Shepherd’s commitment to data privacy as it relates to “people”, “companies” and “things”:
We hold certain basic data on our users: names, email addresses, telephone numbers and occasionally physical addresses. We do this so that we can provide access to our services and to communicate alerts. We will never sell this user information to 3rd parties and will keep it private and secure at all times.
We hold information on companies in order to provide our analytics service for their assets and to carry out billing and other administrative tasks. We will use this information solely to meet our commercial obligations and we will not disclose or identify our customers to 3rd parties for marketing purposes (e.g. in case studies or testimonials) without their prior approval.
We use certain operating data from equipment, components and environments (“sensor streams”) in order to evaluate the normal operating parameters of these items. We record the data from these sensor streams and details of their origin (including but not limited to their location, manufacturer and model number) in order to provide our analysis. Where it enhances our ability to provide anomaly detection and predictive maintenance we may cross-correlate specific data from sensor streams generated by the same customer. We may also correlate data from one sensor stream with an anonymised profile of “normal” operating behaviour of streams from related sensors on other sites and customers but we will ensure that such data is not identifiable to any specific location and is not shared beyond the analytics engine.
We will never share specific sensor stream data with 3rd parties for any purpose other than data backup, handling and manipulation as part of the core Shepherd service and will implement encryption in transit and at rest wherever feasible to protect such data. We may aggregate geographical or sensor-stream data sets and anonymously tokenise them for the purpose of improving the performance of the products and services provided by asset manufacturers, system integrators and other property service entities. We will never share specific sensor-stream data in a way that identifies its legal owner and exact location with any 3rd parties without getting explicit approval from our customers.
Disclosure of your data: we are committed to transparency and so we will provide an export of all the data we hold on you, your company or your things if you require it. If you wish to receive a copy of your data or withdraw consent on the use of your personal data, please email us at firstname.lastname@example.org.
Policy in the event of a data breach: we take every reasonable precaution to ensure your data is safe and we use leading cloud service providers and data processors who use best practice encryption techniques. However, no organisation is immune to breaches and should this occur we have a policy set out to halt and patch the breach, identify the affected data and communicate clearly and honestly with our customers as to any potential risk incurred.