Policies & Governance

01

Code of Ethics

At PROJCT, our commitment to integrity, excellence and respect is the cornerstone of our work. As a consultancy dedicated to empowering people and communities, we recognise that our success is built on the trust and confidence of our clients, partners and employees. We hold ourselves accountable not just to financial profit, but also to our social and environmental impact. This Code outlines the principles that guide our behaviour and decision-making, ensuring that we uphold the highest standards of ethical conduct in all aspects of our business.

Integrity and Governance

We conduct ourselves with honesty, integrity and accountability in all our interactions.

• Honesty: We provide accurate and truthful information in our communications both internally and externally. All strategies are informed by ethically gathered data, ensuring we do not misrepresent facts to further a business goal.
• Transparency: We maintain openness in our operations, ensuring that our practices are easily accessible and understandable, fostering trust with all our stakeholders.
• Accountability: We take responsibility for our actions, decisions, and their impact on others, always striving towards a high level of trust with our stakeholders.
• Anti-Corruption and Conflicts: We prohibit any form of bribery and unethical inducements. Employees must disclose any potential conflict of interest (financial or personal) that could influence their professional judgment.

Excellence

• Client Focus: We prioritise our clients’ needs, delivering solutions that are tailored, effective and sustainable.
• Continuous Improvement: We invest in professional development and actively seek feedback to evolve our practices.
• Innovation: We embrace a culture of innovation. We are empowered to explore new methodologies and challenge conventional thinking, but ensure that strategies are vetted for unintended negative social or environmental consequences before implementation.

Respect and Inclusion

• Inclusion: We foster an environment where diversity of thought, background and identity is a competitive advantage. We have zero tolerance for discrimination or harassment.
• Professionalism: We strive to maintain a high standard of professionalism in our dealings with all stakeholders, ensuring that our output reflects the quality and expertise that our clients and partners expect from us.
• Confidentiality: We respect the privacy and confidentiality of our clients, partners and colleagues, ensuring that sensitive information is protected with ethical data-handling practices.

Social and Environmental Responsibility

We are dedicated to conducting our business in an ethical manner that promotes social responsibility and sustainability.

• Environmental Stewardship: We work to minimise our carbon footprint, reduce waste in our offices, and prioritise suppliers who hold ethical certifications.
• Community Engagement: We encourage employees to volunteer and engage in pro-bono work that aligns with our mission of community empowerment.
• Ethical Client Vetting: We use an ethical client policy to vet potential partners. We reserve the right to decline or disengage from contracts with organisations that profit from human rights violations, systemic environmental destruction or discriminatory practices.

Marketing and Public Relations Practices

PROJCT recognises that how we communicate is as important as what we do. We adhere to the following standards for all public-facing content. We commit to responsible practices in relation to claims about PROJCT’s social and environmental performance, our products and services, branding, taglines and declarations.

• Substantiated Claims (Anti-Greenwashing): We do not make vague or misleading claims about our social or environmental impact. All claims must be backed by verifiable data or third-party certifications.
• Social Media Integrity: We engage in constructive dialogue and do not engage in or tolerate hate speech, bullying, or the spread of misinformation.
• Truth in Advertising: We adhere to the ICC Advertising and Marketing Communications Code. Our marketing will be culturally sensitive and avoid reinforcing harmful stereotypes.
• Digital Ethics & Accessibility: We strive to make our digital content accessible. We do not use manipulative UX design to influence stakeholder behaviour.

Research Practices

We believe that conducting good research requires proper practices. We follow the Market Research Society Code of Conduct to produce quality research, insights and data.

Collaboration and Teamwork

We believe in the power of collaboration to achieve shared goals.

• Psychological Safety: We foster a culture of openness where team members feel safe to express concerns, admit mistakes and challenge the status quo without fear of retribution.
• Knowledge Sharing: Where appropriate, we share our insights and methodologies to help the broader creative industry move toward more ethical practices.
• Respect: We recognise and value the contributions of each team member, understanding that our collective success depends on the strength of our collaboration.

Commitment to Stakeholders

We are deeply committed to building and maintaining strong, trustworthy relationships with all our stakeholders, including clients, employees, partners and the communities we serve.

• Client Confidentiality: We protect client information with the utmost care, ensuring that all data is handled securely and in accordance with applicable laws.
• Stakeholder Engagement: We engage with our stakeholders in a transparent and responsible manner, ensuring that their interests are considered in our decision-making processes in accordance with our Stakeholder Engagement Policy.
• Ethical Client Relationships: We extend our ethical commitments to our clients, striving to collaborate with those who share our values. We reserve the right to disengage from any relationship that violates our ethical standards.

Application of our Code of Ethics

This Code of Ethics applies to all employees, contractors and any individual representing PROJCT. It serves as a guide for ethical decision-making and behavior in all aspects of our business.

Reporting Violations

All employees and contractors are encouraged to report behavior that violates this Code.

• Reporting: Concerns should be directed to the Managing Director. If the concern involves the Managing Director, reports may be made to an Advisory Board member.
• Non-Retaliation: PROJCT strictly prohibits retaliation against any individual who reports a violation in good faith.
• Enforcement: Violations may result in disciplinary action, including termination of employment or contract.

By adhering to this Code of Ethics, we ensure that PROJCT remains a trusted and responsible business. This Code of Ethics will be reviewed and updated from time to time to ensure continuous improvement and accountability. Each of us is responsible for upholding these principles and contributing to a positive and ethical work environment.

02

Privacy Policy and Data Security

2.1 Privacy Policy

At PROJCT, we understand the importance of privacy and the protection of personal information, which is why we have developed a comprehensive privacy protection policy and procedures to ensure that all personal information we collect is used and stored securely, and that it is only used for the purposes for which it was collected.

Handling of Personal Information

We have clear guidelines for handling personal information, including how it is collected, used, and shared. Our employees receive regular training on these guidelines to ensure that they are aware of their responsibilities and obligations when handling personal data. We also ensure that all data collected is done so through legal and ethical means. We have strict procedures in place to ensure that personal information is not used for any other purposes than for which it was collected.

Collection of Personal Information

PROJCT collects personal information that is necessary for the provision of our services. This includes information such as:

• Name
• Business affiliation
• Email address
• Phone number
• Address

We only collect personal information that is necessary for the provision of our services. As an example, we do not collect payment information but instead use a third-party intermediary. All personal information collected is done so through legal and ethical means.

Processing of Personal Information

Personal information collected by PROJCT is used for the provision of our services. This includes:

• Processing orders and payments (through Stripe as our third-party payment processing platform)
• Responding to inquiries
• Registration to our website
• Completion of any survey/questionnaire that we send (optional)
• Providing customer support
• Sending marketing communications
• Improving our products and services
• Conducting market research
• Analyzing customer behavior
• Personalizing customers' experiences with us

We do not share personal information with third parties without the user's explicit consent, except where required by law.

Sharing of Personal Information

PROJCT takes the privacy and security of personal information very seriously. In order to ensure this, we have a strict policy of not sharing any personal information with third parties.

We do not work with any vendors who do not meet our high standards for privacy and security.

We also understand the importance of transparency in data sharing. That's why we make sure that all data sharing is done in a secure and transparent manner. We will always inform a customer of any data sharing that takes place, and we will provide the opportunity to opt out.

Opt-Out

Users may opt-out of receiving marketing communications from PROJCT at any time by following the opt-out instructions in the communication or by contacting us via email at hi@projct.co.

Access Control

We have implemented strict access control measures to ensure that only authorized personnel can access sensitive information. Access to personal information is limited to those who require it to perform their job duties, with consideration for their function in the specific project. We also use strong passwords to ensure that only authorized personnel can access our systems. Additionally, access is strictly controlled to ensure that only authorized personnel are allowed in. Our access control measures also extend to third-party vendors with whom we work.

Data Encryption

We use encryption to protect personal information from unauthorized access. All personal information is encrypted both during transmission and at rest to ensure its security, which includes implementing SSL on our website. We also ensure that all encryption technologies used are up to date and compliant with industry standards.

Data Destruction

We adhere to industry best practices to securely dispose of personal information once it is no longer required. This includes revoking access for employees who are no longer with us. Our data destruction protocols are designed to ensure that the data is irretrievable, and we have strict procedures in place for the disposal of electronic devices that may contain personal information.

Third-Party Vendors

We ensure that any third-party vendors used by PROJCT are also in compliance with relevant laws and regulations. We also ensure that any personal information that is shared with third-party vendors is done so only for the purposes for which it was collected. We also ensure that all third-party vendors are aware of our privacy policies and procedures. We have strict procedures in place for the selection and monitoring of third-party vendors to ensure that they meet our privacy standards. Third-party vendor relationships start with signing of NDAs and/or other agreements needed to ensure compliance.

Audits and Assessments

We conduct regular audits and assessments of our privacy protection policies and procedures to ensure their effectiveness. We believe that regular assessments are important to ensure that we are always up to date with the latest best practices and standards. We also conduct regular assessments of third-party vendors that we work with to ensure their compliance with our privacy policies and procedures.

Continuous Improvement

We are committed to continuously improving our privacy protections policies and procedures. We regularly review our policies and procedures to ensure that they are up to date with the latest best practices and standards. We also encourage feedback from our employees and customers to help us identify areas for improvement.

2.2 Facilities Management

Access Requirements

Access to PROJCT's facilities is restricted to authorized personnel and invited guests only. Access is granted based on the individual's job duties and responsibilities. Visitors, contractors, and third-party vendors must be escorted by authorized personnel at all times.

Security Controls

PROJCT's facilities have a combination of physical and electronic security controls.

Documents

Sensitive documents are stored in locked cabinets or secured electronic systems. Only authorized personnel have access to these documents, and confidential documents are marked as confidential in both paper and digital form. We generally do not keep confidential information in non-digital formats.

Sharing of Facilities

PROJCT's facilities are not shared with any other companies or entities. This reduces the risk of confidential data leaks and other security breaches.

Compliance

All employees, visitors, contractors, and vendors must comply with PROJCT's facilities access policy. Failure to comply may result in disciplinary action, including termination of employment or contract.

2.3 Data Records Maintenance

At PROJCT, we understand the importance of maintaining accurate and up-to-date records. We have developed policies and procedures to ensure that all records are managed in a secure, organized, and efficient manner.

Document Retention

We have clear guidelines for the retention of documents, including limiting who has access to them, how long they should be kept and when they should be destroyed. These guidelines are based on legal and regulatory requirements, as well as internal business needs. Sensitive customer data should generally be destroyed as quickly as possible after they are no longer needed in an active workflow. We have strict procedures in place for the secure destruction of documents that are no longer needed.

Electronic Data Storage

We use recognized cloud services such as Dropbox, Google, Miro, Figma, Tableau and Apple iCloud for the storage of electronic documents. These services have strict security controls in place to ensure that all data is stored securely and protected from unauthorized access. We also ensure that all electronic documents are encrypted both during transmission and at rest to ensure their security. We do not store electronic documents on local servers.

Destruction of Data

We have strict procedures in place for the secure destruction of electronic data. All electronic data containing sensitive information is securely erased when it is no longer needed. We follow industry best practices to ensure that the data is irretrievable.

2.4 Information Security

At PROJCT, we understand the importance of strong policies and procedures on information security (systems, data, equipment, etc.), so that PROJCT, vendors, clients, and other stakeholders can feel well protected. We have developed plans to address information security issues.

Information Security Policies

General Information Security Policies:

• All personnel must be trained on information security policies and procedures.
• Access to information systems and data will be granted on a need-to-know basis.
• All personnel must report any suspected security incidents or breaches to the designated security officer.

Data Security Policies:

• All data will be classified according to its confidentiality and sensitivity.
• All data will be stored and transmitted using secure methods.
• All data backups will be encrypted and stored off-site on cloud-based servers.

System Security Policies:

• All systems will be secured using the principle of least privilege.
• All systems will be regularly updated with the latest security patches and software updates.
• All systems will be monitored for potential security incidents or breaches.

Equipment Security Policies:

• All equipment will be physically secured using locks or other appropriate methods.
• All equipment will be regularly inspected for signs of tampering or damage.
• All equipment will be disposed of using secure methods that prevent data loss or theft.

Data Backup and Recovery

We conduct regular backups of all critical systems and data to ensure that we can quickly recover from any system failures or data losses. We test our backups regularly to ensure their effectiveness and we have procedures in place to ensure that backups are securely stored and protected.

Employee Training and Awareness

We provide regular training to our employees on information security best practices, including password management, phishing awareness, and incident response. We also conduct regular awareness campaigns to ensure that all employees are aware of the importance of information security.

2.5 Systems Maintenance and Development

At PROJCT, we ensure that our systems are complying to the highest standards of quality and security. Our software is generally cloud-based and developed by best-in-class companies.

• As part of our policy, we also conduct regular system maintenance, which includes installing software updates and patches, conducting regular virus scans, and security audits. These measures ensure that our systems are up-to-date and fully operational at all times. Additionally, we have implemented strict access controls to our systems to ensure that only authorized personnel can access them.
• To ensure that all critical data is secure and available in the case of a system failure or emergency, we regularly back up data on cloud-based systems. This ensures that our data is recoverable in the event of a disaster. We also conduct regular tests of our data backup and recovery procedures to ensure their effectiveness.

2.6 Security Precautions

These are the security measures that PROJCT will use to protect our client/partner's data and resources. The aim is to secure the systems and data of our client/partner, and detect and respond to any unauthorized access attempts or potential intrusions quickly.

• To prevent unauthorized access to our client/partner's systems and data, access will be granted only to authorized personnel. Each user will be assigned a unique user ID and password, and access will be granted on a need-to-know basis. Passwords will be changed regularly, and multi-factor authentication will be used for sensitive data.
• To ensure network security, all network traffic between PROJCT and our client/partner will be encrypted using secure protocols. Heavily secured cloud-based servers will be used to restrict access to our client/partner's systems and data, and intrusion prevention and detection systems will be employed to monitor for any unauthorized access attempts.
• In case of a security incident, PROJCT has a standardized incident response plan in place. The plan includes procedures for identifying, containing, and eradicating the incident, as well as procedures for notifying our client/partner and any other affected parties.
• All personnel working on the project will be required to undergo security awareness training to ensure that they understand how to recognize and report security incidents, as well as best practices for protecting our client/partner's data and resources.

2.7 Business Continuity and Disaster Recovery Planning

At PROJCT, we understand the importance of business continuity and disaster recovery planning to ensure that our operations can continue in the event of a disruption. We have developed plans to address potential disruptions to our business, including natural disasters, cyber attacks, and other unforeseen events.

Business Continuity Planning

Our plan for business continuity includes the following:

• Risk Assessment: We regularly assess to identify any possible risks that could affect our business operations.
• Business Impact Analysis: We evaluate the potential impact of each identified threat on our business operations and prioritize our response accordingly.
• Business Continuity Strategies: We have developed specific strategies to address each identified threat, such as alternate work locations, remote work, backup systems and cloud-based data storage, and communication plans.

Disaster Recovery Planning

Our plan for disaster recovery includes the following:

• Backup and Recovery: We have put in place backup systems and cloud-based data storage to ensure that critical data and systems can be restored in the event of a disruption.
• Incident Response: We have a clear plan in place to ensure that we can respond quickly and effectively to any disruption.

03

Anti-Bribery and Corruption

Projct Limited is committed to conducting business in an ethical and honest manner and is committed to implementing and enforcing systems that ensure all forms of bribery, corruption, and fraud are prevented. Projct Limited has zero tolerance for bribery and corrupt activities. We are committed to acting professionally, fairly, and with integrity in all business dealings and relationships we build with our employees. Projct Limited will constantly uphold all laws relating to anti-bribery and corruption.

To Whom Does This Policy Apply?

This policy applies to all employees, managers, and owners of Projct Limited, including affiliates or temporary or contract employees. Employees must ensure that they do not become involved in any way in the payment of bribes. This policy sets out the minimum standards to which all employees of Projct Limited must adhere at all times.

Definitions

Bribery can be described as: giving or receiving anything from any person (usually money, a gift, loan, reward, favour, commission or entertainment), as an improper inducement or reward for obtaining business, employment or any other benefit. Bribes can therefore include, but are not limited to:

• Gifts and excessive or inappropriate entertainment, hospitality, travel and accommodation expenses;
• Payments, whether by employees or business partners such as recruiters, labour service providers or consultants; and
• Other 'favours' provided to supervisors, such as making unwanted advances, payments or promises.

Company Commitment

All employees of Projct Limited must adhere to the company ethos on bribery and corruption. No employee or manager will be allowed to take part or become involved in any form of bribery, corrupt behaviour, or fraud, including the following:

• Offer, pay, or give anything of value to any person through which one will unethically gain advantage or otherwise something in return which is not provided for in terms of their employment contract.
• Attempt to mislead or induce any person to do something illegal or which goes against the company policy.
• Mislead or intentionally lie to any person to gain an advantage above and beyond their employment agreement.
• Violate any rules by shifting blame or responsibility onto another employee/person.
• Fraudulent practices against the company ethos or legislation.
• Using funds for any unlawful contribution, gift, entertainment or other unlawful payments to any foreign or domestic government official or employee or any enterprise owned or controlled by a Government Authority, to any political party or official thereof or to any candidate for political office, or any officer or employee of a public international organization or to any Person under circumstances where such Relevant Affiliate knows, has reason to believe, or is aware of a high probability that all or a portion of such money or thing of value would be offered, given or promised, directly or indirectly, to any Government Official.

Projct Limited is committed to remove and combat any inappropriate behaviour immediately and will not tolerate such behaviour from employees, managers, or customers/clients in any way or form. This policy hereby binds the company to its commitment to regularly discuss and mitigate factors related to any form of bribery, corruption, or fraudulent behaviour.

04

Stakeholder Engagement

We believe in doing business with more than profit in mind, and are dedicated to considering the impact of our decisions on all our stakeholders. Our ultimate purpose is to deliver returns while having an overall positive impact on society and the environment. Our engagement will be guided by the following principles:

• Transparency: We will be open and honest about our impact and progress.
• Dialogue: We actively seek and listen to feedback, concerns, and suggestions from our stakeholders.
• Respect: We will treat all stakeholders with dignity and respect their rights and perspectives.
• Inclusivity: We strive to include diverse perspectives, especially those most likely to be affected by our actions. We specifically identify and ensure inclusive engagement for potentially vulnerable individuals or groups within our operations and value chain (e.g., temporary workers, specific community demographics), recognising underlying inequities and power structures.
• Accountability: We will document suggestions, consider stakeholder input in our decision-making, and report back on actions taken.

05

Grievance Handling

We are committed to providing an accessible and transparent way for stakeholders to raise concerns or grievances about our social, environmental, or governance issues. Concerns can be submitted via direct email to ops@projct.co.

Grounds for Acceptance

A grievance is accepted if it relates to our operations, including but not limited to: health and safety, environmental impacts, labour conditions, human rights, unethical behavior, or breaches of company policies. If a grievance is not accepted (e.g., it is out of scope or frivolous), the company will inform the complainant in writing of the specific reasons for rejection.

Process

All grievances are logged, assessed for urgency and impact, and a relevant team member is assigned responsibility for a response and resolution. We aim to acknowledge receipt within 2 business days and provide a resolution within 10 business days. We will regularly communicate and update the relevant stakeholder as needed about the process.

Facilitating Resolution

Resolution is facilitated through investigation, direct dialogue, mediation, or corrective actions (e.g., policy change, apology) aimed at addressing the root cause.

Confidentiality & Non-Retaliation

• Protection from Retaliation: We strictly prohibit any form of retaliation against stakeholders who raise grievances in good faith.
• Confidentiality: The identity of the complainant and details of the grievance will be kept confidential, sharing information only on a need-to-know basis for investigation.
• Non-Retaliation Controls: Any employee or manager found to be retaliating — including bullying, adverse treatment, or termination — will face disciplinary action.
• Reporting Retaliation: If a stakeholder feels they are being retaliated against, they should immediately report it to the Managing Director.