BooklyDoo Privacy Policy

1. Who is responsible and contact details

BooklyDoo is a trademark of Porsonal BV, located in Utrecht, the Netherlands, registered with the Chamber of Commerce under number 98892509, and with VAT number NL868689919B01. Porsonal BV acts as the data controller within the meaning of the General Data Protection Regulation (GDPR) and as a provider of AI systems within the meaning of the European AI Act.

In this privacy policy, Porsonal BV is referred to as "we", "us", or "our".

For questions about this privacy policy or about the processing of personal data, you can contact us at hello[at]booklydoo.com

2. Introduction and scope

We attach great importance to the protection of personal data and to transparency about the use of artificial intelligence (AI). This privacy policy describes how we process personal data when you use our website, products and services, including services where AI is used for generating personalized content.

This policy has been drawn up in accordance with the GDPR and the European AI Act and applies to all processing carried out by or on behalf of BooklyDoo.

3. What personal data do we collect

We may collect the following categories of personal data:

• Data you provide to us, such as name, email address, address details, account information and data you enter for product personalization (for example names, texts, preferences and images).
• AI input and context data, including personal data necessary for automatically generating personalized digital or physical products using AI systems.
• Technical and usage data, such as IP address, device type, browser information and data about website usage.
• Additional data, if you participate in promotions, surveys or marketing activities.
• Payment information is not stored by us when external payment service providers are used; we only receive payment confirmation.

4. Purposes of processing

We process your personal data for the following purposes:

• Creating, managing and securing user accounts.
• Processing, generating and delivering personalized digital and physical products.
• Using AI systems to automatically create texts, illustrations and other content based on data you provide.
• Providing editing options so you can review and modify AI-generated content before final ordering.
• Providing communication and customer service.
• Sending functional and service-related messages.
• Analyzing and improving our services and AI functionalities, using only anonymized or aggregated data.
• Marketing activities, where permitted and based on consent where required.
• Complying with legal obligations.
• Preventing fraud, abuse and unauthorized use.

5. Legal bases for processing

Depending on the processing activity, we base our processing on one or more of the following legal grounds under the GDPR:

• Performance of a contract, including the delivery of personalized, AI-generated products.
• Your consent, particularly for processing specific personalization data, images or marketing communications.
• Compliance with legal obligations.
• Our legitimate interest, including improving our services and AI systems, security and fraud prevention, whereby we always make a careful balancing of interests.

6. Sharing personal data with third parties

We do not sell your personal data to third parties. We only share your data when necessary for our services, with your consent, or due to a legal requirement. Possible third parties include:

• Payment and administrative service providers.
• Logistics partners for the delivery of physical products.
• Technology and AI service providers who support us in generating and processing personalized content.
• Hosting, cloud and IT service providers.
• Analysis and marketing partners, where legally permitted.
• Government authorities if legally required.

We enter into data processing agreements with all processors that comply with the GDPR and in which appropriate security and confidentiality measures are established.

7. Retention periods

We do not retain your personal data longer than necessary for the purposes for which it was collected or as required by law. Examples:

• Account data: as long as the account is active or until deletion is requested.
• Order and billing data: in accordance with statutory retention requirements.
• AI-related personalization data and uploads: only as long as necessary for the performance of the contract; thereafter these are deleted or anonymized, unless longer storage is legally required.
• Communication data: as long as necessary for customer service and dispute resolution.

8. Cookies and similar tracking technologies

We use cookies and similar technologies to ensure the operation and security of our website and to gain insight into its use. Non-essential cookies are only placed with your consent. You can adjust your preferences at any time.

9. Security of personal data

We take appropriate technical and organizational measures to protect personal data, including data processed by AI systems, against loss, misuse and unauthorized access. These measures include encryption, access restrictions and secure storage.

In the event of a data incident, we act in accordance with the GDPR and other applicable regulations.

10. Your rights as a data subject

Under the GDPR, you have the following rights:

• Right of access.
• Right to rectification.
• Right to erasure.
• Right to restriction of processing.
• Right to data portability.
• Right to object.
• Right to withdraw consent.
• The right not to be subject to solely automated decision-making, including profiling, if this has legal consequences for you or otherwise significantly affects you.

Requests can be submitted via our contact details. We respond within the legal deadlines.

11. Children's data

We do not knowingly collect personal data from children without consent from a parent or legal representative. If AI-generated products relate to children, personal data is only processed with valid consent and solely for the intended purpose.

12. Changes to this privacy policy

We reserve the right to modify this privacy policy if legislation, AI regulation or our services change. The most current version is always available on our website. We will actively inform you of significant changes.