The common questions our customers ask us about Herdify and GDPR.

Information Governance Statement

Herdify Ltd recognises the following significant data privacy responsibilities:

Clients, business contacts, suppliers, staff and prospective staff entrust the business with their data. We know you care about your privacy and the protection of your personal information, so we will always treat your information with the highest standards of confidentiality and security.

Our reputation depends on the appropriate care and security of all and any data within our infrastructure. The movement of sensitive personal and commercial information outside of the organisation’s physical perimeter (paper documents, electronic communications, obsolete IT devices) is still the organisation’s responsibility.

We have an obligation to protect data and will not take any risks or actions that may potentially violate the confidentiality, integrity, or availability of data; cause unnecessary exposure to them; or violate contractual or regulatory requirements. Our business depends on protecting our information resources, even in the event of hardware or facilities failure.

Because we are committed to your privacy, we take great care to handle all information that we collect about you lawfully in accordance with Data Protection Law, including the EU General Data Protection Regulation (2016/679) as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018; The Data Protection Act (2018) (DPA18); the Privacy and Electronic Communications Act (2003) (PECR) and other regulatory requirements.

Our policy is to monitor the organisation and to strive to deliver continuous improvements in data privacy. Specifically, we pledge to:

Comply with all relevant regulations and codes of practice.

Act to prevent data privacy breaches of any sort through effective privacy by design, data minimisation, DPIA risk analysis, and appropriate information security management.

Ensure that all staff receive targeted training in data privacy responsibilities appropriate to their roles.

Implement a documented strategy to manage data privacy proactively, maximise organisational learning and deliver continuous improvements in data privacy.

These commitments are delivered by the implementation of a documented data privacy programme owned by Tom Ridges.

Data privacy requirements are actively communicated to all staff and people acting for or on behalf of Herdify Ltd, or on our premises.

Tom Ridges, Privacy Officer and CEO

22 August 2022

Is this GDPR compliant?

Yes. We don’t listen to conversations directly but detect them in the footprints left behind in your first-party sales data.  

One of our founding tenets is privacy first. The data we collect from customers is non-Personal Identifiable Information (PII) and the modelling outputs we use are compliant with the General Data Protection Regulations (GDPR), using standards set by the Office for National Statistics.

You can read more about our approach in our privacy policy.

GDPR compliant at all stages

Upload data



Upload data



We do not collect any Personally Identifiable Information (PII).

We are not modelling individual behaviour .

We output to the lowest compliant geographic level permitted by the Office for National Statistics (ONS).

Friends in conversation | Herdify

Sign up to the Herdify newsletter

Ignite your brand power: Why your offline community is the real influencer

“Social communities grow more powerfully offline, yet most marketing tactics tap into the online element. 92% of word-of-mouth – the single biggest influence on consumer buying behaviour – happens offline."

~ Ed Barter, Lead data scientist at Herdify

In this free whitepaper, you’ll learn: