We take the responsibility of data protection and security very seriously. For this reason we have developed all of our systems from the ground-up with security foremost. We have put in place a code of practice to ensure integrity at all times and we have a regular programme in place for auditing data security and protection.
For a brief overview of our security and data protection procedures, please see the following video:
Our code of practice that governs how we protect and handle sensitive data is based on the following key principles:
These key principles are applied in the following ways.
Our latest audit has identified that the storage of sensitive data is limited to the following locations:
Further details regarding how and why data is stored at these locations is provided below.
In order to provide our delivery management service we need to store information about your delivery depots, your delivery customers, your scheduled deliveries and courier tracking data (location data) on a web server that is accessible over the Internet.
A separate database is created for each Pro Delivery Manager account holder. The database of each account holder thus only contains information relating to their business and customers.
Each database is secured by a strong password. The password is only known by the website services that require access to the data.
The databases are hosted on dedicated servers at Memset, a UK-based data-centre. Please see Memset's security policy for details on how these servers are maintained within a secure environment.
The web servers are maintained by our development team at IB Computing. Memset staff do not have access to the web server consoles. Only selected staff at IB Computing have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing.
The web servers are protected from unauthorised access by the following technologies:
To mitigate unauthorised intrusion, IB Computing ensure that the servers have the latest security patches an anti-virus software updates applied. For further information on how server security is audited, please see our section on auditing below.
In order to use the Pro Delivery Manager app for managing deliveries when there is no Internet data connection available, customer, delivery depot, courier and scheduled delivery information is downloaded to the mobile device when the courier logs in.
All sensitive data downloaded by the app is stored in a temporary memory area. This means that when the user closes or logs out of the app this data is cleared from the memory storage area. No sensitive data is stored in the device's persistent memory area apart from updates to delivery data that is waiting to be synchronised back to the web server. As soon as any data is synchronised with the web server this data is cleared from the persistent memory area on the device.
All data, whether in temporary or persistent memory, is stored in an industry-standard encrypted format which can only be decrypted by the Pro Delivery Manager app. The app source code is encrypted by a security certificate. The app is run in production mode so that it cannot be accessed via debugging tools.
If one of our clients requests that we assist with importing their customer database to the online delivery manager system, a member of our development team at IB Computing may temporarily store the data import file provided by our client on their computer system. Once the data has been successfully imported however, such data import files are permanently deleted.
No other sensitive data is stored at IB Computing's premises.
Our latest audit has identified that the transmission of sensitive data is limited to the following occasions:
Data is transmitted over public networks. If the app is permitted to use a mobile data connection then data may be transmitted over the network of mobile carriers. Whatever networks are used for data transmission, data is kept secure at all times by using encryption as described below.
All data transferred between the mobile app and web server is encrypted using a industry-standard security certificateprovided by AlphaSSL. The data is encrypted using a 2048-bit key.
Data is transmitted over public networks via the user's Internet Service Provider. Whatever networks are used for data transmission, data is kept secure at all times by using encryption as described below.
All data transferred between the online delivery manager website and web server is encrypted using a industry-standard security certificate provided by AlphaSSL. The data is encrypted using a 2048-bit key.
On occasion it may become necessary to transfer a client's database to another web server. On such occasions, the work is carried out by qualified staff at IB Computing. Sensitive data is transferred directly between servers using a secure FTP connection.
Our latest audit has identified that access to sensitive data is controlled at the following points:
Further details regarding access control at these points is provided below.
When a member of staff logs into the online delivery manager website, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known user account a unique session key is generated and returned to web browser. Future requests for data access made by the user to the web server are authenticated by the unique session key.
The user can log out of the online delivery manager website using the button provided for this purpose. The session key is cleared upon log out.
When a courier logs into the delivery manager app, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known courier account a unique access key is generated and returned to the mobile app. Future requests for data access made by the app to the web server are authenticated by the access key.
The app has a dedicated lock screen to prevent unauthorised access. The lock screen can be activated manually by the courier at any time. The lock screen is automatically activated after a set period on inactivity within the app.
The courier can log out of the app by pressing the device's back button (Android only) or by closing the app using the device's task manager.
Only selected staff at IB Computing have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing.
We regularly audit all of our systems to ensure that our code of practice is being followed meticulously.
IB Computing carry out an additional regular audit to ensure that all hosted data is secure and has not been compromised.
Pro Delivery Manager are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is ZA06570.
IB Computing are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is Z1207765.
Both Pro Delivery Manager and IB Computing have developed their data protection policies in line with the guidance provided by the ICO.
Each client that resisters an account with Pro Delivery Manager should also be registered with the Information Commissioner's Office for Data Protection purposes. This is a requirement stated in our Terms and Conditions of service. We expect our clients to use our services in line with guidance provided by the ICO.