Privacy Policy

1. Introduction

TehriHills ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, share, and safeguard your personal information when you engage with our consulting services. Our services include business strategy, market research, expert recruitments, data analytics, information security, and data compliance. This policy aligns with global privacy best practices and relevant legal frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA).

2. Commitment to Privacy

We recognize that privacy is a fundamental right, and we take comprehensive measures to safeguard the personal information of our clients, research participants, and stakeholders. Our data collection, processing, and storage practices align with international privacy laws.

Implementing advanced encryption and access control mechanisms to prevent unauthorized access.
Ensuring that personal data is stored securely and accessed only by authorized personnel.
Providing clear and transparent policies regarding data usage, retention, and deletion.
Offering participants the right to access, modify, or request the deletion of their data.

3. Ethical Standards in Survey Research

Survey research plays a crucial role in our consulting services, allowing us to gather insights that drive business strategies, market trends, and customer preferences. We are committed to conducting surveys ethically, ensuring voluntary participation, informed consent, and data confidentiality.

3.1 Informed Consent

Participants are fully informed about the purpose of the survey, how their data will be used, and their rights before they choose to participate. We ensure transparency in all communications.

3.2 Voluntary Participation

We respect the autonomy of all research participants. No individual is coerced into participating, and participants can withdraw at any time without consequences.

3.3 Confidentiality and Anonymity

We take necessary steps to anonymize survey responses, ensuring that individual identities remain protected. When anonymization is not possible, data is kept confidential and accessed only for research purposes.

3.4 Data Accuracy and Integrity

We collect and analyze data responsibly, ensuring that findings reflect accurate, unbiased insights. Misrepresentation or distortion of research data is strictly prohibited.

3.5 Compliance with Industry Standards

Our survey methodologies comply with ethical research guidelines set by organizations such as ESOMAR, the Insights Association, and other global research bodies.

4. Protecting Research Participants

We respect the privacy of our research participants and ensure that their responses remain secure. Any personally identifiable information collected is stored with industry-standard security measures. Additionally, we continuously review and update our policies to stay aligned with evolving privacy laws and best practices in survey research.

By upholding these high ethical standards, we maintain trust with our participants, clients, and stakeholders. At TehriHills, privacy and ethical research are at the core of our operations, allowing us to deliver valuable insights while respecting and protecting the rights of all individuals involved.

5. Protection of Information in a Research Context

When individuals participate in our research studies—such as surveys, focus groups, and interviews—we take comprehensive steps to ensure their personal information is collected, processed, and stored securely. Our research practices are governed by strict ethical and privacy guidelines, ensuring confidentiality, anonymity, and secure data handling.

Voluntary Participation and Informed Consent: Participants are fully informed about the purpose of the research, the nature of data collection, and their rights before providing any information. Their participation is voluntary, and they can withdraw at any time.
Data Confidentiality and Anonymization: Whenever possible, we anonymize or pseudonymize participant data to remove personally identifiable details. If anonymity is not feasible, we implement strict access controls to ensure confidentiality.
Secure Storage and Restricted Access: Research data is stored on secure, encrypted systems accessible only by authorized personnel. We implement role-based access controls to minimize exposure to sensitive information.
Compliance with Ethical Research Standards: Our methodologies comply with industry regulations, such as ESOMAR and the Insights Association guidelines, ensuring transparency, integrity, and fairness in data collection.
No Unauthorized Sharing or Sale of Data: We do not sell or share research participants' personal data with third parties unless explicitly agreed upon or legally required.

6. Protection of Information Provided at Our Website

When users interact with our website, we collect certain types of personal information, including contact details, browsing behavior, and other voluntarily provided data. We ensure that all such information is protected from unauthorized access, misuse, and disclosure.

Secure Data Transmission: We use encryption protocols (such as SSL/TLS) to secure all communications between users and our website, ensuring data remains confidential.
Cookie and Tracking Controls: We utilize cookies to enhance user experience and analyze website performance. Users can manage their cookie preferences and opt-out of tracking features as per GDPR and CCPA requirements.
Controlled Access and Data Minimization: Only necessary information is collected and stored, reducing the risk of data exposure. Access to user data is restricted to authorized personnel.
User Rights and Transparency: Website visitors have the right to access, modify, or request deletion of their personal data. We provide clear privacy policies and mechanisms for users to exercise their rights.
Regular Security Audits and Updates: We continuously monitor and update our security infrastructure to safeguard user data against cyber threats and breaches.

7. How We Use Information You Provide

The personal and business information you share with us is used solely for legitimate business and research purposes. We ensure that your data is processed ethically and in line with regulatory requirements. Below are the key ways in which we use the information you provide:

Delivering Consulting Services: Your information enables us to offer tailored consulting solutions in market research, data analytics, and compliance strategies. It helps us understand industry trends, develop strategies, and provide insights that support better business decision-making.
Conducting Market Research and Analysis: We use collected data to perform in-depth research, identify market trends, and understand customer behavior. The data is anonymized and aggregated where possible to ensure confidentiality.
Expert Recruitment and Matching: If you are an industry expert providing your credentials for recruitment purposes, we use this information to connect you with relevant consulting opportunities while ensuring data protection and privacy.
Enhancing User Experience: Your interactions with our website and digital platforms help us optimize content, improve navigation, and provide you with a personalized experience.
Ensuring Compliance and Security: We use personal information to meet legal, regulatory, and security requirements. This includes fraud prevention, compliance audits, and adherence to privacy laws such as GDPR and CCPA.
Communication and Customer Support: We may use your contact details to send updates, respond to inquiries, and provide customer support. You have the right to opt out of marketing communications at any time.

8. How We Use the Data Collected

We collect data through multiple channels, including surveys, website interactions, expert recruitment forms, and client engagements. The data collected serves various functions, ensuring efficient service delivery and research accuracy.

8.1 Improving Research Accuracy

Data collected from surveys, interviews, and focus groups is used to generate meaningful business insights. We ensure transparency in how this data is collected and used.

8.2 Enhancing Business Intelligence and Analytics

Our data analytics solutions rely on collected information to provide industry forecasts, optimize business performance, and drive innovation.

8.3 Website Data and Tracking Technologies

We collect website usage data, including IP addresses, device information, and browsing behavior, to enhance website functionality and security. Users can manage their preferences through cookie settings.

8.4 Protecting User Data and Ensuring Compliance

We take robust security measures, including encryption, access controls, and regular compliance checks, to protect collected data from unauthorized access or breaches.

9. Legal Basis for Processing Data

We collect and process personal data only when there is a valid legal basis to do so. The primary legal grounds for processing data at TehriHills include:

9.1 Consent

We obtain explicit consent from individuals before collecting and processing their personal data for surveys, market research, and other consulting services. Participants and users have the right to withdraw their consent at any time.

9.2 Contractual Necessity

If you engage our consulting services or participate in expert recruitment, we process your data as necessary to fulfill our contractual obligations. This includes using personal information to communicate with clients, provide insights, and deliver agreed-upon services.

9.3 Legal Compliance

We process data to comply with legal obligations, including responding to regulatory authorities, conducting security audits, and ensuring compliance with privacy laws such as GDPR and CCPA.

9.4 Legitimate Interests

We may process personal data when it is necessary for legitimate business operations, such as improving our research methodologies, developing analytics, enhancing security, and preventing fraud. However, we ensure that such processing does not infringe on individual rights and freedoms.

10. Information Sharing and Disclosure

We respect the confidentiality of personal data and do not sell or trade information to third parties. However, in some circumstances, we may share or disclose information under strict privacy and security controls. Below are the key instances when data may be shared:

10.1 With Clients

When conducting market research, expert recruitment, or business analytics, we may share anonymized and aggregated data with our clients. Personally identifiable information is not disclosed unless explicitly authorized by the individual.

10.2 With Service Providers

We collaborate with trusted third-party vendors to assist with data storage, website analytics, payment processing, and IT security. These service providers are contractually bound to uphold strict data protection measures and can only use the data for agreed-upon purposes.

10.3 For Legal and Regulatory Compliance

We may disclose personal data when required by law, regulatory authorities, or court orders. This includes situations where we need to prevent fraud, investigate security breaches, or comply with government regulations.

10.4 With Business Partners

In cases of mergers, acquisitions, or partnerships, personal data may be shared under confidentiality agreements to ensure the continuity of services. Any such disclosure is conducted in full compliance with applicable privacy laws.

10.5 For International Transfers

If data is transferred across borders for processing or storage, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and adherence to international privacy frameworks.

11. Data Security and Retention

We implement stringent security controls to protect personal information from unauthorized access, alteration, disclosure, or destruction. Our security framework is designed to safeguard data at every stage of its lifecycle, ensuring that it remains protected against cyber threats and unauthorized use.

11.1 Encryption and Secure Storage

All personal data is encrypted during transmission and at rest, ensuring that it remains confidential and protected from unauthorized access.

11.2 Access Controls

We implement strict access control measures, ensuring that only authorized personnel with a legitimate business need can access sensitive data. Role-based access ensures that data is handled securely.

11.3 Regular Security Audits and Compliance Checks

Our systems undergo periodic security audits and vulnerability assessments to identify and mitigate potential risks. We continuously review and update our security policies to align with evolving threats.

11.4 Incident Response and Breach Notification

In the unlikely event of a data breach, we have an established incident response plan to contain the breach, notify affected individuals and regulatory authorities as required, and take corrective action to prevent future incidents.

11.5 Secure Third-Party Relationships

Any third-party vendors or service providers handling personal data on our behalf are required to adhere to strict security and confidentiality agreements.

11. Data Security and Retention

11.1 Encryption and Secure Storage

All personal data is encrypted during transmission and at rest, ensuring that it remains confidential and protected from unauthorized access.

11.2 Access Controls

11.3 Regular Security Audits and Compliance Checks

11.4 Incident Response and Breach Notification

11.5 Secure Third-Party Relationships

Any third-party vendors or service providers handling personal data on our behalf are required to adhere to strict security and confidentiality agreements.

12. Data Retention Policies

We retain personal data only for as long as necessary to fulfill legal, contractual, and business obligations. Our data retention policies align with regulatory requirements, ensuring that data is securely deleted or anonymized once it is no longer needed.

Personal data collected for market research, consulting engagements, or expert recruitment is retained only for the duration necessary to complete the project.
Website user data and analytics information are retained according to industry best practices, with options for users to request deletion.
Personal health information (PHI) subject to HIPAA compliance is stored securely and retained only for the legally required duration.

13. Compliance with GDPR, CCPA, HIPAA and other Industry Standards

Our data protection framework complies with key privacy laws to ensure transparency, accountability, and individual rights protection.

13.1 GDPR Compliance (European Users)

We provide individuals with the right to access, modify, delete, and restrict processing of their personal data.
Explicit consent is obtained for data collection, with clear opt-in/opt-out mechanisms.
Data transfers outside the European Economic Area (EEA) are conducted under legally recognized safeguards, such as Standard Contractual Clauses (SCCs).

13.1.1 Your Rights Under the General Data Protection Regulation (GDPR)

Applicable to individuals in the European Economic Area (EEA)

The GDPR is one of the most comprehensive privacy regulations globally, designed to give individuals control over their personal data. If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

Right to Access (Article 15 GDPR) – You can request access to the personal data we hold about you, including information on how it is processed and with whom it is shared.
Right to Rectification (Article 16 GDPR) – If your personal data is inaccurate or incomplete, you can request corrections or updates.
Right to Erasure (Right to be Forgotten) (Article 17 GDPR) – You may request the deletion of your personal data if it is no longer needed for its original purpose, if you withdraw consent, or if it was unlawfully processed.
Right to Restrict Processing (Article 18 GDPR) – You can request limitations on how we process your data under certain conditions.
Right to Data Portability (Article 20 GDPR) – You can request a copy of your personal data in a commonly used format and transfer it to another data controller.
Right to Object (Article 21 GDPR) – You have the right to object to the processing of your personal data, especially for direct marketing purposes.
Right to Withdraw Consent – If we rely on consent to process your data, you can withdraw your consent at any time.
Right to Lodge a Complaint – If you believe your rights have been violated, you can file a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@tehrihills.com

13.2 CCPA Compliance (California Residents)

We allow users to opt out of data sales and provide clear disclosure on data collection and usage practices.
California residents have the right to request access, deletion, or correction of their personal information.
We do not sell personal information to third parties.

13.2.1 Your Rights Under the California Consumer Privacy Act (CCPA)

Applicable to California Residents

The CCPA grants California residents enhanced privacy rights concerning their personal data. If you reside in California, you have the following rights:

Right to Know – You can request details about the categories and specific pieces of personal data we have collected, processed, and shared in the past 12 months.
Right to Delete – You can request the deletion of personal data we have collected about you, subject to certain exceptions (e.g., legal compliance, security, or fraud prevention).
Right to Opt-Out of Data Selling – We do not sell personal data, but if we ever engage in such activity, you would have the right to opt out.
Right to Non-Discrimination – Exercising your CCPA rights will not result in discriminatory treatment (e.g., denial of services or increased prices).
Authorized Agent Representation – You can authorize someone else to exercise your CCPA rights on your behalf.

You can submit a request regarding your CCPA rights by contacting us at info@tehrihills.com.

13.2 CCPA Compliance (California Residents)

We allow users to opt out of data sales and provide clear disclosure on data collection and usage practices.
California residents have the right to request access, deletion, or correction of their personal information.
We do not sell personal information to third parties.

13.2.1 Your Rights Under the California Consumer Privacy Act (CCPA)

Applicable to California Residents

The CCPA grants California residents enhanced privacy rights concerning their personal data. If you reside in California, you have the following rights:

Right to Know – You can request details about the categories and specific pieces of personal data we have collected, processed, and shared in the past 12 months.
Right to Delete – You can request the deletion of personal data we have collected about you, subject to certain exceptions (e.g., legal compliance, security, or fraud prevention).
Right to Opt-Out of Data Selling – We do not sell personal data, but if we ever engage in such activity, you would have the right to opt out.
Right to Non-Discrimination – Exercising your CCPA rights will not result in discriminatory treatment (e.g., denial of services or increased prices).
Authorized Agent Representation – You can authorize someone else to exercise your CCPA rights on your behalf.

You can submit a request regarding your CCPA rights by contacting us at info@tehrihills.com.

13.3 HIPAA Compliance (Healthcare Data)

For clients dealing with healthcare-related data, we ensure full HIPAA compliance in handling Protected Health Information (PHI).
Secure storage, encryption, and limited access ensure PHI remains confidential and is used strictly for authorized purposes.

13.3.1 Your Rights Under the Health Insurance Portability and Accountability Act (HIPAA)

Applicable to Protected Health Information (PHI)

If you engage with us in a healthcare-related capacity, HIPAA ensures your privacy and security regarding Protected Health Information (PHI). Under HIPAA, you have the following rights:

Right to Access – You can request a copy of your PHI and details on how it is used or shared.
Right to Request Corrections – If your health information is incorrect or incomplete, you can request modifications.
Right to an Accounting of Disclosures – You can request a list of entities with whom your PHI has been shared.
Right to Request Restrictions – You can ask for limitations on how your PHI is shared, although providers are not always required to comply.
Right to Confidential Communications – You can request that communications regarding your PHI be sent to a specific address or in a particular manner.
Right to File a Complaint – If you believe your HIPAA rights have been violated, you can file a complaint with the U.S. Department of Health and Human Services (HHS).

For HIPAA-related inquiries, please reach out to our Data Protection Officer (DPO) at info@tehrihills.com.

13.4 Your Rights Under Other Industry Standards

In addition to GDPR, CCPA, and HIPAA, we adhere to other industry regulations and best practices to protect personal data, including:

ISO 27001 and NIST Cybersecurity Framework – These global security standards guide our data protection strategies.
ESOMAR and Insights Association Guidelines – If you participate in our market research, we comply with ethical guidelines to ensure transparency and fairness in data collection.
Federal Trade Commission (FTC) Guidelines – We follow FTC best practices related to online privacy and consumer protection.

14 How to Exercise Your Rights

If you wish to exercise any of your rights under GDPR, CCPA, HIPAA, or other industry regulations, you may:

Submit a request via email: info@tehrihills.com
Call our privacy support team: 9650619444

We will verify your identity before processing any request and respond within the legally required timeframe (typically 30-45 days).

15 Our Commitment to Data Protection

At TehriHills, we prioritize transparency, security, and compliance in handling your personal data. Our adherence to GDPR, CCPA, HIPAA, and other regulatory frameworks ensures that your privacy rights are respected and upheld at all times.

For more information about our privacy practices, please visit our Privacy Policy or contact us directly at info@tehrihills.com.

16 Updates to This Privacy Policy

At TehriHills, we are committed to ensuring that our privacy practices remain transparent, up-to-date, and aligned with evolving regulations and industry standards. As part of our dedication to data privacy and security, we periodically review and update this Privacy Policy to reflect changes in our data handling practices, regulatory requirements, and technological advancements.

16.1 Why We Update This Privacy Policy

The digital landscape and regulatory environment are continuously evolving. As a consulting firm specializing in market research, expert recruitment, data analytics, and compliance solutions, we regularly refine our privacy practices to reflect:

Changes in Data Protection Laws and Regulations – As global privacy laws such as GDPR, CCPA, HIPAA, and other industry standards evolve, we update our policy to ensure compliance.
New Business Practices and Services – If we introduce new consulting services, digital tools, or research methodologies that involve collecting or processing personal data differently, our privacy policy will be updated accordingly.
Enhanced Security Measures – We continuously improve our data security frameworks, encryption protocols, and access control mechanisms to safeguard personal information. Any significant enhancements will be reflected in this policy.
Transparency and User Rights – We may update this policy to provide more clarity on how users, clients, and research participants can exercise their privacy rights, such as requesting access, modification, or deletion of their data.

16.2 How We Notify Users About Privacy Policy Updates

We believe in keeping our users informed about privacy policy updates in a clear and accessible manner. Any changes to this Privacy Policy will be communicated through the following methods:

Website Notifications: A notice will be posted on our website homepage or privacy policy page when an update occurs.
Email Communication: If the changes significantly impact how we handle personal data, we may notify registered users and research participants via email.
Pop-Up Alerts on Digital Platforms: For users engaging with our online services, a pop-up alert may highlight key changes to the privacy policy.

16.3 Your Rights Regarding Policy Updates

We encourage users to review this Privacy Policy regularly to stay informed about how their data is being handled. If changes to the policy require consent under applicable regulations (e.g., GDPR), we will seek renewed consent before implementing the changes. Users have the right to:

Access and review the updated policy to understand new data processing practices.
Withdraw consent or modify preferences if they disagree with any updates that affect their data usage.
Contact us with inquiries or concerns about how changes impact their personal data.

17 Contact Us

At TehriHills, we prioritize transparency and accessibility when it comes to addressing questions, concerns, or inquiries about our privacy practices, consulting services, and data protection measures. We are committed to ensuring that all individuals—whether clients, research participants, website users, or business partners—can easily reach us for support, clarification, or assistance regarding any aspect of their personal data and privacy rights.

17.1 How to Reach Us

We provide multiple channels through which you can contact us, ensuring a prompt and efficient response to your concerns:

Email Support: For general inquiries, privacy-related questions, or data access requests, you can contact us via email at info@tehrihills.com.
Phone Support: Our customer support team is available at 9650619444 during business hours to assist with your concerns.
Mailing Address: If you prefer to communicate via mail, you can send inquiries to our registered office at:
TehriHills Consultancy Pvt Ltd
2G-34, Vidhi Vihar, New Tehri, Uttarakhand 249001

18. Privacy and Data Protection Inquiries

If you have any questions regarding how we collect, use, or protect your personal information, our Data Protection Officer (DPO) or privacy team is available to assist you. Whether you are a client, research participant, or website visitor, you have the right to:

Request access to your personal data that we have collected.
Ask for corrections or updates to inaccurate or outdated information.
Withdraw consent for data processing, where applicable.
Request deletion or restriction of your personal data in accordance with legal rights under GDPR, CCPA, and other data protection laws.

18.1 Reporting Privacy Concerns or Security Issues

If you suspect a privacy breach, unauthorized data access, or security vulnerability related to our services, we encourage you to report the issue immediately. You can do this by:

Emailing our Data Protection Officer at report@tehrihills.com.
Calling our Privacy Support Hotline at 9650619444.

18.2 Response Time and Commitment to Customer Support

We strive to provide timely and thorough responses to all inquiries:

General inquiries: Response within 2-3 business days.
Privacy and data access requests: Response within 30 days as required under GDPR and CCPA.
Urgent security issues: Immediate review and resolution within priority timelines.

19. Your Trust Matters

At TehriHills, we value your trust and are committed to ensuring a seamless, transparent, and secure experience when engaging with our consulting services. If you have any concerns, don't hesitate to contact us—we're here to help. By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.