All books My Books Support Support
Basket

Privacy Policy

This Privacy Policy explains how EUROBOOKSTUDIO OÜ (Estonia), operating under the brand “MagicTale” (“MagicTale”, “we”, “us”, “our”) collects and processes personal data when you use our website and services (the “Service”), and what rights you have.

1. Data Controller

EUROBOOKSTUDIO OÜ (Estonia), registration code 17425011
Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152
Email for data-related inquiries: support@magictale.eu.

2. What Data We Process

  • Account/Order data: first and last name, delivery address, phone number, email (if provided), order contents, amount and payment status (no card data).
  • Communications: support requests, messages sent via contact forms.
  • Technical data (minimal scope): IP address and web server logs necessary for security and content delivery.
  • Personalization materials: uploaded images/texts for books — you confirm you have the rights to use them.

We do not collect or store bank card numbers or similar payment credentials — payment is made directly via the payment provider (e.g., Revolut/Stripe).

3. Purposes and Legal Bases (Art. 6 GDPR)

  • Performance of a contract (Art. 6(1)(b)): accepting orders, personalization, printing and delivery, account management.
  • Legal obligations (Art. 6(1)(c)): accounting and tax reporting, responding to lawful requests from authorities.
  • Legitimate interests (Art. 6(1)(f)): ensuring Service security, fraud prevention, protection of rights and legitimate interests, minimal web analytics at the level of server logs without profiling.

We do not use your data for behavioral advertising and we do not perform profiling.

4. Cookies

By default, this website does not set analytics or marketing cookies. We use only a strictly necessary cookie for security and login.

4.1 Strictly Necessary

  • Name: auth_token (JWT)
  • Category: Strictly necessary (Session/Persistent)
  • Purpose: User authentication and maintaining a session/login
  • Legal basis: performance of a contract / legitimate interest
  • Retention: up to 30 days or until manual logout
  • Controller: MagicTale (EUROBOOKSTUDIO OÜ)
  • Security attributes: HttpOnly, Secure, SameSite=Lax/Strict

4.2 Cookie-less Measurement (Analytics)

For usage statistics, we use Google Analytics 4 in cookie-less mode (Consent Mode v2 with default settings “denied”). In this mode, cookies such as _ga, _gid, etc. are not set, and only aggregated technical signals are sent to improve the website.

  • Cookies: not set by default
  • Provider: Google Ireland Ltd.
  • Legal basis: legitimate interest (aggregated measurement without identifiers)

4.3 Advertising/Remarketing

We do not use marketing cookies by default. Measurement of ads to Meta is performed via a server-side integration (Conversions API), without loading a browser pixel and without setting _fbp. If we enable marketing cookies in the future, we will request explicit consent and may set cookies such as: _fbp (up to 3 months), _gcl_au (~90 days).

4.4 Management

You can delete cookies in your browser settings. If we enable an option like “Allow analytics/marketing cookies” in the future, your choice will apply only after you take an explicit action.

4.5 Transfers of Data Outside the EU

Google and Meta may process data on servers outside the EU (e.g., the USA). We apply Standard Contractual Clauses (SCCs) and additional measures in accordance with the GDPR. Marketing technologies that require cookies will be enabled only with consent.

5. Sources of Data

Data is provided by you during registration/ordering or generated while using the Service (server logs). We do not obtain data from external marketing sources.

6. Disclosure to Third Parties

Our processors may access data only to the extent necessary and under a data processing agreement:

  • hosting / IT infrastructure providers;
  • payment provider (e.g., Revolut/Stripe) — receives the payment data directly from you;
  • courier and postal services;
  • email provider (for transactional emails).

We do not share personal data with third parties for marketing; we do not sell personal data.

7. Cross-Border Transfers

Primary processing is carried out within the EEA. If, for the provision of the Service, a transfer outside the EEA is necessary, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses) and a comparable level of protection.

8. Retention Periods

  • Account and related data — until account deletion or after a period of inactivity according to our internal policy.
  • Orders, invoices, and accounting documents — at least 7 years (in accordance with accounting and tax requirements).
  • Security/access logs — for the minimum period necessary for security and incident investigation.
  • Personalization materials — as long as needed to fulfill the order and provide subsequent support (e.g., reprint), unless you request deletion.

9. Your Rights (GDPR)

You have the right to request: access to your data, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and to object to processing where we rely on legitimate interests. If processing is based on consent, you can withdraw it at any time.

To exercise your rights, contact us at: support@magictale.eu. You may also lodge a complaint with the data protection supervisory authority in your country or in Estonia.

10. Communications

We send only transactional messages (order confirmation, delivery status updates, important security notices). We do not send marketing newsletters without separate consent.

11. Security

We apply organizational and technical measures (including traffic encryption, access controls, data minimization). However, no method of transmission or storage can guarantee 100% security.

12. Children

The Service is intended for adult customers. Accounts for persons under 18 are not created. If you upload images/data of children for personalization, you confirm you have parental authority/consent and the rights to use such materials.

13. Links to External Websites

The website may contain links to external websites/services whose policies we do not control. Please review their privacy policies separately.

14. Changes to This Policy

We may update this Policy. The current version is always available on this page; the update date is indicated at the top.

15. Contact

For questions about privacy and data subject rights: support@magictale.eu.