SAP Ruum Privacy Statement

Click here for a printable version of this Privacy Statement.
This Privacy Statement was updated on March 8th, 2021.
Last Updated on February 27th, 2019- Access archived versions here

Protecting the individual's privacy on the Internet is crucial to the future of Internet-based business and the move toward a true Internet economy. We have created this privacy statement to demonstrate our firm commitment to the individual's right to privacy. This Privacy Statement outlines our personal information handling practices for this SAP Ruum (the “Service”). If you use the Service as part of an entity or organization with an enterprise agreement with SAP, the term of your organization’s agreement with SAP may restrict our collection or use of your Personal Data. We refer to these types of users in this document as “enterprise users.”

For individual users, the data controller for the Service is SAP America Inc.,3999West Chester Pike, Newtown Square, PA 19073, United States (“SAP”),with its data protection officer Mathias Cellarius ( For enterprise users, the data controller is the organization that has an agreement with SAP.

General information

Global Privacy Fundamentals

Our privacy practices reflect current global principles and standards on handling personal information. These principles include notice of data use, choice of data use, data access, data integrity, security, onward transfer, and enforcement/oversight. We abide by the privacy laws in the countries where we do business.

When does this Privacy Statement apply?

This Privacy Statement covers this Service and other site that reference this Privacy Statement. Some SAP entities, programs and/or sites may have their own, possibly different, privacy statements. We encourage you to read the privacy statements of each of the SAP websites or program information you visit or review. If you use the Service as part of an entity or organization with an enterprise agreement with SAP, the term of your organization’s agreement with SAP may restrict our collection or use of your Personal Data. Even if you are not a user of this Service, some information may be gathered about you by virtue of your interaction with a user of the Service. Please see “Non-Users Interacting with Service Users” for more details.

What does SAP do with my personal data?

SAP collects and uses your data to provide you the Service, to improve our products and services, to communicate with you about offers that may be of interest, and for other administrative purposes. You can find detailed information in the“Personal Data Collected and Purposes” below.

Why am I required to provide personal data?

Any provision of personal data is voluntary. However, without providing certain personal data (see “Data we process to provide you the Service”), you will not be able to use the Service.

Personal Data Collected and Purposes

SAP collects certain information which can directly or indirectly identify you (“Personal Data”) to deliver the service, to understand your needs and interests and to help SAP deliver a consistent and personalized experience. We will use such information only as described in this Privacy Statement and/or in the way we specify at the time of collection. We will not subsequently change the way your personal data is used without your consent, as required by applicable law.

Data we process to provide you the Service

SAP requires your first name, last name and email address to deliver the Service to you, including allowing you to create personal profile areas, view protected content, provide customer feedback and receive support (including communicating with you via email). We will also collect Personal Data that you provide to us, such as when you fill in an optional field to let us know your job title. Depending on the integrations you use, we may also require user information to other sites where the Service can be integrated. For instance if you integrate with Box, we may ask you to provide your Box user name.

Data we process to create a better experience and improve our product

In addition to your Personal Data, we may collect other information about your use of our Service and certain details that your browser sends to our website such as your browser type and language, access times, and the address of the website from which you arrived at an SAP website. We use standard automated tools, which include Web beacons, cookies, embedded Web links, and other commonly used information-gathering tools to collect this information.  

We use this information to:
– Help diagnose and resolve problems with our Service;
– Transfer your Personal Data within SAP’s group of undertakings to the extent necessary for internal administrative purposes;
– Prevent or prosecute criminal activities such as fraud, if required;
– Analyze  your individual usage patterns, interests and preferences in order to improve our products and make suggestions (manually or with use of machine learning techniques) that help you get the most value from our Service. For example, it allows us to provide you with specific information on features and services that may be of interest to you. We may occasionally provide related in-Service notifications or announcements;
– Create aggregated and anonymized data sets in order to understand Service usage, adoption, and virality, which will then be used to improve the Service. This aggregated and anonymized data may also be used to improve SAP’s and its affiliates’ other products and services;
– Invite you to participate in additional questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you nonetheless enter Personal Data in a questionnaire or survey, SAP may use such Personal Data to improve its products and services
– Keep you informed of Service announcements, updates or news about the Service.

Data we process based on your consent

In the following cases SAP will only use your Personal Data as further detailed below after you have granted your prior consent.

For enterprise users, please note that these activities constitute a separate controller activity of SAP.

News about the Service
SAP may use your name, email, postal address, telephone number, job title and basic information about your employer (name, address, and industry), your individual usage patterns, interests and preferences, as well as an interaction profile based on prior interactions with SAP (prior purchases, participation in webinars, seminars, or events or the use of (web) services  – further details on this topic can be found in the displayed on the relevant SAP website) (together “Tailored Personal Data”) in order to communicate with you about the latest Service announcements, software updates, software upgrades, special offers, and other information about the Service.

Withdrawing Consent

For processing based on consent, you may at any time withdraw a consent granted hereunder. If you withdraw your consent, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of personal data by SAP up to the point in time of your withdrawal. Furthermore, if your use of an SAP offering requires your prior consent, SAP will not be(any longer) able to provide the relevant service (or services, if you revoke the consent for SAP to use your profile under the SAP Cloud Platform Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation. Please direct any such request for withdrawal to .

Duration of Storage

SAP will only store your Personal Data for the following periods as applicable:
– for Personal Data required to deliver the Service, for as long as it is required to allow you to participate in the Service;
– where SAP’s use of your Personal Data is based on SAP’s legitimate business interest as further stated herein, either until you delete your account or until you object to such use by SAP at the email address provided below; and
– where the processing of your Personal Data is based on your consent either until your you delete your account or until you revoke your consent granted hereunder;·      
– plus, in each case and where applicable, any additional periods under applicable laws during which SAP has to retain your Personal Data.

Please direct any such objections to Kindly note that in this case the use of certain services or offerings may either be limited or not possible any longer. In case there is a contradicting statutory obligation for SAP to retain your Personal Data, SAP will block it against further processing and then delete the relevant Personal Data when the requirement to retain it has ceased.

Sharing Your Personal Data

Recepients of Data

SAP will not send your personal data outside the SAP Group except to the recipients listed below, unless we are otherwise required to do so by applicable laws.

The following categories of recipients may receive personal data:
– Service Providers, who help SAP provide the Service as described above;
– Other SAP Group Companies.

Country-Specific Disclosures

European Economic Area

For persons in the European Economic Area, the following additional paragraphs apply:  Legal Bases for Processing   

For individual users:

– Personal data listed in the section “Data we process to provide you the Service” is processed in order to perform our contractual obligations to you (i.e., to provide you the service).  
– Personal data processed under “Data we process to create a better experience” is processed on the basis of SAP’s legitimate interest.

For enterprise users:

SAP generally processes Personal Data based on the agreement that your organization has with SAP. In most cases, if you wish to exercise your European data protection rights, you will need to contact your organization.

Transmission of Personal Data to a non-EEA Country

As part of a global group of companies, SAP has affiliates and third-party service providers within as well as outside of the European Economic Area (the “EEA”). As a consequence, for individual users, whenever SAP is using or otherwise processing your Personal Data for the purposes set out in this Privacy Statement, SAP may transfer your Personal Data to countries outside of the EEA including to such countries in which a statutory level of data protection applies that is not comparable to the level of data protection within the EEA. Whenever such transfer occurs, it is based on the Standard Contractual Clauses (according to EU Commission Decision 87/2010/EC or any future replacement) in order to contractually provide that your Personal Data is subject to a level of data protection that applies within the EEA. You may obtain a redacted copy (from which commercial information and information that is not relevant has been removed) of such Standard Contractual Clauses by sending a request to . For enterprise users, the transfer of data is governed by the agreement your organization has with SAP.

European Data Protection Rights

For individual users, you can request from SAP at any time information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

If SAP uses your Personal Data based on your consent or to perform a contract with you, you may further request from SAP a copy of the Personal Data that you have provided to SAP. In this case, please contact the email address below and specify the information or processing activities to which your request relates, the format in which you would like this information, and whether the Personal Data is to be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best fulfill it.

Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, (but only for as long as SAP requires to check the accuracy of the relevant Personal Data), (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, [or] (iii) SAP no longer requires your Personal Data but you claim that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims or(iv) in case you object to the processing of your Personal Data by SAP (based on SAP’s legitimate interest as further set out above) for as long as it is required to review as to whether SAP has a prevailing interest or legal obligation in processing your Personal Data.

If you take the view that SAP is not processing Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.

This Service is not directed to users of an age of below 16 years. If you are younger than 16, you may not register with and use this Service.

For enterprise users, if you wish to exercise your European data protection rights, you will need to contact your organization.

United States

For users in the United States of America, the following additional provisions apply:


Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:

Do Not Track. Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to our Cookie Statement. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. Please note that if you do not accept cookies, you may not be able to use certain functions and features of our site. Specifically, the SAP Ruum Service will not function without cookies.  

This site does not allow third parties to gather information about you over time and across sites.
You have the right:
– to request from SAP access to your Personal Data that SAP collects, uses or discloses about you.
– to request that SAP delete Personal Data about you
– to non-discriminatory treatment for exercise of any of your data protection rights
– in case of request from SAP for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance; and 

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not and will not sell your Personal Data. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data.   If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.  

In addition to contacting SAP at, you may also exercise your rights as follows: You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf. 

US Children's Privacy

SAP does not knowingly collect the Personal Data of children under the age of13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that [insert relevant SAP offering]is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.


For individuals within the Philippines, you may also exercise your rights as follows: 

You can call or write to SAP to submit a request at:  
Phone:    +632-8705-2500 
Address: SAP Philippines, Inc. 
              Attn: Data Protection Officer
               27F Nac Tower, Taguig City 1632,Philippines 

The following two provisions apply to citizens of the Philippines: 
– You may claim compensation as finally awarded by the National Privacy Commission or the courts if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject
– If you are the subject of a privacy violation or personal data breach or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission. 

Updated: 8 March 2021