Our companies

Privacy Policy

We appreciate your interest in our website. Protecting your privacy is important to us. Below, we provide detailed information about how we handle your data.

Data Controller

The data controller responsible for data processing on this website is:

SAVAARA by The Book Agency Verlag Schreiberlinge OG
Bösendorferstraße 2/17
1010 Vienna, Austria

If you have any questions about data protection, you can contact us at the above address or by email at hello@savaara.com.

Relevant Legal Bases
Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you about these in the privacy policy.
Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject. Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Austria. This includes in particular the Federal Act concerning the Protection of Individuals with regard to the Processing of Personal Data (Datenschutzgesetz – DSG). The Data Protection Act contains in particular special regulations on the right to information, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases.

Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transmission, security of availability, and its separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transmission of Personal Data
In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units, or persons or that it is disclosed to them. Recipients of this data may include, for example, IT service providers commissioned with tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in connection with the use of third-party services or disclosure or transmission of data to other persons, entities, or companies, this only occurs in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise guaranteed, in particular by means of standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or if transfer is necessary for the performance of a contract or for the establishment, exercise, or defense of legal claims (Art. 49 para. 1 GDPR). Furthermore, we will inform you about the basis of the transfer to third countries with each provider from a third country, whereby adequacy decisions are considered the primary basis. Information on third-country transfers and existing adequacy decisions can be found on the European Commission's information portal:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=en.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the European Commission has also recognized the level of data protection as safe for certain companies from the USA within the framework of the adequacy decision of July 10, 2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce athttps://www.dataprivacyframework.gov/

Rights of Data Subjects
Rights of data subjects under the GDPR: Data subjects have various rights under the GDPR, in particular arising from Articles 15 to 21 GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Right to withdraw consent: You have the right to withdraw consent at any

Business Services
We process data of our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and similar legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractually), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations, and remedying defects in warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purpose of administrative tasks associated with these obligations and organizational management. In addition, we process the data based on our legitimate interests in proper and efficient business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the scope of applicable law, we only disclose data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further processing, e.g., for marketing purposes, within the scope of this privacy policy.

We inform contractual partners before or during data collection, for example, in online forms, through special labeling (e.g., colors) or symbols (e.g., asterisks), or personally, which data is required for the aforementioned purposes.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., in principle after the expiration of 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons for archiving purposes. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balance sheets, annual financial statements, the instructions for keeping records necessary to understand these documents, and other organizational documents and booking records, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements, or the management report was drawn up, the commercial or business letter was received or sent, or the booking document was created, or the record was made, or the other documents were created.

If we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.

Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., subject matter of the contract, term, customer category). Affected persons: Prospects. Business and contractual partners.
Purposes of processing: Provision of contractual services and customer support; Contact inquiries and communication; Office and organizational procedures. Administration and answering of inquiries. Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further notices on processing procedures, procedures, and services:

Agency services: We process the data of our customers within the framework of our contractual services, which include, for example, conceptual and strategic consulting, campaign planning, software and design development/advice or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Provision of the online offer and web hosting We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further notices on processing procedures, procedures, and services:

Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, message about successful access, type and version of browser, user's operating system, referrer URL (previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the load and stability of the servers; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidence purposes are excluded from deletion until the respective incident is finally clarified.
Contact and inquiry management
When contacting us (e.g., by post, contact form, email, telephone, or via social media) and within the scope of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to the inquiries and any requested measures.

Processed data types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
Affected persons: Communication partners.
Purposes of processing: Contact inquiries and communication; Administration and answering of inquiries; Feedback (e.g., collection of feedback via online form). Provision of our online offer and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further notices on processing procedures, procedures, and services:

Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to process the respective request; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para.)