Cookie Statement
This Cookie Statement was updated on September 18, 2024.
This Cookie Statement describes how SAP (hereinafter also “We”, “Our”) uses cookies and similar technologies to collect and store information when you visit SAP.com. SAP’s Privacy Statement applies in addition to this Cookie Statement. SAP’s Privacy Statement informs you about the way SAP uses, stores and protects personal data collected. It also informs you of your data protection rights and how to exercise them. We recommend that you read SAP’s Privacy Statement.
What are cookies and similar technologies?
Cookies are small files placed on your device (computer, tablet or smartphone). When you access a website, a cookie is placed on your device, and it will send information to the party that placed the cookie.
There are other technologies that perform a similar function to cookies. These include inter alia web beacons, clear gifs, and social plug-ins. These are often used in conjunction with cookies to help a website owner understand its users better.
What are first-party cookies?
SAP’s websites contain first-party cookies. First-party cookies are cookies that are specific to the website that created them. These cookies enable SAP to operate an efficient service and to track patterns of user behavior to SAP’s website.
What are third-party cookies?
The difference between a first-party cookie and a third-party cookie relates to who places the cookie on your device. SAP sometimes allows third parties to place cookies on your device. Third-party cookies are placed on your device by a third party (i.e., not by SAP). While SAP allows third parties to access SAP’s website to place a third-party cookie on your device, SAP does not retain control over the information supplied by the cookies, nor does SAP retain access to this information. This information is controlled wholly by that third party according to the respective privacy policy of the third party. For more information about these cookies, please click the “Cookie Preferences” link in the footer of the webpage.
Analytics and Digital Marketing in the United States of America
In the United States, SAP routinely works with third party analytics and digital marketing providers who facilitate and support SAP (and partner) marketing activities including targeted communications. These activities may involve the sharing of limited Personal Information (personal identifiers and contact information, your interests and interactions with SAP, professional/employment information) for those specific business purposes. In addition to the above, SAP may also share your personal data with other third parties, or for other business purposes, with your explicit consent.
SAP endeavors to recognize common opt-out preference signals at a browser level, and frictionlessly exclude you from marketing cookies and associated tracking.
What cookies are used?
SAP wants you to be in a position to make an informed decision for or against the use of cookies which are not strictly necessary for technical features on SAP.com. If you elect to reject cookies used for advertising, you will be shown advertising that is less targeted to your interests. This will still allow you to use all of the functionality of SAP.com.
When tracking and evaluating the usage behavior of users of the Web Presence by means of cookies or similar technologies including the processing of your personal data, SAP conducts the processing based on the following legal permissions:
GDPR Article 6.I (a) if it is necessary that we ask you for your consent to process your personal data,
GDPR Article 6.I (b) if necessary to fulfill (pre-)contractual obligations with you,
GDPR Article 6.I (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage SAP’s business operation),
or equivalent legal permissions under other relevant national laws, when applicable.
SAP differentiates between required cookies that are absolutely necessary to enable technical core functionalities, functional cookies that allow SAP to analyze the site usage, and advertising cookies that are used to serve ads relevant to your interests.
How can you manage and delete cookies?
SAP provides you with the option to adjust your preferences for functional and advertising cookies when such cookies are placed on your device. In such a case, you can access preferences at any time by clicking on the “Cookie Preferences” link in the footer of the web page.
You can also block and delete cookies by changing your browser settings. To manage cookies using your browser settings, most browsers allow you to refuse or accept all cookies or only to accept certain types of cookies. The process for the management and deletion of cookies can be found in the help function integrated in your browser.
If you wish to limit the use of cookies, you may not be able to use all the interactive functions.
What are social media plug-ins?
A social media plug-in embedded on a website allows you to share content on a third-party social media provider’s website. You can recognize social plug-ins as buttons displayed on website pages that feature the logo of the social media provider; e.g., for the Facebook page plug-in, you can recognize the button by a white “f” on a black background.
SAP does not have influence or control over the processing of personal data on the social media provider’s website, and the social plug-in remains active until you deactivate it or delete your cookies. Please refer to the privacy and cookie statement or policy of the respective social media provider for more information about the social media provider’s data protection and privacy policies.
On which legal basis does SAP make social plug-ins available?
SAP uses social plug-ins on its websites on the basis of its legitimate interest to make SAP visible on social media pursuant to Article 6 (1) lit. f GDPR or the applicable national law.
How do social plug-ins on SAP websites work?
If you see one of the social plug-ins and you want to use one of these social media plug-ins, click on the respective social plug-in to establish a direct connection to the server of the respective social media provider and you will be redirected to that social media provider's website.
If you have a user account on the social media provider and are logged in at the time you activate the social plug-in, the social media provider can associate your visit to SAP’s websites with your user account. In this situation, data transmissions can also take place that are initiated and controlled by the respective social media provider. Your connection to a social media provider, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy and cookie statement or policy of that social media provider. Personal data may also reach providers in countries outside the European Economic Area that may not guarantee an “adequate level of protection” for the processing of personal data in accordance with EU standards. If you do not want to share any data with the social media provider in connection with an SAP website, do not click on the social media plug-in on SAP’s website.
What are Media Plug-ins?
A media plug-in embedded on a website allows you to watch remote content from a third-party media provider’s website. You can recognize media plug-ins as views displayed on website pages; e.g., for YouTube, you can recognize the media plug-in by a video showing the play button.
How do media plug-ins on SAP websites work?
If you want to access the content from one of these media plug-ins, click on the play symbol within the media plug-in to establish a direct connection to the server of the respective media provider. The stream of the media will be redirected from the media provider to your browser.
If you have a user account on the media provider and are logged in at the time you activate the media plug-in, the media provider can associate your visit to SAP’s websites with your user account. In this situation, data transmissions can also take place that are initiated and controlled by the respective media provider. Your connection to a media provider, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy and cookie statement or policy of that media provider. Personal Data may also reach providers in countries outside the European Economic Area that may not guarantee an "adequate level of protection" for the processing of Personal Data in accordance with EU standards. If you do not want to share any data with the media provider in connection with SAP’s website, do not click on the media plug-in on SAP’s website.
On which legal basis does SAP make media plug-ins available?
SAP uses media plug-ins on its websites on the basis of its legitimate interest to make remote content visible to the user according to Article 6 (1) lit. f GDPR or the applicable national law.
Use of YouTube Video:
This website contains a plugin from YouTube, belonging to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US). We use the YouTube No-Cookies function, i.e. we have activated extended data protection, so videos are not accessed via youtube.com, but via youtube-nocookie.com, which, according to the provider, only starts storing user information when the video is played. As soon as you start playing an embedded video by clicking on it, the IP address of the web site you have visited is communicated. However, this information cannot be assigned to you if you are not permanently logged in to YouTube or another Google service when you call up the page. SAP does not have influence or control over the processing of personal data on the media provider’s website, and the media plug-in remains active until you deactivate it or delete your cookies.
What web beacons are used and how can you manage them?
When SAP sends you newsletters or other e-mail communication, SAP uses web beacons (a small .gif image) to determine a user's ability to receive e-mail in an HTML format. A web beacon is activated when an HTML e-mail is opened. This capability enables SAP to track the aggregate number of e-mails opened and which individual interacted with the provided content.
The web beacon does not collect any Personal Data.
Each browser provides users or their admins with functionality in their respective technical settings that can be used to prevent the automated download of images, pixels, beacons or other tracking technologies. If you wish to prevent your browser from communicating directly with the sender of an e-mail, you can set your browser to do so.
What cookies are on SAP.com?
Required Cookies
| Name | Purpose | LifeSpan |
| __HOST-IDP_J_COOKIE | Used to facilitate account authentication | Session |
| __HOST-XSRF_COOKIE | Used to facilitate account authentication | Session |
| __ss <ID> (__ssuzjsr2) | Set to shield the website from harmful spam attacks by identifying bots | 6 months |
| __uzm <ID> (__uzmbj2) | Set to shield the website from harmful spam attacks by identifying bots | 6 months |
| _GRECAPTCHA | Google ReCaptcha uses this cookie to shield the website from harmful spam attacks by identifying bots | 6 month |
| _mkto_trk | Set to link a visitor to the recipient of an email marketing campaign, to measure campaign effectiveness | 1 year 1 month 4 days |
| _px3 | Set to protect the site from bot attacks | 6 minutes |
| _pxvid | Set to protect the site from bot attacks | 1 year |
| <pathname> + 'auth' | Holds the count of authentication attempts made for security purposes | Session |
| ak_bmsc | A cache is used by the website to optimize the response time between the visitor and the website | 2 hours |
| allowed_cmp | Enables access to exclusive content without requiring repeat registration | Session |
| analytics_url_id | Records the campaign codes present in some of our webpage links you browse | Session |
| assetCheck | Enables access to exclusive content without requiring repeat registration | Session |
| bfs_ra | Serves as a marker that detects when a user has completed data enrichment flow and facilitates access to exclusive content without requiring further form fill-outs | Session |
| bm_mi | This cookie is leveraged by the system to recognize bots, ensuring a secure and efficient user experience | 2 hours |
| bm_sv | Cookie used by Akamai Botman Manager to help differentiate between web requests generated by humans and web requests generated by bots or other automated processes | 100 Days |
| BIGipServer<pool_name> | Contains the encoded IP address and port of the destination BIG-IP server | 30 min |
| botinfo_sap | Used by the system to recognize bots, ensuring a secure and efficient user experience | Session |
| CAMPAIGN_SOURCE | Captures a marketing channel code from the URL that led to our website | Session |
| campaigncode | Captures a campaign code from the URL of the marketing campaign that led to website. | Session |
| CampaignLandingPage | Records the URL of the page that directed you to website through a marketing campaign link | Session |
| cmapi_cookie_privacy | TrustArc sets this cookie to manage the display of the cookie consent pop-up and to retain the selected settings | 13 months |
| cmapi_gtm_bl | TrustArc sets this cookie to manage the display of the cookie consent pop-up and to retain the selected settings | 13 months |
| CodeTrackingCookie | Records the campaign codes present in webpage links you browse | Session |
| compatibilityPopup | Functions to prevent the recurring presentation of a browser incompatibility popup notification | 30 days |
| country | Stores the user's geographical location, determined by IP address recognition | Session |
| countryCode | Retains the country code, chosen during the user's initial visit, to ensure that a user continues browsing the appropriate local site | 30 days |
| crm_code | Preserves a specific campaign code within the gating process to ensure that user interactions with the asset are accurately attributed to the corresponding campaign in SAP marketing systems | Session |
| current_cc365_tenant | Maintain authentication-related data between website and chat platform | Session |
| dtCookie | Monitor application performance and identify errors | Session |
| dtPC | Monitor application performance and identify errors | Session |
| dtSa | Record user actions like clicking on the Login button across various pages | Session |
| event1<Form Type> (event1ContactUs) | Prevents duplicate form view counts in Adobe Analytics | Session |
| fsc | Used in the guest newsletter subscription flow to prevent problems if a user opens the guest verification link repeatedly | 5 min |
| gated-asset-id | Retains the identification of the requested premium asset, ensuring users within the gating process receive their requested asset upon completion | Session |
| gatingFlow | Retains the identification of the requested premium asset, ensuring users within the gating process receive their requested asset upon completion | Session |
| IDP_SESSION | A digital identifier to facilitate Single Sign-On (SSO) | Session |
| IDP_SESSION | A digital identifier to facilitate Single Sign-On (SSO) | Session |
| IDP_USER | Facilitates account authentication | Session |
| ids-access | A secure, encrypted access token for SAP Identity Service authentication | 3 min |
| ids-refresh | A secure, encrypted token utilized to consistently refresh the SAP Identity Service authentication session. | Session |
| JSESSIONID | Facilitates account authentication | Session |
| localeCode | Retains the site locale, chosen during the user's initial visit, to ensure that a user continues browsing the appropriate local site | 30 days |
| lr | Preserves the destination URL to which a user should be directed post-login | 5 min |
| ngds_opt_out | Denotes the user's decision to decline the use of the Next Generation Data Service. | Session |
| notice_behavior | TrustArc sets this cookie to store the cookie preferences of visitors | Session |
| notice_gdpr_prefs | TrustArc sets this cookie to capture the chosen cookie categories | 13 months |
| notice_preferences | TrustArc sets this cookie to manage the display of the cookie consent pop-up and retains the selected settings | 13 months |
| pAccess | Facilitates authentication for accessing the exclusive resources available in the Engage section of the website. | Session |
| pxcts | Set to shield the website from harmful spam attacks by identifying bots | Session |
| QSI_HistorySession | Qualtrics sets to record the pages a visitor views during their current session | Session |
| redirectToAssetFromTYP | This cookie enables access to exclusive content without requiring repeat registration | Session |
| renderid | Helps to evenly distribute server load by recording information about the server you interacted with | Session |
| restrictedAssetsViewed | Carries a record of exclusive assets viewed by a user | Session |
| RF.REG.prd.SESSION | Used to streamline registrations for SAP online conferences | Session |
| RT | Contains various pieces of information about the user’s session to collect performance timers such as network bandwidth and page load times | 7 days |
| rxVisitor | Dynatrace uses this cookie to record the visitor ID for the returning visitors | Session |
| rxvt | Dynatrace uses this cookie to specify the session timeout | Session |
| SAP.TEXTONLY | Allows the website to maintain your preference for a "Text-only" view | Session |
| sc_add_event | Retains items added to your shopping cart in the SAP Store for a seamless checkout process | 365 days |
| smc_campaign_id | Captures a campaign code from the URL of the marketing campaign that led to website. | Session |
| TAsessionID | Retains a TrustArc session ID to collect and record cookie consent decisions | 30 min |
| theme | Retains the selected site color theme | Infinite |
| uid_login | A marker used to identify if a user has logged in Universal ID | 28 days |
| uid-access | A secure, encrypted access token for Universal ID authentication | 3 min |
| uid-refresh | A secure, encrypted token utilized to consistently refresh the Universal ID authentication session | Session |
| url_id | Records the campaign codes present in webpage links you traverse | Session |
| useractivated | Identifies newly activated accounts, differentiating them from regular log-ins to pre-existing accounts | Session |
| user-in-gating-flow | A marker used to verify if a user is in the gating flow, ensuring appropriate functionality during redirections. | Session |
| view_cmp_typ | Informs certain pages about assets a user is viewing. | Session |
| WCP_<formName> | Identifies if a user has previously completed a form to prevent repetitive prompts for form submission when accessing a gated campaign thank you page. | 45 days |
Functional Cookies
| Name | Purpose | LifeSpan |
| _an_uid | 6sense uses this cookie for collecting information on users' visits such as the total number of visits, average time spent on the website, and pages loaded | 7 days |
| _ga | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors | 1 year 1 month 4 days |
| _gat | Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites | 1 min |
| _gcl_au | Google Tag Manager uses the cookie to store ad click information, enabling conversion tracking beyond the landing page | 3 month |
| _gd* | Google sets this cookie to allow the use of Google Analytics service for anonymous visitor tracking on the website | Session |
| _gd_session | 6sense uses this cookie for collecting information on users' visits such as the total number of visits, average time spent on the website, and pages loaded | 4 hours |
| _gd_visitor | 6sense uses this cookie for collecting information on the user's visit such as the number of visits, average time spent on the website, and the pages loaded for displaying targeted ads | 1 year 1 month 4 days |
| _gid | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously | 1 day |
| AMCV_<id> | Adobe Experience Cloud uses this cookie to retain the Experience Cloud visitor ID, also known as MID | Session |
| AMCVS_<id> | Adobe Experience Cloud uses this cookie as a flag indicating that the session has been initialized. Its value is always 1 and discontinues when the session has ended | Session |
| at_check | Adobe Audience Manager sets this temporary cookie to check if the cookie read/write capability is enabled on the browser | Session |
| client | The SAP Next Generation Data Service uses this cookie to capture the visitor's ID for building a personalized browsing experience | 2 years |
| CurrentPTTID | Provides insights to users' current site activity | 90 days |
| demdex | Adobe Audience Manager is a data management platform that helps build audience profiles so you can identify your valuable segments and use them across any digital channel | 179 days |
| dextp | Adobe Audience Manager is a data management platform that helps build audience profiles so you can identify your valuable segments and use them across any digital channel | 179 days |
| dpm | Adobe Audience Manager is a data management platform that helps build audience profiles so you can identify your valuable segments and use them across any digital channel | 179 days |
| LeadID | Encrypted value pertaining to a user's ID | 180 days |
| mbox | Adobe Target sets this cookie to retain anonymous identifiers about the visitor for a personalized experience | 30 min |
| pi | Bombora Visitor Insights tag provides visibility into the companies visiting SAP website. Bombora matches the IP addresses of the companies that visit SAP website with their database of B2B companies and provides reporting and targeting capabilities | 364 days |
| PreviousPTTID | For a return user, connects current user activity to a previous user activities | 90 days |
| s_cc | Verifies whether cookies are activated on your device | Session |
| s_ecid | Contains a copy of the Adobe Experience Cloud ID | 1 year 1 month 4 days |
| s_pers | Adobe Analytics uses this cookie to retain ongoing analytic data. | 1 year 1 month 4 days |
| s_plt | Set to track the time that the previous page took to load | Session |
| s_pltp | Provides page name value (URL) for use by Adobe Analytics | Session |
| s_sess | Adobe Analytics uses this cookie to retain temporary analytic data | Session |
| SAP.TTC | Calculates the duration of the user's journey | 90 days |
| session | The SAP Next Generation Data Service uses this cookie to capture the session ID for building a personalized browsing experience | Session |
| TEST_AMCV_COOKIE | Temporary cookie to check if the cookie read/write capability is enabled on the browser | 1 year 1 month 4 days |
| TEST_AMCV_COOKIE_WRITE | Temporary cookie to check if the cookie read/write capability is enabled on the browser | Session |
| tp | Bombora Visitor Insights tag provides visibility into the companies visiting SAP website. Bombora matches the IP addresses of the companies that visit SAP website with their database of B2B companies and provides reporting and targeting capabilities. | 13 days |
| u | Bombora Visitor Insights tag provides visibility into the companies visiting SAP website. Bombora matches the IP addresses of the companies that visit SAP website with their database of B2B companies and provides reporting and targeting capabilities | 0 days |
Advertising Cookies
| Name | Purpose | LifeSpan |
| _fbp | Meta uses to track visitors across websites and collect information to provide customized ads | 3 months |
| AnalyticsSyncHistory | The LinkedIn Insight Tag used to track conversions, retarget website visitors, and view Audience Insights on LinkedIn members who visit your website | 29 days |
| ar_debug | Enable/disable attribution report debugging | 30 Days |
| bcookie | Microsoft MSN cookie sharing the content of the website via social media | 1 Day |
| bscookie | The LinkedIn Insight Tag used to track conversions, retarget website visitors, and view Audience Insights on LinkedIn members who visit your website | 364 days |
| external_referer | Twitter installs this cookie to personalize its content and enable additional features | Session |
| fr | Facebook tag records what customers do on your website and sends that information to Meta Ads Manager which is used to track conversions and/or do remarketing. | 89 days |
| IDE | Google tags are used to track website actions and events which are used across Google Marketing Platform for advertising purposes (targeting, measurement, and reporting) | 729 days |
| li_sugr | Used to make a probabilistic match of a user's identity | 90 Days |
| lidc | The LinkedIn Insight Tag used to track conversions, retarget website visitors, and view Audience Insights on LinkedIn members who visit your website | 0 days |
| mako_uid | Collects data on user visits to the website, such as what pages have been accessed. The registered data is used to categorize the user’s interest and demographic profiles in terms of resales for targeted marketing | 365 Days |
| MR | The Microsoft Advertising tag records what customers do on your website and sends that information to Microsoft Advertising. It is used to track conversions and/or do remarketing | 6 days |
| muc_ads | Collects data on how you interact with the website to make ads more relevant | 2 Years |
| MUID | Microsoft uses to record what you do on website and sends that information to Microsoft Advertising. It is used to track conversions and/or do remarketing | 389 days |
| personalization_id | Allows the visitor to share content from the website on his/her Twitter profile | 2 Years |
| receive-cookie-deprecation | Part of a Google Chrome experiment to identify if a user's browser is in specific test groups within Chrome’s Privacy Sandbox initiative. Websites must opt-in to use it. The cookie tracks group participation (e.g., "example_label_1") and it will be discontinued after the experiment. | Persistent |
| TDCPM | The Trade Desk tag collects and processes pseudonymous data about website visitors. Collected data is sent back to The Trade Desk platform for targeting, tracking conversions, and reporting | 364 days |
| TDID | The Trade Desk tag collects and processes pseudonymous data about website visitors. Collected data is sent back to The Trade Desk platform for targeting, tracking conversions, and reporting | 364 days |
| test_cookie | Google tags are used to track website actions and events which are used across Google Marketing Platform for advertising purposes (targeting, measurement, and reporting) | Session |
| UserMatchHistory | The LinkedIn Insight Tag provides the ability to track conversions, retarget website visitors, and view Audience Insights on LinkedIn members who visit your website | 29 days |
| uuid2 | Contains a unique, randomly-generated value that enables the Platform to distinguish browsers and devices | 90 Days |
| XANDR_PANID | Used to store a unique randomly-generated value that enables the Platform to distinguish browsers and devices. | Persistent |