Privacy Policy | SAP RISE Negotiations

Effective Date

This policy is effective as of May 2026. We may update it from time to time. Material changes will be noted at the top of this page with a revised effective date.

1. Who we are

SAP RISE Negotiations is an independent advisory practice focused on RISE with SAP contract negotiation, seven year TCO modelling, and post signature optimisation. We are the data controller for personal information collected through this site. Our offices operate in New York, London, and Stockholm.

For any privacy enquiry, write to [email protected] or use the contact form on this site.

2. What we collect

We collect only the personal data needed to operate our practice and respond to your enquiries. The categories below are exhaustive.

Contact form submissions. Name, work email, company, role, and the message you send.
Newsletter subscriptions. Work email address for the RISE Negotiation Brief.
White paper gate forms. First name, last name, work email, company, role.
Server logs. IP address, browser type, referrer URL, time of request. Used for security and traffic analysis.
Cookies. Strictly necessary session cookies. We do not use third party advertising cookies.

3. Why we collect it

We process personal data on three lawful bases under GDPR Article 6.

Legitimate interest. Responding to enquiries, delivering requested white papers, operating the site securely.
Consent. Sending the RISE Negotiation Brief. You can withdraw consent at any time by clicking unsubscribe in any email.
Contractual necessity. Engaging with prospective and current clients on RISE negotiation projects.

4. How we store and protect it

Form submissions are processed through Formspree, our form processor, and are stored in encrypted systems. Email communication is encrypted in transit and at rest. We do not sell, rent, or trade personal data. We do not share data with SAP SE, with hyperscaler vendors, or with any third party other than the processors named in section 6.

We retain personal data only for as long as needed for the purpose for which it was collected. Contact enquiries are retained for 24 months. Newsletter subscriber records are retained until you unsubscribe. Client engagement records are retained for seven years to meet professional record keeping obligations.

5. Your rights

If you are in the European Economic Area, the United Kingdom, or California, you have the following rights regarding your personal data.

Right of access. Request a copy of the personal data we hold about you.
Right of rectification. Ask us to correct inaccurate data.
Right of erasure. Ask us to delete your data, subject to retention obligations.
Right of restriction. Ask us to stop processing your data for specific purposes.
Right of portability. Receive your data in a structured, machine readable format.
Right to object. Object to processing based on legitimate interest.
Right to lodge a complaint. Contact your supervisory authority. In the United Kingdom this is the Information Commissioner's Office. In Sweden this is Integritetsskyddsmyndigheten.

To exercise any right, email [email protected]. We will respond within 30 days.

6. Processors we rely on

We engage a small set of processors. Each is bound by a data processing agreement that meets GDPR Article 28 requirements.

Formspree. Form submission handling.
Email delivery providers. Transactional and newsletter email.
Cloud hosting. Site hosting and CDN.

7. International transfers

Some processors are located in the United States. Where personal data is transferred outside the United Kingdom or European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office.

8. Children

This site is directed at enterprise buyers. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have collected such data, contact us and we will delete it.

9. California residents

Under the California Consumer Privacy Act, California residents have additional rights, including the right to know what categories of personal data we collect, the right to delete personal data, and the right to opt out of the sale of personal data. We do not sell personal data. To exercise any CCPA right, contact [email protected].

10. Contact

For any privacy question, write to [email protected] or use the contact form. Postal correspondence can be addressed to our offices in New York, London, or Stockholm. We will respond within 30 days.

Privacy policy.