Privacy Policy

As a member of the Insights Association, the leading market research association, WHR adheres to the 2019 Insights Associations Code of Standards and Ethics for Marketing Research and Data Analytics.

WHR is committed to complying with all applicable laws governing the privacy of personal information.

By agreeing to participate in a survey or other market research project, you acknowledge that your participation is completely voluntary and that WHR’s use of your personal information is carried out with your consent.

This information is not shared with any third party unless clearly stated in the introduction of a survey or questionnaire – either conducted by a telephone interviewer or completed directly online.

WHR’s privacy and security practices conform to applicable laws, codes, and regulations including but limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The personal information that we may collect may include:

Information about your computer, your visits to our website and social media, your IP address, and your location.
The information that you voluntarily provide in response to questionnaires and or other survey instruments.  This may include sensitive information regarding health care questions and other personal matters that you have agreed to provide to WHR as part of a research or panel screener.

Any personal identifying information (PII) collected by WHR will not be shared with any outside party. The data that we collect in our surveys are only shared with our clients at an aggregated level. Quotes or specific information obtained as part of a focus group or individual interview are reported anonymously.  Focus groups or individual interviews may be transcribed by a professional transcription service, but no PII is shared with the transcribers.

When files are shared, they are encrypted and transmitted via secure electronic transfer protocols so that no information can be obtained by an unauthorized individual.
 

Securing Data: 

WHR employs a robust, enterprise-grade data security framework that integrates both on-premises network infrastructure and Microsoft's Business-level licensed online solutions to ensure comprehensive protection of sensitive information. 

On Premises: Security Overview 

WHR leverages a HITRUST and ISO27001 certified QTS Colocation Data Center in Sacramento, CA. This secure on-premises facility maintains WHR's hardware and network under stringent security protocols, featuring biometric-monitored entry and resources protected by a fortified network boundary. The infrastructure operates on a NIST 800-53 compliant framework governed by a Fortinet firewall, with real-time monitoring via RAPID 7's threat management SIEM, complemented by Sentinel One Antivirus and Fortinet’s Multi-Factor Authentication VPN. The RAPID 7 SIEM solution collects data from both WHR's on-premises servers and Microsoft365 environment, with automated alerts dispatched to staff. 
  
WHR utilizes Microsoft's Business-level licensed online products including TEAMS, OneDrive, and SharePoint for online data storage and collaboration. When storing information in Microsoft's 365 environment through SharePoint, Microsoft implements a multi-layered encryption approach that protects data both at rest and in transit. 

Online: Security Overview 

Data at Rest 

Azure Storage Service Encryption (SSE): Microsoft implements 256-bit AES encryption through Azure Storage Service Encryption for all data stored in SharePoint Online, rendering files and documents unreadable without the appropriate decryption keys. 

• Reference: https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption
  

BitLocker Drive Encryption: Microsoft employs BitLocker to encrypt the physical disks in data centers where SharePoint data resides, providing an additional security layer against physical compromise. 

Per-File Encryption: SharePoint Online utilizes a granular security approach with unique encryption keys for each file. Every file update generates a new encryption key using AES-256 standards, ensuring that a potential compromise of one file would not expose other data. 

• Reference: https://learn.microsoft.com/en-us/compliance/assurance/assurance-encryption-for-microsoft-365-services 
  

Key Management 

Secure Key Storage: Encryption keys are stored in physically separate, highly secure key stores. This separation ensures that even if someone gained access to the data storage location, they could not decrypt the information without the corresponding keys. 

Data in Transit 

HTTPS with TLS 1.2: All communications between client applications or browsers and SharePoint Online servers are secured using HTTPS with TLS 1.2 protocols, preventing eavesdropping and maintaining data integrity during transmission across networks.

You have the right to have your data removed at any time. In that case, don't hesitate to get in touch with our parent company, The Henne Group, at privacy@thehennegroup.com and your request will be processed within three business days.