Privacy Policy

Last Updated: January 2025

At Bookly, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and purchase our products, including children's books, personalized books, and downloadable/printable products.

Bookly is based in Spain and operates within the European Union. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

Personal Information

When you make a purchase or create an account, we may collect:

  • Name and contact information (email address, phone number)
  • Billing and shipping addresses
  • Payment information (processed securely through our payment provider)
  • Order history and purchase details
  • Personalization details for custom books (names, photos, messages)

Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and time spent on our site
  • Referring website addresses

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders for physical books, personalized books, and digital products
  • Create personalized books with your provided content (names, photos, messages)
  • Send order confirmations and provide download links for digital products
  • Communicate with you about your orders and customer service inquiries
  • Send promotional emails and newsletters (with your consent)
  • Improve our website, products, and customer experience
  • Prevent fraud and enhance security
  • Comply with legal obligations under GDPR and EU law

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

  • Contract Performance: To fulfill your orders and provide our services
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)
  • Legal Obligation: To comply with EU and Spanish tax, accounting, and consumer protection laws

4. Digital and Printable Products

For downloadable and printable products:

  • Download links are provided via email after purchase completion
  • We may track download activity to prevent unauthorized sharing
  • Digital products are for personal use only and may not be redistributed
  • We retain records of your digital purchases for customer support purposes

5. Personalized Books and Children's Data

When you order personalized children's books:

  • We collect only the information necessary to create your personalized book (child's name, age, photos if provided)
  • This information is used solely for order fulfillment and is not used for marketing
  • We do not knowingly collect personal information directly from children under 16
  • Parents/guardians are responsible for providing children's information for personalization
  • Personalization data is securely stored and deleted upon request
  • You have the right to request deletion of personalization data at any time

6. Information Sharing and Disclosure

We may share your information with:

  • Payment Processors: To process your transactions securely (GDPR-compliant providers)
  • Shipping Partners: To deliver physical products to you (within EU and internationally)
  • Email Service Providers: To send order confirmations and newsletters (GDPR-compliant)
  • Printing Partners: To fulfill personalized book orders (under strict confidentiality agreements)
  • Legal Authorities: When required by EU or Spanish law or to protect our rights

We do not sell, rent, or trade your personal information to third parties for marketing purposes. All third-party processors are GDPR-compliant and located within the EU or provide adequate data protection safeguards.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your information in accordance with GDPR requirements.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure servers, access controls, and regular security assessments. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain your personal data only as long as necessary:

  • Order Information: Retained for 10 years to comply with Spanish tax and accounting laws
  • Personalization Data: Retained for order fulfillment and deleted upon request or after 2 years of inactivity
  • Marketing Data: Retained until you withdraw consent or request deletion
  • Account Data: Retained until you request account deletion

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and shopping cart items (essential cookies)
  • Analyze website traffic and user behavior (with your consent)
  • Provide personalized content and recommendations (with your consent)

You can control cookies through your browser settings. Essential cookies are necessary for website functionality, while analytics and marketing cookies require your consent under GDPR.

11. Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to data processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time
  • Right to Lodge a Complaint: File a complaint with the Spanish Data Protection Authority (AEPD)

To exercise these rights, please contact us using the information provided below. We will respond within 30 days as required by GDPR.

12. Children's Privacy

While we sell children's books and personalized books for children, our website is intended for use by adults (parents, guardians, gift-givers). We do not knowingly collect personal information directly from children under 16 years of age. Parents and guardians provide children's information (such as names for personalization) on their behalf. If you believe we have inadvertently collected information directly from a child under 16, please contact us immediately so we can delete it.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. For material changes, we may also send you an email notification. Your continued use of our website after changes constitutes acceptance of the updated policy.

15. Contact Us & Data Protection Officer

If you have any questions or concerns about this Privacy Policy, wish to exercise your GDPR rights, or want to contact our Data Protection Officer, please reach out:

Email: hello@booklystore.com

Website: www.booklystore.com

Business Location: Spain, European Union

Spanish Data Protection Authority (AEPD):
If you wish to lodge a complaint about how we handle your personal data, you can contact the AEPD at www.aepd.es

Talk with Us