SAP Global Physical Security 

Video Surveillance (CCTV) Privacy Statement for India

Updated on 26th June 2023.

Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate the firm commitment of SAP (hereinafter "We", "SAP", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how We handle information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”).

A. General Information

Video Surveillance installations at the SAP premises in India

 

Video surveillance cameras (also known as closed-circuit televisions, or CCTV) are directed at viewing and/or recording SAP premises which may include images of individuals to ensure an adequate level of security for and at a company’s premises in preventing and/or investigating break-ins, destruction, or other malicious activities (“Video surveillance”).

 

The Video surveillance cameras are installed at:

  • The various entry and exit points of the SAP buildings/offices; 

  • Security relevant areas in the SAP buildings/offices; 

  • Parking entrances or parking areas located at the SAP buildings/offices, and

  • The outer area of the SAP buildings within SAP building/offices.

 

The following buildings are in scope of this Privacy Statement:

  • Hyderabad (HYD80) - CallidusCloud India Limited, Unit No 601, Sixth Floor, Building No 12 B, Mind Space Madhapur, Hyderabad 500081, India

  • Bangalore (BLR87) - Concur Technologies India Pvt Ltd, Level 3, A Block, Lakeview Building, Bagmane Tech Park, C V Raman Nager, Bangalore 560093, India

  • Delhi (DEL03) - SAP India Pvt Ltd, Prius Platinum, 3rd Floor, Saket, New Delhi-110017

  • Gurgaon (GUR01) - SAP Labs India Pvt. Ltd, Vatika Towers, Sector 54, Golf Course Road, Gurgaon, Haryana-122002

  • Mumbai (MUM02) - SAP India Pvt Ltd. Platina, G-Block - 5th Floor, C-59, BKC, Bandra East, Mumbai - 400 051,India

  • Bangalore (BLR01, BLR02, BLR04, BLR05, BLR06) - SAP Labs India Pvt Ltd, 138, Export Promotion Industrial Park, Whitefield, Bangalore-560066, India

  • BLR03 - SAP Labs India Pvt Ltd, RMZ NXT, Block 1B,2A,2B,2C,Sonnenahalli, EPIP Zone, Mahadevpura,K.R.Puram Hobli, Bangalore -560066,India

  • BLR08(Child care centre) - Nidhi Complex, Plot no 138-Part (2), EPIP Industrial Area, Bangalore-560066, India

  • Bangalore (BLR 10) - SAP India Pvt Ltd and Ariba Technologies India Private Limited, 6th, 7th, 8th, 9th, 10th Floor, RMZ Ecoworld Plot C1, 8A Campus, Sarjapur-Marathahali Outer Ring Road, Devarabeesanahalli, Bengaluru East Taluk, Varthur Hobli, Bangalore - 560103

  • Pune (PUN50) - Cybercity Tower 1 (Sybase), Wing A Level 3, Magarpatta City, Pune - 411028

All locations where your personal data may be captured are clearly marked by warning signs.
 

 

Who do We mean when We say SAP in this Privacy Statement?

 

The data controllers of the Video surveillance are SAP India Pvt. Ltd, SAP Labs India Pt. Ltd, CallidusCloud (India) Private Limited, Concur Tech (India) Pvt Ltd, Ariba Tech. India Pvt Ltd (“SAP”).

You can reach SAP’s Group data protection officer any time at privacy[@]sap.com.
 

 

What categories of Personal Data does SAP process?

 

If you move about or access SAP´s premises, we collect your images via video surveillance cameras, consisting of a recording of your activities excluding sound or voice. In addition, we collect a picture of your license plate in the parking areas (your "Personal Data").
 

 

For what purposes does SAP process your Personal Data?

 

SAP processes your personal data in order to ensure an adequate level of security for and at SAP´s premises. 

 

This process allows SAP to:

  • Provide you with access to SAP facilities and to ensure the security and safety of all SAP employees, suppliers, visitors, and assets across all global SAP locations. This allows SAP to comply with statutory obligations, including identification verification prior to or during access to any SAP-owned or leased facility;

  • Control access to SAP´s building/offices and premises;

  • Prevent, deter, and if necessary, investigate unauthorized physical access, including unauthorized access to secure premises and protected rooms, IT infrastructure, or operational information, and

  • Prevent sabotage, theft, and material damage.  

In addition, SAP can use your personal data based on a legal obligation to support the rightful and valid requests of public authorities for support in an investigation.

 

Although providing personal data is voluntary, without your personal data, SAP cannot provide you with access to SAP-owned or leased facilities.
 

 

How long does SAP store your Personal Data?

 

SAP will store your personal data for a period of maximum, 90 days. If the video surveillance recording is required for the investigation of an incident, it can be kept for as long as necessary to conclude the investigation. 

 

SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.
 

 

Who are the recipients of your Personal Data?

 

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

  • companies within the SAP Group;

  • third party service providers, including contracted security agencies that are contracted to provide security services at SAP, and

  • local or federal law enforcement agencies, in case of official investigations.

As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) or from a region with a legal restriction on international data transfers and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy[@]sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission.
 

 

What are your data protection rights?

 

Right to access and correct

You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it.

 

Right to lodge a complaint

If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country or state where SAP has its registered seat.

 

Right to revoke consent

Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.
 

 

How can you exercise your data protection rights?

 


Please direct any requests to exercise your rights or make a complaint to SAP-Physical-Sec-Privacy@sap.com. We’ll deal with the matter within a reasonable time and keep you informed of the progress.

 

How will SAP verify requests to exercise data protection rights

 

SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already by SAP. 

 

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

 

 

B. Additional Country and Regional Specific Provisions

 

Where SAP is subject to privacy requirements in India

 

How does SAP comply with reasonable security practices and procedures?

 

SAP has implemented appropriate security controls to protect personal data and it has established electronic and administrative safeguards designed to secure the information collected and to prevent unauthorized access to or disclosure of personal data.

 

SAP implements physical security control measures per the International Standard ISO/IEC 27001:2013 on "Information Security Management System – Requirements.

twitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixeltwitter pixel