How do I inform a company I found a leaked database of theirs on the Internet?
Don't give security info to non-security people. Use whatever contact method is available to ask for the right security person. Don't give details about what you found until you get someone who will understand it.
Then provide the details about what you found. Don't ask for reward or demand any kind of action or else you are very likely not to be taken seriously. Just provide help and leave it up to them to deal with.
I'm not sure what kind of template you need. Give them the info/steps they need in order to locate the information you found. If you sound too "scripted" you might sound like a scammer. Be human. Be helpful.
One option if you're not having luck finding contact details is to contact the CERT (Computer/Cyber Emergency Response Team) in your's or the entity's country List of global CERTs. These organisations generally have methods of contacting the appropriate people (within the affected entity and national authorities).
In Australia at least, contact from AusCERT and ACSC (Australian Cyber Security Centre) is likely to be taken more seriously than contact from a random and unknown person. An article by Troy Hunt about his experiences handling the Red Cross Australia database leak with AusCERT gives his views on AusCERT's performance. I recommend reading the full article, but skip down to "AusCERT and Red Cross' handling of the incident" for Troy's summary.
Initial premise: Finding was obtained lawfully
You need to dig up who is their security contact, who in the org should be contacted around disclosure of security faults. How that is (or isn't) organised is entirely up to the org. It's also entirely up to them to ignore or misunderstand you so please bear that in mind and set your expectations.
Finding a contact inside the org (anyone) to talk to directly or asking on a public channel are sometimes useful ways to get to the right people eventually.
Be mindful of what you are reporting and how you communicate the finding. You are offering help, which they can refuse or ignore. Make contact, establish a dialog, offer recommendations if you can, try to gauge the technical level of the contacts and their interest in learning and fixing the issue.