This page contains detailed information about PROJCT's policies on conduct, privacy, data security, anti-bribery, and corruption. These policies have been developed to ensure that we maintain the highest standards of ethical and responsible conduct in all areas of our business. They are designed to promote transparency and accountability, protect personal information, prevent fraudulent behavior and corruption, maintain the integrity of our research processes, and ensure that we comply with all relevant laws and regulations. Our policies are regularly reviewed and updated to reflect changes in the industry and to ensure that we continue to meet the evolving needs of our clients and stakeholders.
Contents
1. Code of Conduct
2. Privacy Policy and Data Security
2.1 Privacy Policy
2.2 Facilities Management
2.3 Data Records Maintenance
2.4 Information Security
2.5 Systems Maintenance and Development
2.6 Security Precautions
2.7 Business Continuity and Disaster Recovery Planning
3. Anti-Bribery and Corruption
1. CODE OF CONDUCT
At PROJCT, we follow mainstream standards of best practice conduct, such as the MRS (Market Research Society) Code of Conduct:
1.1 Ensure that their professional activities can be understood in a transparent manner.
1.2 Be straightforward and honest in all professional and business relationships.
1.3 Be transparent as to the subject and purpose of data collection.
1.4 Ensure that their professional activities are not used to unfairly influence views and opinions of participants.
1.5 Respect the confidentiality of information collected in their professional activities.
1.6 Respect the rights and well-being of all individuals.
1.7 Ensure that individuals are not harmed or adversely affected by their professional activities.
1.8 Balance the needs of individuals, clients, and their professional activities.
1.9 Exercise independent professional judgement in the design, conduct and reporting of their professional activities.
1.10 Ensure that their professional activities are conducted by persons with appropriate training, qualifications and experience.
1.11 Protect the reputation and integrity of the profession.
1.12 Take responsibility for promoting and reinforcing the principles and rules of the MRS Code of Conduct.
2. PRIVACY POLICY AND DATA SECURITY
2.1 PRIVACY POLICY
At PROJCT, we understand the importance of privacy and the protection of personal information, which is why we have developed a comprehensive privacy protection policy and procedures to ensure that all personal information we collect is used and stored securely, and that it is only used for the purposes for which it was collected.
Handling of Personal Information
We have clear guidelines for handling personal information, including how it is collected, used, and shared. Our employees receive regular training on these guidelines to ensure that they are aware of their responsibilities and obligations when handling personal data. We also ensure that all data collected is done so through legal and ethical means. We have strict procedures in place to ensure that personal information is not used for any other purposes than for which it was collected.
• Collection of Personal Information
PROJCT collects personal information that is necessary for the provision of our services. This includes information such as:
o Name
o Business affiliation
o Email address
o Phone number
o Address
We only collect personal information that is necessary for the provision of our services. As an example, we do not collect payment information but instead use a third-party intermediary. All personal information collected is done so through legal and ethical means.
• Processing of Personal Information
Personal information collected by PROJCT is used for the provision of our services. This includes:
o Processing orders and payments (through Stripe as our third-party
payment processing platform)
o Responding to inquiries
o Registration to our website
o Completion of any survey/questionnaire that we send (optional)
o Providing customer support
o Sending marketing communications
o Improving our products and services
o Conducting market research
o Analyzing customer behavior
o Personalize customers’ experiences with us
We do not share personal information with third parties without the user's explicit consent, except where required by law.
• Sharing of Personal Information
PROJCT takes the privacy and security of personal information very seriously. In order to ensure this, we have a strict policy of not sharing any personal information with third parties.
We do not work with any vendors who do not meet our high standards for privacy and security.
We also understand the importance of transparency in data sharing. That's why we make sure that all data sharing is done in a secure and transparent manner. We will always inform a customer of any data sharing that takes place, and we will provide the opportunity to opt out.
• Opt-Out
Users may opt-out of receiving marketing communications from PROJCT at any time by following the opt-out instructions in the communication or by contacting us via email at hi@projct.co.
Access Control
We have implemented strict access control measures to ensure that only authorized personnel can access sensitive information. Access to personal information is limited to those who require it to perform their job duties, with consideration for their function in the specific project. We also use strong passwords to ensure that only authorized personnel can access our systems. Additionally, access is strictly controlled to ensure that only authorized personnel are allowed in. Our access control measures also extend to third-party vendors with whom we work.
Data Encryption
We use encryption to protect personal information from unauthorized access. All personal information is encrypted both during transmission and at rest to ensure its security, which includes implementing SSL on our website. We also ensure that all encryption technologies used are up to date and compliant with industry standards.
Data Destruction
We adhere to industry best practices to securely dispose of personal information once it is no longer required. This includes revoking access for employees who are no longer with us. Our data destruction protocols are designed to ensure that the data is irretrievable, and we have strict procedures in place for the disposal of electronic devices that may contain personal information.
Third-Party Vendors
We ensure that any third-party vendors used by PROJCT are also in compliance with relevant laws and regulations. We also ensure that any personal information that is shared with third-party vendors is done so only for the purposes for which it was collected. We also ensure that all third-party vendors are aware of our privacy policies and procedures. We have strict procedures in place for the selection and monitoring of third-party vendors to ensure that they meet our privacy standards. Third-party vendor relationships start with signing of NDAs and/or other agreements needed to ensure compliance.
Audits and Assessments
We conduct regular audits and assessments of our privacy protection policies and procedures to ensure their effectiveness. We believe that regular assessments are important to ensure that we are always up to date with the latest best practices and standards. We also conduct regular assessments of third-party vendors that we work with to ensure their compliance with our privacy policies and procedures.
Continuous Improvement
We are committed to continuously improving our privacy protections policies and procedures. We regularly review our policies and procedures to ensure that they are up to date with the latest best practices and standards. We also encourage feedback from our employees and customers to help us identify areas for improvement.
2.2 FACILITIES MANAGEMENT
Access Requirements
Access to PROJCT's facilities is restricted to authorized personnel and invited guests only. Access is granted based on the individual's job duties and responsibilities. Visitors, contractors, and third-party vendors must be escorted by authorized personnel at all times.
Security Controls
PROJCT's facilities have a combination of physical and electronic security controls.
Documents
Sensitive documents are stored in locked cabinets or secured electronic systems. Only authorized personnel have access to these documents, and confidential documents are marked as confidential in both paper and digital form. We generally do not keep confidential information in non-digital formats.
Sharing of Facilities
PROJCT's facilities are not shared with any other companies or entities. This reduces the risk of confidential data leaks and other security breaches.
Compliance
All employees, visitors, contractors, and vendors must comply with PROJCT's facilities access policy. Failure to comply may result in disciplinary action, including termination of employment or contract.
2.3 DATA RECORDS MAINTENANCE
At PROJCT, we understand the importance of maintaining accurate and up-to-date records. We have developed policies and procedures to ensure that all records are managed in a secure, organized, and efficient manner.
Document Retention
We have clear guidelines for the retention of documents, including limiting who has access to them, how long they should be kept and when they should be destroyed. These guidelines are based on legal and regulatory requirements, as well as internal business needs. Sensitive customer data should generally be destroyed as quickly as possible after they are no longer needed in an active workflow. We have strict procedures in place for the secure destruction of documents that are no longer needed.
Electronic Data Storage
We use recognized cloud services such as Dropbox, Google, Miro, Figma, Tableau and Apple iCloud for the storage of electronic documents. These services have strict security controls in place to ensure that all data is stored securely and protected from unauthorized access. We also ensure that all electronic documents are encrypted both during transmission and at rest to ensure their security. We do not store electronic documents on local servers.
Destruction of Data
We have strict procedures in place for the secure destruction of electronic data. All electronic data containing sensitive information is securely erased when it is no longer needed. We follow industry best practices to ensure that the data is irretrievable.
2.4 INFORMATION SECURITY
At PROJCT, we understand the importance of strong policies and procedures on information security (systems, data, equipment, etc.), so that PROJCT, vendors, clients, and other stakeholders can feel well protected. We have developed plans to address information security issues.
Information Security Policies
General Information Security Policies:
• All personnel must be trained on information security policies and procedures.
• Access to information systems and data will be granted on a need-to-know basis.
• All personnel must report any suspected security incidents or breaches to the designated security officer.
Data Security Policies:
• All data will be classified according to its confidentiality and sensitivity.
• All data will be stored and transmitted using secure methods.
• All data backups will be encrypted and stored off-site on cloud-based servers.
System Security Policies:
• All systems will be secured using the principle of least privilege.
• All systems will be regularly updated with the latest security patches and software updates.
• All systems will be monitored for potential security incidents or breaches.
Equipment Security Policies:
• All equipment will be physically secured using locks or other appropriate methods.
• All equipment will be regularly inspected for signs of tampering or damage.
• All equipment will be disposed of using secure methods that prevent data loss or theft.
Data Backup and Recovery
We conduct regular backups of all critical systems and data to ensure that we can quickly recover from any system failures or data losses. We test our backups regularly to ensure their effectiveness and we have procedures in place to ensure that backups are securely stored and protected.
Employee Training and Awareness
We provide regular training to our employees on information security best practices, including password management, phishing awareness, and incident response. We also conduct regular awareness campaigns to ensure that all employees are aware of the importance of information security.
2.5 SYSTEMS MAINTENANCE AND DEVELOPMENT
At PROJCT, we ensure that our systems are complying to the highest standards of quality and security. Our software is generally cloud-based and developed by best-in-class companies.
• As part of our policy, we also conduct regular system maintenance, which includes installing software updates and patches, conducting regular virus scans, and security audits. These measures ensure that our systems are up-to-date and fully operational at all times. Additionally, we have implemented strict access controls to our systems to ensure that only authorized personnel can access them.
• To ensure that all critical data is secure and available in the case of a system failure or emergency, we regularly back up data on cloud-based systems. This ensures that our data is recoverable in the event of a disaster. We also conduct regular tests of our data backup and recovery procedures to ensure their effectiveness.
2.6 SECURITY PRECAUTIONS
These are the security measures that PROJCT will use to protect our client/partner's data and resources. The aim is to secure the systems and data of our client/partner, and detect and respond to any unauthorized access attempts or potential intrusions quickly.
Security precautions:
• To prevent unauthorized access to our client/partner's systems and data, access will be granted only to authorized personnel. Each user will be assigned a unique user ID and password, and access will be granted on a need-to-know basis. Passwords will be changed regularly, and multi-factor authentication will be used for sensitive data. These measures will significantly reduce the risk of data breaches and protect against malicious activities.
• To ensure network security, all network traffic between PROJCT and our client/partner will be encrypted using secure protocols. Heavily secured cloud-based servers will be used to restrict access to our client/partner's systems and data, and intrusion prevention and detection systems will be employed to monitor for any unauthorized access attempts. These measures will help detect and prevent cybersecurity threats, including malware and other malicious activities that may compromise our client/partner's systems and data.
• In case of a security incident, PROJCT has a standardized incident response plan in place. The plan includes procedures for identifying, containing, and eradicating the incident, as well as procedures for notifying our client/partner and any other affected parties. The goal is to minimize the impact of any security incident and ensure that our client/partner's systems and data are protected.
• All personnel working on the project will be required to undergo security awareness training to ensure that they understand how to recognize and report security incidents, as well as best practices for protecting our client/partner's data and resources. This training will help keep everyone informed and prepared to respond to any security breaches.
2.7 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
At PROJCT, we understand the importance of business continuity and disaster recovery planning to ensure that our operations can continue in the event of a disruption. We have developed plans to address potential disruptions to our business, including natural disasters, cyber attacks, and other unforeseen events.
Business Continuity Planning
Our plan for business continuity includes the following:
• Risk Assessment: We regularly assess to identify any possible risks that could affect our business operations.
• Business Impact Analysis: We evaluate the potential impact of each identified threat on our business operations and prioritize our response accordingly.
• Business Continuity Strategies: We have developed specific strategies to address each identified threat, such as alternate work locations, remote work, backup systems and cloud-based data storage, and communication plans.
Disaster Recovery Planning
Our plan for disaster recovery includes the following:
• Backup and Recovery: We have put in place backup systems and cloud-based data storage to ensure that critical data and systems can be restored in the event of a disruption.
• Incident Response: We have a clear plan in place to ensure that we can respond quickly and effectively to any disruption.
3. ANTI-BRIBERY AND CORRUPTION
Projct Limited is committed to conducting business in an ethical and honest manner and is committed to implementing and enforcing systems that ensure all forms of bribery, corruption, and fraud are prevented. Projct Limited has zero tolerance for bribery and corrupt activities. We are committed to acting professionally, fairly, and with integrity in all business dealings and relationships we build with our employees. Projct Limited will constantly uphold all laws relating to anti-bribery and corruption.
To whom does this policy apply?
This policy applies to all employees, managers, and owners of Projct Limited, including affiliates or temporary or contract employees. Employees must ensure that they do not become involved in any way in the payment of bribes. This policy sets out the minimum standards to which all employees of Projct Limited must adhere at all times.
Definitions
Bribery can be described as: giving or receiving anything from any person (usually money, a gift, loan, reward, favour, commission or entertainment), as an improper inducement or reward for obtaining business, employment or any other benefit. Bribes can therefore include, but are not limited to:
• gifts and excessive or inappropriate entertainment, hospitality, travel and accommodation expenses;
• payments, whether by employees or business partners such as recruiters, labour service providers or consultants; and
• other 'favours' provided to supervisors, such as making unwanted advances, payments or promises.
Company Commitment
All employees of Projct Limited must adhere to the company ethos of bribery and corruption. No employee or manager will be allowed to take part or become involved in any form of bribery, corrupt behaviour, or fraud, including the following:
• Offer, pay, or give anything of value to any person through which one will unethically gain advantage or otherwise something in return which is not provided for in terms of their employment contract.
• Attempt to mislead or induce any person to do something illegal or which goes against the company policy.
• Mislead or intentionally lie to any person to gain an advantage above and beyond their employment agreement.
• Violate any rules by shifting blame or responsibility onto another employee/person.
• Fraudulent practices against the company ethos or legislation.
• Using funds for any unlawful contribution, gift, entertainment or other unlawful payments to any foreign or domestic government official or employee or any enterprise owned or controlled by a Government Authority, to any political party or official thereof or to any candidate for political office, or any officer or employee of a public international organization or to any Person under circumstances where such Relevant Affiliate knows, has reason to believe, or is aware of a high probability that all or a portion of such money or thing of value would be offered, given or promised, directly or indirectly, to any Government Official.
Projct Limited is committed to remove and combat any inappropriate behaviour immediately and will not tolerate such behaviour from employees, managers, or customers/clients in any way or form. This policy hereby binds the company to its commitment to regularly discuss and mitigate factors related to any form of bribery, corruption, or fraudulent behaviour.