Books Giant – European Union
Last Updated: 26.2.26
The controller responsible for data processing within the European Union is:
Vsible Online e.U.
Beheimgasse 62/16
1170 Vienna
Austria
Email: info@booksgiant.com
Alternative: info@vsible.online
Vsible Online e.U. is the controller within the meaning of the General Data Protection Regulation (GDPR).
We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
We process only personal data that is necessary for providing the platform, fulfilling contractual obligations, or complying with legal requirements.
Processing is carried out on the basis of:
Art. 6(1)(b) GDPR (performance of a contract)
Art. 6(1)(a) GDPR (consent)
Art. 6(1)(c) GDPR (legal obligation)
Art. 6(1)(f) GDPR (legitimate interest)
When registering an account, we process:
Name
Email address
Child’s age information
Billing information
Order and transaction data
A profile picture is not required.
We process this data for the purpose of providing the platform and performing the contract.
Books Giant is designed for children aged 6–12.
The contractual partner is generally the paying adult (parent or legal guardian).
We process children’s data:
for the performance of the contract with the legal guardian
on the basis of parental consent
Children cannot conclude a paid subscription without access to a payment method.
Users create digital books, texts, and illustrations within the platform.
We store this content exclusively during an active subscription.
After termination or cancellation of the subscription, we delete all content unless it has been voluntarily submitted for publication in the public library.
Administrators access content only when necessary for:
maintenance
error analysis
technical support
Teachers using school accounts have access to the content of the students assigned to them.
Only the book title appears in the public library.
The child’s full name does not automatically appear.
The public library is visible only to logged-in Books Giant users.
Books Giant uses a child-certified AI solution based on Microsoft Azure (text and image generation).
When using AI:
we do not permanently store prompts
no automated decision-making within the meaning of Art. 22 GDPR takes place
no profiling takes place
AI serves exclusively as creative assistance
Users can disable AI features at any time in their account settings.
Processing is carried out on the basis of Art. 6(1)(b) GDPR (contract performance).
Payments are processed via:
Stripe
PayPal
Klarna
Payment data is processed directly by the respective payment service providers.
We do not store full credit card information.
We store:
billing information
transaction numbers
order details
Processing is based on Art. 6(1)(b) GDPR.
We host the platform with Hostinger.
Servers are located within the European Union.
A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider.
We create automated backups to ensure system stability.
Backups are stored for a maximum of 30 days and are automatically deleted thereafter.
We use Google Analytics.
We process Google Analytics data only after prior user consent.
Users may withdraw their consent at any time.
The legal basis is Art. 6(1)(a) GDPR.
Subscription to the newsletter is voluntary.
We use a double opt-in procedure.
The newsletter subscription is independent of account registration.
Users may withdraw their consent at any time.
The legal basis is Art. 6(1)(a) GDPR.
We store personal data:
during an active subscription
until account deletion
in accordance with statutory retention obligations
After account deletion, we delete personal data, except where:
statutory retention obligations apply
technical backups remain (maximum 30 days)
Data subjects have the following rights under the GDPR:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Pursuant to Art. 77 GDPR, data subjects have the right to lodge a complaint with a supervisory authority.
The competent supervisory authority in Austria is:
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Austria
Where service providers outside the European Union are used, data transfers take place exclusively in compliance with the GDPR and appropriate safeguards, such as EU Standard Contractual Clauses.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.
For questions regarding data protection:
