SAP Product Policies
Ariba Data Policy and Privacy Statement (17.4)
(Referred to as the "Ariba Data Policy")
Ariba, an SAP company, is a global provider of services facilitating commerce between buyers and sellers. This document describes Ariba's policy for handling, processing, storing, and otherwise treating transactional and other data of Ariba Customers (which may be referred to as "you" or "Buyer" or "Supplier" or “Seller”), and data associated with individual users and employees of the Buyer and Seller organizations, when sent to Ariba as part of your use of the Solution. “Ariba” means Ariba, Inc., its parent companies and affiliates.
- Business Contact Information
- Data Use By Ariba
- Promoting Your Organization
- Transaction Data and Third Parties
- Data Analytics and Benchmarking
- Ariba's Commitment to Data Security
"Solution" means the following services to which you have subscribed (provided under terms of an agreement between Ariba Customer and Ariba):
- 1 The Ariba Network (including the Invoice and PO Automation offerings and the "Supplier Connectivity" offering) (https://service.ariba.com),
- 2 The Ariba Discovery solution (http://discovery.ariba.com),
- 3 The Ariba hosted On-Demand Basic and On-Demand Professional offerings (also called, "Ariba Technology Features", "Ariba OnDemand Solutions", or "Ariba Application Services" ) (https://s1.ariba.com/[company-specific]),
- 4 The Ariba StartSourcing and Ariba StartContracts solutions (https://s1.ariba.com/[company-specific]),
- 5 The Ariba Commerce Cloud, a company profile, administration and reporting application (accessible via http://seller.ariba.com) for use by Suppliers in conjunction with use of Ariba Network, Ariba Discovery and seller-facing features of other Ariba OnDemand Solutions.
- 6 Market execution and strategic procurement services provided by Ariba's global sourcing team ("Ariba Sourcing Services")(Note Ariba is not actively entering into new agreements for Ariba Sourcing Services), and
- 7 Ariba Hosting Service(s) (accessible via customer-specific URLs).
"Trading Partner" means an entity with which you or your company transacts using a Solution.
Ariba collects information that you, or a Trading Partner, or other data sources send to the Solution (such as internet-protocol addresses, transaction-related data, and user account information). This data is addressed below in two categories, “Transaction Data” (as defined below) and “Personal Information” (data that can identify an individual or that is associated with the identity of an individual).
Transaction Data Handling
Ariba understands the sensitive nature of the transaction data you or your organization may provide while using the Solution. Transaction Data may include information you provide to Ariba or your Trading Partners during the registration, cataloging, sourcing/negotiating, or ordering processes, or through any e-mail or other communication sent by you to the Solution as well as other information that you store within the Solution. It may also include data of transactions sent by your Trading Partners to you via the Solution or by you to your Trading Partners via the Solution. Transaction data may include Personal Information addressed more specifically below. You agree that your Transaction Data will not include information regulated under the International Traffic in Arms Regulations (U.S. government regulations addressing defense-related articles and services) and will not include Sensitive Personal Information as defined in the Ariba Privacy Statement.
If you are a Seller who objects to submitting transaction data to your Trading Partner via the Solution, please contact the Trading Partner directly to investigate options (e.g. submitting certain proprietary information outside of the Ariba Solution, using anonymous contact information, etc.).
Business Contact Information
When a representative of a Buyer or a Seller creates a business account on the Solution, Ariba asks for the name and contact information for an account administrator. The account administrator's information will be used by Ariba to contact the company with notices, service offerings and Solution administration purposes. The account administrator for your company is given primary control regarding the establishment and maintenance of user accounts and contacts within a Solution. If you so choose, your organization may provide additional contacts (e.g. “Company Wide Contacts” in the Ariba Network). Depending on the Solution and the visibility choices selected by you or your company, your user names, phone numbers, and email addresses and other profile information may be visible to other Buyers and/or Sellers using the Solution or to a broader audience, as in Ariba Discovery. Please review the documentation for the Solution for visibility options, notification options and role-based options that affect how a specific user or company contact’s business contact information may be used or visible within the Ariba Solutions.
You should submit only publicly available business contact information. Individual contact information submitted to the Solution should not include private home contact information. You agree not to enter sensitive government identification numbers associated with individual persons into the Solution (e.g. U.S. Social Security Numbers) or to send documents over the Solution containing such identifiers. Individual names and personal information associated with an individual is addressed below as "Personal Information”.
Data Use by Ariba
Ariba will treat your Transaction Data as confidential information and will use it only to: facilitate operation of Ariba solution and related services; enhance your use of the Solution and its related web pages; perform internal tracking and Solution improvement; analyze the extent to which you use the Solution (e.g., the volume and history); enable us to contact you; and process your transactions through the Solution. Ariba uses the business contact information you provide for the same purposes, as more fully described in the Ariba Privacy Statement.
Ariba Sourcing Services. Note that Ariba is not actively entering into new agreements for Ariba Sourcing Services that are subject to this paragraph. This paragraph is included for historical purposes. Ariba may use the bidding information submitted by Suppliers in the course of Ariba Sourcing Services projects to determine general price trends in various supply industries, to create predictive analyses useful for estimating likely market prices, and to evaluate suppliers appropriate for inclusion in future spend management projects in similar markets. Ariba may also use such bidding information in the publication of "high level" sourcing project results, provided that such publication (i) does not directly or indirectly identify Supplier or Buyer by name or provide a third party with sufficient information to allow a third party to identify Supplier or Buyer, (ii) is aggregated with data from at least four (4) comparable suppliers from a single project, (iii) does not specifically identify Supplier’s products or services, or the prices of those products or services, and (iv) does not identify Supplier as a participant of any specific project.
Ariba Sourcing Solution - In order to increase a Buyer's visibility to potential suppliers, Ariba may systematically analyze certain sourcing activity of the Buyer in the Ariba Sourcing solutions and anonymously seek to match the Buyer with potential new suppliers or highlight suppliers that may be of interest to the Buyer. It is up to the Buyer to decide whether or not it wants to have contact with, or identify itself to, any potential new supplier. No personal information and only anonymous and high level information about an opportunity will be exposed using these features.
Ariba Discovery – a Public Site
The Ariba Discovery solution is a public exchange of opportunities and capabilities and the following special terms apply to the Ariba Discovery solution:
- Published RFQ and RFI Postings - Since the Ariba Discovery service is based on a public model, RFQ and RFI Postings (including but not limited to title, description, territories, company name, commodities, project amount and all attachments) submitted by a Buyer may be forwarded by Ariba to, or viewed by, any user of the Ariba Discovery solution
- Seller Responses - While the details of a buyer's RFQ or RFI Posting are public if posted on Ariba Discovery service, the details of a Seller's response, including bid amount, will not be shared by Ariba with users other than the buying organization. However, subject to a Buyer's preferences, a Seller that has submitted a response may publicly be shown as having submitted a response.
- Who Viewed Me Feature - A Seller can view companies who have recently viewed the Seller's Ariba profile using a search within the Ariba Discovery solution or associated Solutions, or from a posting response. If a Buyer clicks on a Seller’s profile from the “Supplier’s You May Like…” feature, the Buyer’s industry may be provided to the Seller. If, while using the buyer-side features in Ariba Discovery, you click on the company name of a Seller to view a Seller’s public profile, you consent to your company's name and/or industry being added to the “Who Viewed Me Feature” available to the Seller (your individual identity will not be revealed in that feature). A Seller may click on a company name in the Who Viewed Me List to see the company’s Buyer Profile.
Promoting Your Organization
You may be given the opportunity to promote your organization to other organizations. In addition, other users of the Solution may conduct a search on the Solution by using various criteria (e.g., information in your company profile to find your organization). In the interest of promoting suppliers to buyers, Ariba may supplement Ariba Cloud Profiles with statistical data from Ariba systems (such as the number of transacting relationships you have, events the Seller has participated in, etc.) or by allowing others to provide feedback on your organization. If you so choose, you will be able to opt out of disclosing certain types of this company-level information. Ariba may also utilize certain fields of information in your Ariba profile to promote your company’s capabilities (e.g. seller industry, geographic location) as, for example, in the “Suppliers You May Like” feature visible to buyers.
Transaction Data and Third Parties
In using the Solution, you understand that Ariba will send your Transaction Data to your Trading Partners (or others that you or your Trading Partners authorize) and Ariba service providers in order to facilitate your transactions and the services associated with the Solution. Your Trading Partner may access statistical reports on your trading history with that Trading Partner, and determine whether you are enabled with other trading organizations.
Data Analytics and Benchmarking
Ariba may create high level statistical reports relating to the Solution utilizing Transaction Data, so long as such reports contain only anonymous, aggregated data that does not identify your company or any specific Transaction Data, and such reports may be reported publicly. Ariba offers benchmarking programs to facilitate deeper analysis into spend management practices for companies wishing to participate. Ariba operates the Ariba data analytics and Ariba benchmarking programs according to standards that protect the confidentiality of each customer’s information. These programs do enable Ariba to offer valuable reviews with customers demonstrating how that customer uses the Ariba Solutions as compared to typical usage of other customers by industry, company size, region or other factors.
Ariba's Commitment to Data Security
The Ariba Network solution; the Ariba Hosting Services; and the OnDemand offerings of Ariba Contract Management,, Ariba Sourcing, Ariba Analysis, Ariba Spend Visibility, Ariba Procure to Pay (P2P), Ariba Procurement Content, Ariba Procure-to-Order, Ariba Travel and Expense, and Ariba Invoice Professional applications have been audited for compliance against a rigorous security standard (currently, the AT Section 101, Attest Engagements, of SSAEs (AICPA, Professional Standards, vol. 1) using the Trust Services Principles and Criteria for Security, Availability, Processing Integrity, and Confidentiality and under the AICPA Service Organization Control (“SOC”) reporting framework). General information on the American Institute of CPA’s SOC reporting framework can be found at http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/users.aspx.
Ariba takes steps to appropriately safeguard credit card and remittance information using recommended industry encryption methods. Ariba services are designed so that these categories of information can only be viewed from within the Solution. You can further limit access to only those users who have a need to see such information. Please see our Security Disclosures (located in the footer from each Solution) for additional information about the measures Ariba takes to address the security of the Solution.
Personal Information Handling and Privacy (the "Ariba Privacy Statement")
The current Ariba Privacy Statement available at http://www.ariba.com/legal/ariba-privacy-statement-04-04-2014 is incorporated into this document and includes important terms regarding Ariba’s handling of Personal Information in the Solutions and your obligations related to such processing by Ariba.
The English version of this Data Policy shall govern in the event of any conflict or substantive translation changes into a non-English language.
Data Policy v17.4 April 4, 2014
©1996 – 2014 Ariba, Inc., All Rights Reserved