Skip to Content

SAP Social Media Privacy Statement

 

SAP is updating our SAP Social Media Privacy Statement to reflect its ongoing commitment to be transparent about how SAP uses your personal data. Please read the new Privacy Statement below before it comes into effect. 


Effective Date: July 13, 2021

To view the previous version of this Privacy Statement, click here.

SAP Social Media Channel Privacy Statement

Protecting the individual's privacy on the Internet is crucial to the future of Internet-based business and the move toward a true Internet economy. We have created this Privacy Statement to demonstrate our firm commitment to the individual’s right to data protection and privacy. This Privacy Statement outlines how we handle information that can be used to directly or indirectly identify an individual (“Personal Data”).

A. General Information

When does this General Information apply? This General Information section applies to Personal Data that you provide to a social media provider’s (“Social Media Provider”) platform when you follow one of SAP’s accounts on the social media platform (such account is referred to as a “SAP Social Media Channel”), or which is derived from the Personal Data as outlined below. For certain SAP Social Media Channels in the European Economic Area, Section B applies.

 

Who is the Data Controller? The data controller for the SAP Social Media Channel is listed under the contact information section of the SAP Social Media Channel (“SAP”) in the Social Media Provider’s platform. You can reach the SAP Group’s data protection officer at privacy@sap.com.

 

What does SAP do with your Personal Data? SAP will process the Personal Data provided in the context of your activities with the SAP Social Media Channel as set forth in this Privacy Statement. Where the processing of your Personal Data is based on a statutory permission, please find information on what Personal Data SAP is processing or using and for what purposes in this Privacy Statement.

 

What Personal Data does SAP collect? If you follow the SAP Social Media Channel, SAP will access and process your social media posts and profile information, including your time zone and language, when you created your account on the Social Media Provider’s platform, and certain information about your posts like date and time.

 

Why does SAP need your Personal Data? SAP requires your Personal Data to provide you with access to the SAP Social Media Channel. Although providing Personal Data is voluntary, without your Personal Data, SAP cannot provide you with access to the SAP Social Media Channel.

 

From What Types of Third Parties does SAP obtain Personal Data? In most cases SAP collects Personal Data from you.  SAP might also obtain Personal Data from a third party such as a service provider to SAP, if the applicable national law allows SAP to do so. These third-party sources include:

  • SAP and/or SAP Group’s business dealings with you
  • Third parties you directed to share your Personal Data with SAP
  • Sprinklr
  • MSIGHTS
  • Traackr

Sprinklr. SAP engages Sprinklr as a service provider. Sprinklr uses standard integration APIs provided by a Social Media Provider to collect, aggregate, and analyze the contributions and activities associated with the SAP Social Media Channel on that Social Media Provider’s platform. This can include the content and actions you contribute to the Social Media Provider’s platform. This information is used by Sprinklr to create reports that it provides to SAP on an aggregated basis. Such reports can include specific information like your username or a personal identifier; however, this is only the case when you:

  • Directly comment on content that SAP publishes in its SAP Social Media Channel; for e.g., when you interact with such content or @mention an SAP Social Media Channel, 
  • Post content associated with SAP products and themes, 
  • Engage in conversations about SAP and its competitor brands,
  • Are an analyst, influencer, thought leader, or affiliated with an SAP competitor or partner.

SAP uses these reports to better understand public sentiment around SAP’s products and services and to improve its offerings.

 

Sprinklr may also receive information from the Social Media Provider as well. For further details on the information a Social Media Provider makes available to Sprinklr, please visit the Social Media Provider’s privacy statement.

 

You can restrict Sprinklr’s ability to collect information as described in this section by following the instructions in the Social Media Provider’s privacy statement.

 

MSIGHTS. SAP engages MSIGHTS as a service provider to coordinate and manage SAP’s marketing efforts on the Social Media Provider’s platform. This includes display capabilities in social media results, search prominence for particular keyword searches, offline visibility, viewability on platform pages and channels, site analytics, online response or lead registrations. MSIGHTS’ also collects and validates data associated with the SAP Social Media Channel on a Social Media Provider’s platform. As part of its service offering, MSIGHTS provides SAP with aggregated reporting through a reporting platform.

 

You can restrict MSIGHTS’s ability to collect information as described in this section by following the instructions in the Social Media Provider’s privacy statement.

 

Traackr. SAP engages Traackr as a service provider to use Traackr’s Influencer Relationship Management tool, which employs standard integration APIs provided by a Social Media Provider to aggregate and analyze activities associated with users of the Social Media Provider’s platform that follow SAP. SAP engages in people-to-people marketing efforts, so this tool enables SAP to identify a user’s interest to collaborate with SAP on a campaign in SAP’s Social Media Channels. As part of its service offering, Traackr also creates reports based on hashtag usage. For example, Traackr will gather information on a group of users that virtually attended SAPPHIRE NOW. Information that Traackr gathers is publicly available on the Social Media Provider’s platform without access or login credentials required. You can restrict Traackr’s ability to collect information as described in this section by following the instructions in the Social Media Provider’s privacy statement.  

 

How long will SAP store your Personal Data? SAP will only store your Personal Data for as long as it is required to make the SAP Social Media Channel available to you, for SAP to comply with statutory obligations resulting from applicable export laws, to fulfill the purposes outlined in this Privacy Statement, or until you object against such use by SAP if SAP’s use of your Personal Data is based on SAP’s legitimate business interest as further stated in this Privacy Statement. SAP will also retain your Personal Data for additional periods if it is required by mandatory law to retain your Personal Data longer, or where your Personal Data is required for SAP to assert or defend against legal claims; in such case, SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

 

Who are the recipients of your Personal Data and where will it be processed? Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

  • companies within the SAP Group
  • Sprinklr
  • MSIGHTS
  • Traackr

As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) or from a region with a legal restriction on international data transfers and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy@sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission.

 

What are your data protection rights?

 

You can request from SAP: access at any time to information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

 

Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you state that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

 

For individuals within the State of California, you instead have the right

  • to request from SAP access to your Personal Data that SAP collects, uses, discloses, or sells (if applicable) about you;
  • to request that SAP delete Personal Data about you;
  • to non-discriminatory treatment for exercise of any of your data protection rights; 
  • in case of request from SAP for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance; and
  • to opt-out of the sale of Personal Data. In accordance with the disclosure requirements under the California Consumer Privacy Act, SAP is exempt from providing a notice to opt-out because it does not and will not sell your Personal Data.

Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it.

 

How can you exercise your data protection rights? Please direct any requests to exercise your rights to webmaster@sap.com. 

 

For individuals within the State of California, you may also exercise your rights as follows:

 

You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.  If you are an individual with a disability, contact SAP at the above address or toll-free phone number to access the Privacy Statement in an alternative format. 

 

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

 

Right to lodge a complaint. If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.

 

Why does SAP need to use your Personal Data and on what legal basis is SAP using it?

 

Processing based on SAP’s legitimate interest.

 

SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent article under other national laws, when applicable) as follows:

 

Creation of anonymized data sets. SAP may anonymize Personal Data provided under this Privacy Statement to create anonymized data sets, which will then be used to improve its and its affiliates’ products and services.

 

To keep you up-to-date or request feedback. Within an existing business relationship between you and SAP, SAP may inform you, where permitted in accordance with local laws, about its products or services (including webinars, seminars or events) which are similar or relate to such products and services you have already purchased or used from SAP. Furthermore, where you have attended a webinar, seminar or event of SAP or purchased products or services from SAP, SAP may contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product or service.

 

In order to protect the SAP brand, SAP monitors SAP Social Media Channels, including but not limited to Twitter, Facebook, YouTube, LinkedIn and etc., for activity that presents immediate or potential risk to SAP or its employees. In doing so, SAP may access the data for individual accounts on the Social Media Provider’s platform, including username, public profile, public comments, @mentions, shares, and replies. SAP may respond directly to you to gather additional information, to address your concerns, or to request other action that may mitigate the risk to SAP or SAP employees.

 

You can at any time object to SAP’s use of your Personal Data as set forth in this section by either accessing and configuring your privacy controls on the Social Media Provider’s platform or by unfollowing the SAP Social Media Channel. If you elect either of these options to object, SAP will: (i) cease using your Personal Data based on its legitimate interest to process Personal Data for the above purposes, (ii) remove it from its systems, unless SAP is permitted to use such Personal Data for another purpose set forth in this Privacy Statement, or (iii) continue to process your Personal Data if SAP determines and demonstrates a compelling legitimate interest to do so.

B. European Economic Area: Privacy Statement For Certain SAP Social Media Channels

SAP’s Social Media Channels that are fan pages on Facebook.

 

In the following section, SAP informs you about processing your Personal Data via SAP's fan pages on Facebook (hereinafter "SAP Facebook page") and about your additional rights in this context.

 

Who is the Data Controller? For the processing of Personal Data for Page Insights (“Insights Data”), SAP and Facebook Ireland Limited (“Facebook Ireland”) are joint controllers according to Article 26 (1) GDPR.  The Page Insights Controller Addendum applies to the processing of Insights Data and this joint controllership arrangement.

 

You can reach SAP and its data protection officer at privacy@sap.com. You can reach Facebook Ireland Limited at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook Ireland") and its Data Protection Officer can be reached at https://www.facebook.com/help/contact/540977946302970.

 

Facebook Ireland makes this Page Insights Controller Addendum available to you pursuant to Article 26 (2) GDPR. This is accomplished via the Information about Page Insights data, which currently is accessible from all pages on Facebook.

 

Facebook Ireland is responsible for the collection and further processing of your Personal Data on Facebook’s platform. Facebook collects and processes certain information about your visit to SAP’s Facebook fan page even if you do not have an account with Facebook and even if you are not logged into Facebook at the time of your visit to SAP’s Facebook fan page. For more information on how Facebook processes your Personal Data, please refer to Facebook's Privacy Policy and Facebook’s Cookie Policy.

 

What Personal Data does SAP collect and why does SAP need your Personal Data?

 

SAP collects the Personal Data you make available on your Facebook profile as set forth below. While you are not legally or contractually obliged to make your Personal Data available to SAP, certain functionality of SAP’s fan pages on Facebook may vary depending on the availability of your Personal Data.  This can result in either unavailability or limited capability of certain functions when you do not make your Personal Data available.

 

SAP processes your data, some of which may be Personal Data, on the SAP Facebook page in the following ways:

  • Your public profile information when you interact with the SAP Facebook page. SAP will access the information based on the settings you exercise in your Facebook profile. 
  • Your name and the content of your messages, inquiries or other postings when you contact SAP via SAP’s Facebook page. SAP processes this data for the purpose of handling and, if applicable, responding to your postings.
  • Your interactions with the SAP Facebook page when you upload a post, enter your Personal Data via a post or through the comment function under a post, or contact SAP via Messenger and provide SAP with your Personal Data.
  • When you interact with the SAP Facebook page, Facebook uses your data to gather statistics on SAP’s Facebook page usage. Facebook then provides SAP with “Page Insights data”, which is information in aggregated statistical form that SAP uses to evaluate the quality of SAP’s Facebook page and its content. SAP does not access this usage data. 
  • For more information on Facebook’s processing of Insights data when you interact with SAP’s Facebook page, please see: https://www.facebook.com/legal/terms/information_about_page_insights_data.

On which legal basis does SAP use data? SAP’s processing activities are based on SAP’s legitimate interest pursuant to Article 6 para. 1 lit. f GDPR to recognize and adapt the content of SAP’s Facebook page to the interests and preferences of its visitors (for e.g., number of followers, number of visits to individual page areas, user statistics according to age, geography and language) and to increase SAP’s Facebook page visibility.

 

Who are the recipients of your Personal Data and where will it be processed? The Personal Data collected when you visit SAP’s Facebook fan page is processed by Facebook and may be transferred to countries outside the European Economic Area (EEA). More information about how Facebook processes Personal Data can be found here: Facebook's Privacy Policy.

 

How long will SAP store your Personal Data? SAP will store your Personal Data on systems outside of the Facebook platform, if and for as long as necessary for the purposes of collection or as long as there are legal storage obligations.

 

What are your data protection rights and how you can exercise them? Facebook Ireland is responsible to provide you with information about its processing for Page Insights and to enable you to exercise your rights under the GDPR. Learn more about these rights in your Facebook settings. To exercise these rights with respect to data processing by Facebook, please contact Facebook at https://www.facebook.com/help/contact/308592359910928. You can also reach SAP via email at privacy@sap.com. 

 

You also have the right to lodge a complaint with a supervisory authority. 

 

SAP’s Social Media Channels that are accounts on Twitter.

 

In the following section, SAP informs you about the processing of your Personal Data via SAP’s Twitter accounts (hereinafter “SAP Twitter Account”) and about your additional rights in this context. 

 

Who is the Data Controller? SAP processes Personal Data via SAP’s Twitter Account as set forth under Section 2, and Twitter processes Personal Data at the same time as set forth under Section 1.

 

1. Personal Data processed by Twitter

 

For SAP’s Twitter Account, SAP uses the services of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. (“Twitter”). 

 

Twitter sets forth the following data controllers for its services in its Privacy Policy:

  • If you live in a country outside of the European Union or the European Economic Area, the data controller responsible for your Personal Data is Twitter, Inc. and can be reached at Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103.
  • If you live in the European Union or European Economic Area, the data controller responsible for your Personal Data is Twitter International Company and can be reached at Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND.

As set forth in Twitter’s Privacy Policy, your use of Twitter’s short message service and other functionality that it makes available to you is your responsibility. This particularly applies to your use of the interactive functions Twitter offers such as share or rate. Further information about what data Twitter processes and for what purposes can be found in Twitter’s Privacy Policy located here: https://twitter.com/en/privacy. 

 

SAP cannot influence the type and scope of Twitter’s data collection and processing, or Twitter’s transfer of data to third parties. SAP does not have any control in this respect. When you use Twitter, your Personal Data is processed by Twitter and, regardless of your residence, is transferred, stored and used in the United States, Ireland, and in any other country where Twitter Inc. does business.

  • Twitter processes data that you voluntarily enter such as your name and username, e-mail address, telephone number or the contacts in your address book when you upload or synchronize it.
  • Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users and has the ability to use GPS data to determine your location, wireless network information, and your IP address to send you advertising or other content. Twitter may also use analysis tools for its evaluation purposes. SAP cannot control or influence Twitter’s use of such tools and Twitter has not informed SAP about such potential use. If tools of this kind are used by Twitter for SAP’s Twitter Account, such tools are used without direction from SAP or approval or support from SAP, and data obtained from such tools and subsequent analysis are not available to SAP. SAP can only access certain non-personal information about Tweet activity like the number of profile or link clicks through a particular Tweet through SAP’s Twitter Account. Furthermore, Twitter does not provide SAP with a means to prevent or disable the use of such tools on SAP’s Twitter Account.
  • Twitter also receives data when you view content, even if you do not have an account on Twitter. This type of "log data" could include your IP address, browser type, operating system, information about the website and pages you previously visited, your location, your mobile operator, your device (including device ID and application ID), the search terms you used, and cookie information. Twitter buttons or widgets embedded in web pages and the use of cookies enable Twitter to track your visits to these web pages and associate them with your Twitter profile. This data can be used to offer content or advertising tailored to you.

 

You can limit the processing of your data in the general settings of your Twitter account. In addition, you can restrict Twitter access to your data like contact and calendar data, photos, and location data on mobile devices (smartphones, tablet computers) in the respective settings. However, this is dependent on the operating system used.

 

2. Data processed by SAP

 

Although SAP itself does not collect data on its SAP Twitter Account, the data you enter on Twitter like your username and the content you publish will be processed by SAP if SAP retweets or replies to your tweets, if applicable, or if SAP writes tweets that refer to your account. The data that you publish and distribute on Twitter is also included by SAP in its offer and made available to its followers.

 

SAP’s processing activities are based on SAP’s legitimate interest pursuant to Article 6 para. 1 lit. f GDPR to recognize and adapt the content of SAP’s Twitter Accounts to the interests and preferences of its visitors and to increase SAP’s page visibility on Twitter accounts.

 

Who are the recipients of your Personal Data and where will it be processed?

 

Twitter is the recipient of your Personal Data and is responsible for it, as well as where it may be passed on to third parties for their own purposes. Given the public nature of Twitter’s Social Media platform, publications are public, and this means that anyone can view it. 

 

How long will SAP store your Personal Data?

 

SAP will store your Personal Data on its systems outside of Twitter’s Social Media platform, if and for as long as necessary for the purposes of collection or as long as there are legal storage obligations.

 

What are your data protection rights and how you can exercise them?

 

You can assert your rights to information, restriction of processing, objection, correction or deletion of data with SAP’s Data Protection Officer by sending an email to SAP at privacy@sap.com.  

 

You can access your Twitter data here: 

 

https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data

Back to top