SHEPHERD
PRIVACY POLICY

This Privacy Policy (defined below) was last updated on: May 30, 2023.

This privacy policy (“Privacy Policy”) governs how Shepherd Veterinary Software, LLC, (hereinafter referred to as “Company”, “we”, “our” or “us”) collects, uses and shares Personal Information (defined below):

- about each individual, entity, user or visitor (collectively “you” or “your”);

and/or

- which you provide to Company when:

• • (i)accessing Company’s website located at https://www.shepherd.vet (hereinafter referred to as “Website”), and/or
  • (ii)using the Services (as defined under Section 2.1 of Company’s Terms of Use).

Company is committed to maintaining privacy protections for its users. Our Privacy Policy is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using the Services.

By accessing the Website and using the Services, you accept the terms and conditions of Company’s Privacy Policy, and you consent to Company’s collection, storage, use and disclosure of your Personal Information (defined below) as described in this Privacy Policy.

You acknowledge that it is in your best interest to read this Privacy Policy carefully and to ensure that you understand the terms and conditions contained herein. Your acceptance of Company’s Privacy Policy is deemed to occur upon your first use of the Website and/or Services. If you do not accept and agree with this Privacy Policy, please refrain from using and/or accessing Company’s Website and Services immediately.

Purpose of Privacy Policy

This Privacy Policy applies only to your access to the Website and your use of the Services and aims to provide you with information on how we collect and process your Personal Information (defined below), what data we collect when you use the Website and Services, why we collect the data, how the data is used, and your rights and choices. This Privacy Policy applies to Personal Information (defined below) and other information collected by us from or about visitors to, or users of, our Website and Services.

The Website may contain links to third-party websites and resources. Company has no control over how your information is collected, stored, or used by these third-party websites and/or resources. Company therefore advises you to check the privacy policies of any such third-party website and/or resources before providing any information to them.

Personal Information that Company Collects from You

The term “Personal Information”, or personal data, means any information about an individual from which that person can be identified. Personal Information does not include data where the identity of the individual has been removed (i.e., anonymous data).

Company may collect, use, and store Personal Information as follows:

• (i) Identity data includes Personal Information that could identify you, such as your full name, phone numbers and email address;
• (ii) Contact data which includes data such as billing address, email address, and any other data you have provided to us in order for us to be able to provide you with the Services;
• (iii) Technical data includes your Internet protocol address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
• (iv) Transaction data which includes details about payments such as amount, currency and time of payment;
• (v) Profile data includes your username and password, purchases made by you, your interests, preferences, and feedback; and
• (vi) Usage data includes information about how and when you use our Website and Services.

How Your Personal Information is Collected

Company uses various methods to collect Personal Information from and about you including through:

• (i)Direct interactions. You may provide us with your identity and contact data by filling in forms or by corresponding with us via email. This includes Personal Information you provide when you:
• • (a)create a User Account on our Website;
  • (b)use the Services;
  • (c)provide us with your feedback in relation to the Services; or
  • (d)contact us.
• (ii)Automated technologies or interactions. As you interact with our Website, we will automatically collect technical data about your browsing actions and patterns. We collect this Personal Information by using cookies, server logs and other similar technologies. This information is collected automatically and is used only to identify potential cases of abuse, resolve technical issues, optimizing the performance of the Website for a better user experience, and establish statistical information regarding your use of the Website and the Services. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
• (iii)Metadata. When you use our Website, we may collect metadata that results from such usage including: browser type and version, operating system and interface, website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website, and internet protocol (IP) address and location. The metadata will be primarily used to improve the quality of the Services Company provides to you by analysing your usage behaviour in anonymised form and to prevent fraud, misuse of our information technology (IT) systems, as well as to ensure physical and network security.
• (iv)Third parties or publicly available sources. We will receive Personal Information about you from various third parties and public sources such as from contact and transaction data from third-party providers of technical, platform and payment services such as Banquest Payment Systems and other integrated partners.

In general, the Personal Information you provide to Company is used to help us communicate with you. For example, Company uses your Personal Information to (i) make contact with you, (ii) provide you with the Services, and/or (ii) provide customer service and technical support.

How We Use Your Personal Information

Company may collect and use your Personal Information for any or all of the following purposes:

• (i)providing you with access to the Website and use of the Services as requested by you;
• (ii)responding to, handling, and processing queries, requests, complaints, and feedback from you;
• (iii)managing your relationship with us;
• (iv)processing payment transactions;
• (v)sending you information, promotions, updates, marketing and advertising materials in relation to our Services;
• (vi)managing, developing and improving our business and operations to serve you better;
• (vii)complying with legal and regulatory requirements;
• (viii)enforcing Company’ legal rights and obligations;
• (ix)any other purposes for which we have obtained your consent; and
• (x)any other purposes reasonably necessary, ancillary or related to the above specified purposes.

Wherever practical, Company aims to obtain your explicit consent to process your Personal Information. We may continue to process your Personal Information on this basis until you withdraw your consent. You may withdraw your consent at any time by sending us an email at support@shepherd.vet. However, if you do so, please note that you may not be able to use the Website, and make use of the Services further.

Company may share some or all of your Personal Information with any subsidiaries, joint ventures, or other companies under common control, in which case we will require them to honor this Privacy Policy.

Likewise, if Company goes through a corporate restructuring, merger, acquisition, or the sale of all or a portion of our assets, your Personal Information may be among the assets that we transfer as part of that arrangement. You acknowledge that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of ours or that acquirer’s assets may continue to process your Personal Information as described in this Privacy Policy.

How Personal Information is Secured

Company uses a third-party service provider, namely, Amazon Web Services (“AWS”) to deliver the Website and Services to you. As such, AWS implements security measures that include encryption, firewalls, password management and secure socket layer technology, which are designed to protect your information from unauthorized access and potential security breaches. You can find out more about AWS’s security measures by clicking here: https://wa.aws.amazon.com/wellarchitected/2020-07-02T19-33-23/wat.pillar.security.en.html

We will notify you and any applicable regulator of a breach where we are legally required to do so.

Payment information is directly processed and secured by Banquest Payment Systems and cannot be accessed by Company. Company does not collect or store sensitive cardholder data, such as credit card numbers, or card authentication data.

You acknowledge that no data transmission over the Internet or wireless network can be guaranteed. Therefore, while Company strives to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and another registered user on the Website and/or the Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite Company’s best efforts.

Storing Personal Information

All Personal Information is stored securely on AWS’s Relational Database Service (RDS). While your full payment information is not stored with us, parts of your payment information such as the last four digits, expiry, type, and provider of the credit card may be stored for future use.

Sharing Personal Information

Company may sometimes (i) share Personal Information with sub-contractors and/or our service providers, including call centers, for the sole purposes of providing the Services to you; and (ii) contract with third-party service providers to supply specific components of the Services to you or to provide us with information about your use of the Website and our Services. These may include payment processing facilities, behavioral analytics, logistic partners, software development and messaging applications. In some cases, the third parties may require access to some or all of your Personal Information. Where any of your Personal Information is required for such a purpose, Company shall take all reasonable steps to ensure that your Personal Information will be handled safely, securely, and in accordance with our Privacy Policy, your rights, our obligations, and the obligations of the third party under the law. Personal Information will only be shared and used within the bounds of the law.

Company may also share Personal Information with other third parties if Company has a good-faith belief that access, use, preservation or disclosure of the Personal Information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce Company’s Terms of Use, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property or safety of Company’s users or the public as required or permitted by law.

Except as otherwise stated in this Privacy Policy, Company does not sell, trade, rent or otherwise share your Personal Information for marketing purposes with third parties without your consent.

Data Retention

Company will only retain your Personal Information for as long as (i) you are a registered user on the Website and for a minimum period of five (5) years; and (ii) is reasonably necessary to fulfil the purposes we collected such Personal Information for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When your Personal Information is no longer needed for the purpose for which such Personal Information was collected, we will take reasonable steps to destroy, delete or permanently de-identify your Personal Information.

Your Rights under the California Consumer Privacy Act and California Privacy Regulation Act

To the extent that the California Consumer Privacy Act (“CCPA”) and California Privacy Regulation Act (“CPRA”) is applicable to either Company or you: both parties agree to comply with all of its obligations under the CCPA and CPRA; and in relation to any communication of ‘Personal Information’ as defined by the CCPA and CPRA, the parties agree that no monetary or other valuable consideration is being provided for such Personal Information and therefore neither party is ‘selling’ (as defined by the CCPA and CPRA) Personal Information to the other party.

The principal rights you have under the CCPA and CPRA include but are not limited to:

• (i)Right to access/know. You have the right to request that we provide you with details of the Personal Information (pertaining to you specifically) that we collect, use, disclose and sell. To submit a request, please submit an email request to support@shepherd.vet and include ‘CCPA Right to Know’ in the subject line. In your email, please specify the details you would like to know, and specify the Personal Information you would like to access. You will be asked to provide sufficient information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the Personal Information at issue. We will respond to your request in accordance with the CCPA and CPRA. In the event we deny your request, we will provide you with an explanation.
• (ii)Right to delete. You may request the deletion of Personal Information that we collect or hold about you. To submit a request to delete Personal Information, email your request to support@shepherd.vet and include ‘CCPA Request to Delete’ in the subject line. Please make sure you specify in your request what Personal Information you would like us to have deleted.
• (iii)Right to non-discrimination. You have the right not to be denied access to the Services just because you exercised your rights under the CCPA and CPRA. However, should such Personal Information be necessary for us to provide you with the Services, we may not be able to complete the provision of the Services/transaction.
• (iv)Right to opt out. You may request us to stop collecting your Personal Information (‘opt-out’) by sending us an email to support@shepherd.vet.However, please note that we must wait at least twelve (12) months before asking you to opt back into the collection of your Personal Information, unless you provide us with prior authorization.

Under CCPA, Personal Information does not include:

• -publicly available information from government records;
• -de-identified or aggregated consumer information;
• -information excluded from the CCPA's scope, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
• -Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Both parties agree to notify the other immediately if it receives any complaint, notice, or communication that directly or indirectly relates to either party’s compliance with the CCPA and CPRA. Specifically, Company shall notify you within ten (10) business days if we receive a verifiable consumer request under the CCPA and CPRA.

Analytical Data from Third Parties

Company may collect or receive information that third-party service providers may provide about you when using the Website and/or the Services. Company may also obtain information from such third-party service providers and combine that with information Company collects through your use of the Services. The following information is collected and/or obtained from third parties:

- Google Analytics: We use this analytical tool to help Company analyze (i) how users use the Website and/or the Services by noting when you use the Website and the Services, and (ii) usage data. The information collected will be disclosed to or collected directly by the applicable analytical tool Company is using. Such information is collected as a means to provide, improve, and develop the Website and the Services so as to create a safer and trusted environment when you use the Website and Services.

Cookies

Cookies are defined as small text files that are placed on your computer's hard drive by your web browser when you visit any website and/or mobile app. Cookies allow data gathered on one web/mobile app page to be stored until the data is needed for use on another, allowing a website/mobile app to provide you with a personalised experience and the website/mobile app owner with statistics about how you use the website/mobile app so that the website /mobile app can be improved. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely. Your web/mobile app browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

When you first visit the Website, you may need to confirm whether you wish for cookies to be used by Company. If you choose not to accept them, Company shall not use them for your visit except to record that you have not consented to their use for any other purpose. However, please note that should you choose not to use cookies, or you prevent their use through your browser settings, you might not be able to use all the functionalities available on the Website.

Company may use cookies for the following purposes:

• (i)Authentication and status - Company uses cookies to identify you when you visit the Website, and as you navigate through the pages of the Website;
• (ii)Personalization - Company uses cookies to store information about your preferences as you navigate through the Website;
• (iii)Security - Company uses cookies as an element of the security measures used to protect the Website and Services; and
• (iv)Analysis - Company uses cookies to analyze the use and performance of the Website and Services.

By accessing and using Company’ Website and Services, you consent to the storage of cookies, other local storage technologies, beacons and other information on your devices. You also consent to the access of such cookies, local storage technologies, beacons and information by us or our representatives or agents.

Our Policy Toward Children

Our Services are not directed to persons under the age of eighteen (18) years. We do not collect Personal Information from children under the age of eighteen (18) years. We therefore encourage you to obtain the assistance and consent of a parent/legal guardian when accessing our Website and using the Services. A parent/legal guardian who becomes aware that his or her child has provided us with Personal Information without their consent, should contact us at support@shepherd.vet and we will endeavour to delete the relevant data.

Opt-out rights

You can stop all collection of Personal Information by Company by not accessing the Website, and the Services, or by requesting to opt-out via email at support@shepherd.vet

Changes and Amendments to Privacy Policy

Company may update this Privacy Policy from time to time in Company’s sole discretion and will notify you of any material changes to the way in which Company treats Personal Information. When changes are made, Company will revise the updated date at the top of this page. Company may also provide notice to you in other ways in Company’s sole discretion, such as through the contact information you have provided. Any updated version of this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified. Your continued use of the Website and Services after the effective date of the revised Privacy Policy will constitute your consent to those changes. However, Company will not, without your consent, use your Personal Information in a manner materially different than what was stated at the time your Personal Information was collected.

Contact Information

Should you have any questions or concerns regarding privacy while using the Website and Services, please send us a detailed message via email to support@shepherd.vet, and Company will use its best endeavors to resolve your concerns.