Jobs at SAP

DATA PROCESSING NOTICE
FOR
SAP'S CAREER PORTAL

This notice (“Notice”) will provide you with information on our data processing activities with respect to certain personal data about you when accessing and using the SAP Recruiting System (“the Portal”) to (i) create an account in the Portal inter alia used to store your application data and/or (ii) to apply for a specific job offering of an entity belonging to the SAP Group (“SAP” or “we”) - a list of SAP entities can be found here, while the relevant entity is indicated with in a specific job offering. The Notice considers the rights and obligations set forth in the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”).

SUMMARY OF DATA PROCESSING NOTICE FOR SAP’S CAREER PORTAL

Scope of applicability
This Summary Notice applies to you if you want to use SAP’s career portal.

Processing of your Personal Data and processing purposes
We process certain individually identifiable information about you when you access and use the Portal such as: Your name, contact details, account settings, education details, etc. for the following purposes: Creation of account and profile, applications, etc. For more details see I. of the Full Notice.

Cookies and similar tools
We may use cookies or similar technologies. For more details see II. of the Full Notice.

Recipients of your data
We transfer your Personal Data to other SAP group companies and third parties such as governmental agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law, some of the aforementioned recipients located in jurisdictions outside the EU. For more details see III. of the Full Notice.

Managing your account
You have different options to manage your account. For more details see IV. of the Full Notice.

Retention periods for and deletion of your Personal Data
Your Personal Data will be deleted once they aren’t any longer needed for the purposes motivating their original collection or as required by applicable law. For more details see V. of the Full Notice.

Your statutory rights
As set forth by applicable law, you have a number of rights with regard to the Processing or your Personal Data, each as per the conditions defined in applicable law, such as the right to get access to your data, to get them corrected, erased or handed over. Please refer any of your questions to privacy@sap.com. For more details see VI. of the Full Notice.

Changes
Both this summary and the detailed privacy notice are subject to change. You will be notified adequately of any such changes.

How to contact us
If you wish to exercise your data subject rights or if you have any other questions concerning this Notice, please address your request to careers@sap.com or to the SAP data protection officer who can be contacted at privacy@sap.com.
 

I. Your Personal Data and processing purposes

1. General
We will process certain individually identifiable information about you when you access and use the Portal that you provide us with when creating an account, setting up a profile and/or applying for a job on the Portal (“Personal Data”) including such Personal Data received from you or authorized third parties (e.g., approved recruitment agencies which you authorized to submit your Personal Data to us). In addition to Personal Data collected via the Portal we may collect further Personal Data about you to the extent permitted or required under applicable law, for purposes connected with your profile on the Portal or a specific application for a job (e.g., in connection with job interviews we conduct with you). We collect such Personal Data in order to enable you to create an account, set up a profile and/or apply for a job on the Portal as well as to inform you about new job posting notifications and send information about career opportunities.

2. Creation of account and profile
When you (or we on your behalf) create an account on the Portal, we collect the following Personal Data from you in order to be able to create your account:

• Email address, password, first name, last name, country of residence;
• Account settings regarding accessibility (recipients) of your profile, your willingness to receive new job posting notifications and information about career opportunities as well as information about SAP as an employer.

Furthermore, each time you use your account we store date and time of your login in order to allow you to verify when you were last logged into your account and to enable us to notify you about a pending deletion of your account due to long-time inactivity (see IV. blow).

When you create a profile on the Portal we collect the following Personal Data from you in order to be able to populate your profile accordingly and store the corresponding Personal Data for you:

• Mandatory information: First name, last name, email, primary phone, address, city, country, state/province/region, travel preference, highest education level, region for school of study, country of school for study, name of school for study, employment visa sponsorship needed, resume.

In both cases (creation of account and profile) the following additional Personal Data are automatically collected in order to improve your experience on the Portal as explained in more detail in the Recruiting Cookie Notice:

• IP address and information regarding your use of the Portal. 

You may use Personal Data about you stored at third parties in order to create a profile on the Portal, such as from LinkedIn, Xing and Facebook. With respect to the handling of your Personal Data by such third parties in this context please refer to the privacy policies of such third parties.

Once registered on the Portal you may provide within and/or upload further information about you into your profile, such as your resume, a cover letter, attachments (both general attachments and application specific attachments) as well as further profile information (how did you hear about this position, detail of source, whether one of our recruiters may contact you on job offerings that may be of interest for you), information on your work experience and education as well as professional certifications, language skills, geographic mobility.

3. Application
You also have the possibility to apply for a specific job opportunity on the Portal. You may in such case - in addition to the information described under section I.2. - submit further job specific information such as whether you are authorized to work in the country of the job for which you are applying and other information. We will use the Personal Data described herein and under section I.2. only for the purpose of the application process, which includes, as the case may be, reviewing your application and conducting job interviews via phone, and in person. This may also include to assess your provided documents and therein contained Personal Data through a respective tool to ensure that your skills and experiences match to the skills and experience provided on the job posting. The latter does not form an automatic decision making and solely supports our recruiting personnel in the recruiting process. All decisions affecting your application are conducted by individuals responsible for such. This data processing is based on our prevailing legitimate interest (Art. 6 (1) (f) GDPR).

Moreover, SAP may conduct with the help of third-party providers so called assessments in order to confirm certain skills and competencies as they relate to a specific role. For this purpose, we do share your personal information which is necessary to conduct the assessment with our third-party providers (pursuant to Art. 6 para. 1 lit f) GDPR). In such case we will inform you about the respective assessments in more detail as they relate to you and the job you applied for.

4. Surveys
We may from time to time conduct surveys to improve our process. In case permitted by law or based on your specific consent we may ask you to participate in such surveys every once in a while. These surveys will either be conducted by SAP itself or by a specialized external processor on behalf of SAP. For this purpose, any external processor will only get your Personal Data as required to conduct the survey and, in any case, solely to the extent permitted by law or based on your consent. The participation in such a survey is voluntary and not participating in such a survey will have no negative impact on any current or future applications submitted by you.

5. Communicating with us via the Portal and receiving new job posting notifications and information about career opportunities
You may communicate with us via the Portal (e.g., by asking questions regarding an application or about a position or your profile on the Portal). In this context, we will process your Personal Data (including such that you disclose to us in connection with such a query) to the extent required to respond to your query. We will not use such information for another purpose. The processing is insofar necessary in order to take steps at the request of you prior to potentially entering into a contract and based on Art. 6 para. 1 lit. b) GDPR.

Based on preferences you indicated in your account settings you made on the occasion of creating your account within the Portal or at a later stage within the preference section of your profile (consent in light of Art. 6 para. 1 lit. a) GDPR) we shall send you new job posting notifications and/or information about career opportunities or about SAP as an employer. In case you provide us your consent as described above, we may be supported by a respective tool to identify other open positions and to proactively contact you with suitable opportunities for which your skills and experience are a strong match. You may revoke your consent by changing your account settings in a way as not to receive new job posting notifications and/or information about career opportunities or SAP as an employer. 

6. Further use of your Personal Data
In addition to sections 1. to 5. above, your Personal Data may also be processed where SAP reasonably considers it necessary for complying with legal or regulatory obligations (pursuant to Art. 6 para. 1 lit c) GDPR), or for the following legitimate interests (pursuant to Art. 6 para. 1 lit. f) GDPR), for example establishing, exercising or defending legal rights of members of the SAP group. Your Personal Data will also be processed in the operation and management of SAP group IT systems being hosted either internally or externally.

The provision of Personal Data is necessary for the conclusion and/or performance of a contract with you. The provision of Personal Data is voluntary. However, if you do not provide Personal Data, the affected application processes or provision of the Portal might be delayed or impossible.
 

II. Cookies and similar tools

We may use cookies or similar technologies on the Portal as explained in more detail in the Recruiting Cookie Notice.
 

III. Recipients

The following recipients or categories of recipients will receive access to some of your Personal Data.
 

1. SAP's group wide Portal
We transfer your Personal Data to other SAP group companies as permitted under applicable data privacy law pursuant to Art. 6 (1)(f) GDPR for the legitimate interests of SAP to administer applications and candidate information at a group wide level and enable candidates to manage their own Personal Data in some cases.

Only authorized employees with a need to know have access to your Personal Data; this includes sharing of your Personal Data on a "need-to-know" basis between our employees in the recruiting department. Certain executives, managers and employees at other companies of the SAP Group may also have access to certain Personal Data, however, on a “need-to-know” basis if there are legitimate business purposes (e.g., enabling employees in our shared service centers to arrange an interview or as required during an application process).

2. Third Parties
We may also transfer your Personal Data to governmental agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law based on Art. 6 (1) (c) GDPR and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.) based on Art. 6 (1) (f) GDPR.

3. Service Providers
SAP contracts with third party service providers or other SAP group companies as part of its normal business operations to carry out certain human resources-related or IT-related tasks. When required by local law to process Sensitive Employee Data, then this information will only be transferred outside of your country if permitted by applicable law.

4. Cross-Border Data Transfer Generally
We transfer your Personal Data outside of the country you are located. Some recipients of your Personal Data are located in another country for which the European Commission has not issued a decision that this country ensures an adequate level of data protection, namely: The U.S. or some of the locations of non-European SAP group companies.

Some recipients located outside of the European Economic Area (“EEA”) are certified under the EU-U.S. Privacy Shield and others are located in countries for which the European Commission has issued adequacy decisions. In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (Art. 45 GDPR).

 By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Art. 46 (5) GDPR or other adequate means, which are accessible by sending a request to privacy@sap.com we have established that all other recipients located outside the EEA will provide an adequate level of data protection for the Personal Data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including Our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by applicable law.
 

IV. Managing your account

You have a variety of options to manage kind and volume of data we store about you.

• You can delete your entire account at any time.
• You can delete all or selected information in your profile.
• You can withdraw an application.

All three options will lead to the deletion of the personal data as described above, except to the extend we are required by law to keep the respective data
 

V. Retention periods for and deletion of your Personal Data

Data collected for the purposes hereunder will be stored only as long as necessary for (i) a specific application and/or (ii) your registration on the Portal, as well as during a transition period (e.g., the compliance of SAP’s obligations regarding data retention as established in the applicable laws or as long as retaining the data is permitted by applicable law).

We shall delete your account if you have not logged into your account for more than two years. In such case, you will receive a separate notification informing you about the upcoming deletion.

 Your Personal Data will not be kept in a form that allows you to be identified for any longer than is reasonably considered necessary by SAP for achieving the purposes for which it was collected or processed or as it is established in the applicable laws related to data retention periods or as permitted by applicable laws.
 

VI. Your statutory rights

Under the conditions set out under applicable law (i.e., the GDPR), you have the following rights:

• Right of access: You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
• Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
• Right to erasure (right to be forgotten): You have the right to ask us to erase your Personal Data.
• Right to restriction of processing: You have the right to request the restriction of processing your Personal Data. In this case, the respective data will be marked and may only be processed by Us for certain purposes.
• Right to data portability: You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those Personal Data to another entity without hindrance from us.
• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.

Such a right to object may not exist, in particular, if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

Please note that the aforementioned rights might be limited under the applicable national data protection law.

If you wish to exercise your data subject rights, please address your request to careers@sap.com. The data protection officer of the SAP group can be reached via privacy@sap.com.

In case of complaints you also have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence or alleged infringement of the GDPR.
 

VII. Changes

This notice is subject to change. You will be notified adequately of substantial changes.