SAP Career Portal Privacy Statement

SAP Privacy Statement – Careers

This Privacy Statement was updated on February 18, 2025

PRIVACY STATEMENT - Careers at SAP

We have created this Privacy Statement to demonstrate the firm commitment of SAP (hereinafter "We", "SAP", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how SAP processes information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”). Processing in the context of this Privacy Statement means any collection, use, transmission, disclosure, erasure or any other similar operation based on Personal Data (hereinafter “Processing” or “Process”).

This notice (“Notice”) will provide you with information on our data processing activities with respect to certain personal data about you when accessing and using the SAP Recruiting System (“the Portal”) to create an account in the Portal inter alia used to store your application data and/or to apply for a specific job offering of an entity belonging to the SAP Group (“SAP” or “we”) - a list of SAP entities can be found here, while the relevant entity is indicated within a specific job offering.

SAP is processing information including Personal Data about the users of the SAP Recruiting System (“the Portal”) using cookies or similar technologies for the purposes set out in the Cookie Statement.

A.General information

Who is the responsible SAP entity

The controller for the SAP Recruiting System (the Portal) is SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany. You can reach SAP Group’s data protection officer any time at privacy[@]sap.com.

For what Purposes does SAP process your Personal Data and based on what Legal Basis?

Depending on the applicable law, the Processing of Personal Data is subject to a justification, sometimes referred to as legal basis.

SAP’s compliance with statutory obligations

SAP processes your Personal Data for the purpose of ensuring an adequate level of technical and organizational security of SAP's products, services, online events, facilities, and premises. For this, SAP will take the measures necessary to verify or maintain the quality and safety of a product or service which is owned, manufactured by or for, or controlled by SAP. This may comprise the use of Personal Data for sufficient identification and authorization of designated users, internal quality control through auditing, analysis, and research, debugging to identify and repair errors that impair existing or intended functionality, account and network security, replication for loss prevention, detecting security incidents, protection against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for such kind of activity. We may further process your name, likeness, and other contact or compliance related data when you visit a local SAP affiliate or lab in the context of access management and video surveillance to protect the security and safety of Our locations and assets.
SAP and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. Applicable export laws, trade sanctions, and embargoes issued by these countries oblige SAP to prevent organizations, legal entities and other parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through SAP’s websites or other delivery channels (e.g. the European Union Sanctions List, the US sanctions lists including the Bureau of Industry and Security’s (BIS) Denied Persons Lists (DPL), the Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals and Blocked Persons List (SDN-List) and the US DOCs Bureau of Industry and Security’s Entity Lists and the United Nations Security Council Sanctions). SAP processes Personal Data to the extent necessary to comply with these legal requirements. Specifically, SAP processes Personal Data to conduct automated checks against applicable sanctioned-party lists, to regularly repeat such checks whenever a sanctioned-party list is updated or when a user updates his or her information. In case of a potential match, SAP will block the access to SAP’s services and systems and contact the user to confirm his or her identity.
If necessary, SAP uses Personal Data to prevent or prosecute criminal activities such as any form of cybercrime, the illegal use of Our products and services or fraud, to assert Our rights or defend SAP against legal claims.
To comply with data protection and unfair competition law related requirements. Depending on the country in which the relevant SAP Group company operates, SAP may process Personal Data necessary to accommodate your data protection and privacy choices for the receipt of such information and, when necessary to ensure compliance, exchange such information with the other entities of the SAP Group.

When ensuring compliance, SAP processes your Personal Data if and to the extend to fulfill legal requirements under European Union or EU Member State law to which SAP is subject, and laws and regulations extraterritorial to the EU (legitimate interest to comply with extraterritorial laws and regulations).

SAP’s Web Services

SAP processes your Personal Data to operate web presences, web offerings, or online events (“Web Services”).

to provide the Web Services and functions, create and administer your online account, updating, securing, troubleshooting the service, providing support, improving, and developing the Web Services, answering and fulfilling your requests or instructions.
to manage and ensure the security of Our Web Services and prevent and detect security threats, fraud or other criminal or malicious activities and as reasonably necessary to enforce the Web Services terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on Our information technology systems.
to create specific user profiles that may be specific to a single Web Service of SAP, but also allows you to access SAP’s other Web Services. It is your choice whether or not to use any of these additional Web Service. If you do, SAP will make your Personal Data available to such other Web Service to provide you with initial access. Kindly note that without your consent for SAP to create such user profiles, SAP will not be able to offer such services to you where your consent is a statutory requirement that SAP can provide these services to you.
to process information that relates to your visit to Our Web Services to improve your user experience, identify your individual demand and to personalize the way We provide you with the information you are looking for. For this purpose, We collect information regardless of whether you register with a user profile or not.
to create your user profile for the SAP Recruiting System. Through the user profile you can share Personal Data about you with other users, such as your name, photo, social media accounts, postal or email address, telephone number, personal interests, skills, and basic information about yourself. The user profiles serve to personalize the interactions between the users (for example, by way of messaging or follow functionality) and to allow SAP to foster the collaboration and quality of communication through such offerings. The profile settings of the relevant Web Services allow you to determine which information you want to share.

When operating SAP’s Web Services, SAP processes your Personal Data if and to the extent,

SAP obtained your consent, if required by law, to process your Personal Data for this purpose,
necessary to fulfill (pre-)contractual obligations with you,
necessary to fulfill legal requirements applicable to SAP,
necessary to pursue SAP’s legitimate interest to efficiently perform or manage SAP’s Web Services and business operation and assert or defend itself against legal claims. We believe that SAP’s interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain processing for such purpose. In any of these cases, We duly factor into Our balancing test: the business purpose reasonably pursued by SAP in the given case, the categories, amount and sensitivity of Personal Data that is necessarily being processed, the level of protection of your Personal Data which is ensured by means of Our general data protection policies, guidelines, and processes, and the rights you have in relation to the processing activity.

What Personal Data does SAP collect?

If you create an account in the Portal inter alia used to store your application data and/or to apply for a specific job offering, SAP will collect the information you provide to SAP, which consists of your name, contact details, country of residence, address, travel preference, employment visa sponsorship needed, education details, employment history, resume, password, account settings regarding accessibility (recipients) of your profile, your willingness to receive new job posting notifications and information about career opportunities as well as information about SAP as an employer (“Personal Data”).

Furthermore, each time you use your account we store date and time of your login in order to allow you to verify when you were last logged into your account and to enable us to notify you about a pending deletion of your account due to long-time inactivity.

You may use Personal Data about you stored at third parties in order to create a profile on the Portal, such as from LinkedIn, Xing and Facebook. With respect to the handling of your Personal Data by such third parties in this context please refer to the privacy policies of such third parties.

If an SAP employee uses SAP’s employee referral partner program to refer you to a specific job posting at SAP, SAP will keep the SAP employee that referred you apprised if you advance in the recruiting process. This is done for the specific purpose of giving the SAP employee a referral bonus if SAP makes the ultimate decision to hire you.

Once registered on the Portal you may provide within and/or upload further information about you into your profile, such as your resume, a cover letter, attachments (both general attachments and application specific attachments) as well as further profile information (how did you hear about this position, detail of source, whether one of our recruiters may contact you on job offerings that may be of interest for you), information on your work experience and education as well as professional certifications, language skills, geographic mobility.

You also have the possibility to apply for a specific job opportunity on the Portal. You may in such case - in addition to the information described above - submit further job specific information such as whether you are authorized to work in the country of the job for which you are applying and other information.

Why does SAP need your Personal Data?

SAP requires your Personal Data to:

provide you with access to the Portal in order for you to create a profile, store your application data and/or to apply for a specific job offering
comply with statutory obligations, including checks required by applicable export laws

Although providing Personal Data is voluntary, without your Personal Data, SAP cannot provide you with access to the Portal and you will not be able to create a candidate profile and apply to a job offering at SAP.

Moreover, SAP may conduct with the help of third-party providers so called assessments in order to confirm certain skills and competencies as they relate to a specific role. For this purpose, we do share your personal information which is necessary to conduct the assessment with our third-party providers (pursuant to Art. 6 para. 1 lit f) GDPR). In such case we will inform you about the respective assessments in more detail as they relate to you and the job you applied for.

We may from time to time conduct surveys to improve our process. In case permitted by law or based on your specific consent we may ask you to participate in such surveys every once in a while. These surveys will either be conducted by SAP itself or by a specialized external processor on behalf of SAP. For this purpose, any external processor will only get your Personal Data as required to conduct the survey and, in any case, solely to the extent permitted by law or based on your consent. The participation in such a survey is voluntary and not participating in such a survey will have no negative impact on any current or future applications submitted by you.

In addition to the sections above, your Personal Data may also be processed where SAP reasonably considers it necessary for complying with legal or regulatory obligations (pursuant to Art. 6 para. 1 lit c) GDPR), or for the following legitimate interests (pursuant to Art. 6 para. 1 lit. f) GDPR), for example establishing, exercising or defending legal rights of members of the SAP group. Your Personal Data will also be processed in the operation and management of SAP group IT systems being hosted either internally or externally.

The provision of Personal Data is necessary for the conclusion and/or performance of a contract with you. The provision of Personal Data is voluntary. However, if you do not provide Personal Data, the affected application processes or provision of the Portal might be delayed or impossible.

Kindly note that you can create an account in the Portal inter alia used to store your application data and/ or to apply for a specific job even without providing a consent into SAP’s marketing operations.

Why does SAP need to use your Personal Data and on what legal basis is SAP using it?

Processing to ensure compliance

SAP and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that, pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, SAP is required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through SAP’s websites or other delivery channels controlled by SAP.

This could include

automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned-party lists;
regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information;
blocking of access to SAP’s services and systems in case of a potential match; and
contacting a user to confirm his or her identity in case of a potential match. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Article 6 para. 1 lit. c GDPR or the equivalent articles under other national laws, when applicable) and SAP‘s legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent articles under other national laws, when applicable).

The transferring of your personal information is to be processed within internal SAP affiliate(s) overseas, and/or relevant external consultants and/or auditors when applicable. Personal Information may be collected; recorded; systematized; accumulated; stored; clarified (updated, modified); retrieved; used; transferred within or outside of China (granted, accessed) (applicable for applicants in Mainland China); blocked; deleted; destroyed or used otherwise for the limited purpose as described above.

Cross-border transfers of Personal Information (“CBDT”) may be made to countries where SAP entities as well as relevant external consultants and/or auditors are located.

Furthermore, you acknowledge that information required to track your data protection and privacy choices for processing your Personal Data, or for receipt of marketing materials (that is to say, depending on the country in which the relevant SAP Group company operates and whether you have expressly consented to or opted out of receiving marketing materials) may be exchanged among members of the SAP Group when necessary to ensure that the SAP Group complies with your choices.

Processing based on SAP’s legitimate interest

SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent article under other national laws, when applicable) as follows:

Fraud and Legal Claims.

If required, SAP will use your Personal Data for the purposes of preventing or prosecuting criminal activities such as fraud and to assert or defend against legal claims.

Questionnaires and survey.

SAP could invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any data that can be used to identify you. If you nonetheless enter such data in a questionnaire or survey, SAP will use this Personal Data to improve its offerings.

Creation of anonymized data sets.

SAP will anonymize Personal Data provided under this Privacy Statement to create anonymized data sets, which will then be used to improve its and its affiliates’ products and services.

Personalized Newsletter.

If you opt-in to receive marketing communications such as newsletters from SAP, SAP will collect and store details of how you interact with the newsletters to help create, develop, operate, deliver and improve our newsletter communications with you. This information is aggregated and used to help SAP provide more useful information and to understand what is of most interest.

Recordings for quality improvement purposes.

In case of telephone calls or chat sessions, SAP will record such calls (after informing you accordingly during that call and before the recording starts) or chat sessions in order to improve the quality of SAP’s services.

To keep you up-to-date or request feedback.

Within an existing business relationship between you and SAP, SAP might inform you, where permitted in accordance with local laws, about its products or services (including webinars, seminars or events) which are similar or relate to such products and services you have already purchased or used from SAP. Furthermore, where you have attended a webinar, seminar or event of SAP or purchased products or services from SAP, SAP might contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product or service.

Processing under applicable national laws

If the applicable national law allows SAP to do so, SAP will use information about you for a business purpose, some of which is Personal Data
to plan and host events
to host online forums or webinars
for marketing purposes such as to keep you updated on SAP’s latest products and services and upcoming events
to contact you to discuss further your interest in SAP services and offerings
to help SAP create, develop, operate, deliver and improve SAP services, content and advertising and to improve, upgrade, or enhance the service that is owned, manufactured, manufactured for, or controlled by SAP
to provide more personalized information to you
for account and network security purposes
for internal purposes such as auditing, analysis, and research to improve SAP’s products or services
to verify your identity and determine appropriate services
to assert or defend against legal claims
detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
debugging to identify and repair errors that impair existing intended functionality
short-term, transient use, provided the personal information is not disclosed to a third party and is not used to build a profile about you or otherwise alter your individual experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction
undertaking internal research for technological development and demonstration
undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by SAP

From What Types of Third Parties does SAP obtain Personal Data?

In most cases SAP collects Personal Data from you. SAP might also obtain Personal Data from a third party, if the applicable national law allows SAP to do so. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided SAP with it or the applicable national law. These third-party sources include:

SAP and/or SAP Group's business dealings with you as they relate to your application for SAP job offerings. This includes SAP Group employees referring you to job offerings they deem adequate to your professional background.
Third parties you directed to share your Personal Data with SAP such as background verification partners, global mobility partners.

How long will SAP store your Personal Data?

SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled. SAP does only store your Personal Data for as long as it is required:

for SAP to comply with statutory obligations to retain Personal Data, resulting inter alia e.g. from applicable export, finance, tax or commercial laws.
to fulfill SAP’s legitimate business purposes as further described in this Privacy Statement, unless you object to SAP’s use of your Personal Data for these purposes.

Who are the recipients of your Personal Data and where will it be processed?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

Companies within the SAP Group:

We transfer your Personal Data to other SAP group companies as permitted under applicable data privacy law pursuant to Art. 6 (1)(f) GDPR for the legitimate interests of SAP to administer applications and candidate information at a group wide level and enable candidates to manage their own Personal Data in some cases.

Only authorized employees with a need to know have access to your Personal Data; this includes sharing of your Personal Data on a "need-to-know" basis between our employees in the recruiting department. Certain executives, managers and employees at other companies of the SAP Group may also have access to certain Personal Data, however, on a “need-to-know” basis if there are legitimate business purposes (e.g., enabling employees in our shared service centers to arrange an interview or as required during an application process).

Third party providers supporting the application/ recruiting process:

We will use your Personal Data as outlined in this Notice only for the purpose of the application/ recruiting process, which includes, as the case may be, reviewing your application, setting up job interviews with and without the support of third-party providers and conducting job interviews via phone, and in person. This may also include to assess your provided documents and therein contained Personal Data through a respective tool to ensure that your skills and experiences match to the skills and experience provided on the job posting. The latter does not form an automatic decision making and solely supports our recruiting personnel in the recruiting process. All decisions affecting your application are conducted by individuals responsible for such. This data processing is based on our prevailing legitimate interest.

Additionally, in case an SAP Group employee refers you to a job offering they deem adequate for your professional background we share your progress in the recruiting process for this specific job offering with the referral partner to ensure a smooth process for you as well as a bonus payment to the employee who referred you.

In case you require global mobility services, e.g. in order to obtain a working visa or residency permit to perform a job at SAP, SAP will share your contact details with a mobility service provider to ensure you are supported adequately.

Third parties:

We may also transfer your Personal Data to governmental agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law based on Art. 6 (1) (c) GDPR and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.) based on Art. 6 (1) (f) GDPR.

Other third party service providers:

for e.g., consulting services and other additional related services, for the provision of the website or newsletter dispatch.

SAP contracts with third party service providers or other SAP group companies as part of its normal business operations to carry out certain human resources-related or IT-related tasks. When required by local law to process Sensitive Employee Data, then this information will only be transferred outside of your country if permitted by applicable law.

As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) or from a region with a legal restriction on international data transfers and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy[@]sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: European Commission.

What are your data protection rights and how can you exercise them?

SAP honors your statutory rights when it comes to the Processing of your Personal Data. To the extent provided by applicable data protection laws, you have the right to:

access your Personal Data that we have on you, or have it updated.
Data portability of the Personal Data you provided to SAP, if SAP uses your Personal Data based on your consent or to perform a contract with you. In this case, please contact privacy[@]sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.
Delete your Personal Data we hold about you. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
Right to object against SAP further processing your Personal Data, if and to the extent SAP is processing your Personal Data based on its Legitimate Interest. When you object to SAP's processing of your Personal Data, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the Personal Data, which may override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.
Right to object to direct marketing or to apply profiling in relation to direct marketing. When you object to SAP's processing of your Personal Data for direct marketing purposes, SAP will immediately cease to process your personal data for such purposes.
Revoke consent, wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required or permitted to do so (e.g. if your Personal Data is needed by SAP do assert or defend against legal claims). In case SAP is required or permitted to retain your Personal Data for other legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law or fulfil the other purpose. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service, offer or event to you after your revocation.
Not to be subject to a decision based solely automated means, if the decision produces legal effects concerning you or significantly affects you in a similar way.
Lodge a complaint to SAP if you are not satisfied with how SAP is processing your Personal Data. Your competent supervisory authority can be found in the country specific section.

Depending on applicable local data protection laws, your rights may be subject to deviations, limitations, or exceptions as set out in the country specific section. Please be aware, that SAP honors your statutory rights when it comes to the Processing of your Personal Data to the extent provided by applicable data protection laws.

How you can exercise your data protection rights.

Please direct any requests to exercise your rights to privacy[@]sap.com. SAP will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

How will SAP verify requests to exercise data protection rights?

SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

Right to lodge a complaint.

If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.

Can you use SAP’s services if you are a minor?

In general, the SAP Recruiting System is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use this Recruiting System.

B. ADDITIONAL COUNTRY AND REGIONAL SPECIFIC PROVISIONS

Where SAP is subject to privacy requirements in the EU/EEA or a country with national laws equivalent to the GDPR

1. Who is the relevant Data Protection Authority?

You may find the contact details of your competent data protection supervisory authority here. SAP’s lead data protection supervisory authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg and can be reached at Lautenschlagerstraße 20, 70173 Stuttgart/Germany.

2. How does SAP justify international data transfers?

As a global group of companies, SAP has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). SAP may transfer your Personal Data to countries outside the EEA as part of SAP’s international business operations. If We transfer Personal Data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your Personal Data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to privacy[@]sap.com. You may also obtain more information from the European Commission on the international dimension of data protection here.

Where SAP is subject to privacy requirements in Australia

Where SAP is subject to the requirements of the Privacy Act 1988 (Cth) (‘Privacy Act’), the following applies:

SAP may store your Personal Data in paper-based files or as an electronic record in the Cloud or on physical devices e.g. computer systems. Your Personal Data will likely be held and stored by the SAP Group located in another country for our general business purposes including outsourcing and data processing. We will only do this where it is necessary or appropriate to achieve the purposes set out in this Privacy Statement. We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorized access, modification or disclosure.

You can contact Us either by the telephone number +61 2 9935 4939 or via email at privacy[@]sap.com to exercise the following rights:

You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it.
Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.
In Australia, a complaint should first be made to SAP in writing as required by law. You can find more information about privacy and the protection of Personal Data on the Office of the Australian Information Commissioner website.

Where SAP is subject to privacy requirements in Colombia.

Where SAP is subject to the requirements of the Columbian Statutory Law 1581 of 2012 and Decree 1377 of 2013, the following applies:

Within Colombia you have the right to:

access, update and rectify your Personal Data.
Request evidence of your consent.
Upon request, receive information about how SAP Processes your Personal Data.
Lodge a complaint with the Superintendence of Industry and Commerce (“SIC”) about a violation of the applicable laws.
Revoke your consent and/or request the deletion of your Personal Data, provided that there is no supervenient legal or contractual obligation that allows SAP to keep your Personal Data in SAP’s databases.

SAP Colombia S.A. may Process your Personal Data by itself or on behalf of the SAP Group, with its main office located at Carrera 9 No 115 – 06, Edificio Tierra Firme Of. 2401 Bogotá D.C., Colombia. You can contact Us either by the telephone number +57-6003000 or via email at privacy[@]sap.com. SAP will be responsible to answer any requests, questions, and complaints that you might have to your right to access, update, correct and delete your Personal Data, or revoke your consent.

Where SAP is subject to the requirements of the Brazilian General Data Protection Law (“LGPD”).

SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:

Paulo Theotonio Nittolo Costa

Email: privacy[@]sap.com

Address: Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000

Where SAP is subject to privacy requirements in the Philippines.

Where SAP is subject to the Philippine Data Privacy Act and its Implementing Rules and Regulations, the following applies:

When you request to update or correct your Personal Data, SAP may deny the request if it is manifestly unfounded, vexatious, or otherwise unreasonable.
When requesting the data portability of the Personal Data you provided to SAP, you must additionally specify the commonly used electronic or structured format in which you would like to receive the Personal Data.
When you request to object against the processing of your Personal Data: (i) You may do so if SAP is processing based on its Legitimate Interest. SAP will carefully review your objection and cease further use of the relevant information, unless SAP has other lawful basis for processing in Sections 12 and 13 of the Data Privacy Act. (ii)You can also object to the processing of your Personal Data for direct marketing, profiling, or in cases of automated processing where your Personal Data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect you.
You can reach out via email at privacy[@]sap.com to exercise your data protection rights.
Compensation can only be claimed when National Privacy Commission or the courts determined that you sustained damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, considering any violation of your rights and freedoms. You may likewise seek redress from the National Privacy Commission, but it must be clearly shown that you are the subject of a privacy violation, Personal Data breach, or are otherwise personally affected by a violation of the Data Privacy Act.

The contact details of your local Data Protection Officer/s are as follows:

Data Protection Officer, SAP Philippines Inc., 27th Floor NAC Tower, 32nd Street Bonifacio Global City, Taguig City, 1632; email: dpo_sap.ph@sap.com; telephone number:: +632-8705-2500
Data Protection Officer, Concur (Philippines) Inc., 7th Floor Alphaland Southgate Mall, Chino Roces, Makati City, email: dpo_concur.ph@sap.com; telephone number: +632-8705-2500
Data Protection Officer, SuccessFactors (Philippines) Inc.; 14th and 15th Floors Cyberscape Gamma,Topaz and Ruby Roads, Ortigas Center; Pasig City, email: dpo_successfactors.ph@sap.com,: telephone number +632-8705-2500

Where SAP is subject to privacy requirements in South Africa.

Where SAP is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following applies:

“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA. “You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA.

[Systems Applications Products (Africa Region) Proprietary Limited] [Systems Applications Products (South Africa) Proprietary Limited] with registered address at 1 Woodmead Drive, Woodmead (SAP South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) and responsible party under the POPIA.

You may request details of personal information which We hold about you under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). For further information please review the SAP PAIA manual, located here.

Should you as an individual or a juristic person believe that SAP South Africa as responsible party has utilized your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with SAP South Africa.

Phone: 011 325 6000

Address: 1 Woodmead Drive, Woodmead, Johannesburg, South Africa 2148

Email: privacy[@]sap.com

If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator, using the contact details listed below:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001, P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: complaints.IR[@]justice.gov.za

Enquires: inforeg[@]justice.gov.za

Where SAP is subject to privacy requirements in the United States of America.

Where SAP is subject to the requirements of the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from hereon referred to as “CCPA” or where other US state laws have similar requirements, the following applies:

You have the right to:

Know what personal information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about the consumer.
Delete personal information that the business has collected from the consumer, subject to certain exceptions.
Correct inaccurate personal information that a business maintains about a consumer.
Opt-out of the sale or sharing of their personal information by the business (where applicable).
Limit the use or disclosure of sensitive personal information by the business (subject to certain exceptions, where applicable).
Receive non-discriminatory treatment for the exercise of these rights.
Appeal any denial of your request to exercise these rights.

How you can exercise your Data Protection Right.

To exercise these rights, or to limit the Sharing of your Personal Information, please contact us at privacy[@]sap.com.

In accordance with the verification process set forth under US relevant state law (as appropriate), SAP may require a more stringent verification process for deletion requests (or for Personal Data that is considered sensitive or valuable) to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes. You can designate an authorized agent to submit requests to exercise your data protection rights to SAP. The agent must submit authorization to act on your behalf and, where required by relevant law, the agent must be appropriately registered.

Financial Incentives. SAP does not offer financial incentives in return for your consent to share your personal information, nor limit service offerings where you opt-out of such sharing (unless sharing is practically necessary to perform the relevant service).

New Jersey’s Daniel’s Law. SAP does not disclose on the Internet or otherwise make available information that is subject to a Daniel’s Law request.

Children’s Privacy. Given that the SAP Recruiting System is not directed to users under 16 years of age, SAP does not sell or share the personal information of any minors under 16. If you are a parent or guardian and believe SAP collected information about your child, please contact SAP. SAP will take steps to delete the information as soon as possible.

Where SAP is subject to privacy requirements in Singapore.

Where SAP is subject to the requirements of the Singapore’s Personal Data Protection Act (“PDPA”), the following applies:

You can request from SAP personal data about you that is in the possession or under the control of SAP and information about the ways in which such personal data has been or may have been used or disclosed by SAP within a year prior to this request. Please be informed that SAP is not obliged to accede to your request if any exceptions under the PDPA apply.
You may submit a request to have inaccurate/incomplete personal data corrected in our systems.Please be informed that SAP is not obliged to accede to your request if any exceptions under the PDPA apply.
Revoke consent, wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required or permitted to do so (e.g. if your Personal Data is needed by SAP to assert or defend against legal claims). In case SAP is required or permitted to retain your Personal Data for other legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law or fulfil the other purpose. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service, offer or event to you after your revocation.
Lodge a complaint to the Personal Data Protection Commission (PDPC) if you are not satisfied with how SAP is processing your Personal Data.

SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer can be send via post to Mapletree Business City, 30 Pasir Panjang Rd, #03-32, Singapore 117440 or email to privacy[@]sap.com with the subject “Data Protection Officer” or can be reached via phone +65 6664 6868.

Where SAP is subject to privacy requirements in South Korea.

Where SAP is subject to the requirements of the South Korea Personal Information Protection Act (“PIPA”), the following applies:

Your personal data may be processed globally. When personal data is processed across country borders, SAP complies with laws on the transfer of personal data between countries to keep your personal data protected. Your personal data may be transferred to, accessed or processed by the categories of third-parties as described above.

How can you exercise your data protection rights?

SAP has appointed a local Chief Privacy Officer for South Korea.

Please direct any enquiries or requests via email at privacy[@]sap.com or via phone at +82-2-2194-2279.

Where SAP is subject to privacy requirements in Malaysia.

Where SAP is subject to the requirements of the Personal Data Protection Act (“PDPA”) of Malaysia, the following applies:

Written inquiries, requests or complaints may be addressed to:

Data Protection and Privacy Coordinator for Malaysia

Phone No. 60 3-2202 6000

Email address: privacy[@]sap.com

SAP has implemented technology, security features and strict policy guidelines to safeguard the privacy of users’ Personal Data.

Where SAP is subject to privacy requirements in New Zealand

Where SAP is subject to the requirements of the Privacy Act 2020 (‘Privacy Act’), the following applies:

1. SAP is required to Process this Personal Data in accordance with employment law for which the collection of this information is authorized or required. The supply of this Personal Data by you is voluntary.

2. If the Personal Data is not collected, we may not be able to process your job application.

You have the right to:

request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it.
Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.

Where SAP is subject to privacy requirements in Canada

Your Personal Data may be processed globally. If personal data is processed across provincial/territorial or international borders, SAP complies with laws of the transfer of Personal Data between countries to keep your personal data protected. It may, however, based on the laws of such countries be subject to access by local law enforcement.

Where SAP is subject to privacy requirements of Mexico.

Where SAP is subject to the requirements of the Mexican Federal Law for the Protection of Personal Data Held by Private Parties of 2010, the following applies:

You have the right to file a complaint with the National Institute of Transparency Access to Information and Protection of Personal Data (INAI) to assert any disagreement related to the processing of your Personal Data by SAP.

SAP reserves the right to change, modify, add or remove portions of this Privacy Statement at its sole discretion. In such case, SAP shall maintain available a complete version of SAP’s Privacy Statement. SAP will notify you of any change or modification to this Privacy Statement via the respective communication channel We have with you, e.g., at Our website.

Where SAP is subject to privacy requirements in India 

Where SAP is subject to the requirements of the Digital Personal Data Protection Act, 2023 (‘DPDPA’) the following applies:

As part of a global group of companies operating internationally, SAP has affiliates (the SAP Group) and third party service providers outside of the Indian region and will transfer your Personal Data to countries outside the India region, subject to any restrictions as may be notified by the Central Government in this regard.

You have the right to:

request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction, completion, update or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons, your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.
request from SAP the right to have readily available means of grievance redressal provided by SAP in respect of any act or omission of SAP regarding the performance of SAP’s obligations in relation to your Personal Data or your exercise of rights in relation thereto.
nominate, any other individual, who shall, in the event of your death or incapacity, exercise your data protection rights.

Please direct any requests/queries to exercise your rights to privacy[@]sap.com. In India, after exhausting the opportunity of redressing the right of grievance, you may lodge a complaint to the Data Protection Board of India.

Where SAP is subject to privacy requirements in the Kingdom of Saudi Arabia (KSA).

Where SAP is subject to the requirements of the Personal Data Protection Law (PDPL) the following applies:

SAP processes your Personal Data by using electronic means for collecting, storing and other processing as described above.
SAP destroys your Personal Data by using electronic means as appropriate for the purposes described above.
Your Personal Data will be held and stored by SAP or the SAP Group which may be located in another country outside of Saudi Arabia for our general business purposes including outsourcing and data processing.
Depending on the purpose, Personal Data may be shared regularly or occasionally.
Compensation can only be claimed if the courts determined that you were harmed by material or moral damage as a result of any violation stipulated in the PDPL and its Implementing Regulations.

If SAP does not comply with the PDPL you can file a complaint to the contact provided under section A of this document.

If you are not satisfied with how we process your complaint you can file a complaint at the competent authority:

Saudi Data and Artificial Intelligence Authority (SDAIA), Digital City, Riyadh, 12382, Kingdom of Saudi Arabia, Website: sdaia.gov.sa

Where SAP is subject to privacy requirements in Indonesia.

Where SAP is subject to the requirements of the Personal Data Protection Law (PDPL) the following applies:

PT. SAP Indonesia processes your Personal Data, either by itself or on behalf of the SAP Group, with its main office located at WTC II, 9th Floor, Metropolitan Complex, Jl. Jend. Sudirman Kav. 29-31, Jakarta 12920, Indonesia.
Your Personal Data may be stored and processed by the SAP Group in countries outside your jurisdiction for general business purposes. This will occur only when necessary or appropriate to achieve the purposes set out in this Privacy Statement.
We implement reasonable technical and organizational measures to safeguard your Personal Data from misuse, interference, loss, unauthorized access, modification, or disclosure.

To the extent provided by applicable data protection laws, you have the right to:

Access and obtain a copy of your Personal Data being processed, subject to the requirements of the law.
Request the rectification or completion of inaccurate or incomplete Personal Data processed for specified purposes, as permitted by applicable law.
Request for the deletion of your Personal Data, under certain lawful circumstances.
Withdraw your consent for the processing of your Personal Data at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Object to any decision-making process based solely on automated processing, including profiling, that produces legal effects concerning you or significantly impacts you.
Object to or restrict the processing of your Personal Data where legitimate grounds exist, subject to applicable legal provisions.
Lodge a complaint with the relevant data protection authority in Indonesia if you believe that your rights regarding the processing of your Personal Data have been infringed. You also have the right to claim damages if there are proven violations against regulations on the protection of your Personal Data, unless otherwise agreed upon or unless otherwise prescribed by law.
Obtain a copy of your personal data in a structured, commonly used, and machine-readable format, as permitted by law.

To exercise your rights, including requesting access to and/or copies of your Personal Data, submitting objections, or seeking verification and correction of your Personal Data, please contact us via email at privacy[@]sap.com

Where SAP is subject to privacy requirements in China

Where SAP is subject to the China Personal Information Protection Law (PIPL ) and other Data Privacy and Protection Laws and Regulations, the following applies:
For the purpose of this Notice, “China” refers to the mainland of the People’s Republic of China, excluding Hong Kong Special Administrative Region, Macau Special Administrative Region and Taiwan.
“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under Personal Information Protection Law (PIPL ).

For what Purposes does SAP process your Personal Data and based on what Legal Basis?

SAP’s Web Services

When operating SAP’s Web Services, SAP processes your Personal Data if and to the extent,

SAP obtained your consent, if required by law, to process your Personal Data for this purpose,
necessary to fulfill (pre-)contractual obligations with you,
necessary to fulfill legal requirements applicable to SAP

Why does SAP need your Personal Data?

Moreover, SAP may conduct with the help of third-party providers so called assessments in order to confirm certain skills and competencies as they relate to a specific role. For this purpose, we do share your personal information which is necessary to conduct the assessment with our third-party providers (pursuant to Art. 13) PIPL). In such case we will inform you about the respective assessments in more detail as they relate to you and the job you applied for.

In addition to the sections of this Notice above, your Personal Data may also be processed where SAP reasonably considers it necessary for complying with legal or regulatory obligations, for example establishing, exercising or defending legal rights of members of the SAP group. Your Personal Data will also be processed in the operation and management of SAP group IT systems being hosted either internally or externally.

Why does SAP need to use your Personal Data and on what legal basis is SAP using it?

Processing to ensure compliance

This could include

automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned party lists;
regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information;
blocking of access to SAP’s services and systems in case of a potential match; and
contacting a user to confirm his or her identity in case of a potential match. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations under applicable other national laws and data protection laws.

Processing based on SAP’s legitimate interest

SAP can use your Personal Data based on your consent and/or relevant legal basis (Article 13 PIPL under other China laws and regualtions, when applicable) as follows:

Who are the recipients of your Personal Data and where will it be processed?

Companies within the SAP Group:

We transfer your Personal Data to other SAP group companies as permitted under applicable data privacy law pursuant to Art. 13 PIPL for SAP to administer applications and candidate information at a group wide level and enable candidates to manage their own Personal Data in some cases.

Third party providers supporting the application/ recruiting process:

Third parties:

We may also transfer your Personal Data to governmental agencies and regulators (e.g., tax authorities), social insurance carriers, courts, and government authorities, all in accordance with applicable law based on Art. 13 PIPL and to external advisors acting as controllers (e.g., lawyers, accountants, auditors etc.)

What are your data protection rights and how can you exercise them?

SAP honors your statutory rights when it comes to the Processing of your Personal Data. To the extent provided by applicable data protection laws, you have the right to:

access your Personal Data that we have on you, or have it updated.
Data portability of the Personal Data you provided to SAP, if SAP uses your Personal Data based on your consent or to perform a contract with you. In this case, please contact privacy[@]sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.
Delete your Personal Data we hold about you. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.
Right to object against SAP further processing your Personal Data. When you object to SAP's processing of your Personal Data, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legal grounds for continued use of the Personal Data, which may override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.
Right to object to direct marketing or to apply profiling in relation to direct marketing. When you object to SAP's processing of your Personal Data for direct marketing purposes, SAP will immediately cease to process your personal data for such purposes.
Revoke consent, wherever SAP is processing your Personal Data based on your consent and cross-border data transfer independent consent(collectively referred to as”consent” in this paragraph), you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required or permitted to do so (e.g. if your Personal Data is needed by SAP do assert or defend against legal claims). In case SAP is required or permitted to retain your Personal Data for other legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law or fulfil the other purpose. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service, offer or event to you after your revocation.
Not to be subject to a decision based solely automated means, if the decision produces legal effects concerning you or significantly affects you in a similar way.
Lodge a complaint to SAP if you are not satisfied with how SAP is processing your Personal Data. Your competent supervisory authority can be found in the country specific section.

Can you use SAP’s services if you are a minor?

In general, the SAP Recruiting System is not directed to users below the age of 14 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 14 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use this Recruiting System.

SAP Privacy Statement – Careers

How is your experience with this page?