Privacy Statement

 

This Privacy Statement was updated on April 5, 2023

Privacy Statement
SAP Digital Skills Initiative

Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate the firm commitment of SAP (hereinafter "We", "SAP", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how We handle information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”). 

A. General information

Who do We mean when We say SAP in this Privacy Statement?

 

This Privacy Statement applies to the collection and processing of Personal Data to grant you access to student exclusive learning journeys and, after completion of a learning journey, to award and track free certification attempts to people who are currently underrepresented in the technology industry by

  • SAP SE, Dietmar-Hopp-Allee 16 Walldorf 69190, Germany if you are in a member state of the European Union (EU) or the European Economic Area (EWR) or in any of the countries of Andorra, Faroe Islands, Guernsey, Isle of Man, Jersey, Switzerland, or the United Kingdom or by

  • SAP America Inc., 3809 West Chester Pike, Suite 200, Newtown Square, PA 19073, USA if you are in any other country, or

  • a specific SAP group entity as may be stated in the “Additional Country and Regional Specific Provisions” at the end of this Privacy Statement.

You can reach SAP Group’s data protection officer any time at privacy[@]sap.com

 

 

For what purposes does SAP process your Personal Data?

 

To provide you with access to student exclusive learning journeys and to award and track free certification attempts after completion of the respective learning journeys. We require your Personal Data to grant you access to the learning journeys, to monitor your learning progress, to award you the certification attempts and subsequently track your certification progress.

To pursue business relationships with customers, partners, and others

SAP processes Personal Data to pursue its business relationships with customers, partners, and other users to fulfill pre-contractual and contractual business relations. This may include satisfying requests, processing orders, delivering an ordered product or service, or engaging in any other relevant action to establish, fulfill and maintain Our business relationships.

 

Products and services may include any of SAP’s on-prem and cloud software products, web services, apps, online-forums, webinars and events, non-marketing related newsletters, white papers, tutorials, trainings, as well as other offerings like contests or sweepstakes. When you purchase or intend to purchase products or services from SAP on behalf of a corporate customer or are otherwise associated as contact person for the business relationship between SAP and a corporate customer or partner (a “Customer Contact”), SAP will use your Personal Data for this purpose. More specifically, SAP may use your Personal Data to confirm your opening of an account, manage the contract execution, send you disclosures as may be required by law, notice of payments, and other information about Our products and services. SAP may respond to related inquiries, provide you with necessary support and process your feedback.


To offer SAP products and services

We aim to keep customers and prospects updated on upcoming events and SAP’s latest products and services. Further, We also desire to keep Our customers and partners satisfied with Our products and services and therefore ask them on a regular basis for their feedback. If possible, We may contact you to discuss further your interest in SAP services and offerings.

Feedback requests and surveys

To the extent allowed by applicable law, SAP may contact you for feedback regarding the improvement of the relevant material, product, or service. SAP may also invite you to participate in questionnaires and surveys. These will generally be designed so you can participate without having to provide information that identifies you as a participant. If you nonetheless provide your Personal Data, SAP will use it for the purpose stated in the questionnaire or survey or to improve its products and services.

 

To keep you up to date

Within an existing business relationship between you or your employer and SAP, SAP processes your Personal Data to inform you about SAP products or services which are similar or relate to products and services you or your employer have already purchased or used. SAP will inform you by email or phone about such news only as far as it is allowed by law, or if SAP has collected such information in the context of the business relationship. You are entitled to object to SAP’s use for this purpose at any time by selecting the opt-out option at the bottom of each marketing related approach.


Personalized Content

SAP processes information about your interactions with SAP across its various business areas and its offerings (your or your employers prior and current use of SAP products or services, your participation in and use of SAP’s web offerings, events, white papers, free trials or newsletters) to provide you with the requested products and services and to improve Our personal communications with you. This data may also be used to efficiently operate SAP’s business, which also includes: the automation and aggregation of data to support various analytic and statistical efforts, performance and predictive analytics and exploratory data science to support your customer journey and to fulfill such requests. To the extent permitted by law, SAP may combine and use such information in an aggregated manner to help Us understand your interests and business demands, develop Our business insight and marketing strategies, and to create, develop, deliver, and improve Our personalized communications with you. It may also be used by SAP to display relevant content on SAP owned or third-party websites.

 

Advertising ID’s

Provided your consent or to the extent permitted by applicable law, SAP may create a hashed user ID to provide to third party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram or Google). This information is then matched against the third party’s own user database to display to you more relevant SAP content.

 

In the context of your or your employers use of Our products or services, SAP may communicate with you by post, email, live chat, contact forms, phone or any other medium to resolve your, a user’s, or a customer’s question or complaint or to investigate suspicious transactions. In case of telephone calls or chat sessions, SAP may record such calls or chat sessions to improve the quality of SAP’s services after informing you accordingly during that call and, subject to applicable law, receiving your prior consent before the recording begins.

 

Customer Satisfaction - Within an existing business relationship between you or your employer and SAP, SAP processes your Personal Data to help Us understand how satisfied you are with the functionality and quality of Our products and services, to provide you with relevant information on Our latest product announcements, software updates or upgrades, events, special offers, and other information about SAP’s software and services that is relevant and useful to you.

 

 

What categories of Personal Data does SAP process?


Contact Data

SAP processes the following categories of Personal Data as contact data: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers, and your relationship history with SAP.

 

Progress Data

SAP processes your learning and certification progress related to the Digital Skills Initiative.

 

Personal Data necessary for customer satisfaction

To the extent permitted by law or based on your consent, SAP may combine the information We collect either directly or indirectly about specific users to ensure the completeness and correctness of the data and to help Us better tailor Our interactions with you and determine the information which best serves your respective interest or demand.

 

 

How long does SAP store your Personal Data?

SAP does only store your Personal Data for as long as it is required:

  • for the performance of the SAP Digital Skills Initiative;

  • to make your related learning journeys and certification attempts available to you;

  • to process your related certification attempts;

  • to fulfill SAP’s legitimate business purposes as further described in this Privacy Statement, unless you object to SAP’s use of your Personal Data for these purposes

SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

 

 

Who are the recipients of your Personal Data?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

  • companies within the SAP Group;

  • third party service providers; for e.g., for consulting or other services, the provision of the website, the fulfillment and provisioning of offers from SAP or newsletter dispatch.

SAP Group entities

As SAP is selling its products and services to its customers only via local business relationships, SAP may transfer your Personal Data to the locally relevant SAP group entity for the purpose and to the extent necessary to conduct a business relationship. Other entities of the SAP Group may also receive or gain access to Personal Data either when rendering group internal services centrally and on behalf of SAP SE and the other SAP group entities or when Personal Data is transferred to them on a respective legal basis. In these cases, these entities may process the Personal Data for the same purposes and under the same conditions as outlined in this Privacy Statement. The current list of SAP Group entities can be found here. If you would like to find out which SAP group entity is responsible for the business relationship with you or your employer, please contact Us at digitalskills[@]sap.com.

 

 

What are your data protection rights?

 

Right to access, correct and delete
You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

 

Right to obtain a copy of Personal Data
If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data you provided to SAP. In this case, please contact digitalskills[@]sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.

 

Right to restrict
You can request from SAP to restrict your Personal Data from further processing in any of the following events:

  • you state the Personal Data about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data,

  • there is no legal basis for SAP to process your Personal Data and you demand SAP to restrict your Personal Data from further processing,

  • SAP no longer requires your Personal Data, but you state you require SAP to retain such data to claim or exercise legal rights or to defend against third party claims, or

  • in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

Right to object
If and to the extent SAP is processing your Personal Data based on SAP's Legitimate Interest, specifically where SAP pursues its legitimate interest to engage in direct marketing, you have the right to object to such a use of your Personal Data at any time.

 

When you object to SAP's processing of your Personal Data for direct marketing purposes, SAP will immediately cease to process your Personal Data for such purposes. In all other cases, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which may override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.

 

Right to revoke consent
Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.

 

Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service (or services, if you revoke the consent for SAP to use your profile under the SAP Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation.

 

Right to lodge a complaint
If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country or state where SAP has its registered seat.

 

 

How can you exercise your data protection rights?

Please direct any requests to exercise your rights to digitalskills[@]sap.com .

 

 

How will SAP verify requests to exercise data protection rights? 

 

SAP will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise.  When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP. 

 

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

 

 

Can you use SAP’s services if you are a minor?

 

Children. In general, SAP Digital Skills Initiative is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use this SAP Digital Skills Initiative.

B. Additional Country and Regional Specific Provisions

Where SAP is subject to privacy requirements in the EU/EEA or a country with national laws equivalent to the GDPR

 

Who is the relevant Data Protection authority?

 

You may find the contact details of your competent data protection supervisory authority here. SAP’s lead data protection supervisory authority is in Germany, the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg and can be reached at Lautenschlagerstraße 20, 70173 Stuttgart.

 

 

What are the legal permissions for SAP to process Personal Data?

 

SAP is processing your Personal Data for the business purposes set out above based on the following legal permissions:

Where We refer to GDPR Article 6.I (f), consequently SAP’s legitimate business interest as Our legal permission to process your Personal Data, SAP is pursuing its legitimate business interests

  • to efficiently manage and perform its business operations,

  • to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of Our employees, customers, partners, and shareholders,

  • to operate sustainable business relationships with SAP customers and partners including you (each of which as further set out below),

  • serve you with the best possible user experience when using the SAP Learning Journeys and SAP Certification attempts and procedures,

  • comply with extraterritorial laws and regulations, or

  • assert or defend itself against legal claims.

We believe that Our interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain processing for such purpose. In any of these cases, We duly factor into Our balancing test:

  • the business purpose reasonably pursued by SAP in the given case,

  • the categories, amount and sensitivity of Personal Data that is necessarily being processed,

  • the level of protection of your Personal Data which is ensured by means of Our general data protection policies, guidelines, and processes, and

  • the rights you have in relation to the processing activity.

If you wish to obtain further information on this approach, please contact digitalskills[@]sap.com.

 

To pursue business relationships with customers, partners, and others

When pursuing business relationships with customers, partners and others, SAP and local SAP group entities may be processing Personal Data based on:

  • GDPR Article 6.I (b) if necessary, to fulfill (pre-)contractual obligations with you,

  • GDPR Article 6.I (c) if necessary, to fulfill legal requirements applicable to SAP,

  • GDPR Article 6.I (f) if the contract or pre-contractual relation relates to a company or other legal body and if SAP processes your Personal Data as Customer Contact to fulfill (pre-) contractual obligations with your employer (legitimate interest to efficiently perform or manage SAP’s business operation)

  • GDPR Article 6.I (f) if necessary, to maintain Our business relationships with you, ensure your satisfaction as a user or customer representative, and provide you with information about other SAP products and services as indicated by your interest or demand (legitimate interest to operate sustainable business relationship with SAP customers and partners), or

  • a legal permission under other national laws equivalent to any of the above, when applicable.

To offer SAP products and services

When engaging in marketing activities, SAP is processing your Personal Data on the basis of the following legal permissions:

  • GDPR Article 6.I (a) if your consent is required by law for SAP to process your data for this purpose,

  • GDPR Article 6.I (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage SAP’s business operation), to maintain Our business relationships with you or your employer, to ensure your satisfaction as a user or customer contact, to map the relevant group internal structures and bundle relevant business activities at central sources within the SAP Group to operate them uniformly and to provide you with information about other SAP products and services as indicated by your interest or demand, which may also comprise the combination about you from different sources (profiling) (legitimate interest to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of Our employees, customers, partners, and shareholders and to operate sustainable business relationship with SAP customers and partners). SAP may provide you with this information to your postal address to pursue Our legitimate interest to address customers, prospects and targets for the purpose of advertising Our products and services, to your email address for the purpose of direct marketing of similar products or services provided that We (i) received your email address in connection with the purchase of Our products or services, (ii) you did not object to the use of your email address for direct advertising and (iii) and We inform you in every approach that you may object to Our use of your email address for marketing purposes at any time, and by other electronic means (e.g., telephone, MMS) to the extent permitted under applicable law, generally either explicit or presumed consent,

  • or equivalent legal permissions under other relevant national laws, when applicable.

 

To provide you with access to SAP Digital Skills Initiative

When SAP to grant you access to the learning journeys, to monitor your learning progress, to award you the certification attempts and subsequently track your certification progress, SAP is processing your Personal Data on the basis of the following legal permissions:

  • GDPR Article 6.I (a) if your consent is required by law for SAP to process your data for this purpose,

  • GDPR Article 6.I (b) if necessary, to fulfill (pre-)contractual obligations with you,

  • GDPR Article 6.I (f) if necessary, to maintain Our business relationships, to efficiently manage and perform its business operations, to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of Our employees,

  • a legal permission under other national laws equivalent to any of the above, when applicable.

 

How does SAP justify international data transfers?

 

As a global group of companies, SAP has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). SAP may transfer your Personal Data to countries outside the EEA as part of SAP’s international business operations. If We transfer Personal Data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your Personal Data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to privacy[@]sap.com. You may also obtain more information from the European Commission on the international dimension of data protection here.

 

 

Where SAP is subject to privacy requirements in Colombia.

 

Colombia-Specific Provisions apply to citizens of the Republic of Colombia.

 

 

Where SAP is subject to the requirements of the Brazilian General Data Protection Law (“LGPD”)

 

SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to: 

 

Paulo Nittolo Costa 
Email: privacy[@]sap
Address: Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000 

 

 

Where SAP is subject to privacy requirements in the Philippines.

 

Where SAP is subject to certain privacy requirements in the Philippines, the following also applies:

 

For individuals within the Philippines, you may exercise your rights as follows:
You can call or write to SAP to submit a request at:

 

digitalskills[@]sap.com
Phone:    +632-8705-2500
Address: SAP Philippines, Inc.
Attn: Data Protection Officer
27F Nac Tower, Taguig City 1632, Philippines

 

The following provisions apply to residents and citizens of the Philippines

  • You may claim compensation as finally awarded by the National Privacy Commission or the courts if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, considering any violation of your rights and freedoms.

  • If you are the subject of a privacy violation or Personal Data breach, or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission.

  • Your Transmissibility Rights. Your lawful heirs and assigns may invoke your rights at any time after your death or when you are incapacitated or incapable of exercising your rights.

 

Where SAP is subject to privacy requirements in South Africa.

 

Where SAP is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following also applies:
“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA.

 

“You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA.
Systems Applications Products (Africa Region) Proprietary Limited with registered address at 1 Woodmead Drive, Woodmed (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of2013) and responsible party under the POPIA.

 

You may request details of personal information which We hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual, located here.

 

Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.

 

Phone:    011 325 6000
Address: 1 Woodmead Drive  Woodmead  Johannesburg South Africa 2148
Email:     privacy[@]sap.com

 

If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:

 

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017
Email: complaints.IR[@]justice.gov.za
Enquires:  inforeg[@]justice.gov.za

 

 

Where SAP is subject to privacy requirements in the United States of America.

 

Where SAP is subject to certain privacy requirements in the United States, the following also applies:

 

U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13.  If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement.  SAP will take steps to delete the information as soon as possible.  Given that SAP Digital Skills Initiative is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.

 

 

Where SAP is subject to privacy requirements in the State of California, USA.

 

Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:

 

You have the right

  • to request from SAP access to your Personal Data that SAP collects, uses, or discloses about you;

  • to request that SAP delete Personal Data about you;

  • to opt-out of the use or disclosure of your sensitive personal information;

  • to non-discriminatory treatment for exercise of any of your data protection rights; and

  • if you request access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not sell or share your Personal Data. In the course of our business activities we may share Personal Data with third parties, or permit third parties to collect data across various SAP websites.

 

Data Subject Access Requests

SAP receives Data Subject Access Requests from across the globe and works to ensure all valid requests where SAP is the Controller are responded to within the appropriate timeframe. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

 

In addition to contacting SAP at digitalskills[@]sap.com, you may also exercise your rights as follows:

You click here "Limit the Use of My Sensitive Personal Information". You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.” 

 

 

Where SAP is subject to privacy requirements in Singapore.

 

Where SAP is subject to the requirements of the Singapore’s Personal Data Protection Act (“PDPA”), the following also applies:

SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:

 

Subject: Data Protection Officer

Email: privacy[@]sap.com

Address: Mapletree Business City, 30 Pasir Panjang Rd, Singapore 117440

Contact: +65 6664 6868

twitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixel