain access to, and copies of, the Personal Information that we hold about you;
• to require us to correct the Personal Information we hold about you if it is incorrect;
• to require us to erase your Personal Information;
• to require us to restrict our data processing activities;
• where our processing is based on your consent, the right to withdraw that consent (without affecting the lawfulness of our processing based on consent before its withdrawal);
• where the processing is carried out by automated means, to receive from us the Personal Information we hold about you which you have provided to us, in a reasonable format specified by you (including for the purpose of you transmitting that Personal Information to another data controller);
• to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights; and
• to require us not to send you marketing communications;

Please note that these rights are not absolute, and we may be entitled to refuse or refine requests where exceptions apply, or where such a right is not available in your jurisdiction. If you wish to exercise any of these rights, or contact us regarding a different data privacy issue or concern, please use this online Data Privacy Portal.

Data Retention

We retain your personal information for as long as is necessary. What is necessary depends on all the circumstances of the case. We will typically retain your information for seven (7) years after your last recorded interaction with Sage although there may be exceptions to this. For example, we may delete your information in advance of the seven year period if it is clear that it is no longer needed. Conversely, we may retain your information longer than the seven year period if we have a legal obligation to do so or if another exception applies.

Lawful basis for processing

When we process any personal information within the scope of certain privacy and data protection laws, we may do so:

• To provide a service or enter into or perform a contract with you;
• To comply with applicable laws;
• To perform a task carried out in the public interest;
• With your consent; and/or
• in satisfaction of your (or our) legitimate interests.

Locations of processing

Your Personal Information may be stored and processed in your region or another country where Sage entities and/or their service providers operate. These countries currently include but are not limited to Australia, China, India, Ireland, Italy, the Netherlands, Norway, Singapore, the United Kingdom, and the United States. We ensure that your Personal Information is adequately protected through a legally compliant data transfer contract, or other appropriate mechanism.

Changes

We will update this privacy policy from time to time and review this policy annually. Any changes will be posted on this page with an updated revision date.

Contact us

If you have any comments, questions or concerns about anything you have read on this page or you are concerned how your personal information has been handled by Sage, you can contact us via our Data Privacy Portal.

Information for US Residents

If you are a resident of the United States, state privacy law may provide you with additional rights regarding our use of your personal information.  To learn more about your privacy rights, please visit our US Privacy Statement.

EU/EEA GDPR Representative (Article 27)