Skip to main content

CallidusCloud Privacy Policy

This Privacy Statement was updated on March 23, 2020.

Click here for a printable version of this Privacy Statement.

About us

Callidus Software Inc., together with its affiliates, subsidiaries, and parent company SAP (collectively, “SAP,” “CallidusCloud,” “SAP Group,” “we,” or “us”) provides cloud-based sales, marketing, learning, and customer experience solutions.

SAP is committed to protecting your privacy and the personal information collected and processed about you.

About this policy

This is the Privacy and Cookies Policy ("Policy") for the websites operated by or on behalf of SAP and hosted at pages on the following domains https://www.calliduscloud.com/; http://www.clicktools.com/; https://datahug.com/; www.litmos.com; www.bridgefront.com; www.learningseat.com.au; www.litmosheroes.com; www.viewcentral.com; litmos.com.au; learningseatlms.com; learningseat.com; www.orientdb.com; and www.orientdb.org (“CallidusCloud’s Websites”).

This Policy describes our general privacy policy and practices in relation to SAP’s services offered through the Site, or providing your personal information to us at our corporate events (collectively, the “Services”).


This Policy also describes how we collect information about you, what we do with that information, and also what controls you have over that information in relation to your use of our Site and Services.


By visiting and using CallidusCloud’s Websites, mobile site, and/or applications (together, the "Site") or using our Services, you acknowledge you have read and understood this Policy.


For the purposes of European Economic Area data protection law (the "Data Protection Law"), this Policy applies to the information collected by Callidus Software Inc., and any of its respective affiliate entities.


A. General information

Who is the Data Controller?

The data controller for the Site and Services is Callidus Software Inc., 2700 Camino Ramon #400, San Ramon, CA 94583 (“SAP”), and its data protection officer Mathias Cellarius can be reached at privacy@sap.com.

What “Personal Data” does SAP collect?

How we collect and store information depends on the Site you visit, the activities in which you participate, and the Services you use. You can use some of the Services without providing any information, although several categories of information are automatically collected from you when you use the Services via the Site.


When using the Services, we may collect and process the following information about you:


Information provided directly by you

  • Information (such as your name, company name, email address, postal address, telephone number and other contact details that you provide by completing forms on the Site or using the Service, including information about you if you register as a user of the Site or subscribe to a Service, information about you that you upload or submit to the Site or Service, or information you provide to us when requesting information or material from us;
  • Information and other details of any transactions made by you through the Site including but not limited to financial and billing information, including account numbers, billing name and address, birth year, credit card number, the total number of employees within the organization that will be using the Services and other financial-related information (“Billing Information”) provided by you when making transactions through the Site or when using our Services;
  • Information contained in communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Site (or its content) or the Services;
  • Questionnaires and surveys. We may invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you nonetheless enter Personal Data in a questionnaire or survey, we may use such Personal Data to improve its products and services
  • Information from any employment materials you send us, for example, a CV, resumé or other details of your employment history; or
  • Other additional information that you provide to us when attending our corporate events.


Information that we may collect from you when you use our Site
We may automatically collect certain information about the computer or other devices that you use to access the Site or use the Services, including mobile devices, through commonly-used information-gathering tools, such as cookies and web beacons (see our Cookies section below).


We may also collect information when you access the Site or use our Services such as: (i) location information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobile device(s) such as your Internet Protocol ("IP") address, browser types, browser language, operating system, the state or country from which you accessed the Services; and (ii) information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, and other similar information. If you do not want to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device; provided your device allows you to do this.


Creation of anonymized data sets. We may aggregate and/or de-identify information collected by the use of the Site or the Services so that the information is not intended to identify you. We may anonymize Personal Data provided under this Privacy Policy to create anonymized data sets, which will then be used to improve SAP and its affiliates’ products and services. This Policy does not restrict our use or disclosure of aggregated and/or de-identified information.


Information about you collected from third parties
We may process your personal information that we have either obtained from you, or obtained from somewhere else. Personal information which is not collected directly from you may be collected:

  • From your employer in connection with your job and how it relates to us.
  • If you use any Site operated by us.
  • From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

If you access the Site or use the Services through a third-party connection or log-in, you authorize SAP to collect, store, and use, in accordance with this Policy, any and all information available to SAP through the third-party interface.

Why SAP needs your Personal Data?

We will collect and use your information as described in this Policy and as permitted by applicable laws (including, if you are located in Australia, the Privacy Act 1988 and the Australian Privacy Principles), including in circumstances where it is necessary: (i) to provide or fulfil Services requested by or for you; (ii) for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract; (iii) for compliance with a legal obligation to which we are a subject; (iv) to pursue our legitimate interests; or (v) where you have given us your express consent.


We collect and use your information for the following purposes:

  • To perform the Services requested by you. For example, if you fill out a “Contact Me” web form, we will use the information provided to contact you about your interest in the Services. This data processing is necessary to provide or fulfil a service requested by or for you.
  • To plan and host events. For example, corporate events, host online forums and social networks in which event attendees may participate, and populate online profiles in relation to the Services. This data processing is necessary to provide or fulfil a service requested by or for you.
  • For marketing purposes. For example, we may use your information to further discuss your interest in the Services and to send you information regarding SAP and our group companies and our partners such as information about promotions, events, products or services. We will only send you marketing communications and updates about our products, services and events with your prior consent, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications. You can withdraw your consent at any time.
  • In order to keep you up-to-date/request feedback. Within an existing business relationship between you and us, we may inform you, where permitted in accordance with local laws, about its products or services (including webinars, seminars or events) which are similar or relate to such products and services you have already purchased or used from us. Furthermore, where you have attended a webinar, seminar or event of SAP or purchased products or services from us, we may contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product or service.

    You can object to further marketing at any time by checking and updating your contact details within your account, or/and selecting the “unsubscribe” link located on the bottom of SAP’s marketing emails. Additionally, you may send a request to privacy@sap.com.

    You have the right to contact us at any time to object to the further processing of your information for the purposes of direct marketing to you, including any profiling related to such marketing.
  • For financial and payment purposes. For example, for checking financial qualifications and collect payment from you, where applicable. This data processing is necessary to provide or fulfil a service requested by or for you.
  • For operating and improving SAP’s Site and your customer experience. For example, we may collect and analyze data on your use of our website and process it for the purpose of improving our online customer experience. Data collected could include data about your device, such as unique device identifiers, information about your mobile phone or other mobile device(s), browser types, browser language, operating system, and the state or country from which you accessed the Services. Data collected could also include information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks and domain names. This data allows us to understand our customers, their interaction with our website and improve our website to better serve our customers. We may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information. Data processing for analytical and operational improvement purposes is a legitimate business interest.
  • For security purposes. For example, we may use your data to protect SAP and its third parties against security breaches and to prevent fraud and violation of SAP’s applicable agreements. Data processing for security purposes is a legitimate business interest.
  • For hosting purposes. For example, if you are our customer, we may collect and host your data to provide Services to you. If your employer is our customer, we may process your data in accordance with providing Services to them. However, we will not review, share, distribute, or reference any such data except as provided in a services agreement between us and our customer, or as may be required by law. Data processing for the purpose of hosting our Services is a legitimate business interest.
  • For customizing the Services with location-based information, advertising, and features. For example, if location-tracking on your mobile device shows you are close to a SAP corporate event, we may reach out to you and let you know you should visit our nearby event. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. This data processing is necessary to provide or fulfil a service requested by or for you, and can be disabled by you. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
  • Protection of SAP and Others. For example, we may disclose your information to: (i) comply with legal obligations; (ii) enforce any agreements that you entered into with us; (iii) respond to claims that any content violates the rights of third parties; (iv) respond to your requests for customer service; and/or (v) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law. This is data processing for compliance with a legal obligation.
  • Business Transfers. For example, we reserve the right to disclose and transfer all of your information, to a successor (or potential successor) company in connection with a merger, acquisition, or sale of all, or components, of our business, or in connection with due diligence associated with any such transaction. Data processing for this purpose is a legitimate business interest.

From What Types of Third Parties does SAP obtain Personal Data?

In most cases SAP collects Personal Data from you. SAP might also obtain Personal Data from third parties, if the applicable national law allows SAP to do so. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided SAP with it or the applicable national law. These third-party sources include:

  • SAP and/or SAP Group’s business dealings with your employer
  • Third parties you directed to share your Personal Data with SAP


How long will SAP store my Personal Data?
SAP will only keep your information as long as it remains necessary for the identified purpose(s) for which it was originally collected and for up to eight (8) years afterwards or otherwise permitted by local laws, or as required for our business operations.


We may need to retain certain personal information even once a customer account has been closed or deleted to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping purposes. We may also retain a record of any stated objection by you to receiving our updates for the purpose of ensuring we can continue to respect your wishes and not contact you further. For example, if you request to stop receiving emails from us, we will retain your email address for use on an email “suppression list” to ensure you do not receive further emails, as requested.
All retained information will remain subject to the terms of this Policy. If you request that your name be removed from our databases, it may not be possible to completely delete all your information due to technological and legal constraints.
SAP will also retain your Personal Data for additional periods if applicable laws require it.

Who are the recipients of your Personal Data and where will it be processed?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

  • Companies within the SAP Group
  • Vicarious agents, e.g. third party servicers for consulting services and other additional related services
  • Other service providers, e.g. for the provision of the website or newsletter dispatch
  • State agencies and bodies, e.g. based on entry requirements or police activities and investigations
  • Our agents, partners or contractors who assist us in providing the Services we offer through our Site. The assistance provided by our agents, partners or contractors may be related to our marketing activities such as: updating marketing lists, data analytics, advertising, market research, participation in a contest or sweepstakes, and receiving and sending communications. Transactional assistance may also be provided by our agents, partners or contractors, including: processing transactions, fulfilling requests for information, billing, sales execution, and fulfilment of orders. Other support services provided may include: data storage, transfer, analysis and processing, legal services, providing IT, and in other tasks as requested, from time to time. Our agents, partners and contractors will only use your information to the extent necessary to perform their functions under this Policy and are subject to contractual restrictions prohibiting them from using your information for any other purpose.
  • From time to time, SAP may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from SAP, SAP may share information about you collected in connection with your purchase or expression of interest with our joint promotion partner(s). If you do not want your information to be shared in this manner, you may email privacy@sap.com. However, we do not control our business partners’ use of the information that we share with them about you that we collect, and their use of the information will be in accordance with their own privacy policies.
  • To protect SAP and others: We may disclose any of your information to: (i) comply with legal process; (ii) enforce any agreements that you entered into with us; (iii) respond to claims that any content violates the rights of third parties; (iv) respond to your requests for customer service; and/or (v) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law.
  • California Do Not Track Disclosure. We are committed to providing you with meaningful choices about the information collected on the Services that is shared with third parties, and that is why we provide the opt-out choices set forth in this Policy. However, we do not recognize or respond to browser-initiated Do Not Track (“DNT”) signals, in part because no common industry standard for DNT has been adopted by industry groups, technology companies, or regulators, nor is there a consistent standard of interpreting user intent. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments in these areas.


As part of a global group of companies operating internationally, SAP has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to privacy@sap.com. You can also obtain more information from the European Commission on the international dimension of data protection here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_fr

What are your data protection rights?

You can request from SAP: access at any time to information about which Personal Data SAP processes about you and the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data that you have provided to SAP. In this case, please contact privacy@sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive this information, and whether the Personal Data should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best fulfill it.

Furthermore, you can request from SAP that SAP restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data SAP has about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for SAP processing your Personal Data and you demand that SAP restricts your Personal Data from further processing, (iii) SAP no longer requires your Personal Data but you state that you require SAP to retain such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

For individuals within the State of California, you instead have the right:

  • to request from SAP access to your Personal Data that SAP collects, uses, discloses, or sells (if applicable) about you;
  • to request that SAP delete Personal Data about you;
  • to opt-out of the sale of Personal Data, if applicable;
  • to non-discriminatory treatment for exercise of any of your data protection rights
  • in case of request from SAP for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.

Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. Kindly note further that if you request that SAP deletes your Personal Data, you will not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

How can you exercise your data protection rights?

Please direct any requests to exercise your rights to privacy@sap.com or, if you are located in the State of California, you can also call toll-free using the numbers provided at https://www.sap.com/about/legal/impressum.html. You can also designate another person to submit requests to exercise your data protection rights to SAP. You can give authorization to such person by granting them a limited power of attorney to exercise your data protection rights on your behalf.

How will SAP verify requests to exercise data protection rights?

SAP will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by us.

In accordance with the verification process set forth in the California Consumer Privacy Act (“CCPA”), SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it for the purposes of verifying your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where SAP has its registered seat.

B. Processing based on a statutory permission

Why does SAP need to use my Personal Data and on what legal basis is SAP using it?

Processing to fulfill contractual obligation
SAP requires your Personal Data to deliver goods or services you order under a contract SAP has with you, to establish a contract for goods or services between you and SAP, and to send you invoices for ordered goods or services. SAP processes Personal Data to fulfill contractual obligations pursuant to Article 6(1), Subparagraph 1(b) GDPR. Additionally, SAP requires your Personal Data to provide you, at your request, with access to SAP events or SAP materials such as whitepapers.

Processing to ensure compliance

SAP and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that, pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, SAP is required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through SAP’s websites or other delivery channels controlled by SAP. This could include (i) automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information; (iii) blocking of access to SAP’s services and systems in case of a potential match; and (iv) contacting a user to confirm his or her identity in case of a potential match. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Article 6 para. 1 lit. c GDPR) and SAP‘s legitimate interest (Article 6 para. 1 lit. f GDPR).

Processing based on SAP’s legitimate interest
SAP can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR) as follows:

  • Fraud and Legal Claims. If required, SAP will use your Personal Data for the purposes of preventing or prosecuting criminal activities such as fraud and to assert or defend against legal claims.
  • Questionnaires and survey. SAP could invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any data that can be used to identify you. If you nonetheless enter such data in a questionnaire or survey, SAP will use this personal data to improve its products and services.
  • Contract Performance. If you purchase or intend to purchase goods or services from SAP on behalf of a corporate customer or otherwise be the nominated contact person for the business relationship between a corporate customer (a “Customer Contact”) and SAP, SAP will use your Personal Data for this purpose. This includes, for the avoidance of doubt, such steps which are required for establishing the relevant business relationship. In case that an existing Customer Contact informs SAP that you are his replacement, SAP will, from the point in time of such notification, consider you to be the relevant Customer Contact for the respective customer until you object as further set out below.
  • Creation of anonymized data sets. SAP will anonymize Personal Data provided under this Privacy Statement to create anonymized data sets, which will then be used to improve its and its affiliates’ products and services.
  • Personalized Newsletter. If you opt-in to receive marketing communications such as newsletters from SAP, SAP will collect and store details of how you interact with the newsletters to help create, develop, operate, deliver and improve our newsletter communications with you. This information is aggregated and used to help SAP provide more useful information and to understand what is of most interest.
  • Recordings for quality improvement purposes. In case of telephone calls or chat sessions, SAP will record such calls (after informing you accordingly during that call and before the recording starts) or chat sessions in order to improve the quality of SAP’s services.
  • To keep you up-to-date or request feedback. Within an existing business relationship between you and SAP, SAP might inform you, where permitted in accordance with local laws, about its products or services (including webinars, seminars or events) which are similar or relate to such products and services you have already purchased or used from SAP. Furthermore, where you have attended a webinar, seminar or event of SAP or purchased products or services from SAP, SAP might contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product or service.

You can at any time object to SAP’s use of your Personal Data as set forth in this section by sending an email to privacy@sap.com. In this case, SAP will carefully review your objection and cease further use of the relevant information, subject to SAP’s compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if SAP requires the information for the establishment, exercise or defense of legal claims.

Processing under applicable national laws

If the applicable national law allows SAP to do so, SAP will use information about you for a business purpose, some of which is Personal Data

  • to plan and host events
  • to host online forums or webinars
  • for marketing purposes such as to keep you updated on SAP’s latest products and services and upcoming events
  • to contact you to discuss further your interest in SAP services and offerings
  • to help SAP create, develop, operate, deliver and improve SAP services, products, content and advertising and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by SAP
  • to provide more personalized information to you
  • for loss prevention
  • for account and network security purposes
  • for internal purposes such as auditing, analysis, and research to improve SAP’s products or services
  • to verify your identity and determine appropriate services
  • to assert or defend against legal claims
  • detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • debugging to identify and repair errors that impair existing intended functionality
  • Short-term, transient use, provided the personal information is not disclosed to a third party and is not used to build a profile about you or otherwise alter your individual experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by SAP

California Consumers: In accordance with the disclosure requirements under the CCPA, SAP is exempt from providing a notice to opt-out because it does not and will not sell your Personal Data.

C. Processing based on consent

In the following cases, SAP will process your Personal Data if you granted prior consent to the specific proposed processing of your Personal Data (Article 6 para. 1 lit. a GDPR).

Children. The Site and Services are not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16, you cannot register with and use the Site or Services.

U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that the Site and Services are not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.

Marketing

SAP requires your Personal Data to inform you about SAP’s latest products, service offers and events. Any such use of information is based on the consent you grant hereunder.

News about SAP’s Products and Services. SAP will use your name, email and postal address, telephone number, job title and basic information about your employer (name, address, and industry) as well as an interaction profile based on prior interactions with SAP (prior purchases, participation in webinars, seminars or events or the use of (web) services in order to keep you up to date on the latest product announcements, software updates, software upgrades, special offers, and other information about SAP’s software and services (including marketing-related newsletters) as well as events of SAP and in order to display relevant content on SAP’s websites. In connection with these marketing-related activities, SAP will provide a hashed user ID to third party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram or Google) where this information is then matched against the social networks’ data or the web offerings’ own databases in order to display to you more relevant information.

Forwarding your Personal Data within the SAP Group. SAP will transfer your Personal Data to other affiliated companies within the SAP Group of undertakings for the purpose to inform you about their latest products, service offers and events in the same way SAP does under this Privacy Statement. In such cases, the SAP Group will use the Personal Data for the same purposes and under the same conditions as set forth in this Privacy Statement.

Forwarding your Personal Data to other third Parties. SAP will transfer your Personal Data to partners for the purpose that such partners inform you about SAP’s or the partners latest products, service offers and events. Any such use of information is based on the consent you grant.

Social media features

SAP offers social network functionality in various parts of our website and on apps. We give you the opportunity to share and recommend your content in social networks in our online offerings. If you visit our website and use the recommendation features, we pass on the URL to the social network you select where your Personal Data will be then used by the social network according to the social network’s own privacy statement. We recommend that you read the privacy statement of the respective social networks carefully.

Profiles

SAP offers you the option to use services, including to view tutorials or take trainings, that require you to register and allow you to create a user profile. User profiles provide the option to display personal information about you, including but not limited to your name, photo, address, email, telephone number, personal interests, skills, etc. Profile data is processed to personalize the interaction with other users to foster the quality of communication and collaboration via such services. Profile data might also be shared with other web offerings and services across the SAP Group, including Ariba, Concur, Hybris, etc. (SAP Cloud ID). The provision of any such information about you as well as the decision to share information with other services is at your free will and based on the consent that you grant.

SAP events

Event profiling. If you register for an event, seminar, or webinar of SAP, SAP shares basic registration information (your name, company, and email address) with other participants of the same event, seminar, or webinar for the purpose of communication and the exchange of ideas.

Tracking during an event. SAP requires your Personal Data, including any occasion where you allowed that your event badge was scanned, to evaluate behavioral aspects by means of tracking during SAP events. SAP might process tracking data in the context of SAP events for purposes of tracking attendance, determine the attendees’ interests in certain topics and identify drivers for the attendees’ satisfaction and dissatisfaction to optimize planning and investments for future events. Any such use of information is based on the consent you grant.

SAP does not share data about event attendees with business partners unless: (i) you specifically opt in to such sharing via an event registration form; or (ii) you attend an SAP event and have your attendee badge scanned by a business partner. If you do not want your information to be shared, you may email privacy@sap.com. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy policies.

Processing Special Categories of Personal Data. When you register for or request access to an event or seminar, SAP asks whether you require any accommodations because of your health or dietary restrictions. Any such use of information is based on the consent you grant. Kindly note that if you do not provide SAP with information regarding what accommodations you require, SAP will not be able to accommodate for it.

Photograph before or during the event. You will be asked to provide SAP with your current photograph via e-mail or SAP could ask to take a picture of you when you arrive at the event. By sending SAP your photograph or allowing a photo of you to be taken, you acknowledge that SAP will use your picture for the purposes described in this Privacy Statement.

Withdrawal of consent

You may withdraw your consent(s) for SAP to process your Personal Data as stated in this Privacy Statement at any time. Once you assert this right, SAP will not process your Personal Data any longer unless legally required to do so. However, any withdrawal has no effect on past processing by SAP up to the point in time of your withdrawal. Please direct any such request to privacy@sap.com.

D. How does SAP use cookies?

Our Site uses cookies and/or other similar technologies to enhance & customize your user experience. Cookies are small text files placed on your device that enable us to remember your device, and which can be used to manage a range of features and content as well as storing searches and presenting personalized content.
We use this information to ensure the proper functioning and security of our Site and Services and to optimize our Site or Services.


How do we collect cookies and other technologies

This section describes our practices with respect to how we use cookies. By using our Services with your browser set to accept cookies, you are consenting to our use of cookies in the manner described herein.
We may collect data about your use of the Services through the use of cookies, Internet server logs, tracking pixels (also called web beacons) and similar technologies. A cookie is a small text file that is placed on your computer or mobile device when you visit a website, that enables us to recognize your computer/device, store your preferences and settings, enhance your user experience by delivering content specific to your interests, perform searches and analytics, and assist with security administrative functions. An Internet server log is a file where website activity is stored. Server logs are used to track usage and provide security. A tracking pixel, which is also referred to as a web beacon or a clear GIF, is an electronic tag with a unique identifier that is embedded on webpages, in online advertisements and/or email. These pixels are designed to provide usage information, such as advertising impressions or clicks, measure popularity of the Services and associated advertising, and access user cookies.

What types of cookies do we use?

Third party cookies
We use third parties to assist us in advertising, tracking aggregated and/or de-identified site usage statistics, and providing content-sharing services to support the Services. These third parties may also use cookies and similar technologies to collect similar information about your use of the Services. For instance, the cookies may reflect de-identified data linked to or derived from data you voluntarily have submitted to us, e.g., a hashed version of your email address, which we may share with service providers, solely in non-human readable form. We do not control these third-party technologies, and their use is governed by those parties’ privacy policies.
We also allow other third parties (e.g., ad networks and ad servers) to serve tailored ads to you on the Services, and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Site or use the Services.

Session and persistent cookies
We use both session cookies and persistent cookies. A session cookie is used to identify a particular visit to our site. These cookies expire after a short time, or when you close your web browser after using our Services. We use these cookies to identify you during a single browsing session. A persistent cookie will remain on your devices for a set period of time specified in the cookie. We use these cookies where we need to identify you over a longer period of time. For example, we would use a persistent cookie if you asked that we keep you signed in. Another type of cookies is Flash cookies, which are stored with your Adobe Flash Player files and help in the viewing of content that uses the Adobe Flash player.


We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use

Why does SAP use cookies and similar technologies? SAP uses cookies and similar technologies for the following purposes:

  • Authentication and Security: To log you into the Services; to protect your security; and to help us detect and fight spam, abuse, and other activities that violate SAP’s Website Terms and Conditions. For example, these technologies help authenticate your access to the Services and prevent unauthorized parties from accessing your account. They also let us show you appropriate content through the Services.
  • Preferences: To remember information about your browser and your preferences; and to remember your settings and other choices you have made.
  • Analytics and Research: To help us better understand how people use our Services, we work with a number of analytics partners, including Google Analytics; and to help us improve and understand how people use the Services. For example, cookies help us test different versions of our Services to see which particular features or content users prefer. We may include web beacons in e-mail messages or newsletters to determine whether the message has been opened and for other analytics. We might also optimize and improve your experience using the Services by using cookies to see how you interact with the Services, such as when and how often you use them and what links you click on. To find out more about how Google uses data when you visit a website that uses Google Analytics, please visit https://www.google.com/policies/privacy/partners/.
  • Personalized Content: To customize the Services with more relevant content.
  • Advertising: To provide you with more relevant advertising. As explained below, third parties whose products or services are accessible or advertised via the Services may use cookies to collect information about your activities on the Services, other sites, and/or the ads you have clicked on. This information may be used by them to serve ads that they believe are most likely to be of interest to you and measure the effectiveness of their ads. Targeting and advertising cookies on the Services may include Google and other advertising networks and services we use from time to time.

    For more information about targeting and advertising cookies and how you can opt out, you can visit http://youronlinechoices.eu or www.allaboutcookies.org/manage-cookies/index.html. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will not be tailored to your interests.


Where are cookies and similar technologies used? We use these technologies on the Services, including our Site. We do not release the information collected from our own cookies to any third parties, other than to our service providers who assist us in providing the Services and only in accordance with this Policy.


What are my privacy options? You have a number of options to control or limit how we and our partners use cookies. Most browsers automatically accept cookies, but you can modify your browser setting to limit or decline cookies by visiting your browser’s help page. The browser manufacturers, not SAP, control these settings. You can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). You can also manage the use of Flash technologies, including Flash cookies, with the Flash management tools available at Adobe’s website. If you choose to decline cookies, please note that you may not be able to sign in, customize, or use some features of the Services. For general information about cookies and how to disable them, please visit www.allaboutcookies.org.
We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Services by non-affiliated, third-party ad technology, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of ad targeting as described below.
You may receive tailored advertising on your computer or mobile device through a web browser. If you are interested in more information about tailored browser advertising and how you can generally control cookies, you may visit the Network Advertising Initiative’s Consumer Opt-Out Link: http://optout.networkadvertising.org/, the Digital Advertising Alliance’s Consumer Opt-Out Link: http://optout.aboutads.info/, or the European Interactive Digital Advertising Alliance, “Your Online Choices”: http://www.youronlinechoices.eu/ page to opt out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings: https://www.google.com/settings/ads page. Please note that, to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.


Your Rights:
This section provides details about your rights in relation to your personal information.
You may ask us to:

  • Access all the personal information about you held by us, including where applicable, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. On request, we will provide you with a copy of this information. Where a request is manifestly unfounded or excessive (for example, because it is repetitive) we reserve the right to charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested. You can exercise your right of access to your personal information:
    • By emailing us at privacy@sap.com; or
    • By writing to us at the address below.

Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.

  • Correct or erase your personal information where appropriate. Please note, you may review and update certain user profile information by logging in, as applicable, to the relevant portions of the Services where such information may be updated;
  • Restrict the processing of your personal information whilst we investigate your concern;
  • Where your processing is based on your consent, you have a right to receive your information in a commonly used electronic format or ask we move the data in that format to another provider where your request relates to the data that you gave us direct and where technically possible (data portability);
  • Object to the further processing of your personal data, including the right to object to marketing;
  • Request that your provided personal data be moved to a third party;
  • You may opt out at any time from allowing further access by us to your location data by exiting the site. You can also stop all information collection by un-installing the applicable app. You may use the standard un-install processes as may be available for your mobile device.; and
  • Withdraw your consent at any time when the processing relies upon consent. You can also change your marketing preferences at any time;


If you remain unhappy with a response you receive you can also refer the matter to your data protection supervisory authority (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm) or, if you are located in Australia, to the Office of the Australian Information Commissioner


Changes to this Policy
SAP reserves the right to change this Policy from time to time. Please check this page periodically for changes. If we make any material changes to this Policy we will notify you before they take effect either through the Site or by sending you a notification. Any such material changes will only apply to personal information collected after the revised Policy took effect.

Contact us
Have additional privacy questions or need further info? This section is about how to contact us.
If you have any questions, comments, or concerns regarding this Policy or SAP’s privacy practices, they may be submitted via email to privacy@sap.com, or in writing by addressing your inquiries to:
Callidus Software Inc.
2700 Camino Ramon, # 400
San Ramon, CA 94583
Attn: Legal

Transfer of information to the United States: Privacy Shield
CallidusCloud has self-certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union regarding the collection, use, and retention of personal information transferred from the European Union to the United States. For more information on the EU–U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at please visit https://www.privacyshield.gov/

Adhesion to the Privacy Shield Framework
CallidusCloud has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. We comply with the EU-U.S Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, respectively.
If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/ .


Accountability for onward transfers
We are responsible and remain liable for the processing of personal information we receive, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Right of access
You have a legal right to request the personal information about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend or delete such personal information where it is inaccurate or has been processed in violation of data protection laws and Privacy Shield Principles.

Resolution of Privacy Shield queries and complaint mechanism
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. If you have any inquiries or complaints regarding our Privacy Shield policy you should first contact us at SAP.CX.Legal-Privacy@sap.com.
We have further committed to refer unresolved Privacy Shield complaints to JAMS. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield to file a complaint . The services of JAMS are provided at no cost to you. As further explained in the Privacy Shield Principles, a binding arbitration option may also be made available to you in order to address residual complaints not resolved by any other means.

Enforcement
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to share your personal information, including the disclosure of EU personal information, to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.

Entities Covered
The following dissolved or canceled Callidus Software Inc. subsidiaries are also subject to Privacy Shield adherence: BridgeFront LLC; ClickTools, Inc.; Litmos LLC; and RevSym, Inc. SAP continues to apply the Privacy Shield principles to any personal information received by such covered entities while participating in the Privacy Shield.