SAP Global Physical Security

中华人民共和国境内 SAP 办公场所访客登记和身份管理

隐私声明

本隐私声明更新于 2024 年 1 月 8 日。

 

Protecting an individual's privacy is crucial to the future of business. We have created this privacy statement to demonstrate the firm commitment of SAP (China) Co., Ltd. (hereinafter referred to as “SAP” or “We”) in how We handle information that relates to any identified individual or to an identifiable individual (hereinafter referred to as “Personal Information”). 

 

 

SAP 的访客登记和身份管理系统旨在确保 SAP 办公场所内人员和资产的安全。

 

 

一般信息

 

 

谁是个人信息处理者?

 

访客登记和身份管理的个人信息处理者为思爱普(中国)有限公司。根据具体地点,包括以下法律实体之一:

  • 北京 (BJG07) 朝阳区天泽路 16 号润世中心 3 号楼 6 层、7 层、8 层、10 层、12 层

  • 成都 (CTU02) 成都天府软件园天府大道中段 1366 号 2 号楼 E5 区 8 楼 19-28 室,邮编:610040

  • 大连 (DLN02) 大连市沙河口区五一路 269 号国际信息服务中心大连软件园 16 号楼 4 楼、5 楼,邮编:116021

  • 大连 (DLN03) 大连市沙河口区五一路 269 号国际信息服务中心大连软件园 17 号楼 5 楼、6 楼,邮编:116021

  • 广州 (GZU02) 广州市天河区珠江东路 6 号 5709 室,邮编:510613

  • 中国上海市晨晖路 1001 号上海实验室园区 (PVG01-05) 

  • 上海 (PVG06) 中国上海市晨晖路 1000 号 W2 栋 3-8 层

  • 上海 (PVG07) 中国上海市晨晖路 1000 号 W3 栋 1-5 层

  • 上海会德丰 (PVG10),上海市静安区南京西路 1717 号、47 层、55 层

  • 上海 (PVG11) 中国上海市亮秀路 112 号

  • 上海长泰 (PVG12),上海市金科路 2889 号 D 栋

  • 深圳 (SZX01) 深圳市福田区中心四路嘉里建设广场三座 24 楼 01、03、04 室

  • 武汉 (WUH01) 武汉市中山大道 1 号越秀财富中心 5003 室

  • 西安 (XIY02) 西安市高新区锦业一路国家软件服务外包示范基地 D 座 2楼

可通过 privacy[@]sap.com 联系数据保护官。

 

在适当的SAP 职能范围内,员工和承包商被授权操作系统并访问其中包含的信息。这些团队成员分布在各个地区并遵守 SAP 全球安全 (SGS) 政策和程序。

 

SAP 会收集哪些个人信息?

 

对于 SAP 办公场所的访客,我们会收集以下信息。  

 

联系人数据

SAP 会将以下类别的个人信息作为联系人数据进行处理:姓氏、名字、电子邮件地址和电话号码。

 

与 SAP 的业务关系相关的个人信息(如适用)

SAP 会根据已建立的业务关系处理以下类别的个人信息:公司名称。

 

SAP 访客身份数据

SAP 会将以下类别的个人信息作为访客数据进行处理:到访地点、到访登记日期和时间、进/出日期和时间、访客照片、访客保密声明签名、接待人姓名、访客类型(即访客、SAP VIP、活动);访客细分类型(即审计人员、业务会议、承包商/供应商、客户、活动、政府、求职面试、个人、销售合作伙伴、租户、培训、VIP、VIP(非 SAP))及到访原因。

 

SAP 为何需要您的个人信息?

 

SAP 处理您的个人信息旨在确保为 SAP 办公场所提供充分的安全保障。

 

此流程允许SAP对 SAP 办公场所提供适当的访问权限,并确保全球所有 SAP 办公地点内所有 SAP 员工、供应商、访客和资产的安全。此流程有助于 SAP 履行相关的注意义务或适用的其他义务/法定义务,包括在进入 SAP 拥有或租赁的任何场所之前或期间进行身份验证。

 

尽管在访客登记过程中提供个人信息是自愿行为,但如果没有您的个人信息,SAP 将无法为您提供访问 SAP 办公场所的权限。

 

SAP 会将我的个人信息保存多长时间?

 

SAP 仅在以下情形所需的时间范围内保存您的个人信息:

  • 履行在本隐私声明中进一步规定的 SAP 目的,除非您反对 SAP 出于这些目的使用您的个人信息。

 

若与处理您的个人信息相关的法律强制要求,或 SAP 需要您的个人信息来维护权益或进行法律抗辩,SAP 可能会将您的个人信息保留更长时间。SAP 会保留您的个人信息,直到相关的保留期限结束或相关索赔得到解决为止。

 

个人信息的接收方是谁?在何处处理个人信息?

 

您的个人信息会转交给以下类别的第三方进行处理:

  • SAP 集团内的公司,作为一家全球性组织,SAP 集团需要履行全球安全义务

  • 第三方服务提供商,其中包括受聘为 SAP 提供安保服务的安保机构

  • 负责处理任何企业犯罪或其他安全调查事务的执法机构、保险公司等(视情况而定)

作为一家全球性的跨国集团公司,SAP 在中国以外或在对国际数据传输有相关法律限制的地区拥有关联公司(以下简称“SAP 集团”)和第三方服务提供商,因此会将您的个人信息传输到中国以外的国家和地区。SAP 使用欧盟标准合同条款按照与中国一致的数据保护水平保护您的个人信息。通过向 privacy@sap.com 发送请求,您可以获得此类标准合同条款的副本(经过修订,删除商业或不相关的内容)。

 

您享有哪些数据保护权利?

 

访问、更正和删除数据的权利

您可以随时向 SAP 请求访问 SAP 处理的与您有关的个人信息,并在必要时,请求更正或删除此类个人信息。但请注意,仅在 SAP 没有保留该数据的法定义务或优先权利的情况下,SAP 才会删除您的个人信息。如果您请求 SAP 删除您的个人信息,您将无法继续使用任何需要 SAP 使用您的个人信息的 SAP 服务。

 

解释权

您可以要求 SAP 解释个人信息处理规则。

 

可携带权

如果您要求 SAP 将您的个人信息传输给指定的个人信息处理者,SAP 将在满足适用法律法规所规定条件的情况下提供传输渠道。

 

获得个人信息副本的权利

您可以向 SAP 索取您提供给 SAP 的个人信息的副本。在此情况下,请通过 SAP-Physical-Sec-Privacy@sap.com 联系我们,说明您请求的相关信息或处理活动、您希望接收个人信息的格式以及是将该个人信息发送给您还是其他接收人。SAP 将仔细考虑您的请求,并与您讨论满足您请求的最佳方式。

 

停止或限制的权利

在某些情况下,您可以要求 SAP 停止或限制对您的个人信息作进一步处理,比如:(i) 当 SAP 要求核实相关个人信息的准确性时,您声明与您有关的个人信息不正确;(ii) SAP 对您个人信息的处理没有任何法律依据,且您要求 SAP 停止或限制对您的个人信息作进一步处理;或者 (iii) SAP 不再需要您的个人信息,但您明确要求 SAP 保留此类信息,以便主张或行使法律权利或就第三方索赔进行抗辩。

 

反对自动化决策的权利

您可以要求不接受完全基于自动化处理的决策。

 

撤回同意的权利

若 SAP 基于您的同意处理您的个人信息,您随时可以向 SAP 发送相应的撤回通知来撤回您的同意。在撤回的情况下,除非法律要求,否则 SAP 将不会再处理与该同意相关的个人信息。若出于法律原因 SAP 需要保留您的个人信息,您的个人信息将被限制进一步处理且保留期限不会超过法律要求的期限。但是,任何撤回均不会影响 SAP 在您撤回同意之前对个人信息的处理。

此外,若您使用的 SAP 产品需要您的事先同意,在您撤回同意之后,SAP 将无法向您提供相关的服务(如果您撤回同意 SAP 在SAP Identity Authentication 服务下针对多个 SAP 产品使用您的资料,则涉及多项服务)、产品或活动。

 

投诉的权利

若您认为 SAP 未依据本隐私声明规定的要求或适用的数据保护法处理您的个人信息,您可以在适用法律允许的范围内,随时向主管数据保护机构投诉。

 

反对的权利

您可以随时通过发送电子邮件至 SAP-Physical-Sec-Privacy@sap.com,反对 SAP 使用本节中所述的您的个人信息。在这种情况下,SAP 将仔细审核您提出的异议,并停止进一步使用相关信息,但如果 SAP 有令人信服的合法理由继续使用您的个人数据,或者如果 SAP 需要这些信息来建立、行使或抗辩法律主张,则会驳回您的反对请求。  

此外,SAP 可根据法律义务(《个人信息保护法》第 13(3) 条)使用您的个人信息,以支持公共机构在调查中提出的合法有效的支持请求。

 

SAP 如何验证行使数据保护权利的请求?

 

SAP 将采取措施,确保在合理程度上验证核实您的身份,然后再处理您想要行使的数据保护权利。在可行的情况下,SAP 会将您在提交行使权利请求时提供的个人信息与 SAP 维护的信息进行匹配。这可能包括将您提交请求时提供的两个或多个数据点与 SAP 维护的两个或多个数据点进行匹配。

 

SAP 将拒绝处理明显没有依据、过度夸大、欺诈或当地法律没有要求的请求。  就性质而言,访客登记和身份信息可能会包含与许多个人相关的个人信息,在处理任何请求之前,需要对这些个人信息进行删除或编辑。鉴于此流程极为繁琐,SAP 可能会将此类请求默认为过度请求,具体视请求的情况和性质而定。

 

我拥有哪些投诉权利?

 

若您认为 SAP 未依据本隐私权声明规定的要求或适用的数据保护法处理您的个人信息,您可以随时向主管数据保护机构提出投诉。

 

SAP 为何需要使用我的个人信息?

 

SAP 可出于以下目的使用您的个人信息:

  • 控制对 SAP 办公场所的访问;

  • 为 SAP 办公场所提供充分的安全保障;

  • 确保 SAP 员工和 SAP 办公场所访客的安全;

  • 防止、阻止并在必要时调查未经授权的实地访问,包括未经授权访问安全场所和受保护的房间、IT 基础设施或运营信息;

  • 防止破坏、盗窃和财物损失;以及

  • 支持公共机构在调查过程中提出的合法有效的支持请求。

您可以随时通过发送电子邮件至 SAP-Physical-Sec-Privacy@sap.com,反对 SAP 使用本节中所述的您的个人信息。在这种情况下,SAP 将仔细审核您提出的异议,并停止进一步使用相关信息,但如果 SAP 有令人信服的合法理由继续使用您的个人信息,或者如果 SAP 需要这些信息来建立、行使或抗辩法律主张,则会驳回您的反对请求。

Visitor Registration and Identity Management Privacy Statement at SAP premises across the People's Republic of China

This Privacy Statement was updated on 8 January 2024.

 

Protecting an individual's privacy is crucial to the future of business. We have created this privacy statement to demonstrate the firm commitment of SAP (China) Co., Ltd. (hereinafter referred to as “SAP” or “We”) in how We handle information that relates to any identified individual or to an identifiable individual (hereinafter referred to as “Personal Information”).

 

 

Visitor registration and identity management systems at SAP are used to ensure the security of personnel and assets at SAP's premises. 

 

General Information

 

 

Who is the Personal Information Handler?

 

The Personal Information Handler for visitor registration and identity management is identified as SAP (China) Co., Ltd. Depending on the specific location, this will include one of the following legal entities:

  • Beijing (BJG07) 6F &7F &8F &10F &12F, Building 3, World Profit Center No. 16, Tianze Road, Chaoyang District"

  • Chengdu (CTU02) Rm 19-28, 8F, E5 Area, Building 2, #1366 Middle Tianfu Ave, TFSP, Chengdu 610040

  • Dalian (DLN02) 4F & 5F, DLSP16, International Information Service Center NO.269 Wuyi Road, Shahekou Dist Dalian China 116021

  • Dalian (DLN03) 5F & 6F, DLSP17, International Information Service Center NO.269 Wuyi Road, Shahekou Dist Dalian China 116021

  • Guangzhou (GZU02) Room 5709, No.6 Zhujiang East Road, Tian He district, 510613 Guangzhou

  • Shanghai Labs Campus (PVG01-05) #1001 Chenhui Road,Shanghai, PRC 

  • Shanghai (PVG06) 3-8F, Building W2, #1000 Chenhui Road, Shanghai, PRC

  • Shanghai (PVG07) 1-5 F Building W3, #1000 Chenhui Road, Shanghai, PRC

  • Shanghai Wheelock (PVG10) 47F & 55F, 1717 Nanjing West Road, Jing'an District, Shanghai

  • Shanghai (PVG11) No. 112, Liangxiu Rd, Shanghai, PRC

  • Shanghai Chamtime (PVG12) Building D, No. 2889, Jinke Road, Shanghai

  • Shenzhen (SZX01) Room 01, 03, 04, 24F, Tower Three, Kerry Building Plaza, Zhong Xin Si Road, Futian District, Shenzhen

  • Wuhan (WUH01) Room 5003, Yuexiu Fortune Center, No. 1 Zhongshan Avenue, Wuhan

  • Xi'an (XIY02) No.201, Tower D, Area 1, Xi'an National Service Demonstration Base, 11 Jin Ye Yi Road, High-tech Zone, Xi'an

The data protection officer can be reached at privacy@sap.com.

 

Employees and contractors within appropriate SAP functions are authorized to operate the system and access the information it contains. These team members are located in all regions and follow SAP Global Security (SGS) policies and procedures.  

 

What Personal Information does SAP collect? 

 

As a visitor to SAP’s premises, we may collect the following information.   

 

Contact Data

SAP processes the following categories of Personal Information as contact data: first name, last name, email address and telephone number.

 

Personal Information related to the business relationship with SAP (if appropriate)

SAP processes the following category of Personal Information in the context of established business relationships: company name.

 

SAP Visitor Identity Data

SAP processes the following categories of Personal Information  as visit data: visit location, visit registration date and time, date and time of check-in/check-out, visitor photo, visitor Confidentiality Disclaimer signature, host name(s), visitor type (i.e., Visitor, SAP VIP, Event), visitor sub-type (i.e., Auditor, Business Meeting, Contractor/Vendor, Customer, Event, Government, Job Interview, Personal, Sales Partner, Tenant, Training, VIP, VIP (non-SAP)) and visit reason.  

 

Why does SAP need your Personal Information?

 

SAP processes your Personal Information to ensure an adequate level of safety and security for and at SAP's premises.

 

This process allows SAP to provide appropriate access to SAP premises and to ensure the security and safety of all SAP employees, suppliers, visitors, and assets across all global SAP locations. This process supports SAP to comply with relevant duty of care or other/ statutory obligations which may apply, including identification verification prior to or during access to any SAP-owned or leased premises.

 

Although providing Personal Information during a visitor registration process is voluntary, without your Personal Information, SAP cannot provide you with access to SAP premises.

 

How long does SAP store my Personal Information?

 

SAP does only store your Personal Information for as long as it is required:

  • To fulfill SAP’s purposes as further described in this Privacy Statement unless you object to SAP’s use of your Personal Information for these purposes.

SAP may retain your Personal Information for additional periods if necessary for compliance with legal obligations to process your Personal Information or if the Personal Information is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Information until the end of the relevant retention period or until the claims in question have been settled. 

 

Who are the recipients of my Personal Information and where will it be processed?

 

Your Personal Information will be passed on to the following categories of third parties to process your Personal Information:

  • Companies within the SAP Group, available at this Link, as this is a global organization with global security obligations

  • Third-party service providers, including contracted security agencies that are contracted to provide security services at SAP

  • Law enforcement agencies, insurance companies etc. as appropriate in terms of any corporate criminal or other security investigations

As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of China or from a region with a legal restriction on international data transfers and will transfer your personal information to countries outside of China. SAP uses the EU standard contractual clauses to contractually require that your personal information receives a level of data protection consistent with China. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy@sap.com.

 

What are your data protection rights?

 

Right to access, correct and delete

You can request from SAP at any time, access to information about which Personal Information SAP processes about you and, if necessary, the correction or deletion of such Personal Information. Please note, however, that SAP can or will delete your Personal Information only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Information, you may not be able to continue to use any SAP service that requires SAP ’s use of your Personal Information.

 

Right to explain

You can request SAP to explain the Personal Information processing rules.

 

Right of portability

If you request SAP to transfer your Personal Information to certain designated Personal Information Handler, SAP will provide the channel of transfer provided that the conditions specified by the applicable laws and regulations are met.

 

Right to obtain a copy of Personal Information

You can request from SAP   a copy of the Personal Information you provided to SAP. In this case, please contact  SAP-Physical-Sec-Privacy@sap.com. and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Information, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.

 

Right to stop or restrict

You can request from SAP to stop or restrict your Personal Information from further processing in certain circumstances such as: (i) you state the Personal Information about you is incorrect, subject to the time SAP   requires to check the accuracy of the relevant Personal Information; (ii) there is no legal basis for SAP   to process your Personal Information and you demand SAP   to stop or restrict your Personal Information from further processing; or(iii) SAP   no longer requires your Personal Information, but you state you require SAP   to retain such information to claim or exercise legal rights or to defend against third party claims.

 

Right to object to automated decision-making

You can request not to be subject to a decision based solely on automated processing.

 

Right to revoke consent

Wherever SAP is processing your Personal Information based on your consent, you may at any time withdraw your consent by providing SAP with a respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Information subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Information for legal reasons your Personal Information will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Information by SAP up to the point in time of your withdrawal.

Furthermore, if your use of an SAP offering requires your prior consent, SAP will no longer be able to provide the relevant service (or services, if you revoke the consent for SAP   to use your profile under the SAP Identity Authentication Service for multiple SAP offerings), offer or event to you after your revocation.

 

Right to lodge a complaint

If you take the view that SAP is not processing your Personal Information in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with competent data protection authority.

 

Right to object

You can at any time object to SAP’s use of your Personal Information as set forth in this section by sending an email to SAP-Physical-Sec-Privacy@sap.com. In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise or defense of legal claims.  

In addition, SAP can use your Personal Information based on a legal obligation (Article 13(3) PIPL) to support the rightful and valid requests of public authorities for support in an investigation.

 

How will SAP verify requests to exercise data protection rights?

 

SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Information provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.  Visitor Registration and Identity information, by its nature can include Personal Information related to many individuals which would need to be removed or redacted before any request can be processed. As this process is extremely burdensome, SAP may consider such requests as excessive by default depending on the circumstances and nature of your request.

 

What are my rights to lodge a complaint?

 

If you take the view that SAP is not processing your Personal Information in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can lodge a complaint at any time with the relevant data protection authority.

 

Why does SAP need to use my Personal Information?

 

SAP can use your Personal Information for the following purposes:

  • to control access to SAP's premises;

  • to ensure adequate security for and at SAP's premises;

  • to ensure the safety of SAP employees and visitors to SAP's premises;

  • to prevent, deter, and if necessary, investigate unauthorized physical access, including unauthorized access to secure premises and protected rooms, IT infrastructure, or operational information;

  • to prevent sabotage, theft and material damage; and

  • support the rightful and valid requests of public authorities for support in an investigation.

You can object to SAP's use of your Personal Information at any time as set forth in this section by sending an email to SAP-Physical-Sec-Privacy@sap.com . In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP's compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise, or defense of legal claims.