Privacy Notice


Our contact details.

Address: Making The Leap, Harriet Tubman House, Hazel Road, Kensal Green, London, NW10 5PP
Phone: 020 8962 1900
ICO Registration Number: Z5086417

This notice applies to all of Making The Leap’s activities, including the UK Social Mobility Awards, Social Mobility Day, and Black Charity Leaders. It applies however you provide personal data to us, whether you visit us online or visit our premises, receive services from us, attend our events or contact us via social media, support us as a donor, partner, volunteer or whether you telephone, email, write to us or text us.


The type of personal information we collect.

We may collect, use, store or transfer different kinds of personal data about you when you use our websites, and when you receive services or communication from us. Similarly, we may process your personal data if you are a prospective, current, or former employee, service user, volunteer, donor, or sponsor. We have categorised the different kinds of personal data as follows:

  • Identity Data which includes your first and last name, and for service users may include government-issued identity documents, driver’s license or passport for ID verification purposes.
  • Contact Data means the data we use to contact you including your billing or site billing address, home or work address, email address, mobile number, or your telephone landline number.
  • Social Media Data includes your social media handles.
  • Financial Data means the payment method and card association used to process your payments for donations to Making The Leap. We do not process financial transactions – these are handled by the payment services providers, banks, or financial institutions that we use.
  • Communication Data means details about communication you have made on our website including any information or other details you have provided in respect of your request for information or services you may purchase or request from us. This includes other correspondence you share with us.
  • Feedback, Evaluation and Research Data to identify needs and support ongoing service improvements.
  • Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) / MAC address, browser type and version, location, browser plug-in types and versions, referrer URL, host name of the accessing computer, operating system and platform and other technology on the devices you use to access this website. This information will not be combined with data from other sources, and we do not share such information with third parties other than service providers that we retain to support the Site’s operation.
  • Linked Sites and social media means that for your convenience this Site may contain hyperlinks to other websites that are not under our control, including Facebook, Instagram, LinkedIn, and X/Twitter.
  • Usage Data includes information about how you use our website, products, and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and for on our website, your IP address, the page that referred you to our site and the click stream during your visit to our website, page response times and page interaction information (e.g., clicks you make on a page).
  • Profile Data includes your username (email address), name and any details you share in the message fields or text boxes on this website.
  • Registration Data when you register to receive our services.
  • Event Registration Data when you express an interest to attend our events – e.g., dietary requirements and access requirements.
  • Still or video images captured during meetings or events.
  • Call or video recordings when you call our office or attend a virtual meeting or event.
  • Marketing, Communications and Fundraising Data includes your preferences in receiving marketing from us and your communication preferences. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. Other publicly available personal data including any which you have shared via a public platform (such as Instagram, You Tube, X/Twitter, or public Facebook page).
  • Subcontractor or freelancers’ data includes the personal data that we need to consider your interest in providing services to us. We will also collect information to help us manage our contractual relationship with you.
  • Employee, volunteer or workforce recruitment data which includes your Curriculum Vitae (CV), additional personal data that we need to consider your interest in working with us and the employment data that we will hold if we hire you. We carry out Disclosure Barring Service (DBS) Checks where appropriate. If you provide us with any information about reasonable adjustments you require under the Equality Act 2010, the lawful basis we rely on for processing this information is legal obligation. The additional condition we rely on to process any information which is special category data relates to our obligations in employment and the safeguarding of your fundamental rights.
  • Furthermore, we may process special category information about you to support our research activities or to assess service eligibility and entitlement because it is necessary during our legitimate activities with appropriate safeguards by our not-for-profit body. We will seek explicit consent for these activities.


Property Visitors.

We operate CCTV in our office premises for the purposes of public safety, crime prevention, and prosecution, complaints, and dispute resolution, and for insurance and property management. We adhere to the ICO’s code of practice for the use of CCTV.

We do not need to ask individuals’ permission to use CCTV, but we make it clear where individuals are being recorded. Security cameras are clearly visible and accompanied by prominent signs.

Any enquiries about the CCTV system should be directed to


Essential Service Providers.

We engage third party contractors and freelancers to provide us with specialist business or professional services


About Cookies.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date.
A session cookie will expire at the end of the user session when the web browser is closed.
This site uses cookies, including third party cookies.
You can disable cookies in your browser. See our Cookies Policy for details.


How we get personal information and why we have it.

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Direct interactions: by using our website, filling in forms or by corresponding and communicating directly with us by post, phone, email, in person or otherwise.
  • Automated technologies or interactions: as you interact with us, we may automatically collect usage data and technical data about your equipment, browsing actions and patterns.
  • We use the information to:
  • Provide you with services, information, or advice.
  • Improve your experience as an individual accessing our services, or interacting with us as a volunteer, a partner or donor.
  • Improve the user experience on the website.
  • Respond to your enquiries.
  • Manage fraud prevention.
  • Support our marketing, communication, and fundraising strategies.
  • Help with research and the planning of new services.
  • Carry out surveys and consultations.
  • Recruit staff and volunteers and to manage our workforce.
  • Manage our relationships with schools, parents, or other strategic partners or stakeholders.
  • Use CCTV for public safety.
  • Detect, investigate, and prevent activities that may violate our policies, pose safety risks or be fraudulent or illegal.
  • Comply with legal obligations.

Under the UK Data Protection Act 2018, the General Data Protection Regulation (GDPR) and applicable legislation, we rely on the following the lawful bases for processing this information:

  1. Your consent. You can remove your consent at any time. You can do this by contacting
  2. We have a contractual obligation.
  3. We have a legal obligation.
  4. Processing is necessary to protect the vital interests of the people we provide services to.
  5. We have a legitimate interest.


How we store your personal information.


Sharing Your Information with Other Entities

We will not share your personal data with a third party outside Making The Leap except in limited circumstances, including:

  • When you allow us to share your personal data with other organisations to fulfil your request for our services.
  • When you direct us to share your personal data with third party sites or platforms such as social networking sites.
  • When companies perform services on our behalf such as event management companies. However, these organisations are prohibited from using your personal data for purposes other than those requested by us or required by law.
  • When we share your personal data with third parties to enforce our Terms of Use or rules, to ensure the safety and security of our service users, clients or other individuals that we have a relationship with, to protect our rights and property, to comply with legal process, or in other cases where disclosure is required by law.

International Transfers

Some data processors and third parties that we use are based outside the United Kingdom, so their processing of your personal data will involve a transfer of data outside the United Kingdom.
Whenever we transfer your personal data outside the United Kingdom, we will ensure a similar degree of protection is afforded to it. We will take reasonable steps to protect your personal data. These steps may include implementing the Binding Corporate Rules, International Data Transfer Agreements, or standard contractual clauses where they are recognised by law, obtaining your consent or other lawful means of transferring personal data.



We recognise the need to provide further privacy protections with respect to the personal data we collect from children and young people in relation to the services we provide.
This site is intended for adults and is not intended for use by children under 13 years of age. Our website does not knowingly collect information from or about children or sell products or services to children under the age of 13.


Data Security and Retention.

We make reasonable efforts to protect against unauthorised access to or use of your personal data.

Your information is securely stored. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used altered disclosed or accessed in an unauthorised way. We have implemented technical, administrative, and physical security measures that are designed to protect personal data from unauthorised access, disclosure, use and modification. We regularly review our data protection and security procedures.

In addition, we limit access to your personal data to those who have a business need to know. They will only process your personal data on our instructions, and they are subject to abide by GDPR and applicable legislation.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.


Your data protection rights.

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us via if you wish to make a request.


Annual updates to this Privacy Notice.

We keep our privacy notice under regular review to make sure it is up to date and accurate. We may change this privacy notice to accommodate new technologies, regulatory requirements or for other purposes.

We will review this privacy notice every year, and update as needed.

We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent.


How to complain.

If you have any concerns about our use of your personal information under the UK Data Protection Act 2018 or GDPR, you can make a complaint to us at
You can also complain to the Information Commissioner’s Office (the ICO), if you are unhappy with how we have used your data.

The contact details are as follows:
Address: –
Information Commissioner’s Office
Wycliffe House
Water Lane
Helpline number: 0303 123 1113


Date of policyDecember 2023
Date of last reviewDecember 2023
Date for reviewDecember 2024