PURE LEAPFROG — Privacy Notice
About This Privacy Notice
At Pure Leapfrog we respect your privacy and are committed to protecting your personal data. This privacy notice explains how and why we collect, store, use, and share personal data, and your rights to control our use of it.
It applies not just to use of our website, but also to personal data we process through other interactions with individuals in the course of running our organisation and delivering our services. This includes potential and existing clients and partners, industry contacts, people interested in working for or with us, and our suppliers.
It also applies to individuals who contact or use the Energy Advice Line for Mortgage Prisoners, which is operated by Pure Leapfrog. A dedicated section below sets out the additional information relevant to that service.
Our website and services are not intended for children and we do not knowingly collect data relating to children.
Information About Us (the ‘Data Controller’)
Pure Leapfrog (Company no. 05534395, Charity no. 1112249) is a sustainability charity working with communities to develop responses to sustainability challenges across the systems of Carbon, Energy, Buildings, Finance, Nature and Place. We develop new business models and solutions that have environmental and social impact.
Our registered address is 82 Tanner Street, London, SE1 3GN. For contact details, see the “How to Contact Us” section below.
This privacy notice is issued on behalf of all group companies. When we mention “Pure Leapfrog”, “we”, “us” or “our”, we are referring to the relevant company in our group responsible for processing your data.
Where we collect, use and are responsible for personal data about individuals (including you), we are regulated under applicable data protection laws, such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are responsible as “data controller” of that personal data for the purposes of the law.
Types of Personal Data, Purposes and Legal Basis
Personal data means any information about an individual from which that person can be identified. It does not include anonymous data.
We use personal data from different categories of individuals for several different purposes, each with its own lawful basis.
If you fill in a form on our website to contact us
We store the data you enter (usually name, contact details, comment, and possibly telephone number, website, organisation name, job title) for the purposes of answering your enquiry or otherwise communicating with you. We do this on the basis of our legitimate interests in operating our website and organisation.
If you would like us to update or delete your information, please email us (see “How to Contact Us”) or use the unsubscribe links on marketing emails.
If you make a donation via our website
We receive and store the following data you enter: name, address, donation amount, comment, reason for donation. We need this for taking payment, understanding our donors, and claiming Gift Aid. This is based on our legitimate interests in raising funds for our charity.
We do not receive or store your card details. Payments are taken by PayPal, Stripe or GoCardless.
If you use our flight carbon offsetting tool
We receive and store: flight take-off and landing location, number of passengers, class of travel, and donation amount. We need this to calculate emissions, take payment, and claim Gift Aid. This is based on our legitimate interests in providing a carbon offsetting tool and raising funds for offsetting projects.
We do not receive or store your card details. Payments are taken by PayPal, Stripe or GoCardless.
If you interact with us through partners or suppliers working on our behalf
If you access our services or take part in research and development projects delivered through trusted partners, we may collect details such as health, income, ethnicity, religion, and other demographic metrics. You will have provided this information while taking part in a project or using our services.
If you receive our email newsletters
We hold your name and email address for the purpose of sending you news and updates about our activities and clean community energy. We process this data based on your consent. You can withdraw consent at any time via the unsubscribe link in each email.
If you work for a client, are an industry contact, or work in a relevant field
We may hold your name, company, job title, contact details, and in some cases identity and background information for “know your client” checks. We may receive this from you, your employer, or publicly available sources such as LinkedIn.
We use this data to:
- Operate and develop our organisation and services, and perform compliance checks
- Communicate regarding events, news and updates
- Gather and share information relevant to our mission
This is based on our legitimate interests in operating our organisation and delivering our services.
If you are a supplier or work for a supplier
We may hold your name and contact details to procure and pay for goods and services. This is based on our legitimate interests in doing business with you or your company.
Energy Advice Line for Mortgage Prisoners
This section applies specifically to individuals who contact or use the Energy Advice Line for Mortgage Prisoners, a service operated by Pure Leapfrog.
Pure Leapfrog operates the Energy Advice Line for Mortgage Prisoners. We collect and use your personal information to provide tailored advice, understand your situation, improve our service, and ensure we can continue offering secure and effective support. We only collect information that is necessary for these purposes or that our funders require us to record. You may ask us to delete your personal data at any time.
What Information We Collect
When you contact our phone line or participate in video calls, we may collect:
- Name
- Contact number and email address
- Home address
- Income details, including mortgage payments
- Benefits information
- The reason you believe you are a mortgage prisoner
- Advice provided
- Call transcripts
- Video call recordings
- Referrer details, such as the name, organisation, role, and contact information of the person or organisation who referred you to our service
Our phone service is provided by Sipgate. All calls to our Energy Advice Line are recorded and may be analysed using artificial intelligence (AI) tools built into the Sipgate platform. This analysis may include automated transcription and quality monitoring. We will always inform you at the start of a call that it is being recorded and analysed, and will ask for your consent before proceeding. You may withdraw your consent at any time by contacting us.
We may also ask for additional information where relevant to your support needs:
- Number of occupants in the household
- Gender
- Whether you are in debt with your energy supplier
- Age or date of birth
- Any relevant health conditions
How We Use Your Information
We use your information to:
- Provide advice and support
- Conduct research and evaluate our service
- Improve the quality, accuracy, and reliability of our work
- Maintain accurate records of participation and communication
- Record the details of any referrer to understand how you came to our service, ensure continuity of support, and meet our reporting obligations
Sharing Your Information
We may share your personal data with third parties in the following circumstances:
- Reporting to grant funders and project partners where required
- Evaluating and researching the impact of our services. Findings or case studies may be published, but we will not publish personal data without your explicit agreement
- Making referrals to other organisations (such as Citizens Advice, energy efficiency installers, utility suppliers, or network operators), but only with your explicit consent
- Where appropriate and with your explicit consent, we may communicate with your referrer to coordinate support. We keep a record of these interactions as part of your case file
We may also share information without your consent in the following circumstances:
- With law enforcement or other authorities (including tax or social services) where required by law or where we believe there is a risk of harm
- To create anonymous case studies or reports
Lawful Basis for Using Your Information
For this service, we rely on consent as our lawful basis for processing your personal data. You may withdraw your consent at any time by contacting us. If you do so, we will stop processing your data and delete it unless we are required to retain certain information for legal or safeguarding reasons.
Data Processors
We use trusted service providers to support our operations. These organisations act as data processors and may include:
- Microsoft 365 — email, calendar, and contacts services
- Microsoft SharePoint — document storage
- Lovable — CRM system and client management (SOC 2 Type 2 and ISO 27001:2022 certified). Client data is stored on Supabase infrastructure via Lovable Cloud
- Sipgate — telephone services and call recording, including AI-powered call analysis
- Website analytics providers
- Website and data hosting providers
- Accounting software providers
- Data analysis providers
These organisations only process personal data on our behalf and in accordance with our instructions.
Cookies and Similar Technologies
If you visit our website, we may store information using cookies or similar technologies. Some cookies may include information that identifies you. For more information, see our Cookie Policy.
How We Store and Protect Your Information
We use a secure client management system provided by Lovable. Lovable is SOC 2 Type 2 compliant and ISO 27001:2022 certified, meaning their platform meets recognised high-security standards. Telephone calls are handled through Sipgate, our phone service provider. Call recordings and any AI-generated transcripts or analysis are stored securely within Sipgate’s platform and are accessible only to authorised team members. Information from Mortgage Prisoners Energy Advice Line calls is stored securely within our Customer Relationship Management system and is accessible only to authorised team members using password-protected accounts.
We have appropriate security measures to prevent loss, misuse, or unauthorised access. Access is limited to those with a business need and is subject to confidentiality obligations. We have procedures for dealing with suspected data breaches and will notify you and regulators where legally required.
Retention of Personal Data
We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account data protection laws, legal retention periods, limitation periods, and our operational needs. Unless you request deletion sooner, your information will be held for seven years.
If you would like more information about our retention periods or how they are determined, please contact us.
International Transfers of Personal Data
We do not directly transfer your personal data outside the UK or EEA. However, some data processors may do so. Safeguards include:
- Transfers only to countries deemed adequate by the relevant authority
- Use of approved model contracts
- For US providers, self-certification to applicable data transfer frameworks
Your Personal Data Rights
You have the following rights under UK data protection law:
- Right of access — to request copies of your personal information
- Right to rectification — to correct inaccurate or incomplete information
- Right to erasure — to ask us to delete your information
- Right to restrict processing — to limit how your data is used
- Right to object — in certain circumstances
- Right to data portability — to request your data in a transferable format
- Right to withdraw consent — at any time
To exercise these rights, please email us (see “How to Contact Us” below). We will respond to your request within one month.
Automated Decision-Making
We do not undertake automated decision-making or profiling that produces legal or similarly significant effects.
How to Make a Complaint
If you are unhappy with how we have handled your personal data, we ask that you contact us in the first instance so we have the opportunity to put things right. You can raise a data protection concern using our online complaints form:
Online complaints form: pureleapfrog.org/data-protection-complaints
Alternatively, you may contact us directly by email or phone using the details in the “How to Contact Us” section below.
We will acknowledge your complaint within five working days and aim to provide a full response within one month. If you remain dissatisfied after we have responded, you have the right to escalate your complaint to the Information Commissioner’s Office (ICO), which Pure Leapfrog is registered with:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
Website: ico.org.uk/make-a-complaint
Changes to This Privacy Notice
We may update this notice from time to time. The date at the top of this document shows when it was last updated.
How to Contact Us
For questions or concerns about our privacy management, please contact us:
- Email: info@pureleapfrog.org
- Phone: 0114 299 9770
- Address: 82 Tanner Street, London, SE1 3GN
Pure Leapfrog is not required to appoint a Data Protection Officer, but we have designated a Data Protection Lead, who can be contacted at the email above.