Projects by IF is a limited company based in London, England. We run this website (projectsbyif.com) and its subdomains.
This page was last updated on 31 July 2024.
We use third party suppliers to publish work, keep in touch with people, organise events and understand how we can do both of these things better. Here you can find out what these services are and how we handle data for visitors to our websites, user research participants, potential and existing clients, and job applicants.
We are committed to being trustworthy with how we use technology and data. If you see anything missing in this policy please let us know.
We collect the following information about visitors to our websites:
Our website analytics allows us to see how people are using our sites and improve their experience.
We anonymise the data we collect and store it indefinitely, so we can see how use of our website changes over time.
Our main site is hosted on Webflow. Their approach to customer data is outlined in their privacy policy. We use Make as automation software that supports Webflow (privacy policy). The main site uses analytics software hosted by Plausible. Their approach to customer data is outlined in their privacy and data policies.
On our subdomains we use an analytics software called Matomo. We run our own copy of Matomo on servers in London owned by Digital Ocean. Digital Ocean gives us full control over the software we use and how data is stored. Their approach to customer data is outlined in their privacy policy.
You can opt out of our analytics by turning on Do Not Track in your browser. Find out how to do this for Google Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge.
IF does not use cookies to track visitors or to generate website analytics. Our website may use services provided by third-party suppliers, which may also use cookies as part of their service offerings. IF will ensure that all cookie usage by our third-party providers aligns with IF's company policy.
We also use third-party suppliers to host and deliver website content. You can find out more about each of these services below:
Some of IF’s sites, specifically our sub-domains, are hosted on Netlify, a managed website hosting service for static web pages. Netlify describes the data they collect about visitors to sites hosted on their platform in their GDPR statement. Further information about their approach to customer data is included in their privacy policy.
We use Google Workspace (privacy policy) linking to store data provided by the requester for the purpose of either joining a mailing list or maintaining communication.
We use several social media accounts to share our work. We occasionally use the analytics tools provided by these platforms to understand how we can use these services better. Our social media accounts include:
Research is an important part of our work: it helps us understand people’s needs and build better products and services.
At the moment, we do not conduct any research with people under the age of 18.
We collect the following information from research participants:
Consent forms
Research material
We collect participant information to identify participants, and arrange sessions and follow-ups.
All research participants are given an informed consent form that outlines what the research involves, what information will be recorded and how it will be used. If the participant is happy to proceed we ask them to sign the form to confirm this.
We collect research material to reference during project work.
We scan signed consent forms and shred paper copies, then store consent forms on Google Drive and keep these for 6 years. All notes and digital files are destroyed or deleted 2 years after the research session. We delete any personal information provided to us from the research recruiter when the project has finished.
Research material is separated from any identifiable information, such as informed consent forms, while we are working with it.
We use Notion to track participants with no identifying information, unless consent has been given. Any notes we gather during research sessions are stored securely. Any digital files (like audio, photos and videos) are stored on Google Drive and are only accessed by IF team members involved in the research. We may send audio of the research session to a transcriber if necessary. We review the privacy notices of the companies we use for this and ask for explicit consent from participants in our consent forms.
We may use research materials like quotes, photos, audio or video clips, in presentations to clients. We will only do this if we have consent from participants. We don’t connect this information to participants’ names.
Sometimes we may publish quotes from research sessions. We only do this if we have specific consent from the participant and any personally identifiable information has been removed. We will only publish audio, photos and video from a research session if a participant has given consent and has signed a model release form.
Participants are able to withdraw their information from a project at any time. To do this, contact data@projectsbyif.com.
We occasionally use third party suppliers to help recruit/conduct specialised or extensive research participants on specific projects. We use:
We occasionally use a third party supplier like Field Sauce to assist with connecting us to qualitative research candidates for specific projects (privacy policy).
We may collect the following information about our potential and existing clients, and when a ‘Let’s chat’ online request form is completed.
We collect the following information about potential and existing clients:
We use this information to create and manage client relationships, meeting scheduling and communication. We keep ‘contact us’ information to retain communication and to provide the requester with relevant information or follow-up communications.
Testimonials may be used on our website or cred desks for promotional purposes.
We keep information about potential clients for 5 years from last contact, and information about existing clients for 6 years from last contact.
Testimonials are kept for 10 years.
For ‘contact me’ information, for as long as it is necessary to fulfill the purpose for which they requested to be contacted.
We use the following services to store and process this data:
Potential or existing clients are able to withdraw their information at any time. To do this, contact data@projectsbyif.com.
IF will ensure that all cookie usage by our third-party providers aligns with IF's company policy.
We also use third-party suppliers to stay in touch with potential and existing clients. You can find out more about each of these services below. We use:
We use Google Workspace (privacy policy) to store client data which is protected by Two-factor authentication.
Slack (privacy policy) is our platform for sharing and collaborating internally.
Miro (privacy policy) and Figma (privacy policy) are our collaborative online whiteboarding platform for planning purposes.
We use Typeform (privacy policy) to engage, interact and collect information when a request to be contacted is received.
We use Dropbox Sign (privacy policy) for signing contracts with clients and suppliers, and to manage consent for research. Dropbox Sign enables us to more efficiently collect signatures digitally. We use Two-factor authentication. We always delete contracts or forms once they are signed from Dropbox Sign.
The operational systems we use to help manage interactions with clients are:
Hubspot (privacy policy) is where we manage client data.
Xero (privacy policy) and Dext (privacy policy) are our cloud-based accounting software.
We collect the following information about people who apply to join our team
We don’t collect any special category data or ask for any background checks as part of the application process.
Recruitment data is used to assess suitability for a role and communicate with candidates.
We keep candidate data and approach them only with a legitimate interest in a job role. If an application is unsuccessful, data will be destroyed after four weeks. If consent is given then we will hold data for up to 1 year in case a suitable position becomes available.
Employee records are kept for 6 years after the employee has left.
We use services to help us find people to join our team. At the moment, these include: LinkedIn (privacy policy).
We store CVs on Google Drive and recruitment data on Notion. Only team members involved in the recruitment process have access to recruitment platform accounts, CVs and emails.
Job applicants are able to withdraw their information at any time. To do this, contact data@projectsbyif.com.
IF will ensure that all cookie usage by our third-party providers aligns with IF's company policy.
We use:
We currently only use Linkedin to promote available opportunities at IF (privacy policy).
We collect the following information about people who express an interest in working on future projects (as contractors/employees):
We don’t collect any special category data or ask for any background checks as part of the application process.
Data about potential collaborators is used to assess suitability for permanent and contract roles on a rolling basis.
Data about potential collaborators is deleted after 3 years, unless requested by the potential collaborator to be deleted beforehand.
We store applications on Google Drive and Notion. Only team members involved in the recruitment process have access to data collected about potential collaborators.
Potential collaborators are able to withdraw their information at any time. To do this, contact data@projectsbyif.com.
We do not use any third-party providers or cookies.
We do not use any third-party suppliers or cookies.
We collect data for the essential functions of our day-to-day operations, and for the purposes of finance and accounting, employee management, training and awareness and quality and assurance.
Collection of personal information within various operational functions serves several purposes that are essential for the functioning of the company - operational efficiency, decision-making and analysis, internal communication and collaboration.
We look at individual operational functions and determine the legal requirement, business need, and the purpose for which the data was collected. For all finance and accounting, we will keep records 6 years from the end of the last company financial year they relate to, as required by current legislation.
We use Google Drive to store information. Only specific employees have access to documents that are relevant to their roles and responsibilities (role-based access control).
Potential collaborators are able to withdraw their information at any time. To do this, contact data@projectsbyif.com.
We do not use any third-party providers or cookies.
We use third-party suppliers for our operational functions. Find out more about how they use data in their privacy policies below.
We use Google (privacy policy) as our cloud computing software, where data is securly stored.
We use Xero (privacy policy) Dext (privacy policy) as our cloud-based accounting platforms for all supplier accounting purposes.
We offer the opportunity to keep in touch with IF and receive updates on our work, events and marketing activities from us via email.
Mailing list subscribers:
We keep mailing list data to maintain communication with subscribers and provide them with relevant updates or information.
We keep mailing list data for the duration of an individual's subscription, unless they choose to unsubscribe or request removal.
We use Beehiiv to store subscribers' email addresses and send our maillist/newsletter. Only specific employees have access to Beehiv that are relevant to their roles and responsibilities (role-based access control).
Mailing list subscribers are able to withdraw their information at any time. To do this using the Beehiiv unsubscribe link on the received mail list/newsletter or contact data@projectsbyif.com.
IF will ensure that all cookie usage by our third-party providers aligns with IF's company policy.
We use the following for operational purposes:
We use Beehiiv (privacy policy) to design, create and manage our maillist/newsletter which is protected by Two-factor authentication.
We offer events and workshops for individuals and clients.
Participant information/attendee registration:
During or after the event:
Attendance RSVPs:
Marketing and Communication:
Data on events helps to provide attendee information and informs future event planning, assist with marketing strategies, and overall business decisions.
Data on events is deleted after 3 years, unless requested by the potential attendee to be deleted beforehand.
We store event information on Google Drive and Notion. Only team members involved in the event process have access to the data collected.
Attendees are able to withdraw their information at any time. To do this, contact data@projectsbyif.com.
IF will ensure that all cookie usage by our third-party providers aligns with IF's company policy.
We use third-party suppliers to hold event content, and when we provide events online, we use third-party services to plan, deliver and host the content. We use:
We have hosted videos of our online events using YouTube, because its infrastructure is better suited to delivering video content than our own. Find out more about how they use data in their privacy statement.
We use Eventbrite for creating, promoting, and managing events. Find out more about how they use data in their privacy policy.
We use the video conferencing platform Google Meet to host our remote workshops. Google Meet provides useful functionality (e.g. breakout rooms, polling, chat) and a reliable video stream. Information about how Google Meet uses data can be found in their Help Center.
We use the Online Whiteboard platform Miro for visual collaboration in our remote events/workshops. We believe Miro provides a way to offer enhanced interactivity for workshop attendees. Miro publishes details about how they use data in their Privacy Policy.
We use the online whiteboard platform Figjam within Figma for visual collaboration in our remote workshops. We believe Figma provides a way to offer enhanced interactivity for workshop attendees. Figma publishes details about how they use data in their Privacy Policy.
IF doesn’t participate in the following data processing activities:
We don’t use “soft opt-in“, meaning you won’t receive any marketing communications from us unless you’ve specifically agreed to it.
We carefully choose our services and tools at IF. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password. We’ve reviewed the privacy policies and security practices of everything we use.
When a new team member joins IF, we explain best practices for keeping their devices secure, maintaining the security of their online accounts and working outside our offices. The infrastructure we maintain ourselves, like our Digital Ocean servers, are secured using these best practices. Only specific members of the team can access these servers.
We use 1Password (privacy policy) as our management tool which gives us the ability to securely store and manage passwords, login credentials, and other sensitive information. By using 1Password, IF enhances the security and privacy of our users' accounts and data by encouraging the use of unique, strong passwords for each online account. This helps mitigate the risk of unauthorised access, data breaches, and identity theft.
Additionally, 1Password offers features such as end-to-end encryption, multi-factor authentication, and secure sharing capabilities, further enhancing the protection of users' information. By leveraging 1Password, we are committed to safeguarding the confidentiality and integrity of our users' data and promoting responsible password management practices.
In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.
We have reviewed the privacy policies of third-party suppliers we use. They provide adequate protections when information is shared outside of the European Economic Area.
There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. A full list of exemptions are listed on the ICO website – this also applies to data held about you by third-party suppliers we use.
Every six months, we review our documentation of the data we handle and third-party suppliers we use. This helps us continuously improve our processes and hold ourselves to account. We will update this document as necessary.
UK and EU data protection regulations give people the following rights. We respect these rights regardless of people's geographic location:
To exercise any of these rights, please contact us at data@projectsbyif.com.
If your legal jurisdiction provides you with additional rights that you believe IF should respect then let us know.
You can find information specific to the services we use or our activities in the relevant sections of this document. We will respond to all requests within 28 days of receiving them.
Our postal address is Projects by IF Ltd, 27 Old Gloucester St, Holborn, London, WC1N 3AX. If you aren’t satisfied by our response, you can contact the UK Information Commissioner’s Office.