Privacy Statements

Privacy Statement was updated on 08/03/2021.

I. Preamble

Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate our firm commitment to the individual`s right to data protection and privacy. This Privacy Statement outlines how we handle information that can be used to directly or indirectly identify an individual.

II. SAP for Me application

The SAP for Me application (“SAP for Me”) provides a repository as well as to act as a starting point where customers and partners may gather necessary information around their SAP portfolio, to drive decisions and actions in time.

The main goal of SAP for Me is to consolidate and display associated user and company data, already accessible via the different digital properties of SAP (hereinafter referred to as "Components") (such as the SAP ONE Support Launchpad, SAP Learning Hub, and more). The view and maintenance of the data is simplified, by providing only one point of reference and contact. In addition, SAP for Me provides the functionality for the SAP for Me user to add/change his/her/their contact details directly into SAP's Customer Relationship Management (hereinafter referred to as "CRM") database, which gets synchronized in real-time with SAP for Me.

1. Who is the Data Controller?

The data controller in case of SAP for Me is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf") and its data protection officer can be reached at privacy[@]sap.com.

2. What Personal Data does SAP collect?

We collect some information about you in the context of your professional activities, consisting of your first and last name, your (professional) email addresses, and (professional) telephone numbers, SAP User ID (your "Personal Data").

3. Why does SAP need your Personal Data?

We require your Personal Data in order to

Kindly note that, although any provisioning of Personal Data is voluntarily to you, without your Personal Data SAP cannot provide you with access to SAP for Me.

4. From What Types of Third Parties does SAP obtain Personal Data?

In most cases SAP collects Personal Data from you. SAP might also obtain Personal Data from a third party, if the applicable national law allows SAP to do so. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided SAP with it or the applicable national law. These third-party sources include SAP and/or SAP Group’s business dealings with your employer.

5. How long does SAP store my Personal Data?

SAP will use your Personal Data only for as long as it is required (plus, where applicable, statutory data retention periods) to provide you with access to SAP for Me, provide support services to you, enable you to download content from SAP for Me, and evaluate of the feedback you provided via the surveys.

SAP will also retain your Personal Data for additional periods if it is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for SAP to assert or defend against legal claims, SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

6. Who are the recipients of my Personal Data and where will it be processed?

While providing these services in connection with SAP for Me to you, SAP may forward your Personal Data to companies within the SAP Group and third-party service providers located within and outside of the European Economic Area ("EEA").

As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy@sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission

7. What are your data protection rights?

You can request from SAP: access at any time to information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you state that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to access SAP for Me.

8. How can you exercise your data protection rights?

Please direct any such request to sap_business_security_office_support@sap.com.

For individuals within the State of California, you may also exercise your rights as follows:

You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf. If you are an Individual with a disability, contact SAP at the above address or toll-free phone number to access the Privacy Statement in an alternative format

9. How will SAP verify requests to exercise data protection rights?

SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.

In accordance with the verification process set forth in the California Consumer Privacy Act (“CCPA”), SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

Right to lodge a complaint. If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.

10. Can you use SAP’s services if you are a minor?

Children. In general SAP for Me is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use SAP for Me.

11. Why does SAP need to use my Personal Data and on what legal basis is SAP using it?

We will only process your Personal Data whenever it is necessary.

You can at any time object to SAP’s use of your Personal Data as set forth in this section by sending an email to sap_business_security_office_support@sap.com. In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise or defense of legal claims.

12. Cookies and similar tools

Information gathered by cookies or similar technologies, and any use of such information, is further described in SAP’s Cookie Statement. You can exercise your cookie preferences as outlined in SAP’s Cookie Statement.

III. General Information regarding the components displayed in SAP for Me

For the below mentioned Privacy Statements of the Components, SAP SE, with its registered seat in Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany (hereinafter referred to as "SAP") is the data controller. They describe how personal data is collected, processed, and used in the different Components.

SAP for Me acts as a consolidation platform to enhance the user experience of SAP's customers. The personal data displayed in SAP for Me is a real time image of the underlaying database of the respective Component. The user needs to register her-/him-/theirself first at the page of the respective Component, otherwise the data cannot be displayed in SAP for Me. SAP for Me does only display the data and is not capable of executing any alteration of the personal data like blocking, rectification, or permanent deletion, which needs to be triggered via the respective Component.

SAP for Me is displaying the following categories of personal data, which is directly pulled from the data bases of the different Components: First Name, Last Name, E-mail address, phone number, SAP UserID. SAP for Me does not aim at showing sensitive personal data.

On the SAP for Me page, it is made transparent which Component is hosting and processing the personal data of the user.

Therefore, the privacy statements of the respective Components apply and can be accessed through the following links:

The following information can be extracted from the privacy statements of the Components:

If you take the view that SAP for Me is not displaying your personal data in accordance with the privacy statements of the respective components, please direct any such request to sap_business_security_office_support@sap.com.

Additional Country and Regional Specific Provisions

Where SAP is subject to certain privacy requirements in the United States, the following also applies:

U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that SAP for Me is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.

Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:

Do Not Track. Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to our Cookie Statement. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. Please note that if you do not accept cookies, you may not be able to use certain functions and features of our site. This site does not allow third parties to gather information about you over time and across sites.

You have the right:

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not and will not sell your Personal Data. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

In addition to contacting SAP at sap_business_security_office_support@sap.com, you may also exercise your rights as follows:

You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

Where SAP is subject to certain privacy requirements in the Philippines, the following also applies:

For individuals within the Philippines, you may also exercise your rights as follows:

You can call or write to SAP to submit a request at:

Phone: +632-8705-2500

Address: SAP Philippines, Inc.

Attn: Data Protection Officer

27F Nac Tower, Taguig City 1632, Philippines

The following two provisions apply to citizens of the Philippines:

If you are the subject of a privacy violation or personal data breach, or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission.

Russian-Specific Provisions apply to citizens of the Russian Federation.