Privacy Policy

1. Data Controller

BoekjesAtelier is based in Houten, the Netherlands, and is registered with the Dutch Chamber of Commerce under number 99671220. BoekjesAtelier is the data controller for the processing of personal data as described in this privacy policy. Contact details: Email: info@boekjesatelier.nl

2. Scope

This privacy policy applies to all users of the BoekjesAtelier service and describes how we handle personal data and images in accordance with the General Data Protection Regulation (GDPR).

3. What data we process

We only process personal data that is necessary to provide our service.

• 3.1 Account data: email address (for registration and authentication), password (encrypted), and address details (for shipping).
• 3.2 Project data: text input, story summaries, character descriptions, and project settings.
• 3.3 Images: uploaded images are not stored permanently on our servers. After processing, they are deleted. A temporary copy may be stored in the user’s browser (local storage) to improve the user experience.
• AI-generated images are stored in secure cloud storage. These images are linked to the user account. Users can submit a deletion request via info@boekjesatelier.nl. Requests are handled within the statutory period of up to 30 days.

4. Legal basis for processing

We process personal data on the basis of:

• Performance of the contract: to provide our photobook service.
• Consent: where applicable.
• Legal obligations: where required.

5. Retention periods

We do not retain personal data longer than necessary for the purpose for which it was collected.

• Account data and project data are retained for as long as the account remains active.
• AI-generated images and project data are retained for as long as the account remains active.
• Users can submit a deletion request by email.
• After account deletion, personal data is removed within a reasonable period unless legal obligations require otherwise.
• Technical logs are retained only temporarily to the extent necessary for security and operational purposes.

6. Use of third parties (processors)

To provide our service, we use external service providers such as cloud storage, hosting, and AI processing providers.

• We select our external service providers carefully and prefer to work with parties that demonstrably comply with internationally recognized security standards, such as SOC 2 or ISO 27001, or comparable standards.

7. Automated processing and AI

BoekjesAtelier uses AI technology to generate images.

• There is no automated decision-making that produces legal effects for users or otherwise significantly affects them.
• AI output is used solely for creative purposes within the user’s photobook project.

8. Data security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure.

• All data transfers take place via encrypted connections (SSL/TLS).
• Access to data is restricted to authorized persons.

9. Data subject rights

Under GDPR, you have the right to:

• Access your personal data.
• Have inaccurate data corrected.
• Have your data deleted.
• Object to processing.
• Request data portability.
• Withdraw your consent at any time.

10. Cookies and local storage

BoekjesAtelier only uses functional cookies, limited analytics cookies, and local browser storage (local storage) that are necessary for the functioning of the service.

• No tracking or marketing cookies are placed without explicit consent.
• Users can clear local storage via their browser settings.

11. Minors

Our service is not specifically directed at children under the age of 16.

• If we become aware that personal data of minors has been processed without valid consent, we will delete that data.

12. Changes

We reserve the right to amend this privacy policy.

• The most current version is always available on our website.

Contact

You can submit a request via info@boekjesatelier.nl. We respond within the statutory period of up to 30 days.