Preamble

With its online platform - openSAP - SAP offers you the possibility to take part in free online courses on Information Technology-related topics. As a registered user you have access to the course content (videos, quizzes, reading material) and, after successful completion, you receive a record of achievement. Moreover, for the duration of the course the discussion forum and the collab spaces are available for your questions and interaction with other learners.

When conducting online courses, the collection and storage of personal data is unavoidable. The protection of your data and the lawful collection, processing, and use of it is therefore a matter of particular concern to us. We would thus like to inform you here which data will be collected when you visit our website and register for one or more of our courses. We would further like to inform you about the purpose of collecting this data and in what scope it will be used.

On every website of our web offering you can print out and/or save this privacy policy, which is to be found in the page footer under "Privacy".

A. GENERAL INFORMATION

Data Controller. The data controller in case of openSAP (https://open.sap.com and respective openSAP mobile applications) is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany (“SAP”). The SAP´ Group’s data protection officer can be reached at privacy@sap.com.

Duration of data storage. SAP will only store your name, email address and the respective profile data that you provide voluntarily, i.e. gender, date of birth, employer or university, city, country, career status, expertise, highest degree, IT background and position (your “Personal Data”) for as long as it is required

  • to make openSAP available to you and for as long as you have an active user account on the openSAP platform;
  • for SAP to comply with its statutory obligations resulting from applicable export laws;
  • until you object against such use by SAP if SAP’s use of your Personal Data is based on SAP’s legitimate business interest as further stated in this Privacy Statement;
  • until you revoke your consent granted in this Privacy Statement if SAP is processing your Personal Data based on your consent;
  • to fulfill the purposes outlined in this Privacy Statement.

SAP will also retain your Personal Data for additional periods if it is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for SAP to assert or defend against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

Why is the provision of Personal Data required? SAP requires your Personal Data to enable you to attend openSAP courses that are of interest for you. Any provision of this information is entirely voluntarily for you. However, without provisioning email address and name, it will unfortunately not be possible for SAP to make the relevant openSAP courses available to you.

Where will my Personal Data be processed? As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) or from a region with a legal restriction on international data transfers and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy[at]sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission.

Rights to access/rectification/erasure/restriction of processing/portability. You can request from SAP at any time information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. You can also always change or delete your Personal Data by yourself on the openSAP platform. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use openSAP.

If SAP uses your Personal Data based on your consent, you can further request from SAP a copy of the Personal Data that you have provided to SAP. In this case, please contact the email address below and specify the information or processing activities to which your request relates, the format in which you would like to receive this information, and whether the Personal Data should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best fulfill it.

Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, subject to the time required by SAP to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you state that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims or (iv) in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

Please direct any request to exercise your rights to open@sap.com.

How will SAP verify requests to exercise data protection rights? SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

Right to lodge a complaint. If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.

Children. In general, this openSAP website and app is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use this openSAP website and app.

Links to other websites. This website may contain links to foreign (meaning non-SAP Group companies) websites. SAP is not responsible for the privacy practices or the content of websites outside the SAP Group of companies. Therefore, we recommend that you carefully read the Privacy Statements of such foreign sites.

The social media buttons used are purely links, and thus not the so-called "like" and "share" buttons used by social media services. They do not transfer customer data or IP addresses.

B. PROCESSING BASED ON A STATUTORY PERMISSION

Provision of Service (Article 6 para. 1 lit. b General Data Protection Directive (“GDPR”)). In order to be able to make openSAP available to you, SAP is required to process the following information: In every visit to our website, the user data from your Internet browser is automatically submitted and stored in protocol files - the so-called server log files. The stored data sets contain the following information:

  • Date and time of the server request
  • Name of the requested page
  • Referrer URL (the website from where you arrived at our website)
  • Type and version of your browser
  • The IP address of the accessing computers
  • HTTP Error Code and Error Message (in case of erroneous requests)

These data are solely used for bug fixing purposes, i.e. to find and fix errors in our platform software. Logging data is retained for a maximum duration of 4 weeks.

Helpdesk. The openSAP Helpdesk requires your name and e-mail address to provide you with technical and platform-related support. The use of your Personal Data is limited to the support communication with the openSAP Helpdesk.

Comments on podcasts. openSAP provides the functionality to leave comments on selected podcast episodes. This feature is designed in such a way, so that it can be used anonymously, which is also recommended. If you still decide to provide additional personal data, i.e. your name and e-mail address, please note that openSAP will share this information with the respective podcast hosts to contact you. Your personal data will not be made publicly available and only be used for communication purposes regarding the respective podcast.

Learning progress and performance. openSAP keeps track of your learning progress and performance to provide you with respective course certificates, such as “Records of Achievement” and “Confirmations of Participation”.

Processing to ensure compliance. SAP and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that, pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, SAP is required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through SAP’s websites or other delivery channels controlled by SAP. This could include (i) automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information; (iii) blocking of access to SAP’s services and systems in case of a potential match; and (iv) contacting a user to confirm his or her identity in case of a potential match. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Article 6 para. 1 lit. c GDPR or the equivalent articles under other national laws, when applicable) and SAP‘s legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent articles under other national laws, when applicable).

Processing based on a legitimate interest of SAP. SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent article under other national laws, when applicable) as follows:

To keep you up-to-date. Within an existing business relationship between you and SAP, SAP might inform you, where permitted in accordance with local laws, about its products or services (including course announcements, recommendations and platform related information) which are similar or relate to such products and services you have already purchased or used from SAP.

Surveys. SAP could invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you nonetheless enter Personal Data in a questionnaire or survey, SAP will use this Personal Data to improve its offerings.

Evaluation of Anonymized Data Sets. SAP will anonymize Personal Data provided under this Privacy Statement to create anonymized data sets and aggregated usage reports, which will then be used to improve the openSAP offerings. These anonymized data sets and aggregated usage reports will be shared with third parties to conduct academic research projects to improve the openSAP offering.

Web Analysis. To continually improve our offer we use the open source web analytic software "Matomo" (formerly known as "Piwik"). With Matomo we can receive in real time reports about, e.g., the number of visitors, the search machines and the search words used that lead users to our offer. This helps us to constantly optimize our offer and design it accordingly. Matomo also uses cookies that are stored on your computer and enable an analysis of your use of the website (also see Section D). These cookies have a lifespan of 1 week. The information generated by the cookie about your use of this Internet offer is saved on our server. We would also like to note that on this website Matomo uses the "anonymize IP" function. This ensures an anonymous capture of your IP address (so-called IP masking) by us. Your IP address is only stored in abbreviated form, thus does not allow any conclusions to be drawn about your identity. You can object to being tracked with Matomo anytime by setting the "Do Not Track" option in your browser or opting out here:

You can at any time object to SAP’s use of your Personal Data as set forth in this section by sending an email to open@sap.com. In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP's compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise or defense of legal claims.

In the following cases, SAP will use your Personal Data only after you have provided a consent (Article 6 para. 1 lit a GDPR).

There are two ways to create a user account on openSAP. You can either register directly on openSAP with your name and e-mail address or use the SAP Cloud Identity for Single Sign-On. In both cases openSAP will create a minimal user profile containing the Personal Data needed for the provision of its services. If you decide to use SAP Cloud Identity for Single Sign-On, a centralized user profile will be created in addition.

Creating a minimal user profile. SAP requires your name and email address in order to enable you to participate in openSAP courses and to register for the openSAP website and respective mobile applications. Your name, email address and date of birth (optionally, if you provide it in your profile) will also appear on personal course documents, such as “Confirmations of Participation” and “Records of Achievement”. Your email address will be used for course related communications and the announcement of new courses and changes to the openSAP platform.

Parts of the openSAP web offerings and respective mobile applications bring you in touch with other openSAP users, e.g. to discuss with other learners in the discussion forum or the Collab Spaces of openSAP courses. If you decide to participate in these activities, other users will have access to parts of your minimal profile data, i.e. your full name (unless you choose to set a differing display name) and your profile picture, if you have uploaded one.

Creating a centralized user profile. If you decide to use SAP Cloud Identity for Single Sign-On, SAP requires you to register and create a centralized user profile. User profiles provide the option to display personal information about you to other users, including but not limited to your name, photo, social media accounts, postal or email address, or both, telephone number, personal interests, skills (e.g. professional skills and/or completed openSAP courses) , and basic information about your company. If your company is a SAP partner, openSAP may use this information to provide you with special partner-related course offerings.

These profiles created in the SAP Cloud Platform Identity Authentication Service, may also allow you to access other web offerings of SAP or of other entities of the SAP Group, or both. It is, however, always your choice which of these additional web offerings you use and your Personal Data is only forwarded to them once you initially access them. Kindly note that without your consent for SAP to create such user profiles SAP will not be in a position to offer such services to you where your consent is a statutory requirement that SAP can provide these services to you.

Within any web offering, beyond the mere provision of access your profile is used to personalize interaction with other users (for example, by way of messaging or follow functionality) and by SAP to foster the quality of communication and collaboration through such offerings and for SAP to provide gamification elements (gamification is the process of taking something that already exists, such as a website, an enterprise application, or an online community, and integrating game mechanics into it to motivate participation, engagement, and loyalty). To the greatest extent supported by the relevant web offering, you can use the functionality of the relevant web offering to determine which information you want to share.

News about openSAP related products and services. SAP requires your Personal Data to inform you about openSAP´s course-related offerings and services (e.g. discounts on books, openSAP reactivation codes, and other offerings outside the openSAP platform, e.g. SAP Learning Hub offerings), as well as personalized communication based on your preferences and learning history (e.g. special information for learners who received a record of achievement).

All communications come directly from openSAP and your Personal Data will not be shared with any other organization inside or outside of SAP. Any such use of information is based on the consent you grant hereunder.

SAP partner offering. Based on your consent, SAP will provide you with special course offerings limited to SAP partner organizations. For this purpose, openSAP will check if you belong to an SAP partner company and are eligible to participate in these courses and will supplement your profile with partner affiliation information. To improve SAP´s educational offerings and enablement recommendation for partners, openSAP will use your openSAP learning performance and history, and your partner affiliation data, and share it with other organizations within SAP.

For this purpose, openSAP requires you to connect your openSAP profile to the SAP Enterprise login (SAP Cloud Identity service for single sign-on). Your openSAP profile will be supplemented with data from the SAP Cloud Identity service for single sign-on, i.e. your SAP user ID, associated email address, and first and last name. openSAP will match the data with the SAP Partner Relationship Management (PRM) database. If your SAP user ID exists in this database and belongs to a company with a valid SAP PartnerEdge contract, openSAP will supplement your openSAP profile with partner affiliation data, i.e. SAP partner status, name and ID of SAP partner company, region and country. openSAP will track your learning performance and history, i.e. the courses you have enrolled on, the date of course enrollment, course completion status (record of achievement, confirmation of participation), and the date of course completion. openSAP will then share this data together with the data from the SAP Cloud Identity service for single sign-on (SAP user ID, associated first and last name) and partner affiliation data for reporting and analysis through a Global Partner Enablement Dashboard that monitors training activities. This data will be used by SAP to understand which enablement topics are required for partners and, based on these requirements, build tailored partner enablement content, courses, delivery formats, and learning programs. SAP will also measure the effectiveness of these offerings in order to improve them. In addition, SAP will use the data to recommend specific courses and programs based on the user’s learning history.

SAP Community. Based on your consent, openSAP will send your learning progress data to the SAP Community in order to earn openSAP missions. There you will earn badges such as registration to an openSAP course, passing of the course, achievement of certain amounts of Records of Achievements, being an openSAP instructor or actively participated in setting up a course.

Withdrawal of consent to the processing of Personal Data. You may withdraw your consent for SAP to process your Personal Data as stated herein at any time. Once you assert this right, SAP will not process your Personal Data any longer unless legally required to do so. However, any withdrawal has no effect on past processing by SAP up to the point in time of your withdrawal. Please direct any such request to open@sap.com.

D. Cookies and similar tools

Information gathered by cookies or similar technologies, and any use of such information, is further described in openSAP’s Cookie Statement. You can exercise your cookie preferences as outlined in openSAP’s Cookie Statement.

E. External Resources

Vimeo. Our website includes content from the video portal Vimeo.com. The site operator is Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA. When you visit one of our sites with a video player, a connection will be established to the Vimeo servers.
Vimeo will then be informed which of our pages you have visited ("Referer URL"). Vimeo will also have access to your IP address.

Kaltura. In order to provide video content on the openSAP Microlearning website, it is connected with the KALTURA Platform, provided by Kaltura, Inc.; New York, NY 10003; USA. Kaltura stores, processes and distributes videos for consumption via the openSAP Microlearning website. When you interact with the openSAP Microlearning website, Kaltura will have access to your IP address.

Microsoft Azure Edge. Our website loads parts of the so-called "static resources", i.e. files which don't change often and are usually quite large (e.g. JavaScript, Cascading Style Sheets or images) from a Content Delivery Network (CDN). CDN providers run servers in different parts of the world and mirror our static resources on each of these servers. When your browser loads such a static resource, you will always be connected to the closest (and thus fastest) CDN server. When downloading, the CDN provider is informed which of our pages you have visited ("Referer URL") and also has access to your IP address.

The CDN for openSAP is Microsoft Azure Edge, operated by the Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. The responsible data protection officer for the EEA can be contacted via: Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Podlove. Both Podlove Subscribe Button and Podlove Web Player are served by keycdn.com (keycdn GDPR statement). Podlove Publisher tracks download statistics. IP addresses are used to determine an estimated geographic location (city or state level). IP addresses are stored temporarily (up to 48 hours) as part of a request id. This is necessary because the podcast owner needs to know how often episodes are downloaded to prove the viability of her/his endeavors.

To determine a realistic download number, the system must be able to recognize repeated access to the same file by the same user. The only reliable way to achieve this is by considering the IP address in combination with the User Agent. Using an anonymized IP address is not possible because it would lead to wrong results. An access to the same file by the same user on different days can be considered separate downloads, therefore it is necessary to store IPs for only up to 48 hours. After 48 hours request ids are salted in a way that makes it impossible to restore the original IP address. The User Agent is stored as well.

F. Additional Country and Regional Specific Provisions

Where SAP is subject to certain privacy requirements in the United States, the following also applies:

U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that openSAP is not directed to users under 16 years of age and in accordance with the disclosure requirements of the California Consumer Privacy Act (“CCPA”), SAP does not sell the Personal Data of any minors under 16 years of age.

Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies: Do Not Track. Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to our Cookie Statement. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. Please note that if you do not accept cookies, you may not be able to use certain functions and features of our site. This site does not allow third parties to gather information about you over time and across sites.

You have the right:

  • to request from SAP access to your Personal Data that SAP collects, uses, or discloses about you;
  • to request that SAP deletes Personal Data about you;
  • to non-discriminatory treatment for exercise of any of your data protection rights; and
  • in case of request from SAP for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.

In accordance with the disclosure requirements under the CCPA, SAP does not and will not sell your Personal Data. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

In addition to contacting SAP at open@sap.com, you may also exercise your rights as follows:

You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

Where SAP is subject to certain privacy requirements in the Philippines, the following also applies:

For individuals within the Philippines, you may also exercise your rights as follows: You can call or write to SAP to submit a request at: Phone: +632-8705-2500 Address: SAP Philippines, Inc. Attn: Data Protection Officer 27F Nac Tower, Taguig City 1632, Philippines

The following two provisions apply to citizens of the Philippines:

  • You may claim compensation as finally awarded by the National Privacy Commission or the courts if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject;
  • If you are the subject of a privacy violation or personal data breach, or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission.

Russian-Specific Provisions apply to citizens of the Russian Federation.

This page was last changed at Wed, 16 Jun 2021 05:58:07 +0000.