Terms and Conditions of Service
Welcome to Pro Delivery Manager website. Pro Delivery Manager and its partners provide their services to you subject to the following notices, terms, and conditions.
All content included on this site, such as text, graphics, logos, button icons, images, audio clips, and software, is the property of Pro Delivery Manager or its content suppliers and protected by European and international copyright laws. The compilation (meaning the collection, arrangement, and assembly) of all content on this site is the exclusive property of Pro Delivery Manager and protected by European and international copyright laws. All software used on this site is the property of Pro Delivery Manager or its partners and protected by European and international copyright laws. The content and software on this site may be used as an information resource. Any other use, including the reproduction, modification, distribution, transmission, republication, display, or performance, of the content on this site is strictly prohibited.
Pro Delivery Manager are registered trademarks of Pro Delivery Manager. Pro Delivery Manager graphics, logos, and service names are trademarks of Pro Delivery Manager. Pro Delivery Manager 's trademarks may not be used in connection with any product or service that is not Pro Delivery Manager`s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Pro Delivery Manager. All other trademarks not owned by Pro Delivery Manager that appear on this site are the property of their respective owners, who may or may not be affiliated with or connected to Pro Delivery Manager.
Use of Site/App
This site or any portion of this site/app may not be reproduced, duplicated, copied, sold, resold, or otherwise exploited for any commercial purpose that is not expressly permitted by Pro Delivery Manager. Pro Delivery Manager and its partners reserve the right to refuse service, terminate accounts, and/or cancel orders in its discretion, including, without limitation, if Pro Delivery Manager believes that customer conduct violates applicable law or is harmful to the interests of Pro Delivery Manager and its partners. Customers must be registered with the relevant governance office for data protection purposes and use the service in accord with their guidelines.
Use of your Information
The information collected during the sign up process will only be used for the purpose of forming the contract to provide the service, for sending you service updates, and for technical support. The data obtained, including any personal information, will also be made available to a third party and co-owner of Pro Delivery Manager: the NPA (National Pharmaceutical Association). The NPA has informed us that they will restrict use of your information to providing support and marketing.
Unless otherwise instructed, data on dormant accounts will be stored for a maximum of five years after the last entry in line with applicable legislation.
Our site employs the use of the Google Analytics service for purpose of technical support and development.
For further details please see our Data Protection & Security Policy.
If you require any further information then please contact our Data Protection Officer, Catherine Moulder-Jones, at firstname.lastname@example.org or Gary Jones, at GDPRsupport@prodeliverymanager.com
Processor (Pro Delivery Manager, PDM) – Controller (Contractor) Contract
The Subject matter: - The Controller (Client) and the Processor(PDM) have entered into a services and software licence agreement which the Processor provides certain services to the Controller. This Agreement is for the purposes of ensuring compliance with all relevant Data Protection Acts.
The Processor: - PDM Ltd a company incorporated in England and Wales with company number 09112990 whose registered office is at 41 Maes Ceiro, Bow Street, Ceredigion, SY24 5BG, United Kingdom.
Duration: - Agreement takes effect for the Term.
Data processing: - Process the Data (on behalf of Controller) exclusively for the provision of the Services provided by PDM during the Term. The Parties acknowledge and agree that the Controller shall be responsible as the controller and the Processor shall be responsible as the processor.
Its Purpose: - Schedule A
- Scheduling of deliveries
- Scheduling of branch collections
- Organisation of deliveries
- Logging of deliveries and branch collection outcomes
- Routing of deliveries
- Management and tracking of delivery drivers
Type of personal data: - Schedule B
- Email address
- Postal address
- Age/date of birth
- Telephone number
- Marital status
- Medication (for pharmacy contractors)
Categories of data subjects: - Schedule C
- Physical health (for pharmacy contractors)
- Mental health (for pharmacy contractors)
- Mobility (for pharmacy contractors)
- Religion (for pharmacy contractors)
- Prescription notes (for pharmacy contractors)
- Maternity (for pharmacy contractors)
- NHS exemptions (for pharmacy contractors)
- Medical data (for pharmacy contractors)
- NHS number (for pharmacy contractors)
- Racial or ethnic origin
The obligations and rights of the Data Processor -
- Comply with its obligations as a Processor under all relevant Data Protection Acts; The processing of data as instructed by the controller.
Process only on the written instructions of the controller: -
- Process the Data (on behalf of Controller) exclusively for the provision of the Services and for the purposes which are set out at Schedule A;
- Insofar as it is reasonably possible and lawful to do so, process the Data solely in accordance with the instructions of Controller as notified in writing in advance by the Controller, except as required/permitted to do otherwise by European Union law or the laws of any member state to which the Processor is subject, and (where permitted) the Processor will inform the Controller of such;
Duty of Confidence: -
- Take reasonable steps to ensure that each of its employees, officers, representatives, advisers and/or subcontractors engaged in processing the Data ("Representatives") will be informed of the confidential nature of the Data and are under an obligation to keep the Data confidential;
Appropriate security measures: - Schedule D
- Organisational Security Measures, which the Controller and the Processor agree to be appropriate for the purposes of this Agreement.
||Action Schedule D
- Mobile devices have to be authenticated to be able to access PDM
- Password protected to log into PDM app. When a courier logs into the delivery manager app, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known courier account a unique access key is generated and returned to the mobile app. Future requests for data access made by the app to the web server are authenticated by the access key
- Users can be logged out remotely and the device black-listed by the system administrator if the device is lost or stolen
- The app has a dedicated lock screen to prevent unauthorised access. The lock screen can be activated manually by the courier at any time. The lock screen is automatically activated after a set period on inactivity within the app
- All data, whether in temporary or persistent memory, is stored in an industry-standard encrypted format which can only be decrypted by the Pro Delivery Manager app. The app source code is encrypted by a security certificate. The app is run in production mode so that it cannot be accessed via debugging tools
- All sensitive data downloaded by the app is stored in a temporary memory area. This means that when the user closes or logs out of the app this data is cleared from the memory storage area. No sensitive data is stored in the device's persistent memory area apart from updates to delivery data that is waiting to be synchronised back to the web server. As soon as any data is synchronised with the web server this data is cleared from the persistent memory area on the device
- Specific admin user setup
- Password protected to log into PDM website via a desktop device
- When a member of staff logs into the online delivery manager website, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known user account a unique session key is generated and returned to web browser. Future requests for data access made by the user to the web server are authenticated by the unique session key
- Client databases hosted in UK data-centre
- Mobile device memory (temporary)
- Computer system at software developer premises (temporary)
|Code of practice
- Data is only stored when it is absolutely necessary to do so
- Data is only stored in a secure environment using industry-standard encryption techniques
- Data is transferred between storage locations only when it is absolutely necessary to do so
- All data that is transferred between storage locations is done so via a certified secure connection
- Only approved individuals who work for IB Computing / Theoc Software Ltd are given any access to the data, and only when their role dictates that this is necessary
- Client databases hosted in UK data-centre
- A separate database is created for each PDM account holder. The database of each account holder thus only contains information relating to their business and customers
- Each database is secured by a strong password. The password is only known by the website services that require access to the data
- The databases are hosted on dedicated servers at Memset, a UK-based data-centre. Please see Memset's security policy for details on how these servers are maintained within a secure environment
- The web servers are maintained by our development team at IB Computing (and their Sub Processor). Memset staff do not have access to the web server consoles. Only selected staff at IB Computing have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing
|Operations management protection
- Hardware firewall at Memset (includes Denial-of-Service attack detection and prevention)
- Software firewall on each server
- Anti-virus software
- Windows Server group policies
- Windows Server user authentication
- IT Management system in place for periodically documenting internet usage, security access, email policy, security policy
|Data transmissions application-server
- Transmission of data between the mobile app and web server
- Transmission of data between the online delivery manager website and web server
- Relocation of databases between web servers
- All data transferred between the mobile app and web server is encrypted using a industry-standard security certificate. The data is encrypted using a 2048-bit key
|Relocation of databases between web servers
- On occasion it may become necessary to transfer a client's database to another web server. On such occasions, the work is carried out by qualified staff at IB Computing. Sensitive data is transferred directly between servers using a secure FTP connection or equivalent
- Login to online delivery manager website by staff at delivery depot
- Login to delivery manager mobile app
- Only selected staff at IB Computing and their approved sub-processors have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing and their approved sub-processors Access Policy
- PDM maintains a record of security privileges of individuals having access to Customer Data. These are reviewed and allocated by DPO. Reviewed every 6 months
- PDM ensures that where more than one individual has access to systems containing Customer Data, the individuals have separate identifiers/log-ins
- Customer support personnel are only permitted to have access to Customer Data when needed
- PDM restricts access to Customer Data to only those individuals who require such access to perform their job function
- We regularly audit all of our systems to ensure that our code of practice is being followed meticulously
- IB Computing carry out an additional regular audit to ensure that all hosted data is secure and has not been compromised
|Data protection governance
- PDM Ltd are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is ZA06570
- IB Computing are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is Z1207765
- Both PDM Ltd and IB Computing have developed their data protection policies in line with the guidance provided by the ICO
- Each client that resisters an account with Pro Delivery Manager should also be registered with the Information Commissioner's Office (or regional equivalent) for Data Protection purposes. This is a requirement stated in our Terms and Conditions of service. We expect our clients to use our services in line with guidance provided by the ICO
|Data protection officer
- Catherine Moulder-Jones
- Director-Chief Executive Officer: Gary Jones, email@example.com
- PDM Ltd have an appropriate procedure in place to deal with security breaches
- All breaches appropriately documented
Using Sub-processors: - Schedule E
||Development; Technical support
|Theoc Software Ltd
||Development; Technical support
- The Controller hereby grants to the Processor authorisation to sub-processer its processing functions as it deems necessary in respect of Processing the Data pursuant to this Agreement to any of the third parties listed at Schedule E
- The Processor will inform the Controller of any intended changes concerning the addition or replacement of sub-processer from schedule E. The Controller can object to the addition of a Sub-Processer and thus terminate the Agreement
- The sub-processor will have the contract terms that are required by Article 28.3 of the GDPR on the sub-processor
- PDM will ensure the compliance of the sub-processor
Data subjects rights: -
- At the cost of the Controller, insofar as reasonably possible and practicable to do so, assist the Controller in complying with the rights of the Data Subjects as set out in the Data Protection Acts
Assisting the controller: - the Processor will
- Take reasonable steps to ensure that each of its employees, officers, representatives, advisers and/or subcontractors engaged in processing the Data ("Representatives") will be informed of the confidential nature of the Data and are under an obligation to keep the Data confidential; not Process or transfer any Data outside the European Economic Area (“EEA”) without the prior written consent of the Controller;
- Without due delay, notify the Controller of any actual Security Breach which does actually affect the Data, after becoming aware of such Security Breach;
- At the cost of the Controller and on reasonable notice during Normal Business Hours, give commercially reasonable assistance to the Controller, in ensuring compliance with the Controller's obligations under the Data Protection;
- Insofar as it is reasonably possible and lawful to do so, process the Data solely in accordance with the instructions of Controller as notified in writing in advance by the Controller, except as required/permitted to do otherwise by European Union law or the laws of any member state to which the Processor is subject, and (where permitted) the Processor will inform the Controller of such.
- If the Processor cannot meet the requirements of the controller then the controller needs to cease processing. The data will be maintained until further instructions from the controller
- The Controller hereby agrees that it will comply with its obligations as a Controller under the Data Protection Acts. In particular, the Controller shall ensure that at all relevant times there is a legal basis for Processing in accordance with the Data Protection Acts to enable the Processor (and such members of the Processor's group of companies) to Process the Data and/or Sensitive Data as pursuant to the Services under this Agreement
End of contract provisions: -
- This Agreement shall take effect from the Commencement Date and should continue in full force and effect until the termination or expiry of the Principal Agreement
- This Agreement may be terminated by either the Controller or Processor with immediate effect by notice in writing to the other Party (the "Defaulting Party") if the Defaulting Party is in a material or persistent breach of this Agreement which, in the case of a breach capable of remedy, shall not have been remedied within thirty (30) Business Days from the date of receipt by the Defaulting Party of the written notice specifying this clause, identifying the breach and requiring its remedy
- At the end of the contract the controller needs to notify the processor within 60 business days either to delete or return to you all the personal data it has been processing for you;
- An exception to this general rule applies if the processor is required to retain the personal data by law
Audits and Inspections:-
- Not more than once in any period of twelve months during the Term, the Processor will, at the cost of and on reasonable notice from the Controller during Normal Business Hours:
- Provide all information necessary;
- Permit the Controller (or any auditor acting under the authority of the Controller) to carry out an audit or inspection (to demonstrate the Processor's compliance with its obligations with the Data Protection Acts PROVIDED HOWEVER that any information obtained by the Controller in connection with or in the course of any such audit and any such information provided to or obtained by the Controller shall be maintained by the Controller in the strictest confidence, shall be used solely for the purposes of ensuring that the Processor is complying with its obligations as a Processor under the Data Protection Acts and shall not be used or disclosed for any other purpose)
Notice of Change:-
- The Processor may update or amend these terms from time to time by notice to you. Every time the Controller wishes to use the Processor’s software or service (as the case may be), it should check these terms to ensure it understands the terms that apply at that time. Unless otherwise agreed in writing with the Processor, the Controller may not vary the terms of this Agreement
Services provided:- Schedule F
- 9:00 – 5:00 Monday-Friday
- Closed bank holidays
- Provide software web based
- Provide access keys
- Updates to fix defects or enhance software and stability
THIS SITE AND APP IS PROVIDED BY PRO DELIVERY MANAGER ON AN "AS IS" BASIS. PRO DELIVERY MANAGER MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE SITE OR THE INFORMATION, CONTENT, MATERIALS, OR PRODUCTS INCLUDED ON THIS SITE. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, PRO DELIVERY MANAGER DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. PRO DELIVERY MANAGER WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE/APP, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES.
This site is created and controlled by Pro Delivery Manager in the United Kingdom. As such, the laws of the State of United Kingdom will govern these disclaimers, terms, and conditions, without giving effect to any principles of conflicts of laws. We reserve the right to make changes to our site and these disclaimers, terms, and conditions at any time.
Pro Delivery Manager.
MR I M G Jones, Talybont Pharmacy, 4 Tyrrel Place, Talybont, Ceredigion, SY24 5HA