UK GDPR: Website Privacy Notice

Your Privacy Notice

This is the privacy notice for Sage Strategy. We are committed to protecting your personal data and respecting your privacy. This notice explains how we handle your data when you visit our website, what your privacy rights are, and how data protection laws protect you.

This notice is organised into sections for easy navigation. Alternatively, you can download a PDF version of the full policy here

1. Important Information & Who We Are

Purpose of This Notice

This privacy notice explains how we collect and use your personal data through your use of this website. This includes any data you provide when you sign up to our newsletter, purchase a digital product or service or take part in a competition. Our website is not intended for children, and we do not knowingly collect their data.

You should read this notice alongside any other privacy notices we might provide on specific occasions. This notice is a supplement and does not override them.

Our Details

  • Heather Vincent is the data controller and is responsible for your personal data. In this notice, "COMPANY," "we," "us," or "our" refers to this entity. Our contact details are Unit 136435, PO Box 7169, Poole, BH15 9EL. Email heather@sagestrategy.co.uk, Telephone 07786 226000.

For all data matters, contact our Data Protection Officer on heather@sagestrategy.co.uk

Heather Vincent is the specific entity responsible for this website.

Third-Party Websites

Our website may contain links to third-party websites, plug-ins, and applications. We do not control these sites and are not responsible for their privacy practices. We encourage you to read the privacy notice of every website you visit after you leave ours.

2. The Personal Data We Collect

Personal data is any information that can identify you as an individual. We may collect, use, store, and transfer different types of personal data, which we have grouped as follows:

  • Identity Data: This includes your FIRST NAME/LAST NAME/ USERNAME/ DATE OF BIRTH.

  • Contact Data: This includes your BILLING ADDRESS/DELIVERY ADDRESS/EMAIL ADDRESS/ TELEPHONE NUMBERS.

We also collect and share Aggregated Data (like statistics or demographics). This data is not considered personal because it does not identify you directly. However, if we combine it with your personal data in a way that can identify you, we will treat that combined data as personal data.

We do not collect any Special Categories of Personal Data (such as race, ethnicity, or health data) or information about criminal convictions or offenses.

What Happens If You Don’t Provide Data?

If we need to collect your personal data to fulfil a contract or to comply with the law and you fail to provide it, we may not be able to provide the product or service you requested. If this happens, we will notify you at the time.

3. How We Collect Your Personal Data

We use different methods to collect data from and about you, including:

  • Directly: You may give us your IDENTITY, CONTACT AND FINANCIAL DATA by filling in forms or by corresponding with us via mail, phone, or email. This happens when you:

    • Apply for our products or services;

    • Create an account on our website;

    • Subscribe to our service or publications;

    • Request marketing from us.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we use your data in the following situations:

  • To fulfil a contract with you: This means processing your data to perform a contract you are a part of, or to take steps at your request before entering into one.

  • For our legitimate interests: This means using your data to run our business, provide the best service, and ensure a secure experience. We always balance our interests against any potential impact on you and your rights.

  • To comply with a legal or regulatory obligation: This is when we must process your data to meet a legal requirement, we are subject to.

WE DO NOT USE CONSENT AS A LEGAL BASIS FOR PROCESSING YOUR DATA FOR DIRECT MARKETING, UNLESS IT IS FOR THIRD-PARTY MARKETING. YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME BY CONTACTING US AT heather@sagestrategy.co.uk

How We Use Your Data: A Quick Summary

We have outlined below how we plan to use your personal data and the legal bases we rely on.

  • Purpose: To register you as a new customer

  • Type of Data: Identity, Contact

  • Legal Basis: Performance of a contract with you

Marketing

We may use your data to decide which products, services, and offers might be relevant to you. You will receive marketing from us if you have purchased goods or services from us or given us your details at a competition or promotion, and you haven’t opted out.

We will always get your express opt-in consent before we share your personal data with any company outside the Sage Strategy group for marketing purposes.

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by emailing heather@sagestrategy.co.uk.

Cookies

You can set your browser to refuse all or some cookies. If you do, some parts of this website may become inaccessible or not function properly. For more information, please see our [LINK TO YOUR COOKIE POLICY].

Changes to How We Use Your Data

We will only use your personal data for the purposes for which we collected it. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis for doing so. We may also process your data without your knowledge or consent if required or permitted by law.

5. Who We Share Your Personal Data With

We may share your data with the following parties for the purposes listed above:

  • Internal Third Parties: Business Owner

  • External Third Parties: These are trusted service providers who help us run our business, such as:

    • Service providers who offer IT and system administration services.

    • Professional advisors like lawyers, bankers, and auditors.

    • Regulators and authorities like HM Revenue & Customs.

  • Business transfers: We may share your data if we sell or merge parts of our business. If a change happens, the new owners may use your personal data in the same way.

We require all third parties to respect the security of your data and use it only for the purposes we specify and in accordance with our instructions.

6. International Transfers

Some of our trusted service providers are based outside the UK, which means your personal data may be transferred internationally. Whenever this happens, we ensure that appropriate safeguards are in place to protect your information, such as:

  • Using service providers located in countries deemed to provide an adequate level of protection by the UK Government; or

  • Putting in place specific contracts approved for use in the UK (for example, the UK Addendum to the EU Standard Contractual Clauses) which give your data the same protection it has in the UK.

If you would like more information on how your data is protected when transferred internationally, please contact us at heather@sagestrategy.co.uk

7. Data Security

We have put in place strong security measures to protect your personal data from being lost, used, or accessed in an unauthorised way. We also limit access to your data to only those employees, contractors, and third parties who have a business need to know.

We have procedures in place to handle any suspected data breach and will notify you and any applicable regulator if we are legally required to do so.

8. Data Retention

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.

By law, we must keep basic information about our customers (including contact, identity, financial, and transaction data) for 6 years after they stop being customers for TAX purposes.

In some circumstances, you can ask us to delete your data. You can also ask us to anonymise your data for research or statistical purposes, in which case we may use it indefinitely without further notice.

9. Your Legal Rights

Under data protection laws, you have the following rights regarding your personal data:

  • The right to request a copy of the data we hold about you.

  • The right to request a correction if your data is inaccurate or outdated.

  • The right to request your data be erased when it is no longer necessary to keep it.

  • The right to withdraw consent at any time.

  • The right to request data portability, which means we will provide your data to you or a third party in a structured format.

  • The right to object to our processing of your data.

  • The right to request a restriction on further processing if there is a dispute over the accuracy of your data.

To exercise any of these rights, please contact heather@sagestrategy.co.uk

What We May Need From You:

We may need to request specific information from you to confirm your identity and ensure your right to access your personal data. This is a security measure to ensure your data is not shared with the wrong person.

Time to Respond

We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made several requests, it may take us longer, and we will keep you updated.

10. Changes to This Notice

This version was last updated on 1st October 2025. Please keep us informed if your personal data changes during your relationship with us, as it is important that the data we hold is accurate and current.

11. Questions or Concerns

For any questions, requests, or complaints about this policy or any other data protection matter, please contact our DATA PROTECTION OFFICER heather@sagestrategy.co.uk

If this does not resolve your complaint, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) on 03031231113 or via their website at https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.