Privacy Policy

Last updated: 9 March 2025

This “Privacy Policy” addresses any processing of personal data by Saga International B.V.("Saga", “us” or “we”) when you access Saga’s platforms, products, services, technologies,and websites (“Platform Services”), or social media, and portals.Saga processes personal data both as a data controller and as a data processor. ThisPrivacy Policy applies when we are the data controller and determine the purpose of theprocessing. When we act as the data processor, the relevant Service Agreement and DataProcessing Agreement apply between Saga and its customers.

1. Individuals who are subject to the processing of personal data

Saga processes personal data related to the following data subjects:

  1. Contact persons with our customers
  2. Contact persons with our suppliers and partners
  3. Users of Platform Services
  4. Website visitors
  5. Participants in seminars, courses, and other events
  6. Job candidates
  7. Individuals sending us requests or who are otherwise in contact with us

2. Purposes, types of personal data, and legal bases

We have listed the typical purposes for our processing of personal data, the categories of personal data we typically process, and the legal bases for the processing below.

2.1 Establishing customer relationships

When contacting a potential customer or onboarding a customer, we will register the contact person’s details in our systems. We primarily gather the name, telephone number, and email address. The basis for this processing is outlined in Article 6(1)(b) GDPR to take steps prior to entering into a direct contract with you or in balancing the interests as outlined in Article 6 (1)(f) GDPR, where our interest lies in entering into an agreement with our customer (if applicable, this is your employer), following up on this agreement, invoicing, and communicating with our customer.

2.2 Suppliers and partners

We process personal data about our contacts at suppliers and partners to manage the contracts and relationships with these entities. We mainly process the names, phone numbers, and email addresses of contact persons at each party. The basis for this processing is outlined in Article 6 (1) (f) GDPR, where our legitimate interest is in fulfilling our agreements and managing our relationships with suppliers and partners.

2.3 The use of Platform Services

When you use our platform, we collect and process certain personal data to provide our services. To access our services, you will need an account. When you or your employer creates your user account, we process personal data such as your name, email address, mobile phone number, role, language preferences, and account credentials. If you are entering into the contract directly with us, then the basis for this processing is to fulfil this contract, in accordance with Article 6(1)(b) GDPR. If your employer has entered into the contract with us, then the basis for this processing is in accordance with documented instructions as part of the data processing agreement, in accordance with Article 28 GDPR.

As you visit, use, and interact with our services, we automatically collect certain technical information about your activities, which are functionally necessary and help secure our Platform Services. Each time you visit our online services, for example, your browser automatically sends us information like your IP address, browser type and settings, the date and time of your request, information about the device you're using to access our online services, the operating system, browser, referring pages, exit pages, and time stamps. The basis for this processing is outlined in Article 6 (1) (f) GDPR, where our legitimate interests are providing our website and in ensuring the security of our Platform Services against fraud or other misuse.  

Additionally, we process how you use and interact with our Platform Services to improve our offerings and your experience. The specific information collected can vary depending on your device type and its settings. We process data such as the features you use, actions you take, your time zone, location, dates and times of access, the amount of time spent within the services, the types and volumes of queries you submit. The basis for this processing is outlined in Article 6(1)(f) GDPR, where our legitimate interest is improving the product or service to make it more efficient and more attractive.

We use various types of cookies and other similar technologies to ensure our Platform Services function effectively and to enhance the user experience.  

We never process any data you upload, download, or otherwise process in the Platform Services beyond what is necessary to provide you with the service itself. These data types are not used for analytical or marketing purposes.

2.4 Cookies on our sagalegal.io website

Our website offers information as an overview of our service offerings. We use various types of cookies and other similar technologies to ensure our website functions effectively and to enhance the user experience.  

Essential cookies are strictly necessary for our website, enabling core functionalities such as page navigation and access to secure areas. Without these cookies, our website cannot function properly. The basis for this processing is outlined in Article 6(1)(f) GDPR, where our legitimate interest is providing our website in a secure and reliable manner; and in accordance with Article 5(3) ePrivacy Directive and subsequent domestic legislation as it is strictly necessary to provide the service explicitly requested by you as the user.  

Analytics cookies are for us to collect information about how visitors use our website, such as which pages are visited, for how long, and what features they interact with. This data helps us understand our website performance, identify areas for improvement, and optimize your experience. The basis for this processing is your consent in accordance with Article 6(1)(a) GDPR.  

You can find more information, manage your cookie preferences, and withdraw your consent through our cookie banner or your browser settings. Please be aware that if you block cookies, there may be functions and services that depend on cookies that you will no longer be able to use.

2.5 Events, seminars, and courses

We organize a variety of seminars, courses, and other events for our clients, partners, students, and other interested individuals. In connection with these events, we collect and process personal data about participants, typically including their name, email address, telephone number, any disclosed food allergies or other preferences, and details such as the company they work for.  

This personal data is processed primarily to manage event registrations effectively and, where appropriate, to accommodate any specific dietary requirements or other preferences participants may have, ensuring a smooth and tailored experience. Should you choose not to provide the requested personal data, we may unfortunately be unable to process your event registration.  

Some events are recorded where the presenter’s image and audio will be captured. If you are an attendee, your name, image or audio may be captured during the session, for example depending on if you put your camera on and unmute yourself. We will inform you in advance about recording.

Our processing of this data is necessary for the performance of a contract with the participant, in accordance with Article 6(1)(b) GDPR and based on a balancing of interests, in accordance with Article 6(1)(f) GDPR, where our legitimate interest lies in being able to provide you and other interested parties with the recording of the event. When we process sensitive information, such as health data pertaining to food allergies, we will explicitly obtain your consent for this specific purpose, aligning with the requirements of Article 9(2)(a) GDPR.

2.6 Recruitment

When you submit a job application to us, we process personal data to evaluate your suitability for a potential position or traineeship. The personal data processed for this purpose typically includes your CV, diplomas, application texts, certificates, and any references you provide, along with any other information you choose to submit within your application. The inability to provide such personal data would prevent us from assessing your application. This processing is based on Article 6(1)(b) GDPR, as it is necessary to take steps at your request with a view to entering into an employment contract. The personal data is primarily obtained directly from you, the applicant, and from any references you have provided.

2.7 Other inquiries

We also receive requests from students, representatives of businesses, public authorities, or private individuals through various channels such as email or telephone. In handling these requests, we may process personal data including your name, telephone number, email address, the subject matter of your request, and any other information you provide in connection with it. Typically, the consequence of not providing such personal data is that we will be unable to process and respond to your request effectively. This processing is based on a balancing of interests, in accordance with Article 6(1)(f) GDPR, where our legitimate interest lies in being able to respond to and follow up on these inquiries. Should a request lead to the establishment of a client relationship or a recruitment process, the personal data will then be processed in accordance with the relevant sections of this policy as outlined above.

2.8 Marketing

We distribute suggestions, event invitations, and other relevant information via email to contact persons registered in our client database and to others who have consented to receive such communications. Recipients of our optional communications can easily unsubscribe from these at any time by using the dedicated link provided within our emails. The legal basis for sending these emails to contact persons at our existing clients is our legitimate interest in maintaining and developing client relationships by providing legal news and relevant information about our services, as outlined in Article 6(1)(f) GDPR and consistent with domestic digital marketing laws. In other contexts, not involving existing client relationships, our marketing communications are based on the consent of the individual concerned, in accordance with Article 6(1)(a) GDPR and consistent with domestic laws.

2.9 Social media

We maintain pages on various social media platforms. If you "like", follow or otherwise engage with our page as a member of the social media platform, we will be jointly responsible with the social media platform provider. For this purpose we have entered into a contract with the platform provider. More information about this processing and your rights follows from the individual platform's privacy policy.

In connection with these pages, we process personal data such as your name, any comments you post, your likes, or any other information you choose to make available to us through these platforms. This processing is conducted based on a balance of interests, as per Article 6(1)(f) GDPR, where our legitimate interest is to effectively manage and utilize social media pages to readily connect with customers and other interested parties.

3. Parties with whom we share personal data

Our suppliers, particularly platform service providers, may process personal data if such data is stored with them or otherwise made accessible to them. These suppliers operate strictly under a data processing agreement and our direct instructions, ensuring they can only use personal data for the purposes we have defined and which are detailed within this privacy policy.  

We do not disclose personal data in any other instances or through any other means beyond what is described in this privacy policy, unless the client explicitly encourages or consents to such disclosure, or if disclosure is legally mandated.  

Your personal data, where we are the data controller, may also be subject to processing or storage outside the EU/EEA. In such circumstances, we ensure sufficient security safeguards in line with Chapter V GDPR, typically achieved through the EU's standard contractual clauses for data transfers or by transferring data to countries that have received an adequacy decision from the European Commission.

4. Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Upon expiry of the retention period, personal data shall be securely deleted or anonymized. This essentially means the following:

  1. Contact persons with our customers: Is retained for the duration of the active customer relationship, and then for 7-10 years after the relationship ends for financial and contractual records, or 1-3 years for general communication data not subject to specific legal retention periods, unless consent for marketing is maintained.
  2. Contact persons with our suppliers and partners: Is retained for the duration of the active relationship, and then for 5 years after the relationship ends for financial and contractual records, or 1-3 years for general communication data not subject to specific legal retention periods.
  3. Users of Platform Services: Is retained as long as the account is active; upon deactivation or deletion, core account data is typically held for 30-90 days for recovery, with transaction data related to accounting or reporting for 5 years, and anonymized usage data retained for longer periods for service improvement.
  4. Participants in seminars, courses, and other events: Data of event participants is retained for 1-3 years after the event to handle post-event queries and feedback, with financial transaction data retained for 5 years, and marketing consent honored until withdrawn.
  5. Job candidates: Personal data for unsuccessful job candidates is retained up to 1 year after the recruitment process concludes, or up to 2 years with explicit consent for future opportunities.
  6. Individuals sending us requests or who are otherwise in contact with us: Personal data from individuals sending us requests or otherwise in contact is retained for 6 months to 1 year after the inquiry is resolved, or longer if the inquiry leads to a potential business relationship.

For activities that occur based on your consent, we delete your personal data after you withdraw your consent, unless there is another legal basis requiring us to retain it longer.

5. Your data protection rights

Under prevailing data protection regulations, you possess a range of rights concerning your personal information. We have outlined these rights below for your understanding. Should you wish to exercise any of these rights, please contact us.

5.1 Revocation of consent

If you have previously permitted us to send you suggestions, invitations to events, or similar communications via email, you have the option to revoke this consent at any time, usually by clicking the opt-out link contained within. Any other instances where you have given consent to process your personal data can also be revoked at any time with effect for the future by contacting us directly. The revocation does not affect the lawfulness of the processing until revocation.

5.2 Right of access

You are entitled to request access to the personal data we hold about you, provided that this does not conflict with our obligations of confidentiality or adversely affect the rights of others. To safeguard against unauthorized disclosure and ensure that personal data is provided to the correct individual, it may be necessary for your identity to be verified prior to fulfilling the request.

5.3 Correction and deletion

You have the right to request that we rectify any inaccurate personal data pertaining to you or that we erase your personal data. While we endeavor to fulfill all requests for data deletion whenever feasible, we may be unable to do so if compelling legitimate grounds exist for retaining the data. An example of such a reason would be our legal obligation to store certain personal data for documentary purposes.  Please be aware that the deletion of data related to the operation of our Platform Services may consequently impair our ability to provide those services to you.

5.4 Restriction of data processing

In certain circumstances, you may request that we temporarily suspend the processing of your personal data. This may happen if you claim that your personal data is inaccurate, in which case you can ask for a restriction on processing while we verify its accuracy Additionally, if the processing of your personal data is considered unlawful, you have the right to request that its processing be limited instead of having the data deleted entirely. A restriction can also be requested if we no longer need your personal data for its original purpose, or if you formally object to the processing of your personal data as described in the following section.

5.5 Objection to data processing

You retain the right to object to the processing of your personal data for direct marketing activities at any time. Additionally, you may object to the processing of your personal data that is based on legitimate interest in accordance with Article 6 (1) (f) GDPR, especially when such objections are based on your specific situation. Unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, fundamental rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims, we will stop processing the personal data.

5.6 Data portability

In certain situations, you may have a general right to request the transfer of your personal data to another legal entity or controller in a widely used, machine-readable format. When technically feasible, we can assist with the direct transmission of this personal data to the designated organization.

5.7 Lodging a complaint regarding the processing

If you have any concerns or would like to file a complaint regarding our handling of your personal data, please reach out. Alternatively, you can submit a formal complaint directly to the appropriate data protection authority.

6. Safeguarding personal data

We have implemented a range of technical and organizational security measures to ensure that all personal data is handled in a secure and protected manner. Our commitment involves conducting regular evaluations of the security protocols across all systems utilized for personal data management. Furthermore, we have established contractual agreements with the suppliers of these systems, obligating them to uphold an adequate and robust level of data security.

7. Revisions to this privacy policy

This privacy policy will undergo periodic revisions and updates. Where necessary, we will seek or refresh consents. The most current version of our privacy statement will always be readily accessible on our official website.

8. Contact details

Please contact us if you have any questions or wish to exercise your rights. Our contact details are as follows:


Email: privacy@sagalegal.io

Saga International B.V.

CoC: 95742506

Prins Bernhardplein 200

1097 JB, Amsterdam

The Netherlands

Careers
Copyright @ 2026 Saga International B.V. All rights reserved
Prins Bernhardplein 200, 1097 JB, Amsterdam
Privacy Policy

We use cookies to enhance your experience,
and analyse site traffic. Read our Privacy Policy.

PreferencesDeclineAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences