Privacy Statement for Microsoft Connected Experiences
This Privacy Statement was updated on October 8, 2021.
A. General information
Who is the Controller?
The controller for “Microsoft Connected Experiences which analyzes your content” (“MS Connected Experiences”) is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf (“SAP”) and its data protection officer can be reached at privacy[@]sap.com.
What Personal Data does SAP collect?
SAP collects some information about you in the context of your professional activities, consisting of your name, your email addresses, user id and ip address (“Personal Data”).
Why does SAP need your Personal Data?
SAP requires your Personal Data to provide you access to MS Connected Experiences and to allow MS Connected Experiences to work.
How long will SAP store your Personal Data?
SAP will only store your Personal Data for as long as it is required
- to make MS Connected Experiences available to you;
- until you unsubscribe from MS Connected Experiences
- MS Connected Experiences is no longer being used or until you object against such use by SAP if SAP’s use of your Personal Data is based on SAP’s legitimate business interest as further stated in this Privacy Statement;
SAP will also retain your Personal Data for additional periods if it is required by mandatory law to do so, or where your Personal Data is required for SAP to assert or defend against legal claims. In such case, SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled
Who are the recipients of your Personal Data and where will it be processed?
Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:
- companies within the SAP Group;
- third party service providers; for e.g., consulting services and other additional related services, for the provision of the website or newsletter dispatch.
As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) or from a region with a legal restriction on international data transfers and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy[@]sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission.
What are your data protection rights?
You can request from SAP: access at any time to information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data.
Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you state that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims.
Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
How can you exercise your data protection rights?
Please direct any requests to exercise your rights to privacy[@]sap.com.
How will SAP verify requests to exercise data protection rights?
SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.
SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.
Right to lodge a complaint. If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.
Can you use SAP’s services if you are a minor?
Children. In general, Microsoft Connected Experiences is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use Microsoft Connected Experiences.
Why does SAP need to use your Personal Data and on what legal basis is SAP using it?
Processing based on SAP’s legitimate interest
SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent article under other national laws, when applicable) as follows:
- If you sign up to use MS Connected Experiences SAP will use your Personal Data to provide you access to the service
B. Additional Country and Regional Specific Provisions
Colombia-Specific Provisions apply to citizens of the Republic of Colombia.
Where SAP is subject to certain privacy requirements in the Philippines, the following also applies:
For individuals within the Philippines, you may exercise your rights as follows:
You can call or write to SAP to submit a request at:
Address: SAP Philippines, Inc.
Attn: Data Protection Officer
27F Nac Tower, Taguig City 1632, Philippines
The following provisions apply to residents and citizens of the Philippines:
You may claim compensation as finally awarded by the National Privacy Commission or the courts if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms.
- If you are the subject of a privacy violation or personal data breach, or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission.
- Your Transmissibility Rights. Your lawful heirs and assigns may invoke your rights at any time after your death or when you are incapacitated or incapable of exercising your rights.
Russian-Specific Provisions apply to citizens of the Russian Federation.
Where SAP is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following also applies:
“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA.
“You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA.
SAP Africa (Pty) Ltd] with registered address at 1 Woodmead Drive, Woodmed (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) and responsible party under the POPIA.
You may request details of personal information which we hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual, located here.
Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.
Phone: 011 325 6000
Address: 1 Woodmead Drive Woodmead Johannesburg South Africa 2148
If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017
Where SAP is subject to certain privacy requirements in the United States, the following also applies:
U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that MS Connected Experiences is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.
Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:
You have the right:
- to request from SAP access to your Personal Data that SAP collects, uses, or discloses about you;
- to request that SAP delete Personal Data about you;
- to non-discriminatory treatment for exercise of any of your data protection rights; and
- in case of request from SAP for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.
In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not and will not sell your Personal Data. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.
In addition to contacting SAP at privacy[@]sap.com, you may also exercise your rights as follows:
You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.