Definitions
Admailer
Means the web based service made available by An Post to allow Users to undertake promotional campaigns by designing a Direct Mail Piece for printing and delivery by An Post to Unique Addresses and designing business products for delivery to the user.
Audience Selector
Means a targeting tool available to use based on the census information.( Source: CSO Ireland)
A5 Postcard
means an A5 sized postcard (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User.
Business Card
means an 85mm x 55mm sized business card (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User. Business Day means a day except a Saturday, Sunday, Good Friday, the next Business day after 27 December each year or a day designated as a Public Holiday within the meaning of the Organisation of Working Time Act 1997.
Business Product
Means promotional postcards, business cards, compliment slips, letterheads, posters and promotional greeting cards.
Compliment Slip
means an DL sized Compliment slip (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User. Delivery Addresses mean the Unique Addresses to which Direct Mail Pieces are delivered.
Direct Mail Piece
means a Letter or a Postcard as the context requires.
Fees
means the Fees as advised to the User by An Post for the Service as more particularly set out on the Admailer website.
Greeting Cards
means an 4 Page A5 sized Card (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User.
House
means a commercial or a residential building.
Letterhead
means an A4 sized Letterhead (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User.
Letter Mailing
means an A4 sized letter (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User, the letter is folded and delivered in a C5 Envelope.
Non-Unique Address
means a postal address which is not a Unique Address.
Posters
means an A0/A1/A2/A3 sized Poster (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User.
Promotional Postcard
means an A5/A6 sized postcard (in colour or in black and white) designed by the User, which may either be selected from any of the templates on the Admailer website or created from a blank template populated with content provided by the User.
Service
means the Admailer Service.
Unique Address
means the postal address for a building which can be uniquely identified by reference to a house number/name and its associated locality and/or thoroughfare and post town where such house name/number is unique within that locality and/or thoroughfare.
User
means a registered user of the Service using the Admailer registration process on the Admailer website.
In consideration of the payment of the Fee, An Post agrees to make the Service available to the User on the following terms and conditions;
- The Service may be availed of by a User by directly using and placing an order on the Admailer.ie website by selecting at least 200 Delivery Addresses to which Direct Mail Piece is delivered or by ordering Business Products for delivery to the User.
- If the User has agreed to avail of the Service by paying the Fee, the order shall be deemed to have been placed by the User and An Post shall issue an order confirmation to the User by email using the email address provided by the User for the Service.
- Fees shall be payable by way of Credit Card or Debit Card only.
- Subject to Clauses 6 and 13, An Post shall commence the printing and despatch of the Direct Mail Pieces and shall commence the printing and despatch of the Business Products to the User within three (3) Business Days.
- The User may use their own content, including but not limited to, images, logos, phrases in place of An Post content from the Admailer website for use on the Direct Mail Piece or Business Product ("User Generated Content"). The User warrants that it is entitled and/or authorised to use the User Generated Content and that the User Generated Content does not infringe any laws or rights of third parties (including all intellectual property laws and rights) and the User agrees to indemnify and keep An Post indemnified against any claim arising out of the use of the User Generated Content.
- An Post reserves the right in its absolute discretion to:
- a. refuse to print any Direct Mail Piece or Business Product designed by the User and/or to provide the Service where An Post considers:
- i. the design to be indecent or obscene; and/or
- ii. The Direct Mail Piece or Business Product contains any material which may be defamatory or contrary to public policy; and/or
- iii. to be contrary to its commercial interest or beyond its capacity.
- b. suspend, delay and/or terminate with reasonable notice the Service where the Service is not workable.
- The timeframes for delivery and completion of an Order are indicative only and An Post does not guarantee the commencement or the completion of an Order within the timeframes set out.
- An Post shall be immune from all liability in respect of any loss or damage suffered by the User because of:
- a. any failure or delay in providing, maintaining or operating the Service by An Post;
- b. any failure, interruption, suspension or restriction of the Service provided by An Post;
- c. any event described in Condition 6(a);
- d. failure by the User to comply with these Terms and Conditions; and/or
- e. termination of the Service in accordance with these Terms and Conditions.
- Save as provided herein An Post shall have no liability to the User in respect of any damage or loss suffered by the User or delay in provision of the Service PROVIDED ALWAYS THAT An Post may in any case in which it considers it just and reasonable to do so refund the Fees paid to it by the User and it may attach such conditions as it deems appropriate to such refund.
- Any complaints made to An Post relating to any aspect of the provision of the Service by it to the User shall be made to An Post within 20 days of the order completion date.
- These Terms and Conditions and any documents referred to in these Terms and Conditions embody the entire understanding between the User and An Post and there are no additional terms or obligations other than those contained or referred to herein.
- This Agreement shall be deemed to have been made in Ireland, is subject to Irish law and to the exclusive jurisdiction of the Irish Courts.
- By availing of the Service the User agrees to abide by these terms and conditions.
- These Terms and Conditions may be updated from time to time by An Post on the Admailer website.
Promotion
To receive 10% off a postcard campaign place your order using the promotional code at AdMailer.ie before the 31st December 2017. All orders are subject to AdMailer terms and conditions of service which are available here.
Web Policy
Admailer.ie is a website service offered and provided by An Post. Admailer is a registered business name of An Post. ©Admailer.ie and Admailer 2012.
Admailer, Admailer.ie & An Post web policy and data privacy statement
Access to this site and the use of information contained on it is governed by the terms and conditions set out below. Since they are for the protection of both you and An Post a limited liability company having its registered office at the GPO, O’Connell Street, Dublin 1 (herein referred to as "An Post"), please take the time to read them carefully. By using this Website you will be deemed to have accepted these terms and conditions. Please note that this Website is owned and operated by An Post and that references to "we", "us and "our" mean An Post.
-
All Intellectual Property Rights in this site and the information set out on it belongs to us or our licensors and may not be copied, transmitted or reproduced without our prior consent. All copyright, trademark and other proprietary notices must be left intact.
Save as otherwise specified the Intellectual Property Rights in all contents of all the pages contained in this site belong to An Post.
- Reproduction of part or all of the contents of the pages in any form is prohibited other than in accordance with the following permissions. You are granted a non-exclusive, non transferable licence solely for the purpose of using this site and any services available on this site. You may make one electronically stored, transient copy of these pages of this site for the exclusive purpose of on-line viewing. You may make one hard copy of these pages for exclusively, non-commercial purposes.
- Save whether otherwise specified the author(s) of the literary and artistic work set out in the pages contained in this site has/have asserted his/her/their moral rights to be identified as the author of these works.
- This licence does not permit incorporation of the material or any part of it in any other work or publication, whether in hardcopy or electronic or any other form. In particular (but without limitation) no part of this site may be distributed or copied for any commercial purpose.
- No part of this site may be reproduced on or transmitted to or stored in any other website or other form of electronic retrieval.
- Some pages on this site contain hypertext links to websites of business units and subsidiaries of An Post. You are reminded that when you enter such sites, you will be subject to the terms and conditions of those sites.
- Some pages on this site contain hypertext links to websites not maintained by An Post. You are reminded that when you enter other websites via such hypertext links, you will not be subject to these terms and conditions and you will not benefit from the protections afforded to you in using our site. We will not be liable in any way for the content, availability or use of such link to websites and you use such links entirely at your own risk.
- You warrant that you will use this site in accordance with all the terms and conditions applying to such use and you agree to indemnity An Post for any liability accruing to An Post from your use of this site.
- This site is established in Ireland in accordance with the laws of Ireland and will be governed by the laws of that country. When you use the site, you accept that your use of the site and any information on the site will also be governed by the laws of Ireland and if any claim or dispute arises from your use of the site or any information on it, you agree that the Irish Courts will have non-exclusive jurisdiction over all such claims or disputes.
- The use of this site or the distribution of information on the site may be restricted by local law or regulation in certain jurisdictions and this website is not intended for use nor the information intended for distribution in such jurisdictions and the persons accessing this website should inform themselves about and observe any such restrictions.
- No third party is permitted to link any other website to this site without obtaining our prior written consent.
- Please note that the sending of personal information via e-mail over the internet may not be secure and can be intercepted by third parties or incorrectly delivered. You should not divulge confidential or personal information over the internet unless you are using secure or encrypted communications technology.
- The contents of this site including these terms and conditions are subject to change by us without notification to you. We accept no responsibility or liability for keeping the information in this site up to date or for any failure to do so.
-
Disclaimer
The information contained in this site is for information purposes only. Whilst every care has been taken in its preparation we do not make any warranties or representations as to its completeness, accuracy or reliability. Although we have made all reasonable efforts to ensure that all of the information on the site is accurate at the time of inclusion, we do not represent that this is the case and it should not be relied upon as such. We neither accept nor assume any responsibility to you in relation to the contents of this site. Access to and use of this site is at the users own risk and we do not represent or warrant the use of this site or any material downloaded from it will not cause damage to property, including but not limited to loss of data or computer virus infection. In no event do we accept liability of any description including liability for negligence for any damages whatsoever resulting from loss of use, data or profits arising out of or in connection with the access, use or performance of this site or any of its contents. We do not accept liability for any inaccuracies or omissions on this site. All implied warranties are excluded to the fullest extent permissible under law. We reserve the right to update or alter the information on this site including these terms and conditions at any time without giving notice of the alterations. An Post do not give any warranty of uninterrupted use of this site and An Post do not accept liability for any information posted on this site by third parties.
- You will ensure that your use of this website complies with all applicable laws and regulations, including but not limited to those principles of law which protect against compromise of copyrights, trade secrets, proprietary information and other intellectual property rights, liable or defamation of character, invasion of privacy or tortious interference.
- No data transmission over the internet can be guaranteed as totally secure. Whilst we strive to protect such information we do not warrant and cannot ensure the security of any information which you transmit to us. Accordingly, any information which you transmit to us is transmitted at your own risk. Nevertheless, once we receive your transmission, we will take reasonable steps to preserve the security of such information.
- An Post may use any details supplied by you to us for direct marketing or otherwise about the products and services provided by An Post or its subsidiaries. All personal data will be maintained in accordance with the obligations of the data protection act 1998 – 2003.
The following terms and conditions apply in addition to those terms and conditions applicable to this website.
- You agree not to post or publish any offensive, defamatory or unlawful material that could encourage or constitute a criminal offence, civil liability or violation of any law.
- An Post reserves the right to monitor or review the contents of the website but are not obliged to do so and assume no liability or responsibility for the contents therein.
- An Post reserves the right to remove any materials posted to the website at its absolute discretion.
- An Post may disclose your identity to relevant parties to aid any investigation.
- You warrant that the information you enter on this site is accurate and you indemnify us in respect of any damage or legal costs arising out of any action taken against us in respect of the material posted by you.
Uploading your own data.
Terms and conditions of the AdMailer.ie “the service” data upload service:
Set out are An Post and it’s agents terms and conditions relating to uploading data to www.AdMailer.ie
- Security and compliance
- Security controls
1. Security and compliance:
An Post’s agents are committed to ensuring that the appropriate technical and organizational controls are in place throughout our processing operations.
At the center of the Information Security program is the Information Security Policy. This policy was originally aligned to BS7799 and has remained compliant with ISO27001 and PCI-DSS.
The IT Governance, who are responsible for the Information Security program is a global team made up of approximately 25 people, including a team of 10 dedicated Information Security professionals of which 5 or more are CISSP qualified. Overall responsibility for Information Security is assigned to the SVP, IT Governance who reports to board level relevant issues.
Globally the Information Security controls, as mandated in the security policy, original based on the BS7799 Standard, are tested within a SSAE16 AT101 accreditation. Under the AT101 SOC Type 2 audit, the agent’s controls will be assessed against the three trust principles most relevant to measuring data security controls:
- Security,
- Confidentiality and
- Availability.
This covers the EU, the US and Asia. The assessment is carried out every year between May and October. An Post’s agents also have ISO-27001 certification, in Europe this is in support of C&CCC "Standard 55" compliance related to the printing of cheques. This is externally assessed and reviewed annually, and we are fully recertified every 3 years.
2. Security Controls
The following examples are given an as indicative indication of the Information Security controls in place within the operating environments. An Post’s Agent’s information Security Policy Document is available on request to support@admailer.ie.
According to the Security Policy Section 2.2 "Information Classification" there are four types of information classification each with different handling requirements detailed throughout the remainder of the Policy.
The classifications are Public, Sensitive, Private and Confidential. All customer information is classified as Private information. Confidential information is eye-only commercially-sensitive internal information. The information security controls between Private and Confidential are the same, only the distribution models differ.
Access to An Post’s agent’s systems is granted on the basis of Least Privilege. The information Security Policy (Sec 7.1.3) also mandates that for systems containing customer data there must be governed by controls that ensure appropriate Segregation of Duties and is granted on a Need to Know basis only. Designated Information Owners are responsible for approving system access (Section 8.1.6).
All users must be uniquely identified and authenticated. The following password controls in place;
- Passwords must not be shared
- Passwords must not be easy to guess
- Passwords must not derived from Username
- Passwords must be a minimum 8 Characters
- Passwords must have 3 out of 4 of the following - Upper case, Lower case, Numeric and/or Character
- Passwords must be changed after 90 Days
- Accounts must be locked out after 5 bad password attempts
- Password must not be the same as one of the previous 4 passwords
- Interactive sessions are timed out after 15 minutes of non-activity
The Information Security Policy, Section 3.4.4 - Malicious Code Protection, mandates the use of the corporate Anti-malware protection. An Post’s agent has a program to fully deploy Symantec End-point (SEP) protection across the hosts in the enterprise. SEP includes Network Threat Monitoring, Proactive Threat protection, Anti-Virus/Spyware and Network access control. This is updated as new patterns are made available. The SEP service automatically restarts if disabled. Full System scans are scheduled on a weekly basis
An Post’s agent requires that customer information should not be stored on a laptop. In case of accidental storage all laptops have full hard drive encryption.
All internally initiated internet connections run through the corporate proxy server infrastructure. This enforces a number of security controls including;
- User authentication
- Website access based on User roles. This includes a default on ban on social media, retail, and other sites known to host illegal content.
- Limit outbound connectivity
- Malware download scanning The following network security controls are in place
- Bluecoat Web proxy servers content filtering all traffic generated from out-bound connections requests. Access is granted on the basis of an authenticated user as per their assigned access profile.
- A fully maintained set of multi-layered firewalls segregating internal and external security zones.
- AT & T Managed network Intrusion Detection Solution that automatically generates alerts to the network and IT Governance teams (As per the Information Security Policy "Section 7.3.4 - Intrusion Protection / Detection Monitoring").
- Rolling program of Firewall Rule Reviews to ensure all firewalls meet the required standards.
- Mature and robust Change Management process which ensures all firewall rule changes are subject to an IT Governance review and appropriate business approval.
- All server and firewall logs are exported to a central log server where there are automatically scanned for a series of log correlation rules. Any alerts generated are notified to the IT Governance team who decide on the appropriate course of action. Logs records are maintained for 1 year. The central log server is only available to the An Post’s agents IT Governance team.Examples of events logs include;
- Audit account logon events
- Audit account management
- Audit directory service access
- Audit logon events
- Audit system events
- Audit directory service access
The Information Security Policy, Section 7.1.4 Separation of Environments mandates that development and test environments must be separated from production. Rules for the migration of software development to production status must be defined and documented.
Numerous controls exist within An Post’s agents systems to ensure the appropriate segregation of customer work in Development, Test and Production. Depending on the platform and process these may include some or all of the following;
- Logical Segregation at a file/folder level with appropriate Access Control Lists, and functional accounts
- Separate Mainframe LPARS, protected by RACF
- Logical segregation via different Database instances
- Solution segregation so entire suites of Information processing systems can be dedicated to specific customers (where the customer is not leveraging a ‘Shared Service‘)
- Network Segregation via VPN, firewall or physical communications infrastructure for incoming and outbound file transmissions.
A mandatory annual Information Security Awareness computer-based training is offered to all staff. A set of questions, for which an appropriate pass mark must be achieved, ensure the 'stickiness' of the content.
All staff receive inductions which also detail their responsibilities with regard to Data Protection and client information. This is reinforced with regular reminders with regard to password good practice and a copy of the Office Security Policy is put on all staff notice boards.
An Post’s Agent has mature standard enterprise IT operating procedures covering, but not excluded to, the following aspects;
- Change Management
- Patch Management
- Anti-Malware infrastructure
- Secure Coding Guidelines
- Platform Security Standards
- Network Design Guidelines
- Logical Access
- Security Incident Response
- Records Retention
- Privacy Policy
- Software Development Life cycle
An Post’s agent’s incident notification procedures are defined in relation to specific customer requirements and are the responsibility of the account management teams. In the event of a security incident, as defined in the Security Incident Response Process (SIRP), any effected customers are notified as soon as reasonably possible, or in the contractually defined period, whichever is sooner.
Staff Screening
In accordance with the Information Security Policy, Section 5.3 - Job Screening, all job applicants must be carefully screened. Employees in an information custodian role must first pass the appropriate background checks. These are subject to regional variations. In the UK the Pre-Employment Screening checks are:
- Legal right to work
- Proof of identity (run through a specific checking system by companies such as URU/Kroll etc)
- EU Financial Sanction Database check
- Credit reference (which the Supplier will have consciously taken into consideration prior to assessing the suitability of the staff member) including international checks (if applicable)
- Proof of residence
- Fully verified (with documentation of verification) 5 year employment history including explanation of career gaps exceeding one month in duration, including checked reason for leaving previous position
- CRB check (‘basic’) including international screening (if applicable)
Data Privacy
Across our European locations we do comply with the local member state enactments of the two relevant EU data protection directives, specifically 95/46/EC "Data Protection Directive" and 2002/28/EC "E-Privacy Directive". An Post’s Agent primarily acts as a Data Processor in relation to Data provided and Controlled by the individual who has accepted these terms and conditions on behalf of themselves and on behalf of the company they represent in order to buy the AdMailer.ie service; as such An Post’s agent will only process the Data in the manner and format specified by the terms and conditions of the AdMailer.ie service to enable print production. Data will only be retained in accordance with the contractual requirements of the agreement between the AdMailer.ie customer and AdMailer.ie, normal practice for this type of Data is to treat the Data as “Transitional” with all such Data being deleted once contractual processing / printing / mailing requirements have been met.
The remit of the European Information Security Manager incorporates the Data Protection Officer role for An Post’s agent. An Post’s agent constantly review developments within the regulatory frameworks they work within.
The following are An Post’s agent’s Ireland & UK’s data protection registrations:
- 11427/A – Ireland Data Commissioner’s Registration
- Z1771027 – UK Information Commissioner’s Office
Physical Security:
All of An Post’s agent’s Operational and IT sites are high security sites with access to premises and sensitive areas within premises being restricted on a least privilege basis based upon Job Role and responsibilities. Access to Server Rooms is based upon two factor identification (proximity Card & Pin Number) which is currently being rolled out across our whole estate.
All visitors to Server Rooms / Premises are required to be accompanied at all times with Server Room access being recorded in a Visitor Log maintained within the Server Rooms. Additionally CCTV is deployed within Server Rooms / Data Centres.
Customer Data Segregation
Numerous controls exist within An Post’s agent’s systems to ensure the appropriate segregation of customer work. Depending on the platform and process these may include some or all of the following;
- Logical Segregation at a file/folder level with appropriate Access Control Lists
- Logical segregation via different Database instances
- Logical Segregation via separate message queues
- Solution segregation so entire suites of Information processing systems can be dedicated to specific customers (where the customer is not leveraging a ‘Shared Service‘)
- Network Segregation via VPN, firewall or physical communications infrastructure for incoming and outbound file transmissions.
- Process segregation through batchID, job descriptions and other job-tracking/workflow systems
- Physical Segregation at a batch, work-areas, rooms or (in some case) sites.
IT technical architecture design to provide high availability in our data processing solution: An Post’s agent will host the associated infrastructure supporting the AdMailer.ie customer having accepted the terms of this service within our data centres and in our Data Room in Dublin. London would be the primary data gateway and Amsterdam the Disaster Recovery facility. The application processing AdMailer.ie uploaded data will be based in our Data Room in Dublin. Our aim is to ensure that there is no single point of failure in the system. During normal operation, data arriving at our Primary Spazio Gateway will be forwarded to IPW servers in Dublin and onward for printing in the same building.
In the event of a systems failure in Dublin, and with the consent of the AdMailer.ie customer having accepted the terms of this service, the data can be processed through IPW in either London or Amsterdam and routed to an alternative An Post Agent site for printing. Similarly, in the event of a systems failure at the primary Spazio Gateway, the data can be received at the secondary gateway andre-routed.
Amsterdam will contain duplicate levels of equipment, full system backups are taken each time a software release brought into production. Data is backed up fully once a week with incremental back-ups taken daily. All data centre back-ups held in the remote data centre.
Database journal entries are copied between each data centre on a 15 minute schedule so no failure should result in more than 15 minutes worth of data being lost. Shorter replication periods are possible, but may result in higher costs. Depending upon the nature of a disaster, the following remediation is likely:
All Telephony platform components are maintained in a fully resilient, 100% over-capacity, and configuration. If a component fails there should be no impact to the overall system availability or performance except that any call in progress using that component may be dropped.
Virtual Servers are configured in a virtual configuration. If a virtual server fails a new instance is immediately reloaded from the local system archive and the service restarted.
Physical servers are configured in a resilient / clustered manner. If a Physical server fails, the resident services will be reloaded to the alternate server from the local system archive and the service restarted.
If the WAN access into the primary data centre fails, traffic can be re-routed automatically to the back-up data centre and transferred over the low latency fibre back into the primary data centre. The Internet access is handled in a similar fashion. If the entire Data Centre itself fails, say for a general power brown out and all generators and UPS fail, the services will be reloaded on the warm standby servers in the remote data centre from the remote system archive and the service restarted.
An Post’s agent carries out own DR tests at a component level once a quarter, and full system (though not full data centre) once a year. IT DR tests have resulted in successful fail over of Mainframe computers from London Data Centre to the Amsterdam Data Centre within the last 8 months, with resultant restoration of services from the London Data Centre being achieved with no loss of service or major problems – similar successful fail over and restorations have been completed at/between our premise based computer rooms.
An Post’s agent undertakes regular DR tests with many clients and the associated requirements and frequencies differ by contractual obligation. Notwithstanding this, An Post’s agent’s IT has successfully supported all tests and satisfied all contractual obligations which encompass multiple industry sectors since 2007.
Where a contractual requirement is not explicit, An Post’s agent builds all data centre-based solutions to a Recovery Time Objective of 2 hours and tests annually.
All the above are covered within the An Post’s agent Information Security Policy – in itself a protected CONFIDENTIAL document – full versions of which can be viewed under controlled conditions on premises – Arrangements for viewing can be made directly with the IT Information Security Manager for the ROI & UK – a copy of the Index to the Information Security Policy is attached as Appendix 5 for information purposes and to demonstrate the scope and breadth of the Policy.
The AdMailer.ie service is only delivered to addresses on the island of Ireland. Any records which are uploaded which are destined for delivery outside the island of Ireland will not be delivered but will be charged for.
No parts of An Post’s agent’s architecture or systems are hosted by 3rd parties.