Select Page

This Privacy Statement was updated on 08.05.2023
Click here for a printable version of this Privacy Statement.


Privacy Statement

Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate the firm commitment of SAP (hereinafter "We", "SAP", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how We handle information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”).

 

A. GENERAL INFORMATION

I. Who do We mean when We say SAP in this Privacy Statement

The controller of SAP Alumni Network (https://sap-alumni.com) is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany (“SAP”).
You can reach SAP Group’s data protection officer any time at privacy[@]sap.com.

 

II. For what purposes does SAP process your Personal Data?

As a general principle, your granting of any consent and your provision of any Personal Data hereunder is entirely voluntary. SAP requires your Personal Data to

  • provide you access to SAP Alumni Platform to network with other SAP Alumni
  • deliver invitations for exclusive SAP Alumni Events
  • inform you about information of interest for SAP Alumni via mails.
  • inform you about job opportunities and consulting work.
  • enable SAP Alumni to message between members of the SAP Alumni Network

Creating user profiles

SAP Alumni Network require you to register and create a user profile. Through the user profile you can share personal information about you with other users, such as your name, photo, social media accounts, postal or email address, telephone number, personal interests, skills, and basic information about your company. The user profiles serve to personalize the interactions between the users (for example, by way of messaging or follow functionality) and to allow SAP to foster the collaboration and quality of communication through such offerings. The profile settings of the relevant web offering allow you to determine which information you want to share.

Event profiling

If you register for an event, seminar, or webinar of SAP Alumni Network, SAP Alumni Network may share basic participant information (your name, company, and email address) with other participants of the same event, seminar, or webinar to promote the interaction between the participants and to stimulate the communication and the exchange of ideas.

Participation data

When you participate in webinars, virtual seminars, events, or other SAP Web-Services, SAP may process your interactions with the relevant webservice to organize the event including its sessions, polls, surveys, or other interactions between SAP and/or its participants. Depending on the event and subject to a respective notification of the participants, SAP may collect audio and video recordings of the event or session.

Feedback requests and surveys

To the extent allowed by applicable law, SAP may contact you for feedback regarding the improvement of SAP Alumni Network. SAP may also invite you to participate in questionnaires and surveys. These will generally be designed so you can participate without having to provide information that identifies you as a participant. If you nonetheless provide your Personal Data, SAP will use it for the purpose stated in the questionnaire or survey or to improve its products and services.

Personalized mailings

If you opt-in to receive marketing communications such as newsletters from SAP Alumni Network, SAP will collect and store details of how you interact with such mail communications to help create, develop, operate, deliver and improve our mail communications with you.  This information is aggregated and used to help SAP provide more useful information and to understand what is of most interest.

“Social Login”

Social Login is an addition to the conventional login option on SAP Alumni Network. Instead of using your SAP Alumni credentials, you select your favorite network (LinkedIn, Google) with which you would like to identify yourself to SAP Alumni.

When you click on one of the buttons, a window of the selected network opens to ask if you consent to SAP Alumni Network accessing your personal profile. Depending on the network, you are also told which information in your profile we will have access to as soon as you provide your consent.

Use for the Marketplace Job Board

SAP only shares information about vacant job positions on the Alumni Portal as part of an integration of a job feed of SAP SuccessFactors customers. SAP does not act as a recruitment agency and is not responsible for any employment-related decisions made based on the job information published on the Alumni Portal.SAP is not responsible for the content posted and, does not check the accuracy of the content or its relevance under criminal and civil law.

 

III: What categories of Personal Data does SAP process?

In connection with the registration for SAP Alumni Network (https://sap-alumni.com), SAP processes the following categories of Personal data: name, email address, profile picture, gender, date of birth, social media channels, professional experience, education and skills.

SAP processes information including Personal Data about the users of SAP Alumni Network (https://sap-alumni.com)  using cookies or similar technologies for the purposes set out in the Cookie Statement https://sap-alumni.com/cookie-policy/ .

 

IV. How long does SAP store your Personal Data

SAP does only store your Personal Data for as long as it is required:

  • to make all assets of SAP Alumni Network (https://sap-alumni.com) available to you
  • to allow you to participate in SAP Alumni Dialogue Sessions

SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

 

V. Who are the recipients of your Personal Data?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

•         companies within the SAP Group;

•         third party service providers; for the provision of the website or newsletter dispatch.

SAP Group entities

As SAP is selling its products and services to its customers only via local business relationships, SAP may transfer your Personal Data to the locally relevant SAP group entity for the purpose and to the extent necessary to conduct a business relationship. Other entities of the SAP Group may also receive or gain access to Personal Data either when rendering group internal services centrally and on behalf of SAP SE and the other SAP group entities or when Personal Data is transferred to them on a respective legal basis. In these cases, these entities may process the Personal Data for the same purposes and under the same conditions as outlined in this Privacy Statement. The current list of SAP Group entities can be found here. If you would like to find out which SAP group entity is responsible for the business relationship with you or your employer, please contact Us at alumni.relations[@]sap.com.

 

VI. What are your data protection rights?

Right to access, correct and delete

You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

Right to obtain a copy of Personal Data

If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data you provided to SAP. In this case, please contact alumni.relations[@]sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.

Right to restrict

You can request from SAP to restrict your Personal Data from further processing in any of the following events:

  • you state the Personal Data about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data,
  • there is no legal basis for SAP to process your Personal Data and you demand SAP to restrict your Personal Data from further processing,
  • SAP no longer requires your Personal Data, but you state you require SAP to retain such data to claim or exercise legal rights or to defend against third party claims, or
  • in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

Right to object

If and to the extent SAP is processing your Personal Data based on SAP's Legitimate Interest, specifically where SAP pursues its legitimate interest to engage in SAP Alumni Relations context, you have the right to object to such a use of your Personal Data at any time.

When you object to SAP's processing of your Personal Data for SAP Alumni Relations context, SAP will immediately cease to process your Personal Data for such purposes. In all other cases, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which may override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.

Right to revoke consent

Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.

Right to lodge a complaint

If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country or state where SAP has its registered seat.

 

VII. How can you exercise your data protection rights?

Please direct any requests to exercise your rights to alumni.relations[@]sap.com.

 

VIII. How will SAP verify requests to exercise data protection rights? 

SAP will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise.  When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP. 

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

 

IX. Can you use SAP’s services if you are a minor?

Children. In general, this SAP Alumni Network (https://sap-alumni.com) is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use this SAP Alumni Network (https://sap-alumni.com).

 

B. Additional Country and Regional Specific Provisions

I. Where SAP is subject to privacy requirements in the EU/EEA or a country with national laws equivalent to the GDPR

Who is the relevant Data Protection authority?

You may find the contact details of your competent data protection supervisory authority here. SAP’s lead data protection supervisory authority is in Germany, the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg and can be reached at Lautenschlagerstraße 20, 70173 Stuttgart.

What are the legal permissions for SAP to process Personal Data?

SAP is processing your Personal Data for the business purposes set out above based on the following legal permissions:

Where We refer to GDPR Article 6.I (f), consequently SAP’s legitimate business interest as Our legal permission to process your Personal Data, SAP is pursuing its legitimate business interests

  • to efficiently manage and perform its business operations,
  • to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of Our employees, customers, partners, and shareholders,
  • to operate sustainable business relationships with SAP customers and partners including you (each of which as further set out below),
  • serve you with the best possible user experience when using SAP Alumni Network,
  • comply with extraterritorial laws and regulations, or
  • assert or defend itself against legal claims.

We believe that Our interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain processing for such purpose. In any of these cases, We duly factor into Our balancing test:

  • the business purpose reasonably pursued by SAP in the given case,
  • the categories, amount and sensitivity of Personal Data that is necessarily being processed,
  • the level of protection of your Personal Data which is ensured by means of Our general data protection policies, guidelines, and processes, and
  • the rights you have in relation to the processing activity.

If you wish to obtain further information on this approach, please contact alumni.relations[@]sap.com.

When SAP provides you with services related to SAP Alumni Network, SAP is processing your Personal Data on the basis of the following legal permissions:

  • GDPR Article 6.I (a) if your consent is required by law for SAP to process your data for this purpose,
  • GDPR Article 6.I (b) if necessary, to fulfill (pre-)contractual obligations with you,
  • GDPR Article 6.I (c) if necessary, to fulfill legal requirements applicable to SAP,
  • GDPR Article 6.I (f) if necessary, to provides you with services related to SAP Alumni Network,
  • or a legal permission under other national laws equivalent to any of the above, when applicable.

How does SAP justify international data transfers?

As a global group of companies, SAP has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). SAP may transfer your Personal Data to countries outside the EEA as part of SAP’s international business operations. If We transfer Personal Data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your Personal Data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to privacy[@]sap.com. You may also obtain more information from the European Commission on the international dimension of data protection here.

 

II. Where SAP is subject to privacy requirements in Colombia.

Colombia-Specific Provisions apply to citizens of the Republic of Colombia.

 

III. Where SAP is subject to the requirements of the Brazilian General Data Protection Law (“LGPD”)

SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to: 

Paulo Nittolo Costa 

Email: privacy[@]sap

Address: Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000 

 

iV. Where SAP is subject to privacy requirements in the Philippines

For individuals within the Philippines, you may exercise your rights as follows:

You can call or write to SAP to submit a request at:

alumni.relations[@]sap.com

Phone:    +632-8705-2500

Address: SAP Philippines, Inc.

Attn: Data Protection Officer

27F Nac Tower, Taguig City 1632, Philippines

The following provisions apply to residents and citizens of the Philippines

  • You may claim compensation as finally awarded by the National Privacy Commission or the courts if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms.
  • If you are the subject of a privacy violation or personal data breach or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission.
  • Your Transmissibility Rights. Your lawful heirs and assigns may invoke your rights at any time after your death or when you are incapacitated or incapable of exercising your rights.

 

V. Where SAP is subject to privacy requirements in the South Africa

Where SAP is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following also applies:

“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA.

“You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA

SAP South Africa (Pty) Ltd with registered address at 1 Woodmead Drive, Woodmed (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of

2013) and responsible party under the POPIA.

You may request details of personal information which We hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual, located here.

Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.

 

Phone:    011 325 6000

Address: 1 Woodmead Drive  Woodmead  Johannesburg South Africa 2148

Email:     privacy[@]sap.com

 If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: complaints.IR[@]justice.gov.za

Enquires:  inforeg[@]justice.gov.za

 

VI. Where SAP is subject to privacy requirements in the United States of America.

Where SAP is subject to certain privacy requirements in the United States, the following also applies:

U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13.  If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement.  SAP will take steps to delete the information as soon as possible.  Given that SAP Alumni Network (https://sap-alumni.com)  is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.

 

VII. Where SAP is subject to certain privacy requirements in the State of California USA.

Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:

You have the right

  • to request from SAP access to your Personal Data that SAP collects, uses, or discloses about you;
  • to request that SAP delete Personal Data about you;
  • to opt-out of the use or disclosure of your sensitive personal information;
  • to non-discriminatory treatment for exercise of any of your data protection rights; and
  • if you request access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not sell or share your Personal Data. In the course of our business activities we may share Personal Data with third parties, or permit third parties to collect data across various SAP websites.

Data Subject Access Requests

SAP receives Data Subject Access Requests from across the globe and works to ensure all valid requests where SAP is the Controller are responded to within the appropriate timeframe. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

In addition to contacting SAP at alumni.relations[@]sap.com, you may also exercise your rights as follows: 

You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.” 

 

VIII. Where SAP is subject to privacy requirements in Singapore

Where SAP is subject to the requirements of the Singapore’s Personal Data Protection Act (“PDPA”), the following also applies:

SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:

Subject: Data Protection Officer

Email: privacy[@]sap.com

Address: Mapletree Business City, 30 Pasir Panjang Rd, Singapore 117440

Contact: +65 6664 6868