This Privacy Statement was updated on December 21, 2021
Privacy Statement for SAP Partner Portal (“Privacy Statement”)
Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate our firm commitment to the individual`s right to data protection and privacy. This Privacy Statement outlines how we handle information that can be used to directly or indirectly identify an individual.
A. GENERAL INFORMATION
Who is the Data Controller?
The data controller of SAP Partner Portal is SAP America, Inc., 3999 West Chester Pike, Newtown Square, PA 19073, USA (“SAP”) and its data protection officer can be reached at privacy@ sap.com.
What Personal Data does SAP collect?
When you visit SAP’s websites, SAP stores certain information about your browser, the operating system, and your IP address.
If you use a registration form, SAP will collect the information you provide to SAP, which consists of your first and last name, email addresses, telephone numbers, location (country, state/province, city), employer name, job title/role, department and function, current relationship to SAP, and your employer’s industry. If you provide a credit card number or bank details to order goods or services from SAP, then SAP will collect this information to process your payment for the requested goods or services.
If you participate in trainings or learning, SAP will also collect courses taken, course completion status, course start date, course end date, and performance metrics.
Why does SAP need your Personal Data?
SAP requires your Personal Data to:
Although providing Personal Data is voluntary, SAP may not be able to perform or satisfy your request without it. For example, SAP might require your Personal Data to process an order you place, or to provide you with access to a web offering that you requested. In these cases, it is not possible for SAP to satisfy your request without certain Personal Data.
Kindly note that you can order goods or services without providing a consent into SAP’s further marketing operations.
From What Types of Third Parties does SAP obtain Personal Data?
In most cases SAP collects Personal Data from you. SAP might also obtain Personal Data from a third party, if the applicable national law allows SAP to do so. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided SAP with it or the applicable national law. These third-party sources include:
How long will SAP store my Personal Data?
SAP will also retain your Personal Data for additional periods if it is required by mandatory law to do so, or where your Personal Data is required for SAP to assert or defend against legal claims. In such case, SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.
Who are the recipients of your Personal Data and where will it be processed?
Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:
As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to email@example.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission.
What are your data protection rights?
You can request from SAP: access at any time to information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data that you have provided to SAP. In this case, please contact the email address below and specify the information or processing activities to which your request relates, the format in which you would like to receive this information, and whether the Personal Data should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best fulfill it.
Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you state that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.
Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
How can you exercise your data protection rights?
Please direct any requests to exercise your rights to firstname.lastname@example.org.
SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.
SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.
Right to lodge a complaint. If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.
Children. In general, SAP Partner Portal is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use SAP Partner Portal.
B. PROCESSING BASED ON A STATUTORY PERMISSION
Why does SAP need to use my Personal Data and on what legal basis is SAP using it?
Processing to fulfill contractual obligation:
SAP requires your Personal Data to deliver goods or services you order under a contract SAP has with you, to establish a contract for goods or services between you and SAP, and to send you invoices for ordered goods or services. SAP processes Personal Data to fulfill contractual obligations pursuant to Article 6(1) lit. b GDPR or the equivalent article under other national laws, when applicable.
Processing when necessary to fulfill SAP’s contractual obligation includes responding to your related inquiries, processing your feedback or providing you with support. This can also include conversation data that you may initiate or enable such as through the chat functionalities on SAP.com or other local SAP web presences, through contact forms, emails, or by telephone. In this Privacy Statement, “goods and services” includes access to SAP’s web services, offerings, contests, sweepstakes, other content, non-marketing related newsletters, whitepapers, tutorials, trainings and events.
Furthermore, SAP communicates on a regular basis by email with users who subscribe to its services and will also communicate by phone to resolve your or other customer complaints or to investigate suspicious transactions.
SAP will use your email address to confirm your opening of an account, to send you notice of payments, to send you information about changes to its products and services, and to send notices and other disclosures as required by law. Generally, users cannot opt out of these communications because these communications are required for the relevant business relationship and not marketing-related in nature.
For marketing-related communications such as emails and phone calls, SAP will (i) only provide you with such information after you have opted in, if legally required, and (ii) provide you the opportunity to opt out if you do not want to receive further marketing-related communications. You can also opt out of marketing-related communications at any time by updating your preferences at https://www.sap.com/profile/unsubscribe.html.
Processing to ensure compliance:
SAP and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that, pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, SAP is required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through SAP’s websites or other delivery channels controlled by SAP. This could include (i) automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information; (iii) blocking of access to SAP’s services and systems in case of a potential match; and (iv) contacting a user to confirm his or her identity in case of a potential match. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Article 6 para. 1 lit. c GDPR or the equivalent articles under other national laws, when applicable) and SAP‘s legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent articles under other national laws, when applicable).
Furthermore, you acknowledge that information required to track your data protection and privacy choices for processing your Personal Data, or for receipt of marketing materials (that is to say, depending on the country in which the relevant SAP Group company operates and whether you have expressly consented to or opted out of receiving marketing materials) may be exchanged among members of the SAP Group when necessary to ensure that the SAP Group complies with your choices.
Processing based on SAP’s legitimate interest:
SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR) or the equivalent article under other national laws, when applicable as follows:
You can at any time object to SAP’s use of your Personal Data as set forth in this section by sending an email to email@example.com. In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise or defense of legal claims.
Processing under applicable national laws:
If the applicable national law allows SAP to do so, SAP will use information about you for a business purpose, some of which is Personal Data
C. PROCESSING BASED ON CONSENT
In the following cases, SAP will process your Personal Data if you granted prior consent to the specific proposed processing of your Personal Data (Article 6(1) lit. a GDPR). Each below section about a processing operation of Personal Data is linked to one consent statement in the Consent Resource Center. If you re-open this Privacy Statement after you initially grant one or more consents, you will see the full Privacy Statement and not just information on the consents you granted.
News about SAP’s Products and Services. Subject to a respective provision and your consent, SAP may use your name, email and postal address, telephone number, job title and basic information about your employer (name, address, and industry) as well as an interaction profile based on prior interactions with SAP (prior purchases, participation in webinars, seminars, or events or the use of (web) services - further details on this topic can be found in the Cookie Statement displayed on the relevant SAP website) in order to keep you up to date on the latest product announcements, software updates, software upgrades, special offers, and other information about SAP’s software and services (including marketing-related newsletters) as well as events of SAP and in order to display relevant content on SAP’s websites. In connection with these marketing-related activities, SAP may provide a hashed user ID to third party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram or Google) where this information is then matched against the social networks’ data or the web offerings’ own data bases in order to display to you more relevant information.
Creating user profiles. SAP offers you the option to use its web offerings including forums, blogs, and networks (such as the SAP Community) linked to this website that require you to register and create a user profile. User profiles provide the option to display personal information about you to other users, including but not limited to your name, photo, social media accounts, postal or email address, or both, telephone number, personal interests, skills, and basic information about your employer.
These profiles may relate to a single web offering of SAP or, if created in the SAP Cloud Platform Identity Authentication Service, may also allow you to access other web offerings of SAP or of other entities of the SAP Group, or both (irrespective of any consent granted under the section “Forwarding your Personal Data to other SAP companies.” below). It is, however, always your choice which of these additional web offerings you use and your Personal Data is only forwarded to them once you initially access them. Kindly note that without your consent for SAP to create such user profiles SAP will not be in a position to offer such services to you where your consent is a statutory requirement that SAP can provide these services to you.
Within any web offering, beyond the mere provision of access your profile is used to personalize interaction with other users (for example, by way of messaging or follow functionality) and by SAP to foster the quality of communication and collaboration through such offerings and for SAP to provide gamification elements (gamification is the process of taking something that already exists, such as a website, an enterprise application, or an online community, and integrating game mechanics into it to motivate participation, engagement, and loyalty). To the greatest extent supported by the relevant web offering, you can use the functionality of the relevant web offering to determine which information you want to share.
Special categories of Personal Data. In connection with the registration for and provision of access to an event or seminar, SAP may ask for information about your health for the purpose of identifying and being considerate of individuals who have disabilities or special dietary requirements throughout the event. Any such use of information is based on the consent you grant hereunder.
Kindly note that if you do not provide any such information about disabilities or special dietary requirements, SAP will not be able to take any respective precautions.
Event profiling. If you register for an event, seminar, or webinar of SAP, SAP may share basic participant information (your name, company, and email address) with other participants of the same event, seminar, or webinar for the purpose of communication and the exchange of ideas.
Forwarding your Personal Data to other SAP companies. SAP may transfer your Personal Data to other entities in the SAP Group. The current list of SAP Group entities can be found here. In such cases, these entities will then use the Personal Data for the same purposes and under the same conditions as outlined in this Section C. above.
Forwarding your Personal Data to other third Parties. At your request, as indicated by your consent, SAP will transfer your registration data to the companies listed on the registration page. The companies will use your registration data for the purposes of their participation in the event and are obliged to delete the data thereafter. If a company intends to use your data for any other purposes, they will contact you to explain how and for which other purposes they will use your registration data.
Revocation of a consent granted hereunder. You may at any time withdraw a consent granted hereunder by unsubscribing at https://www.sap.com/profile/unsubscribe.html. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of personal data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will not be (any longer) able to provide the relevant service (or services, if you revoke the consent for SAP to use your profile under the SAP Cloud Platform Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation.
D. COOKIES AND SIMILAR TOOLS
Information gathered by cookies or similar technologies, and any use of such information, is further described in SAP’s Cookie Statement. You can exercise your cookie preferences as outlined in SAP’s Cookie Statement.
E. ADDITIONAL COUNTRY-SPECIFIC PROVISIONS
For individuals within the Philippines, you may exercise your rights as follows:
You can call or write to SAP to submit a request at: firstname.lastname@example.org
Address: SAP Philippines, Inc.
Attn: Data Protection Officer
27F Nac Tower, Taguig City 1632, Philippines
“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA.
“You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA.
Systems Applications Products (Africa Region) Proprietary Limited and Systems Applications Products (South Africa) Proprietary Limited with registered address at 1 Woodmead Drive, Woodmed (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) and responsible party under the POPIA.
You may request details of personal information which we hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual, located here.
Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.
Phone: 011 325 6000
Address: 1 Woodmead Drive, Woodmead, Johannesburg, South Africa 2148
If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017
U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that SAP Partner Portal is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.
In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not and will not sell your Personal Data. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.
In addition to contacting SAP at email@example.com, you may also exercise your rights as follows:
You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.