Privacy Policy
PRIVACY POLICY
We keep this privacy policy under regular review and will place any updates on this page. This was last updated on 1 April 2021.
Our privacy commitment
Leap only collects and stores personal and sensitive data that is necessary to achieve its charitable aims, and it does so in accordance with the General Data Protection Regulation (GDPR)
Data protection is about ensuring people can trust Leap to use their data fairly and responsibly. Leap collects and stores data about individuals for a range of reasons, all of which enable Leap to achieve its charitable aims.
Leap has a Data Protection Lead (DPL) who is responsible for the management and coordination of data protection within the charity. All Leap personnel are required to have a working understanding of GDPR and abide by the charity’s policies and procedures in relation to data protection.
Cookies
PURPOSE OF DATA COLLECTION VIA OUR WEBSITE
We automatically collect data about you using cookies on our website:
- To understand how users are using and interacting with our website
- In order for us to improve the overall experience, ensuring it is useful and relevant
We do not collect this data for marketing or remarketing purposes.
PERSONAL INFORMATION WE COLLECT
IP address and/or domain name
Device type and operating system
Date, time and duration of your visit to the website
Pages you visit
How frequently you visit
Anonymised video of how someone interacted with our website
Heat and click maps
WHO STORES THE PERSONAL DATA WE COLLECT
Leap Confronting Conflict
Information we obtain from you via paper is safely destroyed once inputted to the relevant database.
Salesforce
A third-party, compliant with UK legislation Data Protection Act. Stores primary contact information, web-form sign ups and transaction data. This is the mechanism by which we communicate with donors, funders and programme partners. Any and all of this personal data is stored on Salesforce secure servers and backed up in the UK. For the purposes of GDPR, Leap Confronting Conflict is deemed the ‘Data Controller’ and Planning Centre the ‘Data Processor’.
Big Mallet Web Server
Big Mallet web Infrastructure incorporates High Availability pairs of virtual appliances, such as VMware NSX firewalls, Load Balancers, Web Application Firewalls and Intrusion Detection Systems. Due to the virtual nature of the appliances Big Mallet are able to scale indefinitely during traffic spikes or marketing drives whilst providing high levels of hardware redundancy at an effective level.
Big Mallet delivers a complete DDoS protection solution based on detection, diversion, verification and forwarding to ensure total protection. When a DDoS attack is launched against a victim protected by our solution, we ensure that business continuity is maintained. When a DDOS attack is identified, the data traffic destined for the target device is diverted to our DDoS scrubbing centres for treatment. This traffic is then analysed and filtered. Bad data packets are then blocked and good data packets are forwarded to the target device to maintain business continuity.
The server environment has attained PCI-DSS and a variety of IEC accreditations. Providing processes and systems to provide secure services to clients in accordance with the ISO standards.
The server environment has also obtained the cyber essentials plus, CSA Star and CiSP.
Stripe
Stripe, Inc and it’s affiliates are Leap Confronting Conflict’s donation payment provider. Stripe will generally not collect your Personal Data directly from you, instead Leap will store information like your name, address, date of giving and amount on our Salesforce database.
PERSONAL DATA
PURPOSE OF OUR DATA COLLECTION
We collect and store personal data from supporters, donors and programme partners connected to the work of Leap Confronting Conflict to:
To inform people of the work we are doing
To communicate with people
To provide other support services we offer
For donation purposes, administrating any ongoing donations or claiming Gift Aid
For the immediate reason you have it to use if not covered above, such as to process a request, sign up to a newsletter, register for a course or event
We do not use personal data in any way other than to further the work we are doing. We do not share your information with third-parties for marketing purposes.
THE TYPES OF PERSONAL DATA WE COLLECT AND STORE
We collect and store personal data from supporters, donors and programme partners connected to the work of Leap Confronting Conflict. Such as:
Name
Organisation (if applicable)
Job title (if applicable)
Address
Phone Number
Social Media handles
Area(s) in which you are interested in learning more about our campaigning, training and policy information work
Under 18s in your care
Donation history
Bank account details
We do not use personal data in any way other than to further the work we are doing. We do not share your information with third-parties for marketing purposes. However, in situations concerning the safety and safeguarding of a young person or adult, we will work with appropriate authorities.
ADDITIONAL PERSONAL DATA WE COLLECT AND STORE FOR UNDER 18S
Age
Gender
Parent/guardian name(s)
Named parent/guardian(s) relationship to respective Under 18
Parent/guardian phone number
Parent/guardian email
GP name
GP address
GP contact number
Relevant medical, nutritional or allergy needs or requirements
HOW WE COLLECT PERSONAL DATA
Form submission, such as filling out a Pledge Card, advocacy consent form or signing up to our monthly newsletters
Registration
Email subscription
Pre-course risk assessments
Evaluation forms
Surveys
Medical forms (Under 18s)
You will have provided opt-in consent in order for us to have collected and subsequently store this data on you.
WHO AT LEAP CONFRONTING CONFLICT CAN ACCESS PERSONAL DATA
Only authorised personnel are permitted to access personal data. Programme Managers, Safeguarding Team and Training Manager who deliver training are permitted to relevant personal data of relevant people i.e. those that are attending residentials or online training course, but do not have access to all of the personal data we store.
ACCESSING YOUR DATA
You also have the right to request a copy of the information we hold on you, although we will ask for some form of identification to ensure you are the person to who the personal data relates. Email info@leapcc.org.uk if you would like to do so.
If you are concerned about how we have collected, managed or stored your personal information, email our Data Protection Lead at info@leapcc.org.uk