With the introduction of the General Data Protection Regulation (GDPR), sellers on Textbookx need to understand their obligations and determine whether or not they need to take steps to comply with the new rules.

If you’re a seller based in the EU, you need to understand the requirements of GDPR and take steps to ensure you comply.
Additionally, you may need to make some changes in how you communicate with buyers and how you process any personal information that you collect.

If you’re a seller based outside of the EU but make your items available to EU buyers, you’ll also need to understand and comply with GDPR.
If you don’t sell to buyers based in the EU, then no action is required.

Keep in mind that the penalties for non-compliance with GDPR can be significant — according to EU rules this can be up to €20m or 4% of annual global turnover, whichever is greater. Under the new law, EU residents can also initiate class-action lawsuits related to the protection and usage of their personal information, so it’s important that you understand and comply with the rules.

You’ll find everything you need to know about GDPR and the steps you need to take in how you collect and process any personal information at the EU's official GDPR website.

How Textbookx has prepared for GDPR

For our part, we’ve updated our User Agreement and our Privacy Center to highlight some of the work we have done to get ready for GDPR.
More specifically, we have:

  • Analyzed, mapped and documented the flow of personal information from the time we collect it to when we destroy it.
  • Designed and implemented enhanced processes to allow users in the EU to exercise their rights, which include accessing, modifying and deleting their personal information. For several years, our policy has been to allow users worldwide to access the personal information that we have about them, even when we have no legal requirement to do so. This policy remains so users outside of the EU can also request this information from.
  • Implemented processes to fulfil the rights of users in the EU, which include access, modification and deletion of their personal information within one month.
  • Redesigned our registration process and privacy consent experience in our products to be more transparent and provide our users with more control.
  • Rolled out privacy-by-design training to teams to incorporate privacy minimization concepts into our engineering processes, and to identify areas where we can improve privacy protections within existing products and services.