SAP Fioneer privacy terms

Thank you for visiting our website and for your interest in our company. We take data privacy of your personal data entrusted to us seriously and want you to feel safe and comfortable when visiting our website and using our services. SAP Fioneer develops software and platforms that enable banks, insurance companies and other organisations to operate, change and grow in a cost-effective, scalable, and fast way.

Name and contact details of the data controller

The following entity is responsible for collecting and processing and as well for the website pursuant to Art. 4 No. 7 of the General Data Protection Regulation (hereinafter referred to as “we”, “us” or “our”):

SAP Fioneer GmbH
Robert-Bosch-Str. 35
69190 Walldorf
Germany

Please note that depending on which SAP Fioneer Affiliate you enter into a contract with for the provision of services, the respective subsidiaries may also be data controllers for the processing of your personal data in relation to these services.

Statutory Authorization to represent:
Dirk Kruse, Robert Müller, Patrick Schmid

Contact details of the Data Protection Officer

If you have any further questions regarding the processing of your personal data, you can contact our data protection officer.
Data Protection Officer: Lutz Bartsch
Contact/e-mail: [email protected]

Competent supervisory authority

Landesbeauftragter für den Datenschutz und Informationsfreiheit Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Germany

These Privacy Terms are intended to explain the processing of your personal data that we collect and process when, for example, you register on our website or visit our website (www.sapfioneer.com) or related subpages or contact us to use the products or services offered by SAP Fioneer.

It is also intended to enable you to make informed decisions about the processing of your data when you use our website, services, and support, when it comes to our marketing activities/customer analyses, or when we engage third parties to provide a service in connection with these services. It sets out your rights in relation to the processing of your personal data and informs you about the types of personal data we process about you.

As SAP Fioneer is based in Germany, it is regulated by the European data protection legislation, the General Data Protection Regulation (GDPR).

SAP Fioneer has established a Privacy Policy, which is applicable to the parent company and all group entities worldwide. These Privacy Policy define the GDPR as minimum standard applicable for the entire SAP Fioneer corporate group. “Personal data” are, according to Art. 4 No. 1 GDPR, any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. There are circumstances in which the responsibility for processing such personal data lies with the data controller (us).

We only process personal data in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). According to Art. 13 and Art. 14 GDPR, we have to inform you about the processing of your personal data. The following discloses the extent to which we process your personal data and the rights to which you are entitled.

Please also note that these Privacy Terms might apply to the extent that your personal data has been disclosed to us, only. Third parties may apply to their own privacy terms for the processing of your personal data; you may check this accordingly before providing your personal data.

In the context of our business activities (including through the provision of this website), we collect and process your personal data in order to identify and/or contact you, to assign your message/request to an existing contract, to deliver our Support Services and to give feedback to you regarding your request to do marketing activities and/or customer analysis in the context of performing our services or in the context of any other business relationship. In accordance with the context of business activities and your possible consent the purpose in collecting and processing your personal data is to assist us with the following:

• Verify of your identity or sign up for a newsletter
• Responding to enquiries made by you on our websites
• Manage, organize and analyse participants activities for virtual events, like webinars and conferences
• Partner up or collaborate with you
• Processing and performance of our contracts with you
• Improving, developing, and marketing of our products and services
• Delivering our Support Services
• Other legally required and permitted uses

We are authorised to collect and process the following types and categories of personal data:

a) Visiting our Website

• Each time our website is called up, its system automatically collects data and information from the computer system with which you call up our website. This data is stored and processed on our server in a log file (so-called log files). The following personal data is collected:
  • log files store
  • the IP address
  • the browser used
  • time and date and the system used by a site visitor
• Using our different web contact-forms to get in touch with us, register for a webinar or conference, become a partner or collaborate with us, the following personal data you entered is collected and processed:
  • first name
  • last name
  • work e-mail address
  • company name and industry
  • job title/function and department
  • location (address, city, state, country)
  • phone number
  • area of interest
  • and any further information you provide via the web contact-form or in the message content

b) Orders from companies or customers (legal entities)

Legal entities as such are not data subjects under GDPR. However, personal data may also be provided to us in the context of business initiation, purchase requisitions and orders (e.g., personal data relating to the employees of the respective legal entity).
If you are such a natural person, we collect and process the following personal data:

• first name
• last name
• job title
• company you work for
• e-mail address
• phone number
• and further personal data which might be provided to us

c) Participating in virtual event

In the context of participation in virtual events, such as webinars, workshops, round tables or conferences, we collect and process the following personal data:

• For event registration
  • first name
  • last name
  • job title
  • company you work for
  • e-mail address
• Recordings, in case recording and/or camera is activated for voice and video
• Interaction with an App
  • poll data
  • questions
  • duration of participation
  • responses to surveys
  • any further contribution from participants

d) Marketing and customer analysis

In some cases, we analyse your contact data together with other personal data that we have e.g., collected about you from your activities on our website, such as which subpages and services you have viewed on our website, in the context of purchase requisitions and orders, using our web contact-form, etc.

In particular, we collect and process:

• Your IP address to monitor traffic and volume of the website
• A session ID to track usage statistics on our website
• Data relating to your personal or professional interests, demographic data and data relating to your experience with our products and your contact preferences
• Social network account, message content, topics of interest to you

e) Services and Support

While using our Service and Support system via web login we collect and process your personal data entered in the ticket you created.

In particular, we collect and process:

• first name
• last name
• job title
• company you work for
• e-mail address
• phone number
• and everything you provide in the ticket message content or attachments

f) Applying for a job at SAP Fioneer

Your application is processed via third party workable and the following privacy terms will apply.

We collect and process personal data that you voluntarily provide to us during your use of the website and/or use of the provision of our services and customer support to enable us to provide the services for you. Our website uses various user interfaces to enable you to request information about our services, including electronic enquiry forms. Contact details can be requested, together with details of other personal data relevant to your service enquiry. This data will be used to respond to your enquiry.

Basically, we can be reached by mail, e-mail, contact form, telephone or via social networks for your requests.

Your personal data such as first name, last name, work email address and country are required to send your request to us via the web contact form. Otherwise, the provision of your personal data is voluntary.

If you do not provide your personal data, we may not be able to process or respond to your enquiries, or requests. If you do not provide us with your work email address in the web contact form or provide it incorrectly, we will not be able to reply to you. Insofar as your identification should be necessary, e.g., to answer you or call you back, we collect your contact data.

We are authorized to use your data for the following purposes:

a) Visiting our website

The IP address is a string of numbers that uniquely assigns your computer system for the time of calling up our website. The IP address is used to receive and send data packets and enables a user to retrieve a website.

The temporary storage of the IP address on our server is necessary to transmit the page content to your computer system after calling up this website, so that the user can perceive the content.

The storage in log files takes place to ensure the functionality of the website and to be able to detect any transmission errors that may occur. In addition, this data is used by us to optimize the website and to ensure the security of its information technology systems.

Your personal data will be disclosed to our data processing department and to our contractors contracted to host and provide IT resources for the operation of the website.

Legal basis of the processing

The processing is carried out based on our legitimate interests as a data controller according to Art. 6 para 1 lit. f GDPR. We have a legitimate interest in processing the above personal data for the above purposes to ensure that its product and service information is available online.

The processing of personal data to provide the website and to create the log file is necessary for the operation of the website. Therefore, you cannot object to this type of processing.

Furthermore, our websites contain Cookies, Pixel and similar technologies:

Cookies are small text files, pixel are small graphic files, that are stored on your computer (together hereinafter “Cookies”). Cookies make it possible, for example, to identify you as a specific customer and to store both your personal preferences when using our website and technical information. The main benefit for you is that you do not have to enter specific information stored in the Cookies every time you visit our website. Cookies do not necessarily reveal personal information. If, however, you enter personal information on our website, this may be associated with the data stored in the cookies. For more see below.

• Technically necessary cookies are essential for the functionality of the website and cannot be deactivated. These cookies are usually session cookies and are therefore generally not stored beyond your visit to our website. We process this data based on our legitimate interest in accordance with Art. 6 para 1 p.1 lit. f GDPR or § 25 para 2 no. 2 (German Telecommunications-Telemedia Data Protection Act) TTDSG. You have the option to object to this interest by leaving the website and deleting all cookies.
• Statistical/analysis cookies enable us to count the number of visitors to our website so that we can measure and improve the performance and experience of our website for you. By measuring these metrics, we learn which pages are viewed more or less frequently and how our visitors move around the website. If you do not consent to these cookies, we will not be able to record when you have visited our website and will not be able to monitor the performance of the website. We process this data based on your consent given in the cookie banner in accordance with Art. 6 para 1 p.1 lit. a GDPR or § 25 para 1 TTDSG. You have the option to revoke this consent at any time by deleting all cookies in your browser.
• Marketing cookies (Advertising cookies) may be set via our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you interesting and relevant adverts on other websites. If you do not allow these cookies, you will receive less personalized advertising. We process this data based on your consent given in the cookie banner in accordance with Art. 6 para 1 p.1 lit. a GDPR or § 25 para 1 TTDSG. You have the option to revoke this consent at any time by deleting all cookies in your browser.
• Google Analytics (statistical/analysis cookies). On our website we use Google Analytics a web analysis service of Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”). Google Analytics enables the generation of statistics to help us understand website traffic and its sources. We use Google Analytics solely for statistical purposes, such as to track how many users have clicked on a particular item or information. As a company based in Germany, our legal basis is Art. 6 para 1 p.1 lit. f GDPR in conjunction with § 15 para 3 German Federal Telemedia Act (TMG). The retention period of the cookie is 2 years. Google Analytics is based on cookies and records information about your use of our website including your IP address. To prevent users being identified by their IP addresses, we use a special code to ensure that your IP address is recorded solely in truncated and therefore anonymized form. It is no longer possible to identify individual users with this truncated IP address. Further information on data protection when using Google Analytics can be found here. You can prevent the collection of data through the Google Analytics cookie by installing the plug-in available at the following link. General information on Google’s processing: The information recorded by Google is transmitted to Google based in the United States. Please click here for further information on data protection at Google: https://policies.google.com/privacy?hl=en. You can change your settings by going to the Google Marketing Platform’s deactivation page or the deactivation page of the NAI (Network Advertising Initiative) http://www.networkadvertising.org. Alternatively, you can deactivate Google Cookies on the Digital Advertising Alliance website using the following link. You can also block the storing of Cookies by changing the settings in your browser.
• Google Analytics Audience (statistical/analysis cookies). We use Google Analytics Audiences, a service provided by Google. Google Analytics Audience uses cookies that are stored on your computer and other mobile devices (e.g., smartphones, tablets, etc.) to help analyse how users use these devices. As a company based in Germany, our legal basis is Art. 6 para 1 p.1 lit. f GDPR in conjunction with § 15 para 3 TMG. The retention period for the cookie is 2 years. Google gains access to the cookies created by Google AdWords and Google Analytics. During use, data, such as the IP address and user activities, is transmitted to a server of Google. You can prevent Google from collecting the data as described under the “General information on Google’s processing” section above. For further information on data protection when using Google Analytics and how to install the browser plugin to prevent Google Analytics from tracking your activities please see the “Google Analytics” section above.

You can change the selection of optional cookies and preferences any time via our cookie banner, here: Change Cookie Preferences

b) Orders from companies or customers (legal entities)

Your personal data will be processed in the context of business initiation, purchase requisitions and order for the preparation of requested offers and for the execution of orders.

Legal basis of the processing

The legal basis for this is Art. 6 para. 1 lit. c GDPR. We may also send you information material about our services and products. The legal basis for this is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. You can object to this mailing at any time. We will then no longer use your address data for these purposes. If you wish to exercise your data subject rights to object, withdraw your consent or unsubscribe from marketing and promotional emails or newsletters (please see chapter X.), please send an email to: [email protected].

c) Participation in virtual events

We collect and process your personal data for the purpose of managing and organizing the event. We also process your personal data for the purpose of customer analysis marketing activities, invitations to webinars and conferences. Following the event the participants will receive an email including the link to the recording of the event to replay that subsequently.

Legal basis of the processing

The processing of your data is based on your consent in relation of a virtual event, Art. 6 para 1 lit. a GDPR. If you wish to exercise your data subject rights to object or withdraw your consent (please see chapter X.), please send an email to: [email protected].

d) Marketing and customer analysis

In some cases, we analyze your contact data together with other personal data that we have e.g., collected about you from your activities on our website, such as which subpages and services you have viewed on our website, using our web contact-forms for registration to a webinar or a conference, becoming a partner or collaborate with us, and any further information when choosing to get in touch with us and in the context of purchase requisitions and orders.

Legal basis of the processing

To the extent permitted by law and with your consent (Art. 6 para 1 lit a GDPR.), we use cookies, log files and other technologies to collect personal data from the hardware and software you use to access the website or from your mobile phone. If you wish to exercise your data subject rights to object, withdraw your consent or unsubscribe from marketing and promotional emails or newsletters (please see chapter X.), please send an email to: [email protected].

e) Services & Support

While using our Service and Support system via web login we collect and process your personal data entered in the ticket you created. We use your personal data you provide in the ticket to us for contacting you in the context of the ticket processing and to improve our products and services.

Legal basis of the processing

The processing of your data is based on your consent in relation of the provision of the Support Services, Art. 6 para 1 lit. a DSGVO. If you wish to exercise your data subject rights to object or withdraw your consent (please see chapter X.), please send an email to: [email protected].

f) Applying for a job at SAP Fioneer

Your application is processed via third party workable and the following privacy terms will apply.

g) Company administration and compliance with legal regulations

We use your personal data for the following purposes in relation to the administration of our business and legal compliance: to fulfil our legal obligations, to exercise our rights, to protect the rights of third parties; and in connection with a business transaction such as a merger, reorganization, or sale.

Legal basis of the processing

If we use your personal data in connection with a business transfer to exercise our rights or to protect the rights of third parties, it is in our legitimate interest or in the legitimate interest of a third party to do so, see Art. 6 para 1 lit. f GDPR. For all other purposes described in this section, we are legally obliged to use your personal data to comply with the legal obligations imposed on us, see Art. 6 para 1 lit. c GDPR. If you wish to exercise your data subject rights, please send an email to: [email protected].

Insofar as we have obtained consent from you for the processing operations of personal data, Art. 6 para 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6 para1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures at your request.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are, Art. 6 para 1 lit. c GDPR serves as the legal basis.

If vital interests of you or another natural person make processing of personal data necessary, Art. 6 para 1 lit. d GDPR Art. 6 serves as the legal basis.

If the processing is necessary to protect a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the user do not override the first-mentioned interest, Art. 6 para 1 lit. f GDPR serves as the legal basis for the processing.

SAP Fioneer is a globally operating software company. Any data collected by us or provided to us by you potentially could be transferred and processed by any SAP Fioneer entity.

As a rule, your personal data will be processed by us. Your personal data which we have received via electronic means of communication will only pass to third parties to the extent that this is necessary in individual cases to process your request. We may use the third parties process personal data on our behalf and on our instructions. We act with reasonable care and prepare contractual documentation in relation to all subcontractors to ensure that they process such personal data appropriately and in accordance with our legal and regulatory requirements.

In doing so, we will comply with our legal and regulatory requirements in relation to personal data, including but not limited to implementing appropriate safeguards. In addition, we are authorized to transfer personal data to third parties as governments or regulatory authorities, regulators/tax authorities/corporate registries based on legal requirements.

We utilize third parties providing infrastructure and similar general services to us, please click here to get more information on these third parties. And, we also utilize third parties providing subject area specific service; please click here to get more information on these third parties.

All third party lists may be subject to regular updates.

In some cases, it may be necessary to transfer personal data to third countries, e.g., to a supplier in a third country. Or we use services on our website that are hosted in third countries or through which data is processed in third countries. If you are located within the European Economic Area (EEA) or safe countries, please note that we may transfer personal data to countries outside the EEA or safe countries if this is necessary for the provision of the services. If we transfer data to third countries, we will only do so if suitable guarantees within the meaning of Art. 46 para 1, para 2 GDPR from the relevant recipients, such as the conclusion of EU standard contractual clauses. Where we transfer personal data to other SAP Fioneer affiliates in third countries: All SAP Fioneer affiliates have signed an internal data processing agreement based on the EU standard contractual clauses, including a legal basis for the transfer of personal data and the implementation of appropriate safeguards to ensure an adequate level of protection for the personal data in accordance with Art. 6 GDPR in conjunction with Art. 46 para 1, 2 of the GDPR.

Your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies. Storage may take place beyond this if this is stipulated by regulations, laws, or other regulations according to which we are obliged to store the personal data (retention obligations for example under contract law, commercial law, or tax law).

In the case of the collection of data for the provision of the website, deletion of your personal data takes place when the respective session has ended. The user’s IP address must remain stored for the duration of the session to enable the use of the website. If your data is stored in the log file, the data collected therein will be stored indefinitely.

We are committed to keeping the personal data provided to us secure and we have implemented appropriate information security policies, rules, and technical and organizational measures to protect the personal data for which we are responsible from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. All of our partners, employees, consultants, workers and data processors (i.e., those who process your personal data on our behalf for the purposes set out above) with access to and responsibility for processing personal data are required to maintain the confidentiality of that personal data.

You have the following rights in relation to your personal data collected and processed by us:

Your right of information/access

You have the right to request information about your personal data collected and processed by us (Art. 15 GDPR). In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details. Upon your request, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (together with certain other details). If you require additional copies, we may have to charge a fee.

Your right to rectification

You have a right to rectification under the conditions of Art. 16 GDPR. In particular, this means that you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and the completion of incomplete personal data.

Your right to erasure and to be forgotten

You have the right to request, pursuant to Art. 17 GDPR, the erasure of your personal data collected and processed by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

Your right to restriction of processing

You have a right to restriction of processing under the conditions of Art. 18 GDPR. This means that you have the right to demand that we restrict processing if one of the conditions listed in Art. 18 para 1 GDPR is met.

Your right to data portability

Under certain circumstances, you have the right to receive the personal data you have provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or ask us to transmit it to a third party of your choice (Art. 20 GDPR).

Your right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para 1 lit. e or f GDPR (Article 21 para 1 GDPR). In this case, we will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a user, or the processing serves the purpose of asserting, exercising, or defending legal claims. To exercise the right to object, it is sufficient to send an e-mail to (please find the respective e-mail addresses above under the according purpose section IV.

Your right to withdraw consent

You can revoke to any consent given to us at any time with effect for the future in accordance with Art. 7 para 3 GDPR. The processing of personal data to provide the website and to create the log file is necessary for the operation of the website. Therefore, you cannot object to this type of processing. To exercise the right to revoke, it is sufficient to send an e-mail to (please find the respective e-mail addresses above under the respective responsible). Furthermore you can revoke your consent to the cookie processing any time by changing the selection of optional cookies and preferences our cookie banner, here: Change Cookie Preferences

Your right to complaint

You may complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the headquarters of us for this purpose.

Your right to unsubscribe

Any time you may unsubscribe from marketing and promotional emails, newsletters from us at any time by following the unsubscribe instructions contained in any such email. You can also contact us any time to unsubscribe from marketing emails from us by emailing us (please find the respective e-mail addresses above under the respective responsible).

The Website contains links to other websites whose handling of personal data may differ from ours. Visitors to these websites should carefully read the respective privacy notices of the other websites, as SAP Fioneer has no control over data that is transmitted to or collected by such third parties.

We are entitled to amend these Privacy Terms from time to time. To ensure that you are always aware of our use of your personal data, we will occasionally update these Privacy Terms to reflect changes to our use of your personal data. In addition, we may make changes that are necessary to comply with changes in applicable law or regulatory requirements. We therefore recommend that you read these Privacy Terms regularly so that you are always informed about our use of your personal data.