About this privacy notice
At Pure Leapfrog we respect your privacy and are committed to protecting your personal data. This ‘privacy notice’ explains amongst other things, how and why we collect, store, use and share personal data and your rights to control our use of it.
It applies not just to use of our website, but also personal data that we process through other interactions with individuals in the course of running our organisation and delivering our services. This includes potential and existing clients and partners, industry contacts, people interested in working for or with us and our suppliers. Our website and services are not intended for children and we do not knowingly collect data relating to children.
Information about the us (the ‘data controller’)
Pure Leapfrog is a charity that enables communities to take power over their own clean energy future. We provide affordable finance, expertise and support to community energy projects, enabling them to create the clean, green and sustainable energy system that they want to see. We are a group of three companies:
Pure Leapfrog – Company no. 05534395 – Charity no. 1112249
Leapfrog Finance Limited – Company no. 07038343
Leapfrog Bridge Finance Limited – Company no. 09726408
Our contact address is 7-14 Great Dover Street, London, SE1 4YR. To get in contact please see “How to contact us” below.
This privacy notice is issued on behalf of all group companies, so when we mention “Pure Leapfrog”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in our group responsible for processing your data.
Where we collect, use and are responsible for personal data about individuals (including you), we are regulated under applicable data protection laws, such as the EU General Data Protection Regulation (“GDPR”). We are responsible as “data controller” of that personal data for the purposes of the law.
Types of personal data obtained, purposes and legal basis
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use personal data from different categories of individual for several different purposes and each with its own legal (or ‘lawful’) basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
If you fill in a form on our website to contact us: We will store the data you enter (usually name, contact details, comment and possibly also telephone no, website, organisation name, job title) for the purposes of answering your enquiry or otherwise communicating with you. We do this on the basis that it is necessary for our legitimate interests in operating our website and our organisation. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below) or use the unsubscribe links on marketing emails.
If you make a donation to our charity via our website: We will receive and store the following data that you enter: name, address, donation amount, comment, reason for donation. We need this for the purposes of taking payment, understanding our donors and claiming gift aid. We do this on the basis that it is necessary for our legitimate interests in raising funds for our charity. Please note that we do not receive, store or have access to the card details that you enter as the payment is taken by Paypal, Stripe or GoCardless.
If you use our flight carbon offsetting tool: we will receive and store the following data that you enter: flight take-off and landing location, number of passengers, class of travel and donation amount. We need this for the purposes of calculating carbon emissions associated with your flight, taking payment and claiming gift aid. We do this on the basis that it is necessary for our legitimate interests in providing a carbon offsetting tool for our client and its customers and in raising funds for offsetting projects. Please note that we do not receive, store or have access to the card details that you enter as the payment is taken by Paypal, Stripe or GoCardless.
If you receive our email newsletters: We will hold your name and email address for the purpose of sending you news and updates in relation to our activities and clean community energy. We process this data on the basis that we have your consent. You can withdraw your consent at any time by using the “unsubscribe” links at the bottom of each email.
If you work for a client or if you are an industry contact or working in a field relevant to our mission: we may hold your name, company, job title and contact details, and in certain situations, we may hold your identity and background information for the purposes of ‘know your client’ checks. We will have been provided with this data either by you or your employer or in some cases we may have sourced it from publicly available sources, such as Linked In and internet searches. We need this data in order to interact with you (or your employer) for the following purposes:
- Operating and developing our organization and service and performing compliance checks;
- Communicating with interested people regarding events, news and updates; and
- Gathering and disseminating information and sharing knowledge relevant to our mission.
We do this on the basis that it is necessary for our legitimate interests in operating our organisation and delivering our services. We will hold your details for as long as we need to interact with you for these purposes. We may also need this information for regulatory reasons. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
If you are a supplier or work for a supplier: we may hold your name and contact details in order to interact with you or your employer to procure and pay for goods and services. We do this on the basis that it is necessary for our legitimate interests in doing business with your or your company. We will hold this information for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
Cookies and similar technologies
If you visit our website, we may store information relating to you using cookies or similar technologies, which we can access when you visit our site in future.
Retention of personal data
We retain personal data only for as long as is needed for the purposes for which the personal data was collected, taking into account applicable data protection laws, retention periods under applicable laws, limitation periods and our business needs.
Sharing your personal data
We may share your personal data with the following third parties in certain circumstances:
- IT and system administration service providers acting as data processors (see below) who provide services or cloud-based software to enable us to operate our organisation.
- Professional advisers such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services.
- Law enforcement or other authorities (such as tax authorities) if required by applicable law.
If you attend one of our events, the name and company of attendees are usually be shared with the event speakers, our Board and trustees, any third-party event hosts and may be shared with other attendees. This is done to share knowledge and enable access to the venue.
We may, on a targeted and individual basis, make email introductions to other industry participants, to whom we believe you may be interested in being introduced.
We reserve the right to disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy. In such case, we will require the relevant third parties to provide comparable levels of protection as we provide with respect to the information we share.
Data processors: We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our organisation and the services we provide. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
- Website analytics service providers
- Website and data hosting service providers
- Document storage service providers
- Email, contacts and calendar service providers
- CRM service providers
- Accounting software service providers
These ‘data processors’ only process data on our behalf. They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law.
For security reasons we do not name all our service providers in this privacy notice. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.
International transfers of personal data
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. In some cases, they hold copies of your personal data outside the EEA.
In each case our processors and/or we employ one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
- Restricting transfers to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Use of specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- For providers storing data in the US, self-certification to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
Your personal data rights
The personal data we hold about you is your data, and you have certain rights over the data under applicable data protection laws. This section summarises the rights you have where your personal data is protected under GDPR.
- You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
- Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data.
- Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms.
- You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
- In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it, or to request restriction of processing of your personal data.
- Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format in certain circumstances.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below).
Automated decision-making using personal data
You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.
Changes to this privacy notice
We may change this privacy notice from time to time by amending this page. This privacy notice was last updated on 3rd October 2019.
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, please email us at firstname.lastname@example.org.