This Cookie Statement was updated on February 12, 2023
This Cookie Statement describes how SAP Concur uses cookies and similar technologies to collect and store information when you visit concur.com websites. The Privacy Statement for SAP Concur also applies in addition to this Cookie Statement. This Privacy Statement informs you about the way SAP Concur uses, stores and protects personal data collected. It also informs you of your data protection rights and how to exercise them. We recommend that you read the Privacy Statement.
Cookies are small files placed on your device (computer, tablet or smartphone). When you access a website, a cookie is placed on your device and it will send information to the party that placed the cookie.
There are other technologies that perform a similar function to cookies. These include web beacons, clear gifs, and social plug-ins. These are often used in conjunction with cookies to help a website owner understand its users better.
SAP Concur’s websites have first party cookies First party cookies are cookies that are specific to the website that created them. These cookies enable SAP Concur to operate an efficient service and to track patterns of user behavior to SAP Concur’s website.
The difference between a first party cookie and a third party cookie relates to who places the cookie on your device. SAP sometimes allows third parties to place Cookies on your device. Third party cookies are placed on your device by a third party (i.e., not by SAP Concur). While SAP Concur allows third parties to access SAP Concur’s website to place a third-party cookie on your device, SAP Concur does not retain control over the information supplied by the cookies, nor does SAP Concur retain access to this information. This information is controlled wholly by that third party according to the respective privacy policy of the third party. For more information about these cookies, please click the “Cookie Preferences” link in the footer of the webpage.
In the United States, SAP Concur routinely works with third party analytics and digital marketing providers who facilitate and support SAP Concur (and partner) marketing activities including targeted communications. These activities may involve the sharing of limited personal identifiers and contact information, your interests and interactions with SAP Concur, professional/employment information for those specific business purposes. In addition to the above, SAP Concur may also share your personal data with other third parties, or for other business purposes, with your explicit consent. Where required by law, SAP Concur endeavors to recognize common opt-out preference signals at a browser level, and frictionlessly exclude relevant data subjects from marketing cookies and associated tracking.
Our websites may place session and persistent cookies on your device. Whereas the difference between a first party and third-party cookie relates to the party controlling the initial placement of the cookie on your device, the difference between a session and a persistent cookie relates to the length of time the cookie lasts. Session cookies are cookies that typically last for as long as you are using your browser, or browser session. When you end your browser session, the cookie expires. Persistent cookies, as the name implies, are persistent and will last after you close your browser. This allows for quicker and often more convenient access to our website.
SAP Concur wants you to be in a position to make an informed decision for or against the use of cookies which are not strictly necessary for the website’s technical features. If you elect to reject cookies used for advertising, you will be shown advertising that is less targeted to your interests. This will still allow you to use all of the functionality of the website.
When tracking and evaluating the usage behavior of users of the website by means of cookies or similar technologies includes the processing of your personal data, SAP Concur is conducting the processing based on the following legal permissions: (i) GDPR Article 6.I (a) if it is necessary that we ask you for your consent to process your personal data; (ii) GDPR Article 6.I (b) if necessary to fulfill (pre-)contractual obligations with you; (iii) GDPR Article 6.I (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage business operation of SAP Concur); or (iv) or equivalent legal permissions under other relevant national laws, when applicable.
SAP Concur differentiates between Required Cookies that are absolutely necessary for the website’s technical features, Functional Cookies that allow SAP Concur to analyze the site usage, and Advertising Cookies that are used by advertising companies to serve ads relevant to your interests.
Required Cookies
Name |
Purpose |
Persistent |
Lifespan |
---|---|---|---|
_csrf |
set to prevent CSRF attacks |
SESSION |
SESSION |
_dlt |
Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. |
PERSISTENT |
1 day |
_vapi* |
Cookie that contains a session identifier used to authenticate the user and deliver different APIs. Voda |
SESSION |
SESSION |
AKA_A2 |
Akamai cookie |
PERSISTENT |
1 hour |
akacd_us1 |
Akamai cookie |
SESSION |
SESSION |
AMCV_3F8B2B31536CFF310A490D4C%40AdobeOrg |
Unique visitor IDs used by Experience Cloud Solutions. |
PERSISTENT |
2 years |
AMCVS_3F8B2B31536CFF310A490D4C%40AdobeOrg |
Unique visitor IDs used by Experience Cloud Solutions. |
SESSION |
SESSION |
AWSALB |
AWS sticky session cookie required for load balancer routing. |
PERSISTENT |
7 days |
AWSALBCORS |
For continued stickiness support with CORS use cases after the Chromium update, we are creating additional stickiness cookies for each of these duration-based stickiness features named AWSALBCORS (ALB). See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html for further information. |
PERSISTENT |
7 days |
AWSELB |
Elastic Load Balancing creates a cookie, named AWSELB, that is used to map the session to the instance. |
SESSION |
SESSION |
AWSELBCORS |
Elastic Load Balancing creates a second stickiness cookie, AWSELBCORS. |
SESSION |
SESSION |
BIGipServerab13web-nginx-app_https |
This cookie name is associated with the BIG-IP product suite from company F5. Usually associated with managing sessions on load balanced servers, to ensure user requests are routed consistently to the correct server. The common root is BIGipServer most commonly followed by a domain name, usually the one that it is hosted on, but not always. |
SESSION |
SESSION |
check |
functional cookie to check if a class is set for content population |
SESSION |
SESSION |
concur_uuid |
Stores a unique id |
PERSISTENT |
1 year |
concurCMS |
Used for serving dynamic content in our Drupal CMS |
PERSISTENT |
1 month |
cookietest |
functional cookie for testing cookie creation |
SESSION |
SESSION |
i18n_redirected |
use to redirect user based on language |
PERSISTENT |
1 year |
LiSESSIONID |
Session management |
SESSION |
SESSION |
mbox |
This cookie gives website operators the ability to test which online content and offers are more relevant to visitors. |
PERSISTENT |
31 minutes |
mboxEdgeCluster |
Enabling visitors to access the same edge server across the entire session |
PERSISTENT |
31 minutes |
notice_behavior |
TrustArc Manages cookie load and visitor’s cookie preferences |
SESSION |
SESSION |
OPTOUTMULTI |
save the privacy settings for a visitor for the next time they visit your site. The settings you select in Privacy Manager are saved as parameters in the cookie. |
PERSISTENT |
3 Months |
RT |
Akamai cookie |
PERSISTENT |
7 Days |
s_invisit |
The cookies identify whether users are using the domain for the first time. This is noted in the cookie as TRUE or FALSE. |
PERSISTENT |
30 minutes |
s_lv |
This cookie counts the time elapsed between two visits to the website by a single visitor. |
PERSISTENT |
3 years |
s_lv_s |
This cookie stores the time of a user’s last visit to a website. |
PERSISTENT |
30 minutes |
s_nr |
This cookie stores the date(s) when you visit the Websites, and whether you are a new or returning visitor. |
PERSISTENT |
1 month |
s_ppn |
It contains the previous link that was clicked on by the user, percentage of pages viewed on the previous page, a cookie enabled flag and some more on plugins installed in the browser such as Microsoft Silverlight and Adobe Flash. |
PERSISTENT |
30 minutes |
s_ppv |
Stores information on the percentage of the page displayed |
SESSION |
SESSION |
s_ppvl |
Stores information on the percentage of the page displayed to you |
SESSION |
SESSION |
s_vnum |
Generates a visit number for each user. |
PERSISTENT |
1 month |
SSESS293cc2bd86022fe1fc2f08b5ddb8fe4b |
SESSION |
SESSION |
|
SSESS3340d4d2d37441859b626dc0b27592d8 |
SESSION |
SESSION |
|
SSESS3446b22852fe913d4d6aaa1983be01f1 |
SESSION |
SESSION |
|
SSESS4e357c88c0fe27f1ab689cae1469b3a8 |
to provide a responsive website. (Drupal CMS) |
SESSION |
SESSION |
SSESS5abff5080fea0aa9d1eb059fd760d288 |
SESSION |
SESSION |
|
SSESS7b16debf5fbd2ee6ef020251a02abf63 |
SESSION |
SESSION |
|
SSESS7c3456003640b83e630b9ed2d6a9d054 |
SESSION |
SESSION |
|
SSESS8f71957330e6a5854a6c367c7a32a979 |
SESSION |
SESSION |
|
SSESSa0d2dabfc2ab7b769d9bd64355d1f56f |
SESSION |
SESSION |
|
SSESSa9d05b037e949fa5519d1e78599bc12c |
SESSION |
SESSION |
|
SSESSac8444cd1d661f6125d4c0c1f34b484d |
SESSION |
SESSION |
|
SSESSc697e9239316f386c20eab6435f21436 |
SESSION |
SESSION |
|
SSESSdd6a1af016b59e6925afc6b3d9ee94c6 |
SESSION |
SESSION |
|
SSESSdd764d80b00d53242b460c74beb4a243 |
SESSION |
SESSION |
|
SSESSf1e71756597c4da029ba58b7c776dba5 |
SESSION |
SESSION |
|
SSESSf95eb9e2db8e3f357bff5f0b4a3bec61 |
SESSION |
SESSION |
|
SSESSfa0a4c7204a9c7eb8f51939cd953584d |
SESSION |
SESSION |
|
TAsessionID |
Stores the user's cookie consent state for the current domain (TrustArc) |
PERSISTENT |
30 minutes |
test |
Functional cookie that is used for adding a testing |
SESSION |
SESSION |
tfpsi |
Registers user behaviour and navigation on the website, and any interaction with active campaigns. This is used for optimizing advertisement and for efficient retargeting. (aquazzura.com) |
PERSISTENT |
30 minutes |
Functional Cookies
Name |
Purpose |
Persistent |
Lifespan |
---|---|---|---|
_cnqrLogLater |
cookie set to collect non - pii asset information for marketing source attribution |
PERSISTENT |
1 year |
drift_aid |
to store a unique user ID. (drift chat) |
PERSISTENT |
2 year |
drift_campaign_refresh |
This is the session identifier token. It is used to tie the visitor on your website with a current website session within the Drift system. This is enables session-specific features, such as popping up a messaging only once during a 30 minute session as to prevent a disruptive experience. |
PERSISTENT |
30 minutes |
driftt_aid |
to store a unique user ID. (drift chat) |
PERSISTENT |
2 year |
qs_cid |
This stores query string values for channel attribution |
PERSISTENT |
1 year |
qs_cid_last |
This stores query string values for channel attribution |
SESSION |
SESSION |
qs_pid |
This stores query string values for channel attribution |
PERSISTENT |
1 year |
qs_pid_last |
This stores query string values for channel attribution |
SESSION |
SESSION |
TEST_AMCV_COOKIE |
gcs-web.com |
PERSISTENT |
2 year |
Advertising Cookies
Name |
Purpose |
Persistent |
Lifespan |
---|---|---|---|
__cribnotes_prm |
CribNotes / Adways. __cribnotes_prm. measuring the effectiveness of ads. 6 months. |
PERSISTENT |
6 months |
__pdst |
to Store and track interaction. (podsites) |
PERSISTENT |
1 year |
__qca |
to store and track audience reach for Quantcast. |
PERSISTENT |
13 months |
__utma |
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie lasts for 2 years by default and distinguishes between users and sessions. It used to calculate new and returning visitor statistics. The cookie is updated every time data is sent to Google Analytics. The lifespan of the cookie can be customised by website owners. |
PERSISTENT |
2 year |
__utmb |
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated every time data is sent to Google Analytics. Any activity by a user within the 30 minute life span will count as a single visit, even if the user leaves and then returns to the site. A return after 30 minutes will count as a new visit, but a returning visitor. |
PERSISTENT |
30 minutes |
__utmc |
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. It is not used in most sites but is set to enable interoperability with the older version of Google Analytics code known as Urchin. In this older version this was used in combination with the __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics this is always a Session cookie which is destroyed when the user closes their browser. Where it is seen as a Persistent cookie it is therefore likely to be a different technology setting the cookie. |
SESSION |
SESSION |
__utmz |
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour measure of site performance. This cookie identifies the source of traffic to the site – so Google Analytics can tell site owners where visitors came from when arriving on the site. The cookie has a life span of 6 months and is updated every time data is sent to Google Analytics. |
PERSISTENT |
6 months |
_ce.cch |
Used to check if cookies can be added. (Crazyegg) |
SESSION |
SESSION |
_ce.gtld |
Used to identity the top level domain (Crazyegg) |
SESSION |
SESSION |
_clck |
to store a Unique user ID |
PERSISTENT |
1 year |
_clsk |
to store and combine pageviews by a user into a single session recording. |
PERSISTENT |
1 Day |
_fbp |
to store and track visits across websites. (facebook) |
PERSISTENT |
3 months |
_gcl_au |
to store and track conversions. (Google ad sense) |
PERSISTENT |
3 months |
_gcl_aw |
to provide ad delivery or retargeting. (Google Ads) |
PERSISTENT |
3 months |
_im_vid |
|
PERSISTENT |
1 months |
_mkto_trk |
UUID Key for Marketo |
PERSISTENT |
2 year |
_uetsid |
To store and track visits across websites. (Bing Ads) |
PERSISTENT |
1 Day |
_uetvid |
To store and track visits across websites. (Bing Ads) |
PERSISTENT |
13 months |
_yjsu_yjad |
Added to cookie information and LocalStorage information that are issued and acquired via Display Ads. |
PERSISTENT |
1 year |
aam_uuid |
Adobe Audience Manager data management platform uses these cookies to assign a unique ID when a user visits a website. |
PERSISTENT |
1 months |
at_check |
internal cookie for checking if adobe target is present |
SESSION |
SESSION |
dmdbase_cdc |
This cookie is used to pass only the company name and firmographic attributes of a site visitor into analytics based on the source IP address. It is set using JavaScript. |
PERSISTENT |
30 minutes |
has_js |
to provide functions across pages. (Criteo) |
SESSION |
SESSION |
Hm_ck_* |
Cookie for website analysis. Generates statistical data about how the visitor uses the website. (Baidu) |
SESSION |
SESSION |
Hm_lpvt_0caa6b39829c526dff4895e5d6b1d5e5 |
Cookie for website analysis. Generates statistical data about how the visitor uses the website. (Baidu) |
SESSION |
SESSION |
Hm_lvt_0caa6b39829c526dff4895e5d6b1d5e5 |
Cookie for website analysis. Generates statistical data about how the visitor uses the website. (Baidu) |
PERSISTENT |
1 year |
LithiumVisitor |
Replaces VISITOR_BEACON. Khoros currently uses both for backward compatibility. This cookie computes billing visits, registered billing visits, visits, registered visits, and unique visitor’s metrics. The cookie is encrypted and stores when it was first issued, when it was last seen by Khoros, an unique visitor ID (which is unique per visitor’s browser). |
PERSISTENT |
6 months |
ln_or |
Used to determine if Oribi analytics can be carried out on a specific domain |
PERSISTENT |
1 Day |
oribi_cookie_test |
To determine if tracking can be enabled on current domain |
SESSION |
SESSION |
oribili_user_guid |
Used to count unique visitors to a website |
PERSISTENT |
1 year |
outbrain_cid_fetch |
Used to retrieve a click id in case of missing outbrain_click_id cookie |
PERSISTENT |
5 Minutes |
QSI_HistorySession |
Qualtrics - This cookie is used to determine when the visitor last visited the different subpages on the website. |
SESSION |
SESSION |
s_cc |
This cookie allows Adobe Analytics to determine whether cookies are enabled in your browser. |
SESSION |
SESSION |
s_ecid |
to Store and track interaction. (Adobe Experience Cloud) |
PERSISTENT |
2 year |
s_hc |
Third-party Adobe Analytics cookie that governs hits |
SESSION |
SESSION |
s_ht |
Third-party Adobe Analytics cookie that governs hits. |
SESSION |
SESSION |
utag_main |
This cookie name is associated with the Tealium data platform and is used for web analytics. |
PERSISTENT |
1 year |
VISITOR_BEACON |
Computes billing visits, registered billing visits, visits, registered visits, and unique visitor’s metrics. The cookie is encrypted and stores, when it was first issued, when it was last seen by Khoros, the user ID, and its own unique ID. |
PERSISTENT |
6 months |
wcs_bt |
These cookies are used to display relevant advertising to visitors. (Naver) |
PERSISTENT |
13 months |
SAP Concur provides you with the option to adjust your preferences for Functional and Advertising Cookies when such cookies are placed on your device by the website. In such a case, you can access preferences at any time by clicking on the “Cookie Preferences” link in the footer of the webpage.
You can also block and delete cookies by changing your browser settings. To manage cookies using your browser settings, most browsers allow you to refuse or accept all cookies or only to accept certain types of cookies. The process for the management and deletion of cookies can be found in the help function integrated in your browser.
If you wish to limit the use of cookies, you may not be able to use all the interactive functions of our website.
A social plug-in embedded on a website allows you to share content on a third party social media provider’s website. You can recognize social plug-ins as buttons displayed on website pages that feature the logo of the social media provider; e.g., for the Facebook page plug-in, you can recognize the button by a white "f" on a black background.
SAP Concur does not have influence or control over the processing of personal data on the social media provider’s website, and the social plug-in remains active until you deactivate it or delete your cookies. Please refer to the privacy and cookie statement or policy of the respective social media provider for more information about the social media provider’s data protection and privacy policies.
SAP Concur uses social plug-ins on its websites on the basis of its legitimate interest to make SAP Concur visible on social media pursuant to Article 6 (1) lit. f DSGVO or the applicable national law.
If you see one of the social plug-ins and you want to use one of these social plug-ins, click on the respective social plug-in to establish a direct connection to the server of the respective social media provider and you will be redirected to that social media provider's website.
If you have a user account on the social media provider and are logged in at the time you activate the social plug-in, the social media provider can associate your visit to SAP Concur’s websites with your user account. In this situation, data transmissions can also take place that are initiated and controlled by the respective social media provider. Your connection to a social media provider, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy and cookie statement or policy of that social media provider. Personal data may also reach providers in countries outside the European Economic Area that may not guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. If you do not want to share any data with the social media provider in connection with an SAP website, do not click on the social media plug-in on SAP Concur’s website.
A Media plug-in embedded on a website allows you to watch remote content from a third party media provider’s website. You can recognize media plug-ins as views displayed on website pages; e.g., for YouTube, you can recognize the media plugin by a video showing the play button.
If you want to use one of content of these media plug-ins, click on the play-symbol within the media plug-in to establish a direct connection to the server of the respective media provider. The stream of the media will be redirected from the media provider to your browser.
If you have a user account on the media provider and are logged in at the time you activate the media plug-in, the media provider can associate your visit to SAP Concur’s websites with your user account. In this situation, data transmissions can also take place that are initiated and controlled by the respective media provider. Your connection to a media provider, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy and cookie statement or policy of that media provider. Personal Data may also reach providers in countries outside the European Economic Area that may not guarantee an "adequate level of protection" for the processing of Personal Data in accordance with EU standards. If you do not want to share any data with the media provider in connection with SAP’s website, do not click on the media plug-in on SAP Concur’s website.
SAP Concur uses media plug-ins on its websites on the basis of its legitimate interest to make remote content visible to the user according to Article 6 (1) lit. f GDPR or the applicable national law.
Use of YouTube Video: This website contains a plugin from YouTube, belonging to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US). We use the YouTube No-Cookies function, i.e. we have activated extended data protection, videos are not accessed via youtube.com, but via youtube-nocookie.com, which, according to the provider, only starts storing user information when the video is played. As soon as you start playing an embedded video by clicking on it, the IP address, in particular, which of our web site you have visited is communicated. However, this information cannot be assigned to you if you are not permanently logged in to YouTube or another Google service when you call up the page. SAP Concur does not have influence or control over the processing of personal data on the media provider’s website, and the media plug-in remains active until you deactivate it or delete your cookies.