Privacy Policy

By agreeing to participate in a survey or other market research project, you acknowledge that your participation is completely voluntary, and that THG’s use of your personal information is carried out with your consent.

 

This information is not shared with any third party unless clearly stated in the introduction of a survey or questionnaire – either conducted by a telephone interviewer or completed directly online.

 

THG’s privacy and security practices conform to applicable laws, codes, and regulations including but limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

 

The personal information that we may collect may include:

 

1. Information about your computer, your visits to our website and social media, your IP address, and your location.

2. The information that you voluntarily provide in response to questionnaires and or other survey instruments.  This may include sensitive information regarding health care questions and other personal matters that you have agreed to provide to THG as part of a research or panel screener.

 

Any personal identifying information (PII) collected by THG will not be shared with any outside party. The data that we collect in our surveys are only shared with our clients at an aggregated level. Quotes or specific information obtained as part of a focus group or individual interview is reported anonymously.  Focus groups or individual interviews may be transcribed by a professional transcription service, but no PII is shared with the transcribers.

 

When files are shared, they are encrypted and transmitted via secure electronic transfer protocols so that no information can be obtained by an unauthorized individual.

​

​

 

 

THG employs a robust, enterprise-grade data security framework that integrates both on-premises network infrastructure and Microsoft's Business-level licensed online solutions to ensure comprehensive protection of sensitive information. 

 

​

​

​​

​

THG leverages a HITRUST and ISO27001-certified QTS Colocation Data Center in Sacramento, CA. This secure on-premises facility maintains THG's hardware and network under stringent security protocols, featuring biometric-monitored entry and resources protected by a fortified network boundary. The infrastructure operates on a NIST 800-53 compliant framework governed by a Fortinet firewall, with real-time monitoring via RAPID 7's threat management SIEM, complemented by Sentinel One Antivirus and Fortinet’s Multi-Factor Authentication VPN. The RAPID 7 SIEM solution collects data from both THG's on-premises servers and the Microsoft 365 environment, with automated alerts dispatched to staff.   

 

THG utilizes Microsoft's Business-level licensed online products, including TEAMS, OneDrive, and SharePoint for online data storage and collaboration. When storing information in Microsoft's 365 environment through SharePoint, Microsoft implements a multi-layered encryption approach that protects data at rest and in transit. 

 

​

​

​

​Microsoft implements 256-bit AES encryption through Azure Storage Service Encryption for all data stored in SharePoint Online, rendering files and documents unreadable without the appropriate decryption keys. 

 

​​​​​​

​

​

​

Microsoft employs BitLocker to encrypt the physical disks in data centers where SharePoint data resides, providing an additional security layer against physical compromise. 

 

​

​

​

​

SharePoint Online utilizes a granular security approach with unique encryption keys for each file. Every file update generates a new encryption key using AES-256 standards, ensuring that a potential compromise of one file would not expose other data. 

 

​

​

​

​

Encryption keys are stored in physically separate, highly secure key stores. This separation ensures that even if someone gained access to the data storage location, they could not decrypt the information without the corresponding keys.

 

​​

 

​

​All communications between client applications or browsers and SharePoint Online servers are secured using HTTPS with TLS 1.2 protocols, preventing eavesdropping and maintaining data integrity during transmission across networks.

 

​

​

​

You have the right to have your data removed at any time. In that case, please contact privacy@thehennegroup.com and your request will be processed within three business days.