Hamburger icon

Privacy Policy

PH1 Research Privacy & Data Security Policy

PH1 Research takes data security and data privacy very seriously. In the course of our work, we collect, manage, and process data for our own agency and on behalf of our clients. We uphold a strict privacy and data usage policy that includes, and is not limited to, as outlined below.

Use of information:

PH1 Research collects user information for the purposes of recruiting research participants, conducting research, analyzing research, and reporting on the data that has been collected. will use each category of Personal Information listed below for purposes of conducting research, producing presentations and reports regarding the research conducted, to help our clients make informed decisions about the product or services they are developing. PH1 Research also may use Personal Information for its internal purposes to improve the quality of its products and services.

Data collected:

PH1 Research may collect one or more of the following categories of Personal Information from research participants.

  • Personally identifiable information (PII), such as my name and contact information. This information is collected to:

    • 1) Facilitate prompt and robust recruitment and scheduling of research participants; or

    • 2) Award survey participants who are selected to receive a monetary award, when this is a component of the survey in question.

  • Protected classifications, such as, but not necessarily, race, sex, age, national origin, disability, citizenship status, and family information.

  • Audio, electronic, visual, or similar information, such as images, photographs, screen-sharing, video, or recordings of participants and/or research sessions.

  • Education information about the level of education I have attained.

  • Professional or employment-related information.

  • Inferences drawn to create a profile reflecting my preferences or characteristics, including information about how I may use the products and services, and information relating to my general preferences or approaches to life and work.

  • Other information that is not otherwise listed here, but is required to complete the project

Unless otherwise requested, PH1 Research deletes all PII and participant videos 90 days after a project has been completed.

Data storage & compliance:

PH1 Research is primarily governed by the laws of British Columbia, and as such is FIPPA (Freedom of Information and Protection of Privacy Act) compliant by default. When working in other regions, we will comply with the strictest data privacy requirements of the jurisdictions in question.

In order to comply with localized data compliance laws, we use tools and storage servers that are localized to region.

General data storage:

  • Survey collection and storage is hosted on Qualtrics, with servers in Canada or the United States, or on Alchemer with servers in the United States

  • File storage is hosted on Google Drive with SOC compliance

  • Video interviews are conducted through Zoom, and recorded on the cloud with servers in Canada or the United States, or recorded locally on a PH1 computer if preferred

  • For a full list of tools that we use and their security compliance, please contact us.

Canadian compliance:

  • Survey collection and storage is hosted on Qualtrics, with servers in Ontario

  • File storage is hosted on Sync, with servers in Quebec and Ontario

  • Data analysis is conducted locally on a PH1 computer, and backed up on Sync

Agency details:

PH1 Research provides employee and contractor access privileges to technology (including software, data files, networks, systems, applications, computers and mobile devices) based on the following principles:

  1. Need to know – users or resources will be granted access to systems that are necessary to fulfill their roles and responsibilities.

  2. Least privilege – users or resources will be provided with the minimum privileges necessary to fulfill their roles and responsibilities.

We maintain and review on an annual basis, the following policy documentation:

  • Acceptable Use Policy

  • Data Classification Policy

  • Data Security Policy

  • Access Control Policy

  • Security Incident Response Plan

View More Resources