General Data Protection Regulation

In accordance with General Data Protection Regulation (GDPR) Central Books agree to act in accordance with the provisions of the General Data Protection Regulation (GDPR) and will ensure that all personal data collected and stored on behalf of the publishers we distribute. 

As a distributor handling book and magazine orders on behalf of many publishers we are effectively handling and collecting data on their behalf (that is, when Central Books is acting as a Data Processor on behalf of the Publisher). This data collection is only used for the specific purpose of fulfilling publication orders and will not be kept for longer than is necessary to complete this task. Central Books will keep electronic copies of invoices raised for 7 years in accordance with HMRC rules, after that the detail on invoice relating to the individual will deleted. Central Books will delete personnel data after 3 years where the transactions have only been delivery notes with no financial value and there has been no more recent activity against that person. Central Books further agree to ensure that adequate systems are in place to delete data that is no longer required whether in electronic, archive or paper format. Central Books agree to ensure that adequate security is in place to safeguard all personal data held on behalf of the Publisher; that a process exits to allow individuals the right of access to their personal data and/or the right to erasure; and that a privacy notice is in place to explain how any personal data is collected and used. Central Books will notify any relevant Publisher they work for immediately of any personal data breach leading to the destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

Publishers should be aware of their own responsibilities. If we report a sale to an individual on behalf of the publisher, the publisher can not assume they have permission to contact that individual.