Skip to content

Instantly share code, notes, and snippets.

@CLAassistant
Last active September 5, 2024 06:36
Show Gist options
  • Save CLAassistant/3a73e4cd729c9d0a6e30 to your computer and use it in GitHub Desktop.
Save CLAassistant/3a73e4cd729c9d0a6e30 to your computer and use it in GitHub Desktop.
Legal Terms

This Cookie Statement was update on 20.02.2023

Cookie Statement for cla-assistant.io

This Cookie Statement describes how SAP (hereinafter also “We”, “Our”) uses cookies and similar technologies to collect and store information when you visit cla-assistant.io. SAP’s Privacy Statement applies in addition to this Cookie Statement. SAP’s Privacy Statement informs you about the way SAP uses, stores and protects personal data collected. It also informs you of your data protection rights and how to exercise them. We recommend that you read SAP’s Privacy Statement here.

What are Cookies and similar technologies?

Cookies are small files placed on your device (computer, tablet or smartphone). When you access a website, a cookie is placed on your device and it will send information to the party that placed the cookie. There are other technologies at perform a similar function to cookies. These include inter alia web beacons, clear gifs, and social plug-ins. These are often used in conjunction with cookies to help a website owner understand its users better.

What are first party Cookies?

SAP’s websites contain first party Cookies. First party cookies are cookies that are specific to the website that created them. These cookies enable SAP to operate an efficient service and to track patterns of user behavior to SAP’s website.

What is a session and what is a persistent Cookie?

Our websites may place session and persistent cookies on your device. Whereas the difference between a first party and third-party cookie relates to the party controlling the initial placement of the cookie on your device, the difference between a session and a persistent cookie relates to the length of time the cookie lasts. Session cookies are cookies that typically last for as long as you are using your browser, or browser session. When you end your browser session, the cookie expires. Persistent cookies, as the name implies, are persistent and will last after you close your browser. This allows for quicker and often more convenient access to Our website.

What cookies are used on this SAP Web presence?

SAP wants you to be in a position to make an informed decision for or against the use of cookies which are not strictly necessary for technical features on cla-assistant.io. If you elect to reject cookies used for advertising, you will be shown advertising that is less targeted to your interests. This will still allow you to use all of the functionality of cla-assistant.io.

When tracking and evaluating the usage behavior of users of the Web Presence by means of cookies or similar technologies includes the processing of your personal data, SAP is conducting the processing based on the following legal permissions:

  • GDPR Article 6.I (a) if it is necessary that We ask you for your consent to process your personal data,
  • GDPR Article 6.I (b) if necessary to fulfill (pre-)contractual obligations with you,
  • GDPR Article 6.I (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage SAP’s business operation),
  • or equivalent legal permissions under other relevant national laws, when applicable. SAP differentiates between Required Cookies that are absolutely necessary to enable technical core functionalities, Functional Cookies that allow SAP to analyze the site usage, and Advertising Cookies that are used to serve ads relevant to your interests.

Required Cookies

Name Purpose Persistent Lifespan
connect.sid Store the session Id of the user yes 1 hour

Functional Cookies

None

Advertising Cookies

None

How can you manage and delete Cookies?

SAP provides you with the option to adjust your preferences for Functional and Advertising Cookies when such cookies are placed on your device. In such a case, you can access preferences at any time by clicking on the “Cookie Preferences” link in the footer of cla-assistant.io.

You can also block and delete cookies by changing your browser settings. To manage cookies using your browser settings, most browsers allow you to refuse or accept all cookies or only to accept certain types of cookies. The process for the management and deletion of cookies can be found in the help function integrated in your browser. If you wish to limit the use of cookies, you may not be able to use all the interactive functions.

This Privacy Statement was updated on 20.02.2023

SAP PRIVACY STATEMENT FOR CLA-ASSISTANT.IO

Protecting the individual's privacy is crucial to the future of business. We have created this Privacy Statement to demonstrate the firm commitment of SAP (hereinafter "We", "SAP", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how We handle information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”).

A. General information

I. Who do We mean when We say SAP in this Privacy Statement

The controller of cla-assistant.io is
SAP SE
Dietmar-Hopp-Allee 16
69190 Walldorf
Phone: +49 (0)6227 / 7-47474
Fax: +49 (0)6227 / 7-57575
https://sap.com

You can reach SAP Group’s data protection officer any time at privacy@sap.com.

II. For what purposes does SAP process your Personal Data?

To provide you with access to cla-assistant.io. We require your Personal Data to grant you access to cla-assistant.io, validate your (GitHub) identity and keep the information of a signed Contributor Agreement available to the project owners leveraging cla-assistant.io.

II. What categories of Personal Data does SAP process?

Contact Data

SAP processes the following categories of Personal Data as contact data:

  • Your GitHub identity
  • Your email address associated with your GitHub identity
  • Other information and personal data you enter into the free-text fields

Personal Data received by third parties, including publicly available sources

SAP generally aims to collect Personal Data directly from the data subjects. If you or applicable law allows SAP to do so, SAP may obtain Personal Data also from third party sources. These third- party sources may include:

  • third parties you directed to share your Personal Data with SAP

When We collect Personal Data from third party sources, established internal controls aim to ensure that the third-party source was permitted to provide this information to SAP and that We may use it for this purpose. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided the Personal Data to SAP or by applicable national law.

IV. From What Types of Third Parties does SAP obtain Personal Data?

In most cases, SAP collects Personal Data from you. SAP might also obtain Personal Data from a third party if the applicable national law allows SAP to do so. SAP will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided SAP with it or the applicable national law. These third-party sources include:

V. How long does SAP store your Personal Data?

SAP does only store your Personal Data for as long as it is required:

  • for the performance of showing your agreement to contribution agreement of a project on github.com.
  • to make cla-assistant.io available to you.

SAP may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by SAP to assert or defend itself against legal claims. SAP will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

VI. Who are the recipients of your Personal Data?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

  • companies within the SAP Group,
  • third party service providers; for e.g., for consulting or other services, the provision of the website, the fulfillment and provisioning of offers from SAP or newsletter dispatch.

VII. What are your data protection rights?

Right to access, correct and delete

You can request from SAP at any time access to information about which Personal Data SAP processes about you and, if necessary, the correction or deletion of such Personal Data. Please note, however, that SAP can or will delete your Personal Data only if there is no statutory obligation or prevailing right of SAP to retain it. If you request from SAP to delete your Personal Data, you may not be able to continue to use any SAP service that requires SAP’s use of your Personal Data.

Right to obtain a copy of Personal Data

If SAP uses your Personal Data based on your consent or to perform a contract with you, you can further request from SAP a copy of the Personal Data you provided to SAP. In this case, please contact cla_assistant@sap.com and specify the information or processing activities to which your request relates, the format in which you would like to receive the Personal Data, and whether it should be sent to you or another recipient. SAP will carefully consider your request and discuss with you how it can best be fulfilled.

Right to restrict

You can request from SAP to restrict your Personal Data from further processing in any of the following events:

  • you state the Personal Data about you is incorrect, subject to the time SAP requires to check the accuracy of the relevant Personal Data,
  • there is no legal basis for SAP to process your Personal Data and you demand SAP to restrict your Personal Data from further processing,
  • SAP no longer requires your Personal Data, but you state you require SAP to retain such data to claim or exercise legal rights or to defend against third party claims, or
  • in case you object to the processing of your Personal Data by SAP based on SAP’s legitimate interest (as further set out below), subject to the time required for SAP to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

Right to revoke consent

Wherever SAP is processing your Personal Data based on your consent, you may at any time withdraw your consent by unsubscribing or giving Us respective notice of withdrawal. In case of withdrawal, SAP will not process Personal Data subject to this consent any longer unless legally required to do so. In case SAP is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by SAP up to the point in time of your withdrawal.

Right to lodge a complaint

If you take the view that SAP is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country or state where SAP has its registered seat.

VIII. How can you exercise your data protection rights?

Please direct any requests to exercise your rights to cla_assistant@sap.com.

IX. How will SAP verify requests to exercise data protection rights?

SAP will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, SAP will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by SAP. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by SAP. SAP will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.

X. Can you use SAP’s services if you are a minor?

Children.

In general, cla-assistant.io is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you cannot register with and use cla-assistant.io.

B. Additional Country and Regional Specific Provisions

I. Where SAP is subject to privacy requirements in the EU/EEA or a country with national laws equivalent to the GDPR

Who is the relevant Data Protection authority?

You may find the contact details of your competent data protection supervisory authority here. SAP’s lead data protection supervisory authority is in Germany, the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg and can be reached at Lautenschlagerstraße 20, 70173 Stuttgart.

What are the legal permissions for SAP to process Personal Data?

SAP is processing your Personal Data for the business purposes set out above based on the following legal permissions: Where We refer to GDPR Article 6.I (f), consequently SAP’s legitimate business interest as Our legal permission to process your Personal Data, SAP is pursuing its legitimate business interests:

  • to efficiently manage and perform its business operations,
  • to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of Our employees, customers, partners, and shareholders,
  • to operate sustainable business relationships with SAP customers and partners including you (each of which as further set out below),
  • serve you with the best possible user experience when using cla-assistant.io,
  • comply with extraterritorial laws and regulations, or
  • assert or defend itself against legal claims.

We believe that Our interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain processing for such purpose. In any of these cases, We duly factor into Our balancing test:

  • the business purpose reasonably pursued by SAP in the given case,
  • the categories, amount and sensitivity of Personal Data that is necessarily being processed,
  • the level of protection of your Personal Data which is ensured by means of Our general data protection policies, guidelines, and processes, and
  • the rights you have in relation to the processing activity.

If you wish to obtain further information on this approach, please contact cla_assistant@sap.com.

To provide you with access to cla-assistant.io

When SAP grants you access to cla-assistant.io, validates your (GitHub) identity and keeps the information of a signed Contributor Agreement available to the project owners leveraging cla-assistant.io, SAP is processing your Personal Data on the basis of the following legal permissions:

  • GDPR Article 6.I (a) if your consent is required by law for SAP to process your data for this purpose,
  • GDPR Article 6.I (b) if necessary, to fulfill (pre- )contractual obligations with you,
  • GDPR Article 6.I (f) if necessary, to maintain Our business relationships, to efficiently manage and perform its business operations, to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of Our employees,
  • a legal permission under other national laws equivalent to any of the above, when applicable.

How does SAP justify international data transfers?

As a global group of companies, SAP has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). SAP may transfer your Personal Data to countries outside the EEA as part of SAP’s international business operations. If We transfer Personal Data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, SAP uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your Personal Data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to privacy@sap.com. You may also obtain more information from the European Commission on the international dimension of data protection here.

II. Where SAP is subject to privacy requirements in Colombia.

Colombia-Specific Provisions apply to citizens of the Republic of Colombia.

III. Where SAP is subject to the requirements of the Brazilian General Data Protection Law (“LGPD”)

SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to:
Paulo Nittolo Costa
Email: privacy@sap.com
Address: Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000

IV. Where SAP is subject to privacy requirements in the Philippines.

Where SAP is subject to certain privacy requirements in the Philippines, the following also applies: For individuals within the Philippines, you may exercise your rights as follows: You can call or write to SAP to submit a request at: cla_assistant@sap.com
Phone: +632-8705-2500
Address: SAP Philippines, Inc.
Attn: Data Protection Officer
27F Nac Tower, Taguig City 1632, Philippines
The following provisions apply to residents and citizens of the Philippines:

  • You may claim compensation as finally awarded by the National Privacy Commission or the courts if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, considering any violation of your rights and freedoms.
  • If you are the subject of a privacy violation or Personal Data breach, or are otherwise personally affected by a violation of the Data Privacy Act, you may file a complaint with the National Privacy Commission.
  • Your Transmissibility Rights. Your lawful heirs and assigns may invoke your rights at any time after your death or when you are incapacitated or incapable of exercising your rights.

VI. Where SAP is subject to privacy requirements in the United States of America.

Where SAP is subject to certain privacy requirements in the United States, the following also applies: U.S. Children’s Privacy. SAP does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe SAP collected information about a child, please contact SAP as described in this Privacy Statement. SAP will take steps to delete the information as soon as possible. Given that cla-assistant.io is not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, SAP does not sell the Personal Data of any minors under 16 years of age.

VII. Where SAP is subject to privacy requirements in the State of California, USA.

Where SAP is subject to certain privacy requirements in the United States in the State of California, the following also applies:

You have the right:

  • to request from SAP access to your Personal Data that SAP collects, uses, or discloses about you;
  • to request that SAP delete Personal Data about you;
  • to opt-out of the use or disclosure of your sensitive personal information;
  • to non-discriminatory treatment for exercise of any of your data protection rights; and
  • if you request access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance. In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), SAP does not sell or share your Personal Data. In the course of our business activities we may share Personal Data with third parties, or permit third parties to collect data across various SAP websites. Data Subject Access Requests: SAP receives Data Subject Access Requests from across the globe and works to ensure all valid requests where SAP is the Controller are responded to within the appropriate timeframe. In accordance with the verification process set forth in the CCPA, SAP will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If SAP must request additional information from you outside of information that is already maintained by SAP, SAP will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud- prevention purposes.

In addition to contacting SAP at cla_assistant@sap.com you may also exercise your rights as follows: You can call toll-free to submit a request using the numbers provided here. You can also designate an authorized agent to submit requests to exercise your data protection rights to SAP. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

VIII. Where SAP is subject to privacy requirements in Singapore.

Where SAP is subject to the requirements of the Singapore’s Personal Data Protection Act (“PDPA”), the following also applies: SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer may be addressed to: Subject: Data Protection Officer
Email: privacy@sap.com
Address: Mapletree Business City, 30 Pasir Panjang Rd, Singapore 117440
Contact: +65 6664 6868

@jiazhenjiang
Copy link

I agree

@function32
Copy link

I agree

@974650904
Copy link

我同意

@974650904
Copy link

I agree

@nightosong
Copy link

I agree

@aybanda
Copy link

aybanda commented Sep 5, 2024

I agree

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment