Privacy Policy – SaageBooks.com

Privacy Policy of Saage Media GmbH

Last updated: 12 June 2026

We, Saage Media GmbH („we“, „us“), take the protection of your personal data very seriously. This Privacy Policy informs you about how we collect, process and use your personal data when you visit our websites [SaageMedia.com and SaageBooks.com] or use our services. This Privacy Policy is available in several languages; in the event of discrepancies or questions of interpretation, the German version shall prevail.

1. Controller responsible for data processing

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

Saage Media GmbH
represented by its Managing Director Rico Saage
c/o SpinLab – The HHL Accelerator
Spinnereistraße 7
04179 Leipzig, Germany
Email: [email protected]

2. Data Protection Officer

Due to the size of our company, we are not legally required to appoint an external Data Protection Officer. If you have any questions regarding data protection, please contact the controller named under Section 1 (Rico Saage).

3. General principles of data processing

As a matter of principle, we only process our users‘ personal data to the extent necessary to provide a functional website as well as our content and services. The processing of our users‘ personal data regularly takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

The legal bases for the processing of your data are:

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis. For consent in connection with cookies and similar technologies, Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG) is additionally relevant.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis (e.g. statutory retention obligations, proof of consent).
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing. For the storage of or access to information in the user’s terminal equipment based on a legitimate interest, Section 25(2) TDDDG may apply (e.g. for technically essential cookies).

4. Provision of the website and creation of log files (hosting)

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected (server log files):

IP address of the requesting computer (anonymised where applicable)
Date and time of access
Name and URL of the retrieved file
Website from which the access originates (referrer URL)
Browser used and, where applicable, the operating system of your computer as well as the name of your access provider

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

Purpose: The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. Storage in log files takes place to ensure the functionality of the website, to guarantee the security of our information technology systems and to optimise the website.
Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the stability and security of our website.
Hosting provider: We host our website with STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. The servers are located in Germany. We have concluded a data processing agreement (DPA) with STRATO pursuant to Art. 28 GDPR (https://www.strato.de/agb/avv/). STRATO’s privacy policy can be found here (in German): https://www.strato.de/datenschutz/
Storage period: STRATO stores the IP addresses of visitors to our website for a maximum of seven days for the purpose of detecting and defending against attacks. The IP addresses are then irreversibly anonymised. In the log files available to us, IP addresses can only be viewed in anonymised form. The anonymised log files are stored for up to six weeks.

5. Use of cookies and consent management (CookieYes)

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly, to provide functions and to analyse usage. A distinction is made between technically necessary cookies, which are essential for the operation of the site, and optional cookies (e.g. for statistics, marketing, external media).

Technically necessary cookies: These are required for the website to function and cannot be deactivated in our systems. They are usually only set in response to actions you take that correspond to a service request, such as setting your privacy preferences or filling in forms.
- Legal basis: Section 25(2) no. 2 TDDDG and/or our legitimate interest in the technically error-free and optimised provision of our services pursuant to Art. 6(1)(f) GDPR.
Optional cookies / technologies (consent required): All other cookies and similar technologies (such as the loading of external scripts or fonts from third-party providers that transmit data) that are not technically necessary are only used with your express consent.
- Legal basis: Your consent pursuant to Section 25(1) TDDDG (for storing/reading information on the terminal device) and Art. 6(1)(a) GDPR (for the subsequent processing of personal data).
Consent management with CookieYes: We use the consent management tool „CookieYes“ provided by CookieYes Limited, 3 Warren Yard, Warren Park, Stony Stratford, Milton Keynes, MK11 1EB, United Kingdom (UK). This tool enables us to obtain, manage and document your consent to the storage of cookies and the use of certain technologies. CookieYes sets a technically necessary cookie („cookieyes-consent“) to store your selection. CookieYes does not process any personal data beyond storing your preference. We have concluded a data processing agreement (DPA) with CookieYes pursuant to Art. 28 GDPR.
- Purpose: Fulfilment of the legal obligation to provide proof of consent.
- Legal basis: Legal obligation pursuant to Art. 6(1)(c) GDPR.
- CookieYes privacy policy: https://www.cookieyes.com/privacy-policy/
- Note on UK transfer: Although CookieYes is based in the United Kingdom, there is an adequacy decision of the EU Commission for the UK, so the level of data protection is considered comparable to that of the EU.
Withdrawing/adjusting consent: You can withdraw your consent at any time with effect for the future or adjust your cookie settings. To do so, use the cookie icon at the bottom left of our website to reopen the cookie settings. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

6. Contacting us by email

If you contact us by email, the personal data you provide (your email address, your name and address where applicable, and the content of your message) will be stored and processed for the purpose of handling your enquiry.

Purpose: Processing and responding to your enquiry.
Legal basis: If the contact is made in the context of initiating or performing a contract, the legal basis is Art. 6(1)(b) GDPR. In other cases, the legal basis is our legitimate interest in the efficient handling of enquiries addressed to us (Art. 6(1)(f) GDPR).
Email management (Google Workspace): For receiving, managing and responding to emails, we use Google Workspace (including Gmail and Google Groups) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, data may be transferred to servers of Google LLC in the USA. This transfer is based on the EU Commission’s adequacy decision regarding the EU-US Data Privacy Framework (DPF), under which Google is certified, and additionally on Standard Contractual Clauses (SCCs). We have concluded a data processing agreement (Cloud Data Processing Addendum) with Google pursuant to Art. 28 GDPR. Google’s privacy policy: https://policies.google.com/privacy?hl=en
AI-assisted processing of enquiries: To process support enquiries more efficiently, we may in individual cases use an internal AI-assisted tool. In doing so, the contents of your enquiry (email thread including the personal data contained therein) are transmitted to the IONOS AI Model Hub service of IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, in order to create a draft response. Processing takes place exclusively on servers in Germany; your data is not permanently stored by IONOS and is not used to train AI models. Every response is reviewed and approved by a member of staff before being sent; no decision-making based solely on automated processing within the meaning of Art. 22 GDPR takes place. We have concluded a data processing agreement (DPA) with IONOS pursuant to Art. 28 GDPR. The legal basis is our legitimate interest in the efficient and high-quality handling of customer enquiries (Art. 6(1)(f) GDPR) or Art. 6(1)(b) GDPR insofar as the enquiry serves the performance of a contract. IONOS privacy policy (in German): https://www.ionos.de/terms-gtc/datenschutzerklaerung/
Provision of files: If we provide you with files (e.g. bonus material or e-books) in the course of handling your enquiry, we use a cloud storage service with servers located in Germany for this purpose (currently: HiDrive provided by STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany) and generate time-limited download links. No personal data about you is processed beyond the download process itself. A data processing agreement pursuant to Art. 28 GDPR is in place with the respective provider. Legal basis: Art. 6(1)(b) GDPR.
Product recommendations: When responding to your enquiry, we may provide you with recommendations for our own similar products (e.g. thematically related books). The legal basis is our legitimate interest in direct marketing to our customers (Art. 6(1)(f) GDPR in conjunction with Section 7(3) of the German Act Against Unfair Competition (UWG)). The recommendations are generated on a case-by-case basis from the content of your enquiry; we do not create a permanent interest profile in doing so. You can object to receiving recommendations at any time with effect for the future (Art. 21(2) GDPR), e.g. by email to the address stated under Section 1.
Storage period: The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and no statutory retention obligations prevent deletion. This is generally the case when the respective conversation with you has ended and the matter has been conclusively resolved.

7. Contact initiated by us

In individual cases, we proactively contact persons or companies (e.g. for cooperation or business enquiries). In doing so, we process contact data (name, email address, professional role where applicable) that we have obtained from publicly accessible sources (e.g. company websites, legal notices, business directories).

Purpose: Initiating business relationships and cooperations.
Legal basis: Our legitimate interest in initiating business relationships (Art. 6(1)(f) GDPR).
Right to object: You can object to this processing at any time (Art. 21 GDPR); we will then delete your data unless statutory retention obligations prevent this.
Recipients: Messages are sent via our Google Workspace mailbox. The information on Google Workspace under Section 6 applies accordingly.

8. Newsletter (Brevo)

On our website, you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input form (your email address and any further voluntary information) is transmitted to us and to our service provider Brevo. Registration takes place by means of a double opt-in (DOI) procedure. After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s email address. Newsletter registrations are logged (time of registration and confirmation, IP address) in order to be able to demonstrate that the registration process complies with legal requirements.

Purpose: Sending regular information about our products (e-books, books, audiobooks), offers and news by email; proof of consent.
Performance measurement (tracking): Our newsletters contain a so-called „web beacon“ or „tracking pixel“, i.e. a pixel-sized file that is retrieved from the server of our dispatch service provider when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected. This information is used for the technical improvement of the services based on the technical data, or to analyse target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical analyses also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be attributed to individual newsletter recipients; however, it is neither our intention nor that of the dispatch service provider to monitor individual users. Rather, the analyses serve to identify the reading habits of our users and to adapt our content to them, or to send different content according to the interests of our users.
Legal basis: The processing of your email address for dispatch and the logging of the registration as well as the performance measurement take place exclusively on the basis of your express consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG (for the tracking pixel).
Service provider: We use the „Brevo“ service (formerly Sendinblue) for dispatch and management. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo is the recipient of your personal data and acts as a processor on our behalf. We have concluded a data processing agreement (DPA) with Brevo pursuant to Art. 28 GDPR.
- Brevo’s privacy policy: https://www.brevo.com/legal/privacypolicy/
Individual messages: In addition to newsletter dispatch via Brevo, we may in individual cases contact you as a subscriber individually by email via our Google Workspace mailbox (Gmail), e.g. to answer queries or for personal messages within the scope of the newsletter purpose. The information on Google Workspace under Section 6 applies accordingly.
Storage period: The data is stored for as long as the newsletter subscription is active. After unsubscribing, the data is deleted from the distribution list but may be retained for up to three years to fulfil our obligations to provide proof (e.g. regarding consent).
Withdrawal of consent: You can withdraw your consent to receiving the newsletter and the associated performance measurement at any time with effect for the future. You can declare your withdrawal by clicking on the unsubscribe link provided in every newsletter email or by sending a message to the contact address given above.

9. Security measures (Limit Login Attempts, WPS Hide Login)

We use technical measures on our website to increase the security of our systems and to protect ourselves against unauthorised access and attacks. These include plugins such as Limit Login Attempts Reloaded and WPS Hide Login.

Data processing: These tools generally process the IP addresses of visitors who attempt to log in or access protected areas. In the event of repeated failed login attempts, IP addresses may be temporarily or permanently blocked. WPS Hide Login obscures the standard login URL.
Purpose: Protecting the website against brute-force attacks, unauthorised access and other security threats; maintaining the integrity and availability of our website.
Legal basis: Our legitimate interest in the security of our IT systems and the protection of our website and user data pursuant to Art. 6(1)(f) GDPR.
Recipients: The data is processed exclusively on our web server. No transfer to third parties or third countries takes place.
Storage period: IP addresses in security logs or block lists are only stored for as long as is necessary to ensure security (e.g. for the duration of a block or for the analysis of attack patterns).

10. Website analytics (Burst Statistics)

We use the Burst Statistics plugin to obtain statistical analyses of the use of our website and to improve our offering. Burst Statistics is designed to be privacy-friendly.

Data processing: According to the provider, visitor data (such as pages visited, country of origin – derived from the IP address, referrer, browser/device type) is collected in anonymised or pseudonymised form and stored locally on our web server. By default, no cookies requiring consent are set and no data is transferred to external Burst Statistics servers. IP addresses are generally stored in anonymised form.
Purpose: Statistical analysis of user behaviour to optimise the website.
Legal basis: Insofar as the data is processed exclusively in anonymised or strongly pseudonymised form, no cookies are set and no data is transferred to third parties, we base the processing on our legitimate interest in analysing and improving our website pursuant to Art. 6(1)(f) GDPR.
Storage period: The statistical data is deleted when it is no longer required for analysis purposes or after a period configurable in the plugin.

11. Google Fonts

We use so-called web fonts provided by Google on our website for the uniform display of typefaces. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

Data processing: For this purpose, your browser must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. Other information such as browser type and version may also be transmitted.
Purpose: Uniform and appealing presentation of our online offerings.
Legal basis: Google Fonts are used on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, which you can give via our cookie banner. Without your consent, Google Fonts will not be loaded (standard fonts may be displayed instead).
Recipients / third-country transfer: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data may be transferred to Google servers in the USA. The data transfer to the USA is based on the EU Commission’s adequacy decision regarding the EU-US Data Privacy Framework (DPF), under which Google is certified, and additionally on Standard Contractual Clauses (SCCs) of the European Commission.
- Google’s privacy policy: https://policies.google.com/privacy?hl=en

12. Google reCAPTCHA

We use „Google reCAPTCHA“ (hereinafter „reCAPTCHA“) on our website. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. We use reCAPTCHA v2 with the checkbox („I’m not a robot“).

Purpose: reCAPTCHA is used to check whether data entry on our website (e.g. in the newsletter registration form) is carried out by a human or by an automated program. To this end, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the area with reCAPTCHA or clicks the checkbox.
Data processing: For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, time spent by the website visitor on the website, mouse movements made by the user, information about the browser and operating system, Google cookies that have been set). The data collected during the analysis is forwarded to Google.
Legal basis: reCAPTCHA is used on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG (for cookies and data collection), which you can give via our cookie banner. It is only embedded after you have given your consent.
Recipients / third-country transfer: The recipient of the data is Google Ireland Limited or the parent company Google LLC in the USA. The data transfer to the USA is based on the EU Commission’s adequacy decision regarding the EU-US Data Privacy Framework (DPF), under which Google is certified, and additionally on Standard Contractual Clauses (SCCs).
- Further information on Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en as well as https://www.google.com/recaptcha/about/
Importance of consent: Due to the extensive data collection and the transfer to the USA, your active consent is mandatory.

13. No comment function / Akismet

Our website currently does not offer a public comment function. The Akismet Anti-Spam plugin is therefore not active or is not used for processing comment data.

14. Sale of products (external)

Our e-books, books and audiobooks are currently sold via external platforms. The respective privacy policies of the platform operators apply to data processing on these external platforms. We may receive data from these platforms for the purpose of contract processing (e.g. buyer name, products purchased), which we process to fulfil our contractual and tax obligations (legal basis: Art. 6(1)(b) and (c) GDPR).

15. Data processing in the context of business relationships

We process personal data of business partners, service providers, platform operators and their contact persons (e.g. name, contact details, role, contract and billing data, correspondence) for the initiation, performance and settlement of contracts (Art. 6(1)(b) GDPR) and on the basis of our legitimate interest in the efficient management of our business relationships (Art. 6(1)(f) GDPR). Insofar as we are legally obliged to do so, we transfer data to authorities, in particular to tax authorities, and to our tax advisor (Art. 6(1)(c) GDPR).

For email communication, document management and file storage, we use Google Workspace (including Gmail, Google Drive and Google Groups) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, data may be transferred to servers of Google LLC in the USA; this transfer is based on the EU Commission’s adequacy decision regarding the EU-US Data Privacy Framework (DPF), under which Google is certified, and additionally on Standard Contractual Clauses (SCCs). We have concluded a data processing agreement (Cloud Data Processing Addendum) with Google pursuant to Art. 28 GDPR. We store business records in accordance with the statutory retention periods (Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB): six or ten years).

16. Publication of book content

We publish some of the content of our books on the website. When you simply read this content, no personal data is collected beyond the data mentioned under Section 4 (server log files) and Section 5 (cookies).

17. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as enquiries you send to us, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the padlock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot, as a rule, be read by third parties.

18. Your rights as a data subject

As a data subject, you have various rights under the GDPR:

Right of access (Art. 15 GDPR): You have the right to request information about your personal data processed by us.
Right to rectification (Art. 16 GDPR): You have the right to request the immediate rectification of inaccurate personal data concerning you.
Right to erasure („right to be forgotten“) (Art. 17 GDPR): You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data.
Right to notification (Art. 19 GDPR): If you have asserted your right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom your data has been disclosed accordingly.
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent you have given at any time. As a consequence, we may no longer continue the data processing that was based on this consent in the future. The lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal is not affected by the withdrawal.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. The supervisory authority responsible for us is generally the data protection authority of the German federal state in which we are established (Saxony). A list of the German data protection authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

To exercise your rights, please use the contact details given under Section 1.

19. Duration of data storage

We only store your personal data for as long as is necessary for the purposes for which it was collected (e.g. duration of the contractual relationship, handling of your enquiry) or as long as another legal basis for storage exists (e.g. statutory retention periods under German commercial or tax law, Section 147 AO, Section 257 HGB). Once the purpose no longer applies or the statutory periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions. Specific storage periods are, where possible, stated in the respective sections of this policy.

20. Note on online dispute resolution

The European Commission provides a platform for online dispute resolution (ODR): http://ec.europa.eu/consumers/odr/. You can find our email address above in the legal notice and under Section 1. We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

21. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time with effect for the future, in particular in the event of changes to the legal situation, case law or our processing operations. The current version can always be found on our website. Please check the content of our Privacy Policy regularly.