Privacy policy

Who are we?

Welcome Churches is a registered charity (1177344) which exists to equip the UK Church to welcome and integrate refugees and asylum seekers into their communities. Our vision is for every refugee to be welcomed by the local church. That means we partner with local churches across the UK; training and supporting them to connecting with those seeking refuge within their community.

Welcome Churches has a responsibility to let you know how we control and process any information we hold on you. This privacy policy explains how we do that.

Welcome Churches collects, processes and stores personal data when you interact with us.

Information may be collected in person, over the phone, through our websites, social media, email or from something you've posted to us.

What data do we collect?

This can include:

  • Name

  • Email address

  • Phone number

  • Postal Address

  • Church attended and religious beliefs

  • Details of contact with Welcome Churches

  • Information regarding any financial donations made to Welcome Churches (including Gift Aid details)

  • Consent to process your data

  • Non personal data such as IP addresses, web browser type and version (automatically collected); operating system (automatically collected); A list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected)

Whose data do we collect?

Depending how you have got in touch with us will affect what data we collect. Data is collected so that Welcome Churches can provide you with the service that you require from us and ensure that our communication is relevant. We also use the data collected to monitor our own performance; measuring our impact and effectiveness across the UK.

  • Enquirers: Any one who has enquired about the projects and training that Welcome Churches offers.

  • Supporters: Individuals who are signed up to receive our mailings, who given financially in the last two years or give financially on a regular basis.

  • Neighbours: Refugees and asylum seekers who have been referred to receive a Welcome Box from their local church. Referrals can be made by organisations, friends or by a self-referral. It is vital that the Neighbour’s permission has been given for the referral to be made.

  • Job applicants (both voluntary and employed): This includes anyone who is working within the Welcome Churches team from Head Office, or who is a Welcome Boxes Coordinator for a church.

  • Market research and demographic data: Analytical data collected through our website (hosted by Squarespace), Customer Relational Management System (SalesForce), emails sent through our marketing automation platform (MailChimp) and through social media accounts (Facebook and Twitter).

When do we share data with third parties?

We use online computer systems to help us to store and process your data.

Data is only shared if it has been provided through our Welcome Boxes referral website ( We will share data given through with our local partner church in your area, in order for them to run Welcome Boxes as a project. Partner churches are required to sign a confidentiality agreement with Welcome Churches in order for us to do this, as well as have their own data protection policies in place which are GDPR compliant.

How do we store the data?

Personal data is only stored on password-protected systems and can only be accessed by the relevant Welcome Churches employees and volunteers.

  • Enquirers and supporters: data is stored on SalesForce – a Customer Relationship Management System. We also use MailChimp to help us keep in touch with our supporters.

  • Financial givers: Any online financial giving is processed through Donorbox and Stripe. Individuals can also prefer to give to us through Stewardship, if they prefer.

  • Neighbours (Refugees and asylum seekers) – anyone who is referred to receive a Welcome Box from their local church will be processed through GSuite. Welcome Churches will process the individuals’ data and pass on to one of our volunteers in their local area in order for a Welcome Box visit to be made. All volunteers and partner churches are required to sign a confidentiality agreement with Welcome Churches to ensure that they treat the data with respect and sensitivity.

  • Job applicants – Stored on GSuite.

  • Market Research and demographic data – We use Google Analytics and Squarespace (where our websites our hosted) in order to analyse how people are engaging with Welcome Churches. This data will only be used collectively and individuals will not be identified.

How long do we store the data?

  • Enquirers: We will store the data as long as the enquirer is in active communication with us. We will store the data for one more year after the enquirer has been in contact with us, after which it will be deleted.

  • Supporters: We will store the data as long as the individual is signed up to our mailing list. Should the individual ask to be taken off our mailing list, their data will be deleted.

  • Regular financial givers: We will store the data as long as the individual is financially giving to Welcome Churches. Should the individual stop giving to Welcome Churches, we will store the data for one year after which it will be deleted.

  • Neighbours (refugees and asylum seekers): Data will be stored by Welcome Churches and the partner church as long as the Neighbour is being welcomed to the new area (normally about three months). After this, the data will be stored for one year, after which it will be deleted.

  • Job applicants - We will keep the data of unsuccessful job applicants for one year after their application. Any successful applicants, both voluntary and employed, will be kept on our systems as long as they continue to work with Welcome Churches, and for one year after they stop working with us.

  • Market research and demographic data - We have a legitimate interest in ensuring we continue to improve, and we may use your contact details to contact you to ask for your comments and opinions on how we might improve and develop our services. We may also use your information to study and better understand the composition of our client and supporter base.

What information does our website store?

Our website may record some of your personal information, for example, by logging your IP address or the location of your computer or network. It may also record information about you that you enter into online forms. Other data may be collected anonymously about your use of our site from cookies. Cookies are small text files that are placed on your computer by websites that you visit. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

Lawful basis for processing data

In the majority of cases, one of the following lawful bases will be used to process your data:

  • Consent: the individual has given clear consent for us to process their personal data for a specific purpose.

    • We will seek consent that is freely given, specific, informed and unambiguous. We will use a positive opt-in – consent cannot be inferred from silence, preticked boxes or inactivity. Consent will also be separate from other terms and conditions, and we aim to have simple ways for people to withdraw consent.

    • Welcome Churches’ processes for consent will be reviewed annually.

  • Legitimate interest: the processing is necessary for Welcome Churches’ legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (e.g. it is necessary for us to be in contact with volunteer from our partner churches in order for us to support the church effectively).

What are your rights?

Under the General Data Protection Regulation of 2018 your rights as an individual include:

  • the right to be informed;

  • the right of access;

  • the right to rectification;

  • the right to erasure;

  • the right to restrict processing;

  • the right to data portability;

  • the right to object; and

  • the right not to be subject to automated decision-making including profiling.

How can you contact us?

Please contact us if you have any questions about our privacy policy or information we hold about you:

Registered address: Bridge House, Riverside Court, Derby, DE24 8HY


For more information about your legal rights in relation to the information we hold about you, please visit the Information Commissioner’s Office at

Subject access requests

If you request access to the data we hold on you, Welcome Churches will seek to comply within one month of the request. If the request is unfounded or excessive, Welcome Churches may refuse this request. In this instance, Welcome Churches will inform the individual why and that they have the right to complain to the supervisory authority and to a judicial remedy.

This policy was last updated in November 2018