SAP PRIVACY STATEMENT

Privacy Statement was updated on 03/29/2023.


Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate the firm commitment of SAP (hereinafter "We", "SAP", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how We handle information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”).

A. SAP for Me Customer & Partner Portal

The SAP for Me application (“SAP for Me”) provides a repository as well as to act as a starting point where users related to customers and partners may gather necessary information around their SAP portfolio, to drive decisions and actions in time.

The main goal of SAP for Me is to consolidate and display associated user and company data, already accessible via the different digital properties of SAP (hereinafter referred to as "Components"), such as the SAP ONE Support Launchpad, SAP Learning Hub, and more. The view and maintenance of the data is simplified, by providing only one point of reference and contact.


General Information regarding the components displayed in SAP for Me


SAP for Me acts as a consolidation platform to enhance the user experience of the users related to SAP's customers and partners.

The personal data displayed in SAP for Me is a reflection of the underlaying data of the respective Component. In addition, SAP for Me provides functionalities for the user to update certain information directly.

SAP for Me is displaying the following categories of personal data, which is directly pulled from the databases of the different Components: First Name, Last Name, E-mail address, phone number, SAP UserID. SAP for Me does not aim at showing special categories of personal data.


The following Components are integrated in SAP for Me, and the privacy statements of the respective Components apply, which can be accessed through the following links:



The following information can be extracted from the privacy statements of the Components:


B. General information

I. Who do we mean when we say SAP in this Privacy Statement

The controller of SAP for Me is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany.

This Privacy Statement applies to the collection and processing of Personal Data during the central operation of this website and other globally operated SAP business activity by


You can reach SAP Group’s data protection officer any time at privacy[@]sap.com.

II. For what purposes does SAP process your Personal Data?

To provide you with access to SAP for Me

We require your Personal Data to grant access to SAP for Me.

To comply with statutory obligations

To pursue business relationships with customers, partners, and others

SAP processes Personal Data to pursue its business relationships with customers and partners to fulfill contractual business relations. This may include satisfying requests, processing orders, delivering an ordered product or service, or engaging in any other relevant action to establish, fulfill and maintain Our business relationships.

To operate SAP internet pages, web-offerings, or other online events

When operating its internet pages, web-offerings or other online events ("Web-Services"), SAP processes your Personal Data for the following purposes:

To use Cookies and similar tracking technologies

SAP processes information including Personal Data about the users of SAP for Me using cookies or similar technologies for the purposes set out in the Cookie Statement. By visiting the “Cookie Preferences” link in the footer of SAP for Me, you will find further information and have the option to exercise your cookie preferences.

To provide you with the search functionality “Coveo” embedded in SAP for Me

SAP processes certain user related information when you use the search functionality Coveo, which is embedded in SAP for Me, to provide you with the best result for your search. Your journey as a user gets tracked and specific data correlated, for example specifics events like the creation of a support ticket get matched with the KBA´s you viewed before the creation of the support ticket. These events will be associated with a specific visitor ID, which is persistent between sessions and between different applications in SAP for Me.

To offer SAP products and services

Feedback requests and surveys
To the extent allowed by applicable law, SAP may contact you for feedback regarding the improvement of the relevant material, product, or service. SAP may also invite you to participate in questionnaires and surveys. These will generally be designed so you can participate without having to provide information that identifies you as a participant. If you nonetheless provide your Personal Data, SAP will use it for the purpose stated in the questionnaire or survey or to improve its products and services.

Personalized Content
SAP processes information about your interactions with SAP across its various business areas and its offerings (your or your employers prior and current use of SAP products or services and your preferences as communicated with the onboarding to SAP for Me) to provide you with the requested products and services and to improve Our personal communications with you. This data may also be used to efficiently operate SAP’s business, which also includes: the automation and aggregation of data to support various analytic and statistical efforts, performance and predictive analytics and exploratory data science to support your customer journey and to fulfill such requests. To the extent permitted by law, SAP may combine and use such information in an aggregated manner to help Us understand your interests and business demands, and to create, develop, deliver, and improve Our personalized communications with you. It may also be used by SAP to display relevant content on SAP owned or third-party websites.

III. What categories of Personal Data does SAP process?

Contact Data

SAP processes the following categories of Personal Data as contact data: your first and last name, your (professional) email addresses, and (professional) telephone numbers, SAP User IDs with SAP.

Personal Data related to the business relationship with SAP

In the context of established business relationships, SAP processes User Ids, User name, User email address, company name (related to user), user´s certifications and trainings, user IP addresses, hashed credit card data). If you provide a credit card number or bank details to order products or services, SAP will collect this information to process your payment for the requested products or services.

Personal Data related to statutory law or regulation

If required by statutory law or regulation, SAP may process data categories User Ids, User name, User email address, company name (related to user), user IP addresses.

Data generated through your use of SAP for Me

Usage data
SAP processes certain user related information, e.g., info regarding your browser, operating system, or your IP address when you visit SAP for Me.
Registration data
SAP processes your contact data as set out above and other information which you may provide directly to SAP if you register for SAP for Me.

IV. From What Types of Third Parties does SAP obtain Personal Data?

In most cases, SAP collects Personal Data from you. SAP might also obtain Personal Data from a third party if the applicable national law allows SAP to do so. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided SAP with it or the applicable national law.
These third-party sources include:

V. How long does SAP store your Personal Data

SAP does only store your Personal Data for as long as it is required:

SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

VI. Who are the recipients of your Personal Data?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

SAP Group entities

As SAP is selling its products and services to its customers only via local business relationships, SAP may transfer your Personal Data to the locally relevant SAP group entity for the purpose and to the extent necessary to conduct a business relationship. Other entities of the SAP Group may also receive or gain access to Personal Data either when rendering group internal services centrally and on behalf of SAP SE and the other SAP group entities or when Personal Data is transferred to them on a respective legal basis. In these cases, these entities may process the Personal Data for the same purposes and under the same conditions as outlined in this Privacy Statement. The current list of SAP Group entities can be found here. If you would like to find out which SAP group entity is responsible for the business relationship with you or your employer, please contact us at sapcontractcenter[@]sap.com

SAP partners

With your consent or as otherwise indicated by your request, including to fulfill your ordered services, SAP may share your Personal Data with designated partner companies to provide you the product or service you have requested.

VII. What are your data protection rights?

Right to access, correct and delete

You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

Right to obtain a copy of Personal Data

If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data you provided to SAP. In this case, please contact privacy[@]sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.

Right to restrict

You can request from SAP to restrict your Personal Data from further processing in any of the following events:

Right to object

If and to the extent SAP is processing your Personal Data based on SAP's Legitimate Interest, specifically where SAP pursues its legitimate interest to engage in reviewing and managing your Customer and/or Partner information, you have the right to object to such a use of your Personal Data at any time.

When you object to SAP's processing of your Personal Data for reviewing and managing your Customer and/or Partner information SAP will immediately cease to process your Personal Data for such purposes. In all other cases, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which may override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.

Right to revoke consent

Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law.

Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service (or services, if you revoke the consent for SAP to use your profile under the SAP Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation.

Right to lodge a complaint

If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country or state where SAP has its registered seat.

VIII. How can you exercise your data protection rights?

Please direct any requests to exercise your rights to privacy[@]sap.com.

IX. How will SAP verify requests to exercise data protection rights?

SAP will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

X. Can you use SAP’s services if you are a minor?

Children . In general, SAP for Me is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use SAP for Me.

C. Additional Country and Regional Specific Provisions

I. Where SAP is subject to privacy requirements in the EU/EEA or a country with national laws equivalent to the GDPR

Who is the relevant Data Protection authority?

You may find the contact details of your competent data protection supervisory authority here. SAP’s lead data protection supervisory authority is in Germany, the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg and can be reached at Lautenschlagerstraße 20, 70173 Stuttgart.

What are the legal permissions for SAP to process Personal Data?

SAP is processing your Personal Data for the business purposes set out above based on the following legal permissions:

Where We refer to GDPR Article 6.I (f), consequently SAP’s legitimate business interest as Our legal permission to process your Personal Data, SAP is pursuing its legitimate business interests


We believe that Our interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain processing for such purpose. In any of these cases, We duly factor into Our balancing test:

If you wish to obtain further information on this approach, please contact privacy[@]sap.com.

To comply with statutory obligations

When ensuring compliance with applicable laws and regulations, SAP and local SAP group entities may process your Personal Data based on

To pursue business relationships with customers, partners, and others

When pursuing business relationships with customers, partners and others, SAP and local SAP group entities may be processing Personal Data based on:

To operate SAP internet pages, web-offerings, or other online events

When operating Web-Services") and depending on the respective operating purpose, SAP is processing your Personal Data on the basis of the following legal permissions:

To use Cookies and similar tracking technologies

When tracking and evaluating the usage behavior of users of Our Web-Services by means of cookies or similar technologies, SAP is processing your Personal Data on the basis of the following legal permissions:

To offer SAP products and services

When engaging in marketing activities, SAP is processing your Personal Data on the basis of the following legal permissions:

To provide you with access to SAP for Me

When SAP provides you with your Customer and/or Partner information to review and manage, SAP is processing your Personal Data on the basis of the following legal permissions:

How does SAP justify international data transfers?

As a global group of companies, SAP has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). SAP may transfer your Personal Data to countries outside the EEA as part of SAP’s international business operations. If We transfer Personal Data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your Personal Data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to privacy[@]sap.com. You may also obtain more information from the European Commission on the international dimension of data protection here.

II. Where SAP is subject to privacy requirements in Colombia.

Colombia-Specific Provisions apply to citizens of the Republic of Colombia.

III. Where SAP is subject to the requirements of the Brazilian General Data Protection Law (“LGPD”)

SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:

Paulo Nittolo Costa
Email: privacy[@]sap.com
Address: Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000

IV. Where SAP is subject to privacy requirements in the Philippines.

Where SAP is subject to certain privacy requirements in the Philippines, the following also applies:

For individuals within the Philippines, you may exercise your rights as follows:
You can call SAP to submit a request at:
Phone: +632-8705-2500
Address: SAP Philippines, Inc.
Attn: Data Protection Officer
27F Nac Tower, Taguig City 1632, Philippines

The following provisions apply to residents and citizens of the Philippines:

V. Where SAP is subject to privacy requirements in South Africa.

Where SAP is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following also applies:

“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA.

“You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA.

Systems Applications Products (Africa Region) Proprietary Limited & Systems Applications Products (South Africa) Proprietary Limited with registered address at 1 Woodmead Drive, Woodmed (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) and responsible party under the POPIA.

You may request details of personal information which We hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual, located here.

Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.

Phone: 011 325 6000
Address: 1 Woodmead Drive Woodmead Johannesburg South Africa 2148
Email: privacy[@]sap.com


If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017
Email: complaints.IR[@]justice.gov.za
Enquires: inforeg[@]justice.gov.za

VI. Where SAP is subject to privacy requirements in the United States of America.

Where SAP is subject to certain privacy requirements in the United States, the following also applies:

U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that SAP for Me is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.

VII. Where SAP is subject to privacy requirements in the State of California, USA.

Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:

You have the right:

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not sell or share your Personal Data. In the course of our business activities we may share Personal Data with third parties, or permit third parties to collect data across various SAP websites.

Data Subject Access Requests:

SAP receives Data Subject Access Requests from across the globe and works to ensure all valid requests where SAP is the Controller are responded to within the appropriate timeframe. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

In addition to contacting SAP at privacy[@]sap.com you may also exercise your rights as follows:
You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.”

VIII. Where SAP is subject to privacy requirements in Singapore.

Where SAP is subject to the requirements of the Singapore’s Personal Data Protection Act (“PDPA”), the following also applies:

SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:

Subject: Data Protection Officer
Address: Mapletree Business City, 30 Pasir Panjang Rd, Singapore 117440
Contact: +65 6664 6868