Who we are
Macmillan Distribution (MDL) is a trading division of Macmillan Publishers International Limited, which is part of the Holtzbrinck Publishing Group.
Macmillan Publishers International Limited ("we", "us", or "our") is a "data controller" for the purposes of the EU General Data Protection Regulation, the UK General Data Protection Regulation and the Data Protection Act 2018 (as amended from time to time) ("Data Protection Law"). This means that we are responsible for and control the processing of your personal information (which means information that identifies you or could identify you).
Although we generally act as a "data controller", in circumstances where we distribute books on behalf of our Client Publishers we do so in the capacity as a "data processor". Please refer to the section entitled "Circumstances where we act as a data processor" below for further information.
We are committed to protecting your personal information and being transparent about the personal information we hold and how we use it. This Privacy Notice describes the ways in which we collect and use your personal information in connection with the Macmillan Distribution (MDL) business. It also tells you about your rights and how the law protects you. For full details about how to get in touch with us see the "How to contact us" section below.
Please note that separate privacy notices apply to other trading divisions of Macmillan Publishers International Limited.
Children
This website may contain information about books and products for children but it is directed at adults, not children and we do not knowingly collect personal information from children through this website.
Personal information we hold and how we use it
The personal information which we hold and how we use it will depend on our relationship with you. To find out more, please go to the sections of this Privacy Notice which relate to you.
Individual and Trade Customers
Personal information we collect about individual and trade customers
This section applies to our individual customers, trade customers (including individuals associated with our trade customers), as well as other individual order receipts such as book reviewers and authors.
As an individual or trade customer, we will collect your personal information primarily in connection with your orders or orders which have been placed on your behalf. The personal information which we collect about you may include:
- Your name and contact details (including your personal or business email address, delivery address and telephone number) and country of residence.
- Your organisation, job title and details about your role.
- Financial and payment details including credit or debit card number and billing address where this is provided to us.
- Records of your order history and/or orders which you have placed on behalf of your organisation.
- Your preferences in receiving direct marketing from our Client Publishers.
- Information you provide when you correspond and communicate with us. For example, if you contact us about your order we will keep a record of that correspondence as well as internal correspondence relating to your query or enquiry.
- Your preferences and feedback relating to our services.
- Your account details (including user ID and password details) if you create an account with us as well as access and permissions settings linked to your account.
- Recordings of telephone calls we have with you.
You may provide this information to us directly, such as over the phone, by email, post or fax, or via our website or we may obtain it from third party sources. For example:
- If you are purchasing or receiving books from one of our Client Publishers we will be provided with your personal information by the relevant Client Publisher. When we process orders on behalf of a Client Publisher we act as a "data processor" of your personal information. Please refer to the section entitled "Circumstances where we act as a data processor" below for further information.
- When you place an order or an order is placed on your behalf via a third party service provider to the book industry such as PubEasy, Nielsen BookNet or Trisoft, we will be provided with your personal information by these providers.
- We may receive information about your delivery from our delivery service providers, such as information confirming delivery status and your signature (i.e. where you have signed to confirm receipt of the products which we have delivered to you).
- We use publicly available sources to obtain contact details for business purposes and may collect information about you from your organisation's website.
- We may receive credit information about you where we have conducted a credit reference check on you or your organisation.
How we use your personal information - Individual and Trade Customers
We use personal information of individual and trade customers for the following purposes:
- To fulfil orders which you have placed or which have been placed on your behalf and to notify you of the status of your order and to contact you if there is a problem with your order.
- To provide customer service and support and deal with enquiries.
- To carry out research about engagement with our website, services, and the publishing and distribution industry generally.
- To communicate with you about our services and changes to our services and policies.
- To administer, manage and develop our business and improve the services we offer to our customers.
- To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.
- To enable us to comply with our policies and procedures, enforce our legal rights and process any claims we receive.
Circumstances where we act as a "data processor"
Please note that as well as distributing books on behalf of Macmillan Publishers MDL also distributes books on behalf of third party Client Publishers. When we distribute books on behalf of our Client Publishers we will be acting as a "data processor" of customer data. This means that we process customer data on behalf of the relevant Client Publisher and follow their instructions in doing so. In these circumstances the relevant Client Publisher is responsible for ensuring that your personal information has been collected and provided to us in accordance with Data Protection Laws. Please refer to the Privacy Notice of the Client Publisher whose goods you have ordered or are receiving for further information about their specific privacy practices.
Client Publishers
Personal information we collect about Client Publishers
This section applies to our Client Publishers (including individuals associated with our Client Publishers and sales representatives placing orders on behalf of our Client Publishers). The information which we collect about our Client Publishers includes:
- Your name and contact details (including your business email address, delivery address and telephone number) and country of residence.
- Your organisation, job title and details about your role.
- Your account details (including user ID and password details) if you create an account with us as well as access and permissions settings linked to your account.
- Information you provide when you correspond and communicate with us. For example, if you contact us about an order we will keep a record of that correspondence as well as internal correspondence relating to your query or enquiry.
- Your preferences and feedback relating to our services.
- Recordings of telephone calls we have with you.
You may provide this information to us directly or we may obtain it from third party sources. For example we use publicly available sources to obtain contact details for business purposes and may collect information about you from your organisation's website. We may also be provided with your contact details if you are referred or recommended to us by a third party.
How we use your personal information - Client Publishers
- To make deliveries on behalf of your organisation and fulfil our contractual obligations to your organisation as a logistics services provider.
- To provide customer service and support and deal with enquiries or complaints.
- To communicate with you about our services and changes to our services and policies.
- To carry out research about engagement with our website, products, services, and the publishing and distribution industry generally.
- To administer, manage and develop our business and improve the services we offer to our Client Publishers.
- To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.
- To enable us to comply with our policies and procedures, enforce our legal rights and process any claims we receive.
Suppliers and service providers
Personal information we collect about our suppliers and service providers
This section applies to our suppliers and service providers (including individuals associated with our suppliers and service providers). As a supplier or service provider we will collect your personal information in the course of our business dealings with you. The nature of the information which we collect will depend on our relationship with you and may include:
- Your name and contact details (including your business email address, delivery address and telephone number) and country of residence.
- Your job title, organisation and details about your role.
- Feedback on the service which you or your organisation are providing to us.
- Financial and/or payment details, including proof of bank details and taxation information.
- Information you provide when you correspond with us, for example, if you contact us via email, telephone, or post we will keep a record of that correspondence as well as internal correspondence relating to your enquiry.
You may provide this information to us directly, for example when you negotiate and/or enter into a contract with us for you or your organisation to provide products or services to us, or we may obtain it from third party sources. For example:
- We use publicly available sources to obtain contact details for business purposes and may collect information about you from your organisation's website.
- We may be provided with your contact details if you or your services are referred or recommended to us by a third party.
- In certain circumstances we use a third party provider to conduct due diligence on our suppliers. This may lead to us being provided with personal information relating to criminal convictions and offences (such as fraud or bribery) and other information relevant to our decision as to whether to conduct business with you or your company. This information is obtained from publically available sources.
Special categories of personal information - suppliers and service providers
Data Protection Law recognises that certain categories of personal information are more sensitive. These are known as “special categories” of personal information and include information such as your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, information about your health, or alleged commission or conviction of criminal offences.
We do not routinely collect special categories of personal information from our suppliers and service providers although, it is possible that you may provide this type of information to us voluntarily or we may receive information about criminal convictions from publically available sources when carrying out due diligence on our suppliers. If we are provided with any special categories of personal information we will treat that information with extra care and confidentiality and always in accordance with Data Protection Law and this Privacy Notice.
How we use your personal information - suppliers and service providers
We use personal information of our suppliers and service providers for the following purposes:
- To administer and develop our business and manage our relationship with our suppliers and service providers.
- To receive services from you or your organisation and to pay you in respect of those services, for example where a supplier is providing us with IT or other outsourced services we will handle personal information about the individuals who are involved in providing the service to us.
- To monitor services provided for quality purposes.
- To correspond with you in connection with the services which you or your organisation is providing to us.
- To respond to queries and enquiries.
- To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.
- To enable us to comply with our policies and procedures, enforce our legal rights and process any claims we receive.
Visitors to our website
Personal information we collect about visitors to our website and how we collect it
As a visitor to our website we will receive personal information from you when you correspond with us, such as via our online contact forms and online chat functionality. When you communicate with us using these methods, we will keep a record of that correspondence as well as internal correspondence relating to your enquiry.
When you visit our website we also collect certain information about you automatically, including information about how you use our website and the device that you use to access our website. The information we collect might include your Internet Protocol (IP) address, geographical location, device information, browser type, referral source, length of visit to the website, number of page views, the search queries you make on the website and similar information. This information may be collected by cookies or by third-party website analytics service providers on our behalf. For more information on cookies and what you can do to disable certain cookies on our website, please refer to our Cookies Policy.
How we use your personal information - visitors to our website
We use the personal information of visitors to our website for the following purposes:
- To provide you with convenient and optimal access to our website.
- To administer, test, support and maintain this website, assist us in diagnosing technical problems and deal with enquiries or complaints about the website.
- To assess what website content is popular and perform analytics and analysis on how people are using our website and to evaluate and improve people’s experience of our website.
- To communicate with you in connection with your requests and enquiries and about changes to our policies.
- To ensure that our site works properly on your device, for example if you’re looking at it on a mobile phone we change our website to make it work better for you.
- To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.
- To enable us to comply with our policies and procedures, enforce our legal rights, process any claims we receive in connection with our products, services or the website and enforce the usage terms of the website.
Visitors to our offices and premises
We collect personal information from visitors to our offices and premises including the date of your visit, your name, contact details, organisation, photograph, arrival and departure time, vehicle registration, host details, the purpose of your visit and information about any specific requirements you may have. We collect this information to facilitate your visit, to ensure building security and for safety reasons in the event of an emergency or building evacuation.
We also have security measures in place at our offices and premises, including CCTV. We use CCTV to maintain the security of our premises, prevent and investigate crime, and in the interests of health and safety. The images captured are securely stored and only accessed where necessary (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
In the unlikely event that you have an accident on our premises we will also collect details of the accident in order to comply with relevant health and safety legislation.
In order to meet our legal obligations, we also require visitors to our warehouse who receive a health and safety induction to complete a health and safety visitor form. This form records your name and contact details and serves as a record that you have received our health and safety induction.
Employees, contractors and freelancers
We collect personal information concerning our own personnel as part of the administration and management of our business activities. If you are an employee, contractor, consultant or freelancer, you should refer to the HR Privacy Notice available on the company intranet or otherwise provided to you.
Job applicants
When applying for a role at MDL, applicants should refer to the information made available when applying for the job and our Recruitment Privacy Notice which is available here. [Insert Link to recruitment Privacy Notice]
Sharing your personal information
We may share your personal information with selected third parties, although it is likely that the exact identity of the third parties with whom we share your personal information will change during your relationship with us.
In the case of our individual and trade customers:
- We share customer data (including customer emails and contact details) with delivery service providers (such as DHL and DPD) so that the carrier can contact you directly about your order.
- We share customer data (including customer marketing preferences) with our Client Publishers.
- We share customer and invoice data with suppliers to the book industry such as Batch to enable our trade customers to use services such as Batch Payments or Batch Returns.
We may also share personal information of all groups of individuals with the following categories of third parties:
- Third parties who provide data processing and IT services to us including website hosting providers, data back-up, security and storage providers and cloud-based software providers.
- Other third party service providers who help us run and improve our business. For example providers of warehouse stock management and support services, invoicing and payment service providers, email and task management services and systems providers and debt collection providers.
- Other companies which are related to us through common ownership who provide IT and system administration services and undertake group level reporting.
- Professional advisors such as external lawyers, external auditors, insurance or tax consultants and claims handlers.
- Third parties with whom we may choose to sell, transfer or merge parts of our business or our assets.
- Any other third parties (including regulatory authorities, the police, courts and government agencies) where necessary to enable us to enforce or protect our legal rights, or where such disclosure may be permitted or required by law.
The legal reasons for using your personal information
When we collect and use your personal information, we only do so in accordance with at least one of the legal reasons allowed by Data Protection Law.
One of these is where we need to use your information to perform the contract we have entered into with you such as when we use personal information to fulfil customer orders and pay our suppliers and service providers.
Another is where using your information is necessary to comply with a legal obligation. For instance, where we are ordered by a court or regulatory authority to disclose your personal information.
Another is where we have obtained your specific consent to use your personal information. We generally do not rely on consent when handling personal information although in limited cases, where we consider it appropriate, we may approach you for your consent to a specific data processing activity.
In certain circumstances we may collect and use personal information where this is necessary in our legitimate interests or the legitimate interests of a third party. This broadly means that we can use your personal information if we have a genuine legitimate reason and we are not harming your rights and interests in doing so.
Some examples of our legitimate interests include:
- Administering and managing our business and services, for example when we use personal information in the course of managing our relationships with our customers, Client Publishers and suppliers and responding to queries and enquiries.
- Evaluating and improving our business, products and services. For example when we record telephone calls and carry out research about engagement with our website, services, and the publishing and distribution industry generally.
- Protecting against fraud and other risks to our business, for example when we collect personal information in the course of carrying out due diligence on our suppliers.
- Ensuring network and information security and the security of our premises, for example, when we use CCTV at our premises.
Whenever we process your personal information based on our "legitimate interests" we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance between your rights and interests and ours.
Where we store your personal information
MDL is based in the UK, but we are part of a global publishing group and we also use third party service providers located in other countries to help us run our business. As a result of this we may transfer personal information of individuals located within the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, which is also referred to as the "EEA") outside of the EEA and may also transfer personal information of individuals located within the UK outside of the UK.
Countries outside of the EEA and the UK may not have data protection laws that provide the same level of protection as those within the EEA and the UK and so whenever we transfer your personal information outside the EEA or the UK, we take steps to ensure that all personal information is protected with adequate safeguards, such as by entering into approved standard contractual clauses.
Please contact us if you would like further information on the specific mechanism we use when transferring your personal information out of the EEA or the UK or wish to request a copy of the relevant safeguards which we have put in place.
How we keep your personal information safe
We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, to protect it from improper access, use, disclosure, alteration, destruction and loss.
We have also put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long we hold your personal information
We will retain your personal information for as long as is necessary for each purpose which we use it for. We take a number of factors into account when determining the appropriate retention period for personal information, including the nature of the data, the business purposes for which it was collected, any legal or contractual obligations which require us to retain it and whether retention is necessary for the purpose of exercising or defending our legal rights.
We operate a Personal Data Retention and Disposal Policy. Please contact us if you would like to be provided with the details of the retention periods for specific aspects of your personal information.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Links to other websites
Our website contains links to other websites. Please be aware that this Privacy Notice does not apply to such websites and that we are not responsible for your information that third parties may collect through these websites. We encourage you to be aware of this when you leave our website, and to read the privacy and cookie policies of other sites that collect or use personal information.
Your legal rights
You have various rights in law in respect of the personal information we hold about you which are set out in more detail below:
- Access: You have the right to request confirmation that we are holding your personal information and to access a copy of the personal information that we hold about you. This is known as a “data subject access request” and enables you to check that we are handling your personal information lawfully.
- Correction: You can ask us to change or complete any inaccurate or incomplete personal information we hold about you.
- Erasure: You can ask us to delete or remove your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful reason for keeping it.
- Objection: You can object to our processing of your personal information where we are relying on a legitimate interest if there is something about your particular situation which makes you believe it impacts on your fundamental rights and freedoms.
- Withdraw consent: If you have given us your consent to use your personal information you can withdraw your consent at any time.
- Transfer: You can ask us to provide the personal information which you have provided to us back to you or to a third party in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction: You can ask us to suspend the processing of your personal information, for example if you want to establish its accuracy or where you have objected to our use of it.
If you wish to exercise any of these rights, you can do so by contacting us
Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. If this is the case you will be notified of this at the time of your request. If you make a request we may require specific information from you to help us confirm your identity. This is to ensure that personal information is not disclosed to anyone who does not have the right to receive it.
Where we are acting as a data processor on behalf of a Client Publisher, any requests which we receive to exercise these rights will be passed on to the relevant Client Publisher, who is the "data controller" for these purposes.
If your personal information changes
It is important that the personal information which we hold about you is accurate and current. Please keep us informed if your personal information changes.
If you don't provide us with your personal information
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform our contract with you or we may be prevented from complying with our legal obligations.
Cookies
Our website uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookies Policy.
Complaints
We hope that you won’t ever need to, but if you would like to complain about our use of your personal information, please contact us using the contact details set out below.
You also have the right to lodge a complaint with the competent data protection authority. If you are located in the UK the competent data protection authority is the Information Commissioner's Office ("ICO"). For further information on your rights and how to complain to the ICO, please refer to the ICO website.
How to contact us
Macmillan Publishers International Limited (trading as Macmillan Distribution (MDL)) is a company registered in England. Our company number is 02063302 and our registered office is at: Cromwell Place, Hampshire International Business Park, Lime Tree Way, Basingstoke, Hampshire, RG24 8YJ.
For further information about our privacy practices, to request to exercise any of your privacy rights described in this notice or to make a complaint please write to us using the postal address above (marking your correspondence for the attention of the Legal Team) or send an email to mdlwebeditor@macmillan.co.uk.
Updates to this Privacy Notice
We may make changes to this Privacy Notice from time to time. We will post any changes to on our website and may notify you of any material changes directly.
This Privacy Notice was last updated in 27th November 2023.
(Version 2.3)