Privacy & complaints policy

We take your privacy very seriously and we are committed to protecting it. We are committed to being transparent about how we collect and use your data to meet our obligations under the General Data Protection Regulation (GDPR).

The basic principles guiding our collection and processing of personal data are as follows:

  • We will only ever collect data for what we really need to know
  • We will collect and use personal data transparently, honestly and fairly
  • We will respect your choices around the data we hold about you
  • We will use appropriate security measures to protect your data in line with best practice
  • We will never collect and process special category personal information without explicit consent
  • We will never share your personal data externally without your explicit consent
  • We will never sell your data

What personal information might we collect and how will we use it?

Personal information means any information about an individual from which that person can be identified. Leap may collect and process the following information:

  • Personal and contact details, such as names, addresses, telephone numbers, email addresses
  • Bank account details
  • Information gathered from business and social media sources within the public domain
  • Information requested from job applicants
  • Information related to the monitoring and evaluation of our training courses
  • Information collected via cookies, which are small pieces of information that are stored by your browser on your computer’s hard drive that allow us to track your visits to the Site.

Do we collect and process sensitive personal information? 

Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In some cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so and we have received your explicit consent.

It is necessary for us to collect personal and sensitive information to deliver our services to young people. If you are under the age of 18, we will seek permission from your parent or guardian.

Why do we collect and process your personal and sensitive information? 

Leap collects and processes personal and sensitive information for reasons that include:

  • Providing the services or goods that you have requested
  • Carrying out monitoring and evaluation of our training courses
  • Updating you with important messages about an event, activities of the charity, services or goods you have requested, or financial transactions
  • Keeping a record of your relationship with us
  • Complying with the Charities (Protection and Social Investment) Act 2016 and following the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations
  • Fundraising activities, including processing donations, Gift Aid claims or other payments
  • Administering the recruitment and employment of staff, contractual arrangements, and the engagement of volunteers

We will only collect and process personal and sensitive information when:

  • it is necessary for our legitimate interests in connection with carrying out our business, as long as, in each case, these interests are in line with applicable law and your legal rights; and/or
  • where you have provided explicit consent; and/or
  • where this is necessary for legal obligations which apply to us.

How long do we store personal and sensitive information for?

It is our policy to retain your personal and sensitive information for the length of time required for the specific purpose or purposes for which it was collected, which are set out in this Privacy Policy. However, on occasion we may be obliged to store some data for a longer time, for example, where a longer time period is required by applicable laws. In this case, we will ensure that your personal data will continue to be treated in accordance with this privacy policy.

Who has access to your data?

Your information may be shared internally, including with volunteers, Leap staff members and associate trainers, who are responsible for managing and administering projects, events, and marketing and fundraising activities.

We may have to share your data with third parties, including third-party service providers, for example in connection with supporting our CRM system and IT network (including remote support) and professional advisers, where necessary. We may also share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest.

We require third parties to respect the security of your data and treat it in accordance with the law. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

In some cases, Leap will share sensitive information with partner organisations and external evaluators for the purposes of monitoring and evaluating our courses. We will only do so with your explicit consent. The information will be securely transferred and in most cases pseudonymised.

How do we keep your data safe?

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

What are your rights?

Under the General Data Protection Regulation you have a number of important rights

  • Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our newsletter emails).
  • You have the right to ask for rectification and/or deletion of your information.
  • You have the right of access to your information.
  • You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.

A full summary of your legal rights over your data can be found on the Information Commissioner’s website.

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please email us at info@leapcc.org.uk or write to us at Leap Confronting Conflict, Wells House (Unit7), 5-7 Wells Terrace, Finsbury Park, London N4 3JU.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you are unhappy with the way that we have handled your Personal Information, you can make a complaint to the Information Commissioners Office (ICO) which is the UK authority responsible for data protection.

What happens if we change our Privacy Policy?

Any changes we make to our Privacy Policy will be posted on this page and, where appropriate, notified to you in email.