Terms and Conditions of Service
Welcome to the PDM website. Pro Delivery Manager Ltd and its partners provide their services to you subject to the following notices, terms, and conditions.
All content included on this site, such as text, graphics, logos, button icons, images, audio clips, and software, is the property of Pro Delivery Manager Ltd or its content suppliers and protected by European and international copyright laws. The compilation (meaning the collection, arrangement, and assembly) of all content on this site is the exclusive property of Pro Delivery Manager Ltd and protected by European and international copyright laws. All software used on this site is the property of Pro Delivery Manager Ltd or its partners and protected by European and international copyright laws. The content and software on this site may be used as an information resource. Any other use, including the reproduction, modification, distribution, transmission, republication, display, or performance, of the content on this site is strictly prohibited.
Pro Delivery Manager are registered trademarks of Pro Delivery Manager Ltd. Pro Delivery Manager graphics, logos, and service names are trademarks of Pro Delivery Manager Ltd. Pro Delivery Manager 's trademarks may not be used in connection with any product or service that is not Pro Delivery Manager`s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Pro Delivery Manager Ltd. All other trademarks not owned by Pro Delivery Manager Ltd that appear on this site are the property of their respective owners, who may or may not be affiliated with or connected to Pro Delivery Manager Ltd.
Use of Site/App
This site or any portion of this site/app may not be reproduced, duplicated, copied, sold, resold, or otherwise exploited for any commercial purpose that is not expressly permitted by Pro Delivery Manager Ltd. Pro Delivery Manager Ltd and its partners reserve the right to refuse service, terminate accounts, and/or cancel orders in its discretion, including, without limitation, if Pro Delivery Manager Ltd believes that customer conduct violates applicable law or is harmful to the interests of Pro Delivery Manager Ltd and its partners. Customers must be registered with the relevant governance office for data protection purposes and use the service in accord with their guidelines.
Use of your Information
The information collected during the sign up process will only be used for the purpose of forming the contract to provide the service, for sending you service updates, and for technical support. The data obtained, including any personal information, will also be made available to a third party and co-owner of Pro Delivery Manager Ltd: the NPA (National Pharmacy Association). The NPA has informed us that they will restrict use of your information to providing support and marketing.
Unless otherwise instructed, data on dormant accounts will be stored for a maximum of five years after the last entry in line with applicable legislation.
Our site employs the use of the Google Analytics service for purpose of technical support and development.
For further details please see our Data Protection & Security Policy.
If you require any further information then please contact our Data Protection Officer, Catherine Moulder-Jones, at firstname.lastname@example.org or Gary Jones, at GDPRsupport@prodeliverymanager.com
Processor (Pro Delivery Manager Ltd, PDM) – Controller (Contractor) Contract
The Subject matter: - The Controller (Client) and the Processor(PDM) have entered into a services and software licence agreement which the Processor provides certain services to the Controller. This Agreement is for the purposes of ensuring compliance with all relevant Data Protection Acts.
The Processor: - PDM Ltd a company incorporated in England and Wales with company number 09112990 whose registered office is at Bull House, 15 Heol Pen'Rallt, Machynlleth, SY20 8AG, United Kingdom.
Duration: - Agreement takes effect for the Term.
Data processing: - Process the Data (on behalf of Controller) exclusively for the provision of the Services provided by PDM during the Term. The Parties acknowledge and agree that the Controller shall be responsible as the controller and the Processor shall be responsible as the processor.
Its Purpose: - Schedule A
- Scheduling of orders
- Organisation of order tasks
- Logging of task outcomes
- Routing of task
- Management and tracking of delivery drivers
Type of personal data: - Schedule B
- Email address
- Postal address
- Age/date of birth
- Telephone number
- Marital status
Categories of data subjects: - Schedule C
- NHS reference number
- NHS exemptions (for pharmacy contractors)
The obligations and rights of the Data Processor -
- Comply with its obligations as a Processor under all relevant Data Protection Acts; The processing of data as instructed by the controller.
Process only on the written instructions of the controller: -
- Process the Data (on behalf of Controller) exclusively for the provision of the Services and for the purposes which are set out at Schedule A;
- Insofar as it is reasonably possible and lawful to do so, process the Data solely in accordance with the instructions of Controller as notified in writing in advance by the Controller, except as required/permitted to do otherwise by European Union law or the laws of any member state to which the Processor is subject, and (where permitted) the Processor will inform the Controller of such;
Duty of Confidence: -
- Take reasonable steps to ensure that each of its employees, officers, representatives, advisers and/or subcontractors engaged in processing the Data ("Representatives") will be informed of the confidential nature of the Data and are under an obligation to keep the Data confidential;
Data Retention Controls: - Schedule D
- Provided that the contract has not been terminated the data retention provisions are as follows.
- The default retention period for data entered into the system is indefinite.
- The retention period for Customer Order records is 7 years.
- The retention period for Photos is 7 years.
- The retention period for Customer and User Event records (such as user tracking) is 12 months.
- The Controller is able to choose the retention period for certain types of data entered into the system. These are defined as follows:
- Customer Order records - Minimum retention period: 2 years. Maximum retention period: 7 years
- Photos - Minimum retention period: 1 week. Maximum retention period: 7 years
Appropriate security measures: - Schedule E
- Organisational Security Measures, which the Controller and the Processor agree to be appropriate for the purposes of this Agreement.
|Domain||Action Schedule E|
|Code of practice||
|Operations management protection||
|Data transmissions application-server||
|Relocation of databases between web servers||
|Data protection governance||
|Data protection officer||
Using Sub-processors: - Schedule F
|IB Computing||Development; Technical support||UK|
|Theoc Software Ltd||Development; Technical support||UK|
|Cloudflare||Network security and caching||International data centres|
- The Controller hereby grants to the Processor authorisation to sub-processer its processing functions as it deems necessary in respect of Processing the Data pursuant to this Agreement to any of the third parties listed at Schedule F
- The Processor will inform the Controller of any intended changes concerning the addition or replacement of sub-processer from schedule F. The Controller can object to the addition of a Sub-Processer and thus terminate the Agreement
- The sub-processor will have the contract terms that are required by Article 28.3 of the GDPR on the sub-processor
- PDM will ensure the compliance of the sub-processor
Data subjects rights: -
- At the cost of the Controller, insofar as reasonably possible and practicable to do so, assist the Controller in complying with the rights of the Data Subjects as set out in the Data Protection Acts
Assisting the controller: - the Processor will
- Take reasonable steps to ensure that each of its employees, officers, representatives, advisers and/or subcontractors engaged in processing the Data ("Representatives") will be informed of the confidential nature of the Data and are under an obligation to keep the Data confidential; not Process or transfer any Data outside the European Economic Area (“EEA”) without the prior written consent of the Controller;
- Without due delay, notify the Controller of any actual Security Breach which does actually affect the Data, after becoming aware of such Security Breach;
- At the cost of the Controller and on reasonable notice during Normal Business Hours, give commercially reasonable assistance to the Controller, in ensuring compliance with the Controller's obligations under the Data Protection;
- Insofar as it is reasonably possible and lawful to do so, process the Data solely in accordance with the instructions of Controller as notified in writing in advance by the Controller, except as required/permitted to do otherwise by European Union law or the laws of any member state to which the Processor is subject, and (where permitted) the Processor will inform the Controller of such.
- If the Processor cannot meet the requirements of the controller then the controller needs to cease processing. The data will be maintained until further instructions from the controller
- The Controller hereby agrees that it will comply with its obligations as a Controller under the Data Protection Acts. In particular, the Controller shall ensure that at all relevant times there is a legal basis for Processing in accordance with the Data Protection Acts to enable the Processor (and such members of the Processor's group of companies) to Process the Data and/or Sensitive Data as pursuant to the Services under this Agreement
End of contract provisions: -
- This Agreement shall take effect from the Commencement Date and should continue in full force and effect until the termination or expiry of the Principal Agreement
- This Agreement may be terminated by either the Controller or Processor with immediate effect by notice in writing to the other Party (the "Defaulting Party") if the Defaulting Party is in a material or persistent breach of this Agreement which, in the case of a breach capable of remedy, shall not have been remedied within thirty (30) Business Days from the date of receipt by the Defaulting Party of the written notice specifying this clause, identifying the breach and requiring its remedy
- At the end of the contract all personal data will be deleted within 84 days. The controller has the option to request a copy of the database prior to the date of deletion;
- An exception to this general rule applies if the processor is required to retain the personal data by law
Audits and Inspections:-
- Not more than once in any period of twelve months during the Term, the Processor will, at the cost of and on reasonable notice from the Controller during Normal Business Hours:
- Provide all information necessary;
- Permit the Controller (or any auditor acting under the authority of the Controller) to carry out an audit or inspection (to demonstrate the Processor's compliance with its obligations with the Data Protection Acts PROVIDED HOWEVER that any information obtained by the Controller in connection with or in the course of any such audit and any such information provided to or obtained by the Controller shall be maintained by the Controller in the strictest confidence, shall be used solely for the purposes of ensuring that the Processor is complying with its obligations as a Processor under the Data Protection Acts and shall not be used or disclosed for any other purpose)
Notice of Change:-
- The Processor may update or amend these terms from time to time by notice to you. Every time the Controller wishes to use the Processor’s software or service (as the case may be), it should check these terms to ensure it understands the terms that apply at that time. Unless otherwise agreed in writing with the Processor, the Controller may not vary the terms of this Agreement
Services provided:- Schedule G
- 9:00 – 5:00 Monday-Friday
- Closed bank holidays
- Provide software web based
- Provide access keys
- Updates to fix defects or enhance software and stability
THIS SITE AND APP IS PROVIDED BY PRO DELIVERY MANAGER ON AN "AS IS" BASIS. PRO DELIVERY MANAGER MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE SITE OR THE INFORMATION, CONTENT, MATERIALS, OR PRODUCTS INCLUDED ON THIS SITE. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, PRO DELIVERY MANAGER DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. PRO DELIVERY MANAGER WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE/APP, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES.
This site is created and controlled by Pro Delivery Manager in the United Kingdom. As such, the laws of the State of United Kingdom will govern these disclaimers, terms, and conditions, without giving effect to any principles of conflicts of laws. We reserve the right to make changes to our site and these disclaimers, terms, and conditions at any time.
Pro Delivery Manager.
MR I M G Jones, Talybont Pharmacy, 4 Tyrrel Place, Talybont, Ceredigion, SY24 5HA