Log In

Terms and Conditions of Service

Welcome to the PDM website. Pro Delivery Manager Ltd and its partners provide their services to you subject to the following notices, terms, and conditions.

Copyright

All content included on this site, such as text, graphics, logos, button icons, images, audio clips, and software, is the property of Pro Delivery Manager Ltd or its content suppliers and protected by European and international copyright laws. The compilation (meaning the collection, arrangement, and assembly) of all content on this site is the exclusive property of Pro Delivery Manager Ltd and protected by European and international copyright laws. All software used on this site is the property of Pro Delivery Manager Ltd or its partners and protected by European and international copyright laws. The content and software on this site may be used as an information resource. Any other use, including the reproduction, modification, distribution, transmission, republication, display, or performance, of the content on this site is strictly prohibited.

Trademarks

Pro Delivery Manager are registered trademarks of Pro Delivery Manager Ltd. Pro Delivery Manager graphics, logos, and service names are trademarks of Pro Delivery Manager Ltd. Pro Delivery Manager 's trademarks may not be used in connection with any product or service that is not Pro Delivery Manager`s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Pro Delivery Manager Ltd. All other trademarks not owned by Pro Delivery Manager Ltd that appear on this site are the property of their respective owners, who may or may not be affiliated with or connected to Pro Delivery Manager Ltd.

Use of Site/App

This site or any portion of this site/app may not be reproduced, duplicated, copied, sold, resold, or otherwise exploited for any commercial purpose that is not expressly permitted by Pro Delivery Manager Ltd. Pro Delivery Manager Ltd and its partners reserve the right to refuse service, terminate accounts, and/or cancel orders in its discretion, including, without limitation, if Pro Delivery Manager Ltd believes that customer conduct violates applicable law or is harmful to the interests of Pro Delivery Manager Ltd and its partners. Customers must be registered with the relevant governance office for data protection purposes and use the service in accord with their guidelines.

Use of your Information

The information collected during the sign up process will only be used for the purpose of forming the contract to provide the service, for sending you service updates, and for technical support. The data obtained, including any personal information, will also be made available to a third party and co-owner of Pro Delivery Manager Ltd: the NPA (National Pharmacy Association). The NPA has informed us that they will restrict use of your information to providing support and marketing.

Unless otherwise instructed, data on dormant accounts will be stored for a maximum of five years after the last entry in line with applicable legislation.

Our site employs the use of the Google Analytics service for purpose of technical support and development.

For further details please see our Data Protection & Security Policy.

If you require any further information then please contact our Data Protection Officer, Catherine Moulder-Jones, at dpo@prodeliverymanager.com or Gary Jones, at GDPRsupport@prodeliverymanager.com

Processor (Pro Delivery Manager Ltd, PDM) – Controller (Contractor) Contract

The Subject matter: - The Controller (Client) and the Processor(PDM) have entered into a services and software licence agreement which the Processor provides certain services to the Controller. This Agreement is for the purposes of ensuring compliance with all relevant Data Protection Acts.

The Processor: - PDM Ltd a company incorporated in England and Wales with company number 09112990 whose registered office is at Bull House, 15 Heol Pen'Rallt, Machynlleth, SY20 8AG, United Kingdom.

Duration: - Agreement takes effect for the Term.

Data processing: - Process the Data (on behalf of Controller) exclusively for the provision of the Services provided by PDM during the Term. The Parties acknowledge and agree that the Controller shall be responsible as the controller and the Processor shall be responsible as the processor.

Its Purpose: - Schedule A

  • Scheduling of orders
  • Organisation of order tasks
  • Logging of task outcomes
  • Routing of task
  • Management and tracking of delivery drivers

Type of personal data: - Schedule B

  • Name
  • Email address
  • Postal address
  • Age/date of birth
  • Location
  • Telephone number
  • Marital status

Categories of data subjects: - Schedule C

  • NHS reference number
  • NHS exemptions (for pharmacy contractors)

The obligations and rights of the Data Processor -

  1. Comply with its obligations as a Processor under all relevant Data Protection Acts; The processing of data as instructed by the controller.

Process only on the written instructions of the controller: -

  1. Process the Data (on behalf of Controller) exclusively for the provision of the Services and for the purposes which are set out at Schedule A;
  2. Insofar as it is reasonably possible and lawful to do so, process the Data solely in accordance with the instructions of Controller as notified in writing in advance by the Controller, except as required/permitted to do otherwise by European Union law or the laws of any member state to which the Processor is subject, and (where permitted) the Processor will inform the Controller of such;

Duty of Confidence: -

  1. Take reasonable steps to ensure that each of its employees, officers, representatives, advisers and/or subcontractors engaged in processing the Data ("Representatives") will be informed of the confidential nature of the Data and are under an obligation to keep the Data confidential;

Data Retention Controls: - Schedule D

  1. Provided that the contract has not been terminated the data retention provisions are as follows.
  2. The default retention period for data entered into the system is indefinite.
  3. The retention period for Customer Order records is 7 years.
  4. The retention period for Photos is 7 years.
  5. The retention period for Customer and User Event records (such as user tracking) is 3 years.
  6. The Controller is able to choose the retention period for certain types of data entered into the system. These are defined as follows:
  7. Customer Order records - Minimum retention period: 6 months. Maximum retention period: 7 years
  8. Photos - Minimum retention period: 1 week. Maximum retention period: 7 years

Appropriate security measures: - Schedule E

  1. Organisational Security Measures, which the Controller and the Processor agree to be appropriate for the purposes of this Agreement.
Domain Action Schedule E
Mobile devices
  • Mobile devices have to be authenticated to be able to access PDM
  • Password protected to log into PDM app. When a user logs into the PDM app, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known user account a unique access key is generated and returned to the mobile app. Future requests for data access made by the app to the web server are authenticated by the access key
  • Users can be logged out remotely and the device black-listed by the system administrator if the device is lost or stolen
  • All data, is transmitted in an industry-standard encrypted format. The app source code is encrypted by a security certificate. The app is run in production mode so that it cannot be accessed via debugging tools
  • All sensitive data downloaded by the app is stored in a temporary memory area. This means that when the user closes or logs out of the app this data is cleared from the memory storage area. No sensitive data is stored in the device's persistent memory area apart from updates to task data that is waiting to be synchronised back to the web server. As soon as any data is synchronised with the web server this data is cleared from the persistent memory area on the device
Web access
  • Password protected accounts are used to log into the PDM web application (PDM Web) via a desktop device
  • When a user logs into PDM Web, their login details are transmitted in encrypted format to the web server hosting the client's database. If the login credentials match a known user account a unique session key is generated and returned to web browser. Future requests for data access made by the user to the web server are authenticated by the unique session key
Data storage
  • Client databases hosted in UK data-centre
  • Mobile device memory (temporary)
  • Computer system at software developer premises (temporary)
Code of practice
  • Data is only stored when it is absolutely necessary to do so. If an account ceases to be used all data (excepting basic company information and billing history) will be deleted after 365 days. The controller has the option to request a copy of the database prior to the date of deletion.
  • Data is only stored in a secure environment using industry-standard encryption techniques
  • Data is transferred between storage locations only when it is absolutely necessary to do so
  • All data that is transferred between storage locations is done so via a certified secure connection
  • Only approved individuals who work for IB Computing / Theoc Software Ltd are given any access to the data, and only when their role dictates that this is necessary
Service hosting
  • Client databases hosted in UK data-centre
  • A separate database is created for each PDM account holder. The database of each account holder thus only contains information relating to their business and customers
  • Each database is secured by a strong password. The password is only known by the website services that require access to the data
  • The databases are hosted on dedicated servers at Memset, a UK-based data-centre. Please see Memset's security policy for details on how these servers are maintained within a secure environment
  • The web servers are maintained by our development team at IB Computing (and their Sub Processor). Memset staff do not have access to the web server consoles. Only selected staff at IB Computing have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing
Operations management protection
  • Hardware firewall at Memset (includes Denial-of-Service attack detection and prevention)
  • Software firewall on each server
  • Anti-virus software
  • Windows Server group policies
  • Windows Server user authentication
  • IT Management system in place for periodically documenting internet usage, security access, email policy, security policy
Data transmissions application-server
  • Transmission of data between PDM App and web server
  • Transmission of data between PDM Web and web server
  • Relocation of databases between web servers
  • All data transferred between PDM App/Web and web server is encrypted using a industry-standard security certificate. The data is encrypted using a 2048-bit key
Relocation of databases between web servers
  • On occasion it may become necessary to transfer a client's database to another web server. On such occasions, the work is carried out by qualified staff at IB Computing. Sensitive data is transferred directly between servers using a secure connection
Access control
  • Login to PDM Web by staff at delivery depot
  • Login to PDM App mobile app
  • Only selected staff at IB Computing and their approved sub-processors have access to the web server consoles. In addition to access control by user account authentication, access is restricted to a single IP address which is used only by IB Computing and their approved sub-processors Access Policy
  • PDM maintains a record of security privileges of individuals having access to Customer Data. These are reviewed and allocated by DPO. Reviewed every 6 months
  • PDM ensures that where more than one individual has access to systems containing Customer Data, the individuals have separate identifiers/log-ins
Least Privilege:-
  • Customer support personnel are only permitted to have access to Customer Data when needed
  • PDM restricts access to Customer Data to only those individuals who require such access to perform their job function
Security auditing
  • We regularly audit all of our systems to ensure that our code of practice is being followed meticulously
  • IB Computing carry out an additional regular audit to ensure that all hosted data is secure and has not been compromised
Data protection governance
  • PDM Ltd are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is ZA06570
  • IB Computing are registered with the Information Commissioner's Office for Data Protection purposes. Their registration number is Z1207765
  • Both PDM Ltd and IB Computing have developed their data protection policies in line with the guidance provided by the ICO
  • Each client that resisters an account with PDM should also be registered with the Information Commissioner's Office (or regional equivalent) for Data Protection purposes. This is a requirement stated in our Terms and Conditions of service. We expect our clients to use our services in line with guidance provided by the ICO
Data protection officer
  • Catherine Moulder-Jones
  • dpo@prodeliverymanager.com
Governance
  • Director-Chief Executive Officer: Gary Jones, dprsupport@prodeliverymanager.com
Security breaches
  • PDM Ltd have an appropriate procedure in place to deal with security breaches
  • All breaches appropriately documented

 

Using Sub-processors: - Schedule F

Sub-processor Function Location
IB Computing Development; Technical support UK
Theoc Software Ltd Development; Technical support UK
Cloudflare Network security and caching International data centres
  1. The Controller hereby grants to the Processor authorisation to sub-processer its processing functions as it deems necessary in respect of Processing the Data pursuant to this Agreement to any of the third parties listed at Schedule F
  2. The Processor will inform the Controller of any intended changes concerning the addition or replacement of sub-processer from schedule F. The Controller can object to the addition of a Sub-Processer and thus terminate the Agreement
  3. The sub-processor will have the contract terms that are required by Article 28.3 of the GDPR on the sub-processor
  4. PDM will ensure the compliance of the sub-processor

Data subjects rights: -

  1. At the cost of the Controller, insofar as reasonably possible and practicable to do so, assist the Controller in complying with the rights of the Data Subjects as set out in the Data Protection Acts

Assisting the controller: - the Processor will

  1. Take reasonable steps to ensure that each of its employees, officers, representatives, advisers and/or subcontractors engaged in processing the Data ("Representatives") will be informed of the confidential nature of the Data and are under an obligation to keep the Data confidential; not Process or transfer any Data outside the European Economic Area (“EEA”) without the prior written consent of the Controller;
  2. Without due delay, notify the Controller of any actual Security Breach which does actually affect the Data, after becoming aware of such Security Breach;
  3. At the cost of the Controller and on reasonable notice during Normal Business Hours, give commercially reasonable assistance to the Controller, in ensuring compliance with the Controller's obligations under the Data Protection;
  4. Insofar as it is reasonably possible and lawful to do so, process the Data solely in accordance with the instructions of Controller as notified in writing in advance by the Controller, except as required/permitted to do otherwise by European Union law or the laws of any member state to which the Processor is subject, and (where permitted) the Processor will inform the Controller of such.
  5. If the Processor cannot meet the requirements of the controller then the controller needs to cease processing. The data will be maintained until further instructions from the controller
  6. The Controller hereby agrees that it will comply with its obligations as a Controller under the Data Protection Acts. In particular, the Controller shall ensure that at all relevant times there is a legal basis for Processing in accordance with the Data Protection Acts to enable the Processor (and such members of the Processor's group of companies) to Process the Data and/or Sensitive Data as pursuant to the Services under this Agreement

End of contract provisions: -

  1. This Agreement shall take effect from the Commencement Date and should continue in full force and effect until the termination or expiry of the Principal Agreement
  2. This Agreement may be terminated by either the Controller or Processor with immediate effect by notice in writing to the other Party (the "Defaulting Party") if the Defaulting Party is in a material or persistent breach of this Agreement which, in the case of a breach capable of remedy, shall not have been remedied within thirty (30) Business Days from the date of receipt by the Defaulting Party of the written notice specifying this clause, identifying the breach and requiring its remedy
  3. At the end of the contract only data necessary for billing history will be retained. The controller has the option to request a copy of the database prior to the date of deletion of other data;
  4. An exception to this general rule applies if the processor is required to retain the personal data by law

Audits and Inspections:-

  1. Not more than once in any period of twelve months during the Term, the Processor will, at the cost of and on reasonable notice from the Controller during Normal Business Hours:
    • Provide all information necessary;
    • Permit the Controller (or any auditor acting under the authority of the Controller) to carry out an audit or inspection (to demonstrate the Processor's compliance with its obligations with the Data Protection Acts PROVIDED HOWEVER that any information obtained by the Controller in connection with or in the course of any such audit and any such information provided to or obtained by the Controller shall be maintained by the Controller in the strictest confidence, shall be used solely for the purposes of ensuring that the Processor is complying with its obligations as a Processor under the Data Protection Acts and shall not be used or disclosed for any other purpose)

Notice of Change:-

  1. The Processor may update or amend these terms from time to time by notice to you. Every time the Controller wishes to use the Processor’s software or service (as the case may be), it should check these terms to ensure it understands the terms that apply at that time. Unless otherwise agreed in writing with the Processor, the Controller may not vary the terms of this Agreement

Services provided:- Schedule G

Support service:

  • 9:00 – 5:00 Monday-Friday
  • Closed bank holidays

Software:

  • Provide software web based
  • Provide access keys
  • Updates to fix defects or enhance software and stability

Disclaimer

THIS SITE AND APP IS PROVIDED BY PRO DELIVERY MANAGER ON AN "AS IS" BASIS. PRO DELIVERY MANAGER MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE SITE OR THE INFORMATION, CONTENT, MATERIALS, OR PRODUCTS INCLUDED ON THIS SITE. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, PRO DELIVERY MANAGER DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. PRO DELIVERY MANAGER WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE/APP, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES.

Applicable Law

This site is created and controlled by Pro Delivery Manager in the United Kingdom. As such, the laws of the State of United Kingdom will govern these disclaimers, terms, and conditions, without giving effect to any principles of conflicts of laws. We reserve the right to make changes to our site and these disclaimers, terms, and conditions at any time.

Our Address

Pro Delivery Manager.
MR I M G Jones, Talybont Pharmacy, 4 Tyrrel Place, Talybont, Ceredigion, SY24 5HA

 
PDM Web and PDM App
Download the free iOS app from the App Store
Download the free Android app from the App Store
Sign up for a 30-day free trial