This Privacy Statement was updated on 07/26/2023.
Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate the firm commitment of openSAP to the individual`s right to data protection and privacy. It outlines how We handle information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”).
With its online platform - openSAP - SAP offers you the possibility to take part in free online courses on Information Technology-related topics. As a registered user you have access to the course content (videos, quizzes, reading material) and, after successful completion, you receive a record of achievement. Moreover, for the duration of the course the discussion forum and the collab spaces are available for your questions and interaction with other learners.
When conducting online courses, the collection and storage of personal data is unavoidable. The protection of your data and the lawful collection, processing, and use of it is therefore a matter of particular concern to us. We would thus like to inform you here which data will be collected when you visit our website and register for one or more of our courses. We would further like to inform you about the purpose of collecting this data and in what scope it will be used.
Data Controller. The data controller in case of openSAP (https://open.sap.com and respective openSAP mobile applications) is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany (“SAP”).
You can reach SAP Group’s data protection officer any time at privacy[@]sap.com.
Duration of data storage. SAP will only store your name, email address and the respective profile data that you provide voluntarily, i.e. gender, date of birth, employer or university, city, country, career status, expertise, highest degree, IT background and position (your “Personal Data”) for as long as it is required
SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.
Who are the recipients of my Personal Data? Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:
SAP Group entities. As SAP is selling its products and services to its customers only via local business relationships, SAP may transfer your Personal Data to the locally relevant SAP group entity for the purpose and to the extent necessary to conduct a business relationship. Other entities of the SAP Group may also receive or gain access to Personal Data either when rendering group internal services centrally and on behalf of SAP SE and the other SAP group entities or when Personal Data is transferred to them on a respective legal basis. In these cases, these entities may process the Personal Data for the same purposes and under the same conditions as outlined in this Privacy Statement. The current list of SAP Group entities can be found here. If you would like to find out which SAP group entity is responsible for the business relationship with you or your employer, please contact Us at [open[@]sap.com].
Why is the provision of Personal Data required? SAP requires your Personal Data to enable you to attend openSAP courses that are of interest for you. Any provision of this information is entirely voluntarily for you. However, without provisioning email address and name, it will unfortunately not be possible for SAP to make the relevant openSAP courses available to you.
How does SAP justify international data transfers? As a global group of companies, SAP has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). SAP may transfer your personal data to countries outside the EEA as part of SAP’s international business operations. If we transfer personal data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your personal data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to privacy[@]sap.com. You may also obtain more information from the European Commission on the international dimension of data protection here.
What are your data protection rights?
Rights to access, correct and delete. You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
Right to obtain a copy of Personal Data. If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data you provided to SAP. In this case, please contact open[@]sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.
Right to restrict. You can request from SAP to restrict your Personal Data from further processing in any of the following events:
Right to object. If and to the extent SAP is processing your Personal Data based on SAP's Legitimate Interest, specifically where SAP pursues its legitimate interest to engage in direct, you have the right to object to such a use of your Personal Data at any time. When you object to SAP's processing of your Personal Data for direct marketing purposes, SAP will immediately cease to process your Personal Data for such purposes. In all other cases, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which may override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.
Right to revoke consent. Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service (or services, if you revoke the consent for SAP to use your profile under the SAP Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation.
Right to lodge a complaint. If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country or state where SAP has its registered seat.
Please direct any request to exercise your rights to open[@]sap.com.
How will SAP verify requests to exercise data protection rights? SAP will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP. SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.
Can you use SAP’s services if you are a minor? Children. In general, this openSAP website and its app is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use this openSAP website and app.
Links to other websites. This website may contain links to foreign (meaning non-SAP Group companies) websites. SAP is not responsible for the privacy practices or the content of websites outside the SAP Group of companies. Therefore, we recommend that you carefully read the Privacy Statements of such foreign sites.
The social media buttons used are purely links, and thus not the so-called "like" and "share" buttons used by social media services. They do not transfer customer data or IP addresses.
Provision of Service (Article 6 para. 1 lit. b General Data Protection Directive (“GDPR”)). In order to be able to make openSAP available to you, SAP is required to process the following information: In every visit to our website, the user data from your Internet browser is automatically submitted and stored in protocol files - the so-called server log files. The stored data sets contain the following information:
These data are solely used for bug fixing purposes, i.e. to find and fix errors in our platform software. Logging data is retained for a maximum duration of 4 weeks.
User accounts. There are two ways to create an user account on openSAP. You can either use the SAP Identity Service (SAP IDS) or get an SAP Universal ID (SAP UID).
Helpdesk. The openSAP Helpdesk requires your name and e-mail address to provide you with technical and platform-related support. The use of your Personal Data is limited to the support communication with the openSAP Helpdesk.
Comments on podcasts. openSAP provides the functionality to leave comments on selected podcast episodes. This feature is designed in such a way, so that it can be used anonymously, which is also recommended. If you still decide to provide additional personal data, i.e. your name and e-mail address, please note that openSAP will share this information with the respective podcast hosts to contact you. Your personal data will not be made publicly available and only be used for communication purposes regarding the respective podcast.
Learning progress and performance. openSAP keeps track of your learning progress and performance to provide you with respective course certificates, such as “Records of Achievement” and “Confirmations of Participation”.
To comply with statutory obligations.
Processing based on SAP’s legitimate interest. SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent article under other national laws, when applicable) as follows:
*To offer SAP products and services. We aim to keep customers and prospects updated on upcoming events and SAP’s latest products and services. Further, We also desire to keep Our customers and partners satisfied with Our products and services and therefore ask them on a regular basis for their feedback. If possible, We may contact you to discuss further your interest in SAP services and offerings.
To keep you up-to-date. Within an existing business relationship between you and SAP, SAP processes your Personal Data to might inform you about SAP products or services which are similar or relate to products and services (including course announcements, recommendations and platform related information) you have already purchased or used. SAP will inform you by email about such news only as far as it is allowed by law, or if SAP has collected such information in the context of the business relationship. You are entitled to object to SAP’s use for this purpose at any time by selecting the opt-out option within your user settings.
Feedback requests and surveys. To the extent allowed by applicable law, SAP may contact you for feedback regarding the improvement of the relevant material, product, or service. SAP may also invite you to participate in questionnaires and surveys. These will generally be designed so you can participate without having to provide information that identifies you as a participant. If you nonetheless provide your Personal Data, SAP will use it for the purpose stated in the questionnaire or survey or to improve its products and services.
Evaluation of Anonymized Data Sets. SAP will anonymize Personal Data provided under this Privacy Statement to create anonymized data sets and aggregated usage reports, which will then be used to improve the openSAP offerings. These anonymized data sets and aggregated usage reports will be shared with third parties to conduct academic research projects to improve the openSAP offering.
You can at any time object to SAP’s use of your Personal Data as set forth in this section by sending an email to open[@]sap.com. In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP's compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise or defense of legal claims.
In the following cases, SAP will use your Personal Data only after you have provided a consent (Article 6 para. 1 lit. a GDPR).
News about openSAP related products and services. SAP requires your Personal Data to inform you about openSAP´s course-related offerings and services (e.g. discounts on books, openSAP reactivation codes, and other offerings outside the openSAP platform, e.g. SAP Learning, SAP Learning Hub offerings), as well as personalized communication based on your preferences and learning history (e.g. special information for learners who received a record of achievement). All communications come directly from openSAP and your Personal Data will not be shared with any other organization inside or outside of SAP. Any such use of information is based on the consent you grant hereunder.
SAP partner offering. Based on your consent, SAP will provide you with special course offerings limited to SAP partner organizations. For this purpose, openSAP will check if you belong to an SAP partner company and are eligible to participate in these courses and will supplement your profile with partner affiliation information. To improve SAP´s educational offerings and enablement recommendation for partners, openSAP will use your openSAP learning performance and history, and your partner affiliation data, and share it with other organizations within SAP.
For this purpose, openSAP requires you to connect your openSAP profile to the SAP Enterprise login (SAP Cloud Identity service for single sign-on). Your openSAP profile will be supplemented with data from the SAP Cloud Identity service for single sign-on, i.e. your SAP user ID, associated email address, and first and last name. openSAP will match the data with the SAP Partner Relationship Management (PRM) database. If your SAP user ID exists in this database and belongs to a company with a valid SAP PartnerEdge contract, openSAP will supplement your openSAP profile with partner affiliation data, i.e. SAP partner status, name and ID of SAP partner company, region and country. openSAP will track your learning performance and history, i.e. the courses you have enrolled on, the date of course enrollment, course completion status (record of achievement, confirmation of participation), and the date of course completion. openSAP will then share this data together with the data from the SAP Cloud Identity service for single sign-on (SAP user ID, associated first and last name) and partner affiliation data for reporting and analysis through a Global Partner Enablement Dashboard that monitors training activities. This data will be used by SAP to understand which enablement topics are required for partners and, based on these requirements, build tailored partner enablement content, courses, delivery formats, and learning programs. SAP will also measure the effectiveness of these offerings in order to improve them. In addition, SAP will use the data to recommend specific courses and programs based on the user’s learning history.
SAP Community. Based on your consent, openSAP will send your learning progress data to the SAP Community in order to earn openSAP missions. There you will earn badges such as registration to an openSAP course, passing of the course, achievement of certain amounts of Records of Achievements, being an openSAP instructor or actively participated in setting up a course.
Interaction history across learning offerings. With your consent SAP may process information about your interactions with SAP across its various learning platforms and its learning offerings including your prior and current use of SAP learning products or services, your participation in and use of SAP’s learning websites, online and offline trainings, events, free trials or newsletters. SAP uses your interaction history in order to improve SAP learning offerings, your learning journey and SAP’s personal communications with you. Your interaction history may also be used to efficiently operate SAP’s business, which includes: aggregation of data to support various analytic and statistical efforts, performance and predictive analytics and exploratory data science. SAP strives to improve the user experience and strengthen the relevance of information that you receive from SAP. To do so, SAP may combine and use your interaction history to help understanding your learning interests and learning demands, develop our business insight and marketing strategies, and to create, develop, deliver, and improve our personalized communications with learning recommendations for you.
Withdrawal of consent to the processing of Personal Data. You may withdraw your consent for SAP to process your Personal Data as stated herein at any time. Once you assert this right, SAP will not process your Personal Data any longer unless legally required to do so. However, any withdrawal has no effect on past processing by SAP up to the point in time of your withdrawal. Please direct any such request to open[@]sap.com.
By visiting the “Cookie Preferences” link in the footer of [Cookie Preference link in the bottom footer of your Web presence], you will find further information and have the option to exercise your cookie preferences.
Vimeo. Our website includes content from the video portal Vimeo.com. The site operator is Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA. When you visit one of our sites with a video player, a connection will be established to the Vimeo servers.
Vimeo will then be informed which of our pages you have visited ("Referrer URL"). Vimeo will also have access to your IP address.
Kaltura. In order to provide video content on the openSAP Microlearning website, it is connected with the KALTURA Platform, provided by Kaltura, Inc.; New York, NY 10003; USA. Kaltura stores, processes and distributes videos for consumption via the openSAP Microlearning website. When you interact with the openSAP Microlearning website, Kaltura will have access to your IP address.
The CDN for openSAP is Microsoft Azure Edge, operated by the Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. The responsible data protection officer for the EEA can be contacted via: Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Matomo. To continually improve our offer we use the open source web analytic software "Matomo" (formerly known as "Piwik"), InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.
TrustArc. To continually improve our offer we use TrustArc, headquartered at 2121 N. California Blvd., Suite 290, Walnut Creek, CA, USA.
Amazon Web Service (AWS). In order to provide audio content on the openSAP Podcast website, it is connected with the AWS, provided by Amazon Web Services, Inc.; 410 Terry Avenue North Seattle, WA 98109 United States. AWS stores, processes and distributes audio for consumption via the openSAP Podcast website. When you interact with the openSAP Podcast website, AWS will have access to your IP address.
Podlove. Both Podlove Subscribe Button and Podlove Web Player are served by keycdn.com (keycdn GDPR statement). Podlove Publisher tracks download statistics. IP addresses are used to determine an estimated geographic location (city or state level). IP addresses are stored temporarily (up to 48 hours) as part of a request id. This is necessary because the podcast owner needs to know how often episodes are downloaded to prove the viability of her/his endeavors.
To determine a realistic download number, the system must be able to recognize repeated access to the same file by the same user. The only reliable way to achieve this is by considering the IP address in combination with the User Agent. Using an anonymized IP address is not possible because it would lead to wrong results. An access to the same file by the same user on different days can be considered separate downloads, therefore it is necessary to store IPs for only up to 48 hours. After 48 hours request ids are salted in a way that makes it impossible to restore the original IP address. The User Agent is stored as well.
Where SAP is subject to privacy requirements in Colombia. Colombia-Specific Provisions apply to citizens of the Republic of Colombia.
Where SAP is subject to the requirements of the Brazilian General Data Protection Law (“LGPD”). SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:
Paulo Nittolo Costa
Address: Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000
When SAP is subject to the requirements of the Malaysian Personal data Protection Act ("PDPA"), a Malaysian Bahasa version of this privacy statement is available.
Where SAP is subject to privacy requirements in the Philippines, the following also applies:
For individuals within the Philippines, you may also exercise your rights as follows:
You can call or write to SAP to submit a request at:
Address: SAP Philippines, Inc.
Attn: Data Protection Officer
27F Nac Tower, Taguig City 1632, Philippines
The following provisions apply to residents and citizens of the Philippines:
Where SAP is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following also applies:
“Personal data” as used in this privacy statement means Personal Information as such term is defined under POPIA.
“You” and “Your” as used in this privacy statement means a natural person or a juristic person as such term is used under POPIA.
Systems Applications Products (Africa Region) Proprietary Limited & Systems Applications Products (South Africa) Proprietary Limited with registered address at 1 Woodmead Drive, Woodmead (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) and responsible party under the POPIA.
Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.
Phone: 011 325 6000
Address: 1 Woodmead Drive, Woodmead, Johannesburg South Africa 2148
If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017
You may request details of personal information which we hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual.
Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:
You have the right:
In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not sell or share your Personal Data. In the course of our business activities we may share Personal Data with third parties, or permit third parties to collect data across various SAP websites.
Data Subject Access Requests:
SAP receives Data Subject Access Requests from across the globe and works to ensure all valid requests where SAP is the Controller are responded to within the appropriate timeframe. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.
In addition to contacting SAP at webmaster[@]sap.com, you may also exercise your rights as follows:
You can call toll-free to submit a request using the numbers provided here or click here- “Limit the Use of My Sensitive Personal Information”. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.
Where SAP is subject to the requirements of the Singapore’s Personal data Protection Act (“PDPA"), the following also applies:
SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:
Subject: Data Protection Officer
Address: Mapletree Business City, 30 Pasir Panjang Rd, Singapore 117440
Contact: +65 6664 6868
This page was last changed at Wed, 26 Jul 2023 09:38:57 +0000.