Projects by IF is a limited company based in London, England. We run this website (projectsbyif.com) and its subdomains.

We use third party services to publish work, keep in touch with people and understand how we can do both of these things better. Here you can find out what these services are and how we handle data for visitors to our websites, user research participants, potential and existing clients, and job applicants.

This page was last updated on 20 January 2021. You can see previous versions on GitHub.

Our websites

What data we collect

We collect the following information about visitors to our websites:

  • IP address (first two bytes)
  • Timestamp of visit
  • Country of visit
  • Referrer
  • Operating system
  • Browser
  • Screen resolution
  • Device type
  • Device brand and model
  • Pages visited during session

Why we collect website data

Our website analytics allows us to see how people are using our sites and improve their experience.

How long we keep website data

We anonymise the data we collect and store it indefinitely, so we can see how use of our website changes over time.

Where website data is processed and stored

We use an analytics software called Matomo. We run our own copy of Matomo on servers in London owned by Digital Ocean. Digital Ocean give us full control over the software we use and how data is stored. Their approach to customer data is outlined in their privacy policy.

Opt-out of collection

You can opt out of our analytics by turning on Do Not Track in your browser. Find out how to do this for Google Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge.

Third-party services

We also use third-party services to host and deliver website content. You can find out more about each of these services below:

Netlify

Many of IF’s sites, including our main website and blog, are hosted on Netlify, a managed website hosting service for static web pages. Netlify describes the data they collect about visitors to sites hosted on their platform in their GDPR statement. Further information about their approach to customer data is included in their privacy policy.

Vimeo

We host videos using Vimeo, because its infrastructure is better suited to delivering video content than our own. Find out more about how they use data in their privacy statement.

Amazon Web Services

We host documents (like PDFs) using Amazon Web Services (AWS) Simple Storage Service (S3).

We don’t use logging for S3 files, but Amazon may log IP addresses to protect the security of their systems. We have signed a Data Protection Addendum with Amazon to ensure data protections approved by the European Commission are in place.

You can read more about privacy on Amazon AWS in their Data Privacy FAQ.

Our social media accounts

We use several social media accounts to share our work. We occasionally use the analytics tools provided by these platforms to understand how we can use these services better. Our social media accounts include:

We may feature public messages, comments or replies on celebrate.projectsbyif.com.

If you’d like content about you removed from this site or any of our social media profiles, please contact data@projectsbyif.com.

Research participants

Research is an important part of our work: it helps us understand people’s needs and build better products and services.

At the moment, we do not conduct any research with people under the age of 18.

What data we collect

We collect the following information from research participants:

Participant information

  • Full name
  • Telephone number
  • Email address
  • Address

Consent forms

  • Full name
  • Signature

Research material

  • Interview recordings (audio or video)
  • Quotes
  • Notes
  • Photos

Why we collect this data

We collect participant information to identify participants, and arrange sessions and follow-ups.

All research participants are given a consent form that outlines what the research involves, what information will be recorded and how it will be used. If the participant is happy to proceed we ask them to sign the form to confirm this.

We collect research material to reference during project work.

How long we keep research data

Participant information is deleted at the end of the project.

We scan signed consent forms and shred paper copies, then store consent forms on Google Drive and keep these for 6 years. All notes and digital files are destroyed or deleted 2 years after the research session. We delete any personal information provided to us from the research recruiter when the project has finished.

Where research data is processed and stored

Research material is separated from any identifiable information, such as consent forms, while we are working with it.

Any notes we gather during research sessions are stored securely. Any digital files (like audio, photos and videos) are stored on Google Drive and are only accessed by IF team members involved in the research. We may send audio of the research session to a transcriber if necessary. We review the privacy notices of the companies we use for this and ask for explicit consent from participants in our consent forms.

We may use research materials like quotes, photos, audio or video clips, in presentations to clients. We will only do this if we have consent from participants. We don’t connect this information to participants’ names.

Sometimes we may publish quotes from research sessions. We only do this if we have specific consent from the participant and any personally identifiable information has been removed. We will only publish audio, photos and video from a research session if a participant has given consent and has signed a model release form.

Opt-out of collection

Participants are able to withdraw their information from a project at any time. To do this, contact data@projectsbyif.com.

Potential and existing clients

What data we collect

We may collect the following information about our potential and existing clients:

  • Name
  • Company
  • Email address
  • Phone number
  • Job title
  • Company address
  • Working hours
  • Testimonials

Why we collect this data

We use this information to create and manage client relationships.

Testimonials may be used on our website for promotional purposes.

How long we keep this data

We keep information about potential clients for 1 year from last contact, and information about existing clients for 2 years from last contact.

Testimonials are kept for 5 years.

Where data about potential and existing clients is processed

We use the following services to store and process this data:

  • GSuite, including Mail and Drive
  • Our workspace on Slack
  • Trello
  • Pipedrive
  • Streak
  • Miro

Attendees of IF’s events

We run events to share our insights and to connect with other Responsible Data practitioners.

What data we collect

We collect the following information from event attendees:

Attendee Registration

  • Full name
  • Telephone number
  • Email address
  • Job title and Company

During or after the event

  • Video and audio of the event (audio or video)
  • Quotes
  • Feedback

Why we collect this data

We collect attendee information to send the event invitation, provide help should there be any issues joining the event and to reach out for feedback. We usually record the events we run so we can share them with people who were unable to attend. We may use comments we receive in the event itself to promote future events. All Attendees are told that the event will be recorded prior to the event starting. We collect feedback to improve these events for Attendees.

How long we keep Attendee data

Attendee Registration data is deleted after 2 years after the event. Videos of the events and the feedback we receive is kept indefinitely unless we are asked to remove it.

Where Attendee is processed and stored

All Attendee data is stored on Google Drive and is only accessed by IF team members. We may use feedback materials like quotes, photos, audio or video clips, in presentations to clients. We will only do this if we have consent from Attendees. We don’t connect this information to Attendees’ names. Sometimes we may publish quotes from the events we run. We only do this if we have specific consent from the Attendee. We will only publish audio, photos and video from an event if an Attendee has given consent and has signed a model release form.

Third-party services

We also use third-party services to plan, deliver and host event content. You can find out more about each of these services below:

Entourage BD

We work with [Entourage BD] (https://entouragebd.com/) to plan our events, invite guests and gather feedback from Attendees. Entourage describes the data they collect about Attendees in their Privacy Policy.

Livestorm

We use the webinar platform [Livestorm] (https://livestorm.co/) to stream our online events live. We believe Livestorm provides an intuitive interface for Attendees, and reliable video stream. Livestorm publish details about how they use data from events in their Privacy Policy.

YouTube

We host videos of our online events using YouTube, because its infrastructure is better suited to delivering video content than our own. Find out more about how they use data in their privacy statement.

Opt-out of collection

Attendees are able to withdraw their information at any time. To do this, contact data@projectsbyif.com.

Job applicants

What data we collect

We collect the following information about people who apply to join our team:

  • Full name
  • CV and supporting information
  • Email address
  • Covering letter
  • References
  • Phone number
  • Recruitment platform profile
  • Notes from interviews

We don’t collect any special category data or ask for any background checks as part of the application process.

Why we collect recruitment data

Recruitment data is used to assess suitability for a role and communicate with candidates.

How long we keep recruitment data

Recruitment data are deleted when a candidate leaves the recruitment process, is offered a job, or their application is unsuccessful.

Where recruitment data is processed and stored

We use several services to help us find people to join our team. At the moment, these include:

(If you want to exercise your rights on a particular service, please refer to its privacy policy for more information.)

We store CVs on Google Drive and on our main recruitment platform, Workable. Only team members involved in the recruitment process have access to recruitment platform accounts, CVs and emails.

Things we don’t do

IF doesn’t participate in the following data processing activities:

  • Buying or selling marketing lists
  • Entering into data sharing agreements with other organisations
  • Telephone marketing
  • Postal marketing
  • CCTV surveillance (apart from CCTV systems run by the buildings in which we work)

We don’t use “soft opt-in”, meaning you won’t receive any marketing communications from us unless you’ve specifically agreed to it.

Keeping data secure

We carefully choose our services and tools at IF. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password. We’ve reviewed the privacy policies and security practices of everything we use.

When a new team member joins IF, we explain best practices for keeping their devices secure, maintaining the security of their online accounts and working outside our offices.

Infrastructure we maintain ourselves, like our Digital Ocean servers, are secured using these best practices. Only specific members of the team can access these servers.

Data breaches

In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.

Data transfer outside the EEA

We have reviewed the privacy policies of third party services we use. They provide adequate protections when information is shared outside of the European Economic Area.

Exemptions

There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. A full list of exemptions are listed on the ICO website – this also applies to data held about you by third party services we use.

Reviewing how we use data

Every quarter, we review our documentation of the data we handle and third party services we use. This helps us continuously improve our processes and hold ourselves to account. We will update this document as necessary.

Your rights and getting in touch

The General Data Protection Regulation gives EU citizens the following rights:

To exercise any of these rights, please contact us at data@projectsbyif.com. You can find information specific to the services we use or our activities in the relevant sections of this document. We will respond to all requests within 28 days of receiving them.

Our postal address is Projects By IF, New Wing, Somerset House, London, WC2R 1LA.

If you aren’t satisfied by our response, you can contact the Information Commissioner’s Office.