Last Updated: July 20, 2018


Protecting the individual's privacy on the Internet is crucial to the future of Internet-based business and the move toward a true Internet economy. We have created this Privacy Statement to demonstrate our firm commitment to the individual`s right to data protection and privacy. This Privacy Statement outlines how we handle information that can be used to directly or indirectly identify an individual ("Personal Data") in the SAP S/4HANA Cloud Customer Community.

This SAP S/4HANA Cloud Customer Community Privacy Statement ("Privacy Statement") describes the various ways that SAP, their subsidiaries, other affiliated and/or related companies, as applicable ("SAP" or "we" or "us" or "our") process information about you that is collected by SAP in the context of the SAP S/4HANA Cloud Customer Community and explains how SAP uses such information for its own business purposes.


A. General Information


When does this Privacy Statement apply? This Privacy Statement applies to Personal Data that you provide to SAP or which is derived from the Personal Data as outlined below.

Data Controller. The data controller of www.sap.com is SAP SE, Dietmar-Hopp-Allee 16 Walldorf, Germany 69190 ("SAP"). The SAP Group's data protection officer is Mathias Cellarius (privacy@sap.com).

What does SAP do with my Personal Data? SAP will process the Personal Data provided hereunder only as set out in this Privacy Statement. Further information can be found in Sections B. and C. below. Where the processing of your Personal Data is based on a statutory permission, you can find information on which Personal Data SAP is processing or using for which purposes in Section C below. Where consent for the processing of your Personal Data is required you can find further information in Section D. below.

Duration of processing of Personal Data. Where SAP is processing and using your Personal Data as permitted by law (see B. below) or under your consent (see C. below), SAP will store your Personal Data (i) only for as long as is required to fulfil the purposes set out below or (ii) until you object to SAP's use of your Personal Data (where SAP has a legitimate interest in using your Personal Data), or (iii) until you withdraw your consent (where you consented to SAP using your Personal Data). However, where SAP is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for SAP to assert or defend against legal claims, SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

Why am I required to provide Personal Data? As a general principle, your granting of any consent and your provision of any Personal Data hereunder is entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide Personal Data. However, there are circumstances in which SAP cannot take action without certain Personal Data, for example because this Personal Data is required to process your orders or provide you with access to a web offering or newsletter. In these cases, it will unfortunately not be possible for SAP to provide you with what you request without the relevant Personal Data.

Where will my Personal Data be processed? As part of a global group of companies, SAP has affiliates and third-party service providers within as well as outside of the European Economic Area (the "EEA"). As a consequence, whenever SAP is using or otherwise processing your Personal Data for the purposes set out in this Privacy Statement, SAP may transfer your Personal Data to countries outside of the EEA including to such countries in which a statutory level of data protection applies that is not comparable to the level of data protection within the EEA. Whenever such transfer occurs, it is based on the Standard Contractual Clauses (according to EU Commission Decision 87/2010/EC or any future replacement) in order to contractually provide that your Personal Data is subject to a level of data protection that applies within the EEA. You may obtain a redacted copy (from which commercial information and information that is not relevant has been removed) of such Standard Contractual Clauses by sending a request to privacy@sap.com.

European Data Subjects' Rights. You can request from SAP at any time information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. Please note, however, that SAP can delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note that if you request that SAP delete your Personal Data, you will not be able to continue to use any SAP service that requires SAP's use of your Personal Data.

If SAP uses your Personal Data based on your consent or to perform a contract with you, you may further request from SAP a copy of the Personal Data that you have provided to SAP. In this case, please contact the email address below and specify the information or processing activities to which your request relates, the format in which you would like this information, and whether the Personal Data is to be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best fulfill it.

Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, (but only for as long as SAP requires to check the accuracy of the relevant Personal Data), (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you claim that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims or (iv) in case you object to the processing of your Personal Data by SAP (based on SAP's legitimate interest as further set out in B. below) for as long as it is required to review as to whether SAP has a prevailing interest or legal obligation in processing your Personal Data.

Please direct any such request to s4hccommunityhelp@sap.com.

Right to lodge a complaint. If you believe that SAP is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country in which you live or with the data protection authority of the country or state in which SAP has its registered seat.

Use of this website by children. This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.

Links to other websites. This website may contain links to foreign (meaning non-SAP Group companies) websites. SAP is not responsible for the privacy practices or the content of websites outside the SAP Group of companies. Therefore, we recommend that you carefully read the privacy statements of such foreign sites.


B. Where SAP uses My Personal Data based on the Law


In the following cases, SAP is permitted to process your Personal Data under the applicable data protection law.

To provide the Community to you. SAP requires your name and email address in order to provide you with access to the Community. SAP's use of this information is based on the permission set out in applicable data protection laws to process personal data for the purpose of performing contractual obligations with customers. In some cases, we use cookies to provide the functionality of the website. Please see "How and Why We Use Cookies and Similar Technologies" below for more information.

Ensuring compliance. SAP and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that, pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, SAP is required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through SAP's websites or other delivery channels controlled by SAP. This may include (i) automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information; (iii) blocking of access to SAP's services and systems in case of a potential match; and (iv) contacting a user to confirm his or her identity in case of a potential match. Furthermore, you acknowledge that any information required to track your choices regarding the processing or use of your Personal Data or receipt of marketing materials (that is to say, depending on the country in which the relevant SAP Group company operates, whether you have expressly consented to or opted out of receiving marketing materials) may be stored and exchanged between members of the SAP Group as required to ensure compliance.

Where processing is based on SAP's legitimate interest. Each of the use cases below constitutes a legitimate interest of SAP to process or use your Personal Data. If you do not agree with this approach, you may object against SAP's processing or use of your Personal Data as set out below.

  • Questionnaires and surveys. SAP may invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you nonetheless enter Personal Data in a questionnaire or survey, SAP may use such Personal Data to improve its products and services.
  • Creation of anonymized data sets. SAP may anonymize Personal Data provided under this Privacy Statement to create anonymized data sets, which will then be used to improve its and its affiliates' products and services.
  • To keep you up-to-date and request feedback. Within an existing business relationship between you and SAP, we may inform you, where permitted in accordance with local laws, about our goods or services, such as webinars, seminars, conferences or events, product announcements, software updates and upgrades, special offers and other information about SAP S/4HANA Cloud software services (including marketing newsletters) and the SAP Beyond Program that are similar or relate to goods and services you have already ordered or used from SAP. In addition, when you have attended a webinar, seminar or event of SAP or purchased goods or services from SAP, we may contact you for feedback regarding the improvement of the relevant webinar, seminar, event, good or service. Furthermore, we communicate on a regular basis by email with users, and we may also communicate by phone to resolve customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you information about changes to our products and services, and to send notices and other disclosures as required by law. Generally, users cannot opt out of these communications, which are not marketing-related but merely required for the relevant business relationship.
  • For investigations of suspicious activities. When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of SAP, our users, or others; and in connection with the enforcement of our terms and contracts.
  • To protect our legal rights. As required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served to us.

Right to object. You may object to SAP using Personal Data for the above purposes at any time by contacting s4hccommunityhelp@sap.com. If you do so, SAP will cease using your Personal Data for the above purposes (that is to say, under a legitimate interest set out above) and remove it from its systems unless SAP is permitted to use such Personal Data for another purpose set out in this Privacy Statement or SAP determines and demonstrates a compelling legitimate interest to continue processing your Personal Data.


C. Where processing is based on consent.


In the following cases SAP will only use your Personal Data as further detailed below after you have granted your prior consent into the relevant processing operations.

  • For affiliate marketing. SAP may transfer your personal data to other affiliated companies within the SAP's group of undertakings for the purpose to inform you about SAP's latest products, service offers and events in the same way as SAP may hereunder. Any such use of information is based on the consent you grant hereunder."
  • To create and maintain a digital community user profile. SAP collects your name, company name, role, title, region, and industry in order to manage the Community and provide you a registration profile. Please SAP S/4HANA Cloud Customer Community offers you the option to use web offerings such as forums, blogs, and networks linked to this website that may require you to register and create a user profile. User profiles provide the option to display personal information about you to other users, including but not limited to your name, photo, social media accounts, postal or email address, or both, telephone number, personal interests, skills, and basic information about your company. These profiles may relate to a single web offering of SAP or, if created in the SAP Cloud Platform Identity Authentication Service, may also allow you to access other web offerings of SAP or of other entities of the SAP Group, or both (irrespective of any consent granted under the section "For Affiliate Marketing," above). It is, however, always your choice which of these additional web offerings you use and your Personal Data is only forwarded to them once you initially access them. Kindly note that without your consent for SAP to create such user profiles, SAP will not be in a position to offer such services to you where your consent required under applicable law. Within any web offering, in addition to access your profile is used to personalize interaction with other users, such as with messaging or "follow" functionality, and by SAP to enhance the quality of communication and collaboration through such offerings and for SAP to provide gamification elements (gamification is the process of taking something that already exists, such as a website, an enterprise application, or an online community, and integrating game mechanics into it to motivate participation, engagement, and loyalty). To the greatest extent supported by the relevant web offering, you can use the functionality of the relevant web offering to determine which information you want to share.
  • To improve our services. We also collect information based on your consent for tracking purposes as described in "How and Why We Use Cookies and Similar Technologies"

Right to withdraw consent. You may at any time withdraw a consent granted hereunder emailing s4hccommunityhelp@sap.com. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of personal data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will not be (any longer) able to provide the relevant service (or services, if you revoke the consent for SAP to use your profile under the SAP Cloud Platform Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation.


E. How and Why We Use Cookies and Similar Technologies


SAP uses cookies and other tracking technologies for the purposes described below.

  • To provide the Community to You. Usage of cookies to provide SAP Jam to you. SAP uses cookies which are intended to verify who the user is, the user's session information and where to redirect users. These cookies are only intended to facilitate the use of SAP Jam (e.g. by avoiding that you have to repeatedly to enter your password). Any processing of your IP address, first name, last name and password by cookies in this connection is therefore required for SAP to provide SAP Jam to you. Furthermore, SAP uses your IP address to help diagnose problems and to administer our website.
  • To improve our services. SAP may require your Personal Data to evaluate behavioral aspects by means of tracking. SAP may process tracking data in the context of S/4 HANA Cloud Customer Community for purposes of analyzing how you use the Community, measuring engagement and compiling respective reports. This may include the use of identifiers like cookies or fingerprinting or ID-tracking technology. Any such use of information for this purpose is based on the consent you grant hereunder.

Managing Preferences. You have the right to accept or reject cookies. However, please note that if you reject all cookies, the Community may not function properly. If you have any problems using this mechanism, please email us at s4hccloudcommunityhelp@sap.com.


F. How your information is shared


As part of a global group of companies, SAP has affiliates and third-party service providers within as well as outside of the European Economic Area (the "EEA"). As a consequence, whenever SAP is using or otherwise processing your Personal Data for the purposes set out in this Privacy Statement, SAP may transfer your Personal Data to countries outside of the EEA including to such countries in which a statutory level of data protection applies that is not comparable to the level of data protection within the EEA. Whenever such transfer occurs, it is based on the Standard Contractual Clauses (according to EU Commission Decision 87/2010/EC or any future replacement) in order to contractually provide that your Personal Data is subject to a level of data protection that applies within the EEA. You may obtain a redacted copy (from which commercial information and information that is not relevant has been removed) of such Standard Contractual Clauses by sending a request to privacy@sap.com.

The current list of SAP group entities can be found here.


G. How your information is kept safe


SAP maintains data handling and storage practices and procedures that are designed to promote the integrity and confidentiality of Personal Data. We update and test our security technology on an ongoing basis. We use commercially acceptable means to protect your personal information in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction, but we cannot guarantee its absolute security.


K. U.S.-Specific Provisions


Where SAP is subject to U.S. privacy requirements, the following also applies:

Do Not Track. Your browser may allow you to set a "Do not track" preference. Unless otherwise stated, our sites do not honor "Do not track" requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by way of the TrustArc Consent Manager if the relevant website contains a link to it. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. Please note that if you do not accept cookies, you may not be able to use certain functions and features of our site. This site does not allow third parties to gather information about you over time and across sites.

Requirements to Protect Children's Privacy. We do not intend for our websites or online services to be used by anyone under the age of 13. If you are a parent or guardian and believe we may have collected information about a child, please contact at privacy@sap.com.


L. Russia-Specific Provisions


The following applies to users who are resident in the Russian Federation:

The services hereunder are not intended for use by citizens of the Russian Federation who are resident in Russia. If you are a Russian citizen residing in Russia, you are hereby notified that any Personal Data that you input into the services will be solely at your own risk and responsibility, that you expressly agree that SAP may gather your Personal Data and will process this data in the United States and in other countries, and that you will not hold SAP accountable for any potential non-observance of legislation of the Russian Federation.