Please wait...

Data Protection & Security

We take the responsibility of data protection and security very seriously. For this reason we have developed all of our systems from the ground-up with security foremost. We have put in place a code of practice to ensure integrity at all times and we have a regular programme in place for auditing data security and protection.

For a brief overview of our security and data protection procedures, please see the following video:

 

Our code of practice that governs how we protect and handle sensitive data is based on the following key principles:

  • Data is only stored when it is absolutely necessary to do so
  • Data is only stored in a secure environment using industry-standard encryption techniques
  • Data is never shared with any third-parties
  • Data is transferred between storage locations only when it is absolutely necessary to do so
  • All data that is transferred between storage locations is done so via a certified secure connection
  • Only approved individuals who work for Pro Delivery Manager are given any access to the data, and only when their role dictates that this is absolutely necessary

These key principles are applied in the following ways.

Data Storage

Our latest audit has identified that the storage of sensitive data is limited to the following locations:

  • Client databases hosted in UK data-centre
  • Mobile device memory (temporary)
  • Computer system at software developer premises (temporary)

Further details regarding how and why data is stored at these locations is provided below.

Client databases hosted in UK data-centre

In order to provide our delivery management service we need to store information about your delivery depots, your delivery customers, your scheduled deliveries and courier tracking data (location data) on a web server that is accessible over the Internet.

A separate database is created for each Pro Delivery Manager account holder. The database of each account holder thus only contains information relating to their business and customers.

Each database is secured by a strong password. The password is only known by the website services that require access to the data.

The databases are hosted on dedicated servers at Memset, a UK-based data-centre. Please see Memset's security policy for details on how these servers are maintained within a secure environment.

The web servers are maintained by our development team at IB Computing. Memset staff do not have access to the web server consoles. Only selected staff at IB Computing have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing.

The web servers are protected from unauthorised access by the following technologies:

  • Hardware firewall at Memset (includes Denial-of-Service attack detection and prevention)
  • Software firewall on each server
  • Anti-virus software
  • Windows Server group policies
  • Windows Server user authentication

To mitigate unauthorised intrusion, IB Computing ensure that the servers have the latest security patches an anti-virus software updates applied. For further information on how server security is audited, please see our section on auditing below.

Mobile device memory

In order to use the Pro Delivery Manager app for managing deliveries when there is no Internet data connection available, customer, delivery depot, courier and scheduled delivery information is downloaded to the mobile device when the courier logs in.

All sensitive data downloaded by the app is stored in a temporary memory area. This means that when the user closes or logs out of the app this data is cleared from the memory storage area. No sensitive data is stored in the device's persistent memory area apart from updates to delivery data that is waiting to be synchronised back to the web server. As soon as any data is synchronised with the web server this data is cleared from the persistent memory area on the device.

All data, whether in temporary or persistent memory, is stored in an industry-standard encrypted format which can only be decrypted by the Pro Delivery Manager app. The app source code is encrypted by a security certificate. The app is run in production mode so that it cannot be accessed via debugging tools.

Computer system at software developer premises

If one of our clients requests that we assist with importing their customer database to the online delivery manager system, a member of our development team at IB Computing may temporarily store the data import file provided by our client on their computer system. Once the data has been successfully imported however, such data import files are permanently deleted.

No other sensitive data is stored at IB Computing's premises.

Data Transmission

Our latest audit has identified that the transmission of sensitive data is limited to the following occasions:

  • Transmission of data between the mobile app and web server
  • Transmission of data between the online delivery manager website and web server
  • Relocation of databases between web servers
Further details regarding each of these scenarios is provided below. 

Transmission of data between the mobile app and web server

Data is transmitted over public networks. If the app is permitted to use a mobile data connection then data may be transmitted over the network of mobile carriers. Whatever networks are used for data transmission, data is kept secure at all times by using encryption as described below.

All data transferred between the mobile app and web server is encrypted using a industry-standard security certificateprovided by AlphaSSL. The data is encrypted using a 2048-bit key.

Transmission of data between the online delivery manager website and web server

Data is transmitted over public networks via the user's Internet Service Provider. Whatever networks are used for data transmission, data is kept secure at all times by using encryption as described below.

All data transferred between the online delivery manager website and web server is encrypted using a industry-standard security certificate provided by AlphaSSL. The data is encrypted using a 2048-bit key.

Relocation of databases between web servers

On occasion it may become necessary to transfer a client's database to another web server. On such occasions, the work is carried out by qualified staff at IB Computing. Sensitive data is transferred directly between servers using a secure FTP connection.

Access Control

Our latest audit has identified that access to sensitive data is controlled at the following points:

  • Login to online delivery manager website by staff at delivery depot
  • Login to delivery manager mobile app
  • Login to web server consoles by staff at IB Computing

Further details regarding access control at these points is provided below.

Login to online delivery manager website

When a member of staff logs into the online delivery manager website, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known user account a unique session key is generated and returned to web browser. Future requests for data access made by the user to the web server are authenticated by the unique session key.

The user can log out of the online delivery manager website using the button provided for this purpose. The session key is cleared upon log out.

Login to delivery manager mobile app

 - Click to Zoom

When a courier logs into the delivery manager app, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known courier account a unique access key is generated and returned to the mobile app. Future requests for data access made by the app to the web server are authenticated by the access key.

The app has a dedicated lock screen to prevent unauthorised access. The lock screen can be activated manually by the courier at any time. The lock screen is automatically activated after a set period on inactivity within the app.

The courier can log out of the app by pressing the device's back button (Android only) or by closing the app using the device's task manager.

 

Login to web server consoles

Only selected staff at IB Computing have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing.

Security Auditing

We regularly audit all of our systems to ensure that our code of practice is being followed meticulously.

IB Computing carry out an additional regular audit to ensure that all hosted data is secure and has not been compromised.

Data Protection Governance

Pro Delivery Manager are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is ZA06570.

IB Computing are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is Z1207765.

Both Pro Delivery Manager and IB Computing have developed their data protection policies in line with the guidance provided by the ICO.

Each client that resisters an account with Pro Delivery Manager should also be registered with the Information Commissioner's Office for Data Protection purposes. This is a requirement stated in our Terms and Conditions of service. We expect our clients to use our services in line with guidance provided by the ICO.

Home > Policies > Data Protection & Security
 
 
Sign up today

Download the free app

Download the free Android app
Download the free iOS app