Build and transform technology landscapes to support evolving business strategies and operationalize innovation.
Learn moreMaximize market potential through a partner program offering LeanIX solutions tailored to your business model.
Learn moreThis Privacy Statement was updated on April 23. 2024.
We have created this Privacy Statement to demonstrate the firm commitment of LeanIX (hereinafter "We", "LeanIX", "Us" or "Our") to the individual`s right to data protection and privacy. It outlines how LeanIX processes information that can be used to directly or indirectly identify an individual (hereinafter “Personal Data”). Processing in the context of this Privacy Statement means any collection, use, transmission, disclosure, erasure or any other similar operation based on Personal Data (hereinafter “Processing” or “Process”).
LeanIX is processing information including Personal Data about the users of www.leanix.net (and relevant subdomains) using cookies or similar technologies for the purposes set out in the Cookie Statement.
You will find further information and have the option to exercise your cookie preferences under the following link:
Who is the responsible entity?
The controller of this website is LeanIX GmbH, Friedrich-Ebert-Allee 37-39, 53113 Bonn, Germany, a fully owned subsidiary of the SAP group.
You can reach LeanIX Data Protection Officer at dataprivacy@leanix.net
This Privacy Statement applies to the collection and processing of personal data:
For what purposes does LeanIX process your Personal Data and based on what legal basis?
Depending on the applicable law, the Processing of Personal Data is subject to a justification, sometimes referred to as legal basis.
When ensuring compliance, LeanIX processes your Personal Data if and to the extend necessary to fulfill legal requirements under European Union or EU Member State law to which LeanIX is subject, and laws and regulations extraterritorial to the EU (legitimate interest to comply with extraterritorial laws and regulations).
LeanIX processes your Personal Data to operate web presences, web offerings, or online events (“Web Services”)
When operating LeanIX’s Web Services, LeanIX processes your Personal Data if and to the extent,
LeanIX processes Personal Data to pursue its business relationships with customers, partners, and others to fulfill pre-contractual and contractual business relations. This may include satisfying requests, processing orders, delivering an ordered product or service, or engaging in any other relevant action to establish, fulfill and maintain Our business relationships.
When pursuing business relationships including engaging in direct marketing and sales activities, LeanIX may process your Personal Data if and to the extend
LeanIX may provide you with this information to your postal address to pursue Our legitimate interest to address customers, prospects and targets for the purpose of advertising Our products and services, to your email address for the purpose of direct marketing of similar products or services provided that We (i) received your email address in connection with the purchase of Our products or services, (ii) you did not object to the use of your email address for direct advertising and (iii) and We inform you in every approach that you may object to Our use of your email address for marketing purposes at any time, and by other electronic means (e.g., telephone, MMS) to the extent permitted under applicable law, generally either explicit or presumed consent.
What categories of Personal Data does LeanIX process?
LeanIX processes various types of personal data about the people we interact with when conducting our business or operating our various web presences and other communication channels. Depending on the individual case, this may comprise the following types of personal data:
LeanIX processes the following categories of personal data as contact data: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers, and your relationship history with LeanIX.
In the context of established business relationships, LeanIX processes the business partner’s company name, industry, your job title and role, department and function and your company’s relationship history to LeanIX. If you provide a credit card number or bank details to order products or services, LeanIX will collect this information to process your payment for the requested products or services.
If required by statutory law or regulation, LeanIX may process data categories like academic credentials, geolocation, business partner relevant information about e.g., significant litigation or other legal proceedings, and other export control or custom compliance relevant information.
Usage data: LeanIX processes certain user-related information, e.g., info regarding your browser, operating system, or your IP address when you visit LeanIX’s web properties. We also process information regarding your use of our web offerings, like the pages you visit, the amount of time you spend on a page, the page which has referred you to our page and the links on our sites you select.
Registration data: LeanIX may process your contact data as set out above and other information which you may provide directly to LeanIX if you register for any of LeanIX's events or other web services.
Participation data: When you participate in webinars, virtual seminars, events, or other LeanIX web services, LeanIX may process your interactions with the relevant webservice to organize the event including its sessions, polls, surveys, or other interactions between LeanIX and/or its participants. Depending on the event and subject to a respective notification of the participants, LeanIX may collect audio and video recordings of the event or session.
In connection with the registration for an event, LeanIX may ask for your dietary preferences or information about possible disabilities for purposes of consideration for the health and well-being of our guests. Any collection of such information is always based on the consent of the participants. Kindly note that if you do not provide such information about dietary preferences, LeanIX may not have the opportunity to respond to such requests at the time of the event.
LeanIX processes personal data of individuals applying for a job at LeanIX as set out in the privacy statement of the LeanIX Career Portal or equivalent website.
To the extent permitted by law or based on your consent, LeanIX may combine the information we collect either directly or indirectly about specific users to ensure the completeness and correctness of the data and to help us better tailor our interactions with you and determine the information which best serves your respective interest or demand.
If LeanIX processes special categories of Personal Data under applicable law, LeanIX will ask you for your consent in a specific declaration.
From What Types of Third Parties does LeanIX obtain Personal Data?
LeanIX generally aims to collect Personal Data directly from you. If you obliged by statutory law or contractual requirements to provide Personal Data to LeanIX and you fail to provide such Personal Data, then kindly note that LeanIX may not be able to provide you with the respective service and/or business relationship.
If you or applicable law allows Us to do so, We may obtain Personal Data also from Third Party which may include:
How long does LeanIX store your Personal Data?
LeanIX may retain your Personal Data for additional periods if necessary for compliance with legal obligations to process your Personal Data or if the Personal Data is needed by LeanIX to assert or defend itself against legal claims. LeanIX will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled. LeanIX does only store your Personal Data for as long as it is required:
Who are the recipients of your Personal Data?
Your Personal Data will be transferred to or accessed by the following categories of third parties to process your Personal Data:
Other entities of the SAP Group may also receive or gain access to Personal Data either when rendering group internal services centrally and on behalf of LeanIX and the other SAP group entities or when Personal Data is transferred to them on a respective legal basis. In these cases, these entities may process the Personal Data for the same purposes and under the same conditions as outlined in this Privacy Statement. The current list of SAP Group entities can be found here.
Third-party service providers: LeanIX may engage third-party service providers to process personal data on LeanIX’s behalf, e.g., for consulting or other services, the provision of the website, the fulfillment and provisioning of offers from LeanIX or newsletter dispatch. These service providers may receive or are granted with access to personal data when rendering their services and will constitute recipients within the meaning of the relevant data protection law, including GDPR.
What are your data protection rights and how can you exercise them?
LeanIX honors your statutory rights when it comes to the Processing of your Personal Data. To the extent provided by applicable data protection laws, you have the right to:
Depending on applicable local data protection laws, your rights may be subject to deviations, limitations, or exceptions as set out in the country specific section “B. Additional Country and Regional Specific Provisions”. Please be aware, that LeanIX honors your statutory rights when it comes to the Processing of your Personal Data to the extent provided by applicable data protection laws.
Please direct any requests to exercise your rights dataprivacy@leanix.net . LeanIX will take steps to ensure it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, LeanIX will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by LeanIX. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by LeanIX.
LeanIX will decline to process requests that are manifestly unfounded, excessive, fraudulent, represented by third parties without duly representing respective authority or are otherwise not required by local law.
Can you use LeanIX’s services if you are a minor?
In general, this website is not directed to users below the age of 16 years, or equivalent minimum age in the relevant jurisdiction. If you are younger than 16 or the equivalent minimum age in the relevant jurisdiction, you should not register and use any LeanIX offering.
Additional country and regional specific Provisions
1. Who is the relevant Data Protection Authority?
You may find the contact details of your competent data protection supervisory authority here. SAP’s lead data protection supervisory authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg and can be reached at Lautenschlagerstraße 20, 70173 Stuttgart/Germany.
2. How does LeanIX justify international data transfers?
As a global group of companies, LeanIX has group affiliates and uses third party service providers also in countries outside the European Economic Area (the “EEA”). LeanIX may transfer your Personal Data to countries outside the EEA as part of LeanIX’s international business operations. If We transfer Personal Data from a country in the EU or the EEA to a country outside the EEA and for which the EU Commission has not issued an adequacy decision, LeanIX uses the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your Personal Data. You may obtain a copy (redacted to remove commercial or irrelevant information) of such standard contractual clauses by sending a request to dataprivacy@leanix.net . You may also obtain more information from the European Commission on the international dimension of data protection here.
Where LeanIX is subject to the requirements of the Privacy Act 1988 (Cth) (‘Privacy Act’), the following applies:
LeanIX may store your Personal Data in paper-based files or as an electronic record in the Cloud or on physical devices e.g. computer systems. Your Personal Data will likely be held and stored by the SAP Group entity or another affiliate located in another country for our general business purposes including outsourcing and data processing. We will only do this where it is necessary or appropriate to achieve the purposes set out in this Privacy Statement. We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorized access, modification or disclosure.
You can contact Us either by the telephone number +61 2 9935 4939 or via email at dataprivacy@leanix.net to exercise the following rights:
Where LeanIX is subject to the requirements of the Colombian Statutory Law 1581 of 2012 and Decree 1377 of 2013, the following applies:
Within Colombia you have the right to:
SAP Colombia S.A. may Process your Personal Data by itself or on behalf of the SAP Group, with its main office located at Carrera 9 No 115 – 06, Edificio Tierra Firme Of. 2401 Bogotá D.C., Colombia. You can contact Us either by the telephone number +57-6003000 or via email at privacy[@]sap.com. LeanIX will be responsible to answer any requests, questions, and complaints that you might have to your right to access, update, correct and delete your Personal Data, or revoke your consent.
SAP has appointed a Data Protection Officer for Brazil. Written inquiries, requests or complaints to our Data Protection Officer can be send via post to Avenida das Nações Unidas 14171 - Marble Tower – 7th Floor - São Paulo-SP, Brazil 04794-000 or email at privacy[@]sap.com.
Where LeanIX is subject to the Philippine Data Privacy Act and its Implementing Rules and Regulations, the following applies:
The contact details of your local Data Protection Officer/s are as follows:
Where LeanIX is subject to the requirements of the Protection of Personal Information Act, 2013 (“POPIA”) in South Africa, the following applies:“Personal Data” as used in this Privacy Statement means Personal Information as such term is defined under POPIA. “You” and “Your” as used in this Privacy Statement means a natural person or a juristic person as such term is used under POPIA. Systems Applications Products (Africa Region) Proprietary Limited Systems Applications Products (South Africa) Proprietary Limited with registered address at 1 Woodmead Drive, Woodmead (LeanIX South Africa) is subject to South Africa's Protection of Personal Information Act, 2013 (Act 4 of 2013) and responsible party under the POPIA.
You have the right to:
Where LeanIX is subject to the requirements of the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from hereon referred to as “CCPA” or where other US state laws have similar requirements, the following applies:
You have the right to:
How you can exercise your Data Protection Right.
To exercise these rights, or to limit the Sharing of your Personal Information, please contact us at privacy@leanix.net. In accordance with the verification process set forth under US relevant state law (as appropriate), LeanIX may require a more stringent verification process for deletion requests (or for Personal Data that is considered sensitive or valuable) to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If LeanIX must request additional information from you outside of information that is already maintained by LeanIX, LeanIX will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes. You can designate an authorized agent to submit requests to exercise your data protection rights to LeanIX. The agent must submit authorization to act on your behalf and, where required by relevant law, the agent must be appropriately registered.
Financial Incentives. LeanIX does not offer financial incentives in return for your consent to share your personal information, nor limit service offerings where you opt-out of such sharing (unless sharing is practically necessary to perform the relevant service).
Children’s Privacy. Given that no LeanIX offering is directed to users under 16 years of age, LeanIX does not sell or share the personal information of any minors under 16. If you are a parent or guardian and believe LeanIX collected information about your child, please contact LeanIX. LeanIX will take steps to delete the information as soon as possible.
Where LeanIX is subject to the requirements of the Singapore’s Personal Data Protection Act (“PDPA”), the following applies:
SAP has appointed a Data Protection Officer for Singapore. Written inquiries, requests or complaints to our Data Protection Officer can be send via post to Mapletree Business City, 30 Pasir Panjang Rd, #03-32, Singapore 117440 or email to privacy[@]sap.com with the subject “Data Protection Officer” or can be reached via phone +65 6664 6868.
Where LeanIX is subject to the requirements of the South Korea Personal Information Protection Act (“PIPA”), the following applies:
Your personal data may be processed globally. When personal data is processed across country borders, LeanIX complies with laws on the transfer of personal data between countries to keep your personal data protected. Your personal data may be transferred to, accessed or processed by the categories of third-parties as described above.
How can you exercise your data protection rights?
SAP has appointed a local Chief Privacy Officer for South Korea.
Please direct any enquiries or requests via email at privacy[@]sap.com or via phone at +82-2-2194-2279.
Where LeanIX is subject to the requirements of the Personal Data Protection Act (“PDPA”) of Malaysia, the following applies:
Written inquiries, requests or complaints can be sent to the Data Protection and Privacy Coordinator for Malaysia via email privacy[@]sap.com or can be reached via phone +60 3-2202 6000. LeanIX has implemented technology, security features and strict policy guidelines to safeguard the privacy of users’ Personal Data.
Where LeanIX is subject to the requirements of the Privacy Act 2020 (‘Privacy Act’), You have the right to:
Your Personal Data may be processed globally. If personal data is processed across country borders, LeanIX complies with laws of the transfer of Personal Data between countries to keep your personal data protected. It may, however, based on the laws of such countries be subject to access by local law enforcement.
Where LeanIX is subject to the requirements of the Mexican Federal Law for the Protection of Personal Data Held by Private Parties of 2010, the following applies:
You have the right to file a complaint with the National Institute of Transparency Access to Information and Protection of Personal Data (INAI) to assert any disagreement related to the processing of your Personal Data by LeanIX.
LeanIX reserves the right to change, modify, add or remove portions of this Privacy Statement at its sole discretion. In such case, LeanIX shall maintain available a complete version of LeanIX’s Privacy Statement. LeanIX will notify you of any change or modification to this Privacy Statement via the respective communication channel We have with you, e.g., at Our website.
Where LeanIX is subject to the requirements of the Digital Personal Data Protection Act, 2023 (‘DPDPA’) the following applies:
As part of a global group of companies operating internationally, LeanIX has affiliates (the SAP Group) and third party service providers outside of the Indian region and will transfer your Personal Data to countries outside the India region, subject to any restrictions as may be notified by the Central Government in this regard.
You have the right to: