Welcome Churches Data Protection Agreement with local churches

Welcome Churches oversees three referral websites where data is collected by Welcome Churches and then passed on to a local church we partner with: network.welcomechurches.org, welcomeboxes.org and ukhk.org/church. This Data Protection Agreement covers all three of these websites. Some churches may choose to feature on all three, some may only feature on one or two, depending on the projects the church chooses to partner with Welcome Churches in.


Neighbour: The person referred to the church to be welcomed.

Welcome Network: network.welcomechurches.org: connects refugees and asylum seekers with a local church when they move to a new part of the UK. These referrals are most likely to come from other churches in the Welcome Network but they may also be self-referrals.

Welcome Boxes: welcomeboxes.org: referrals to churches running the Welcome Boxes project, intentionally welcoming newly-arrived refugees and asylum seekers to a new area, through the introduction of a Welcome Box. The church then welcomes the new Neighbour over a period of approximately 3 months, recording the interactions with the Neighbour on the Welcome Boxes system (under the church login at network.welcomechurches.org). These referrals may come from another organisation working with refugees and asylum seekers, another local church or a self-referral. 

UKHK Church Network: ukhk.org/church: referrals from newly-arrived Hong Kongers in the UK and looking to connect with people from a local church. These referrals will be made directly by the Neighbour (not from another organisation or church).

The responsibilities of Welcome Churches and the local church:

As the data controllers, Welcome Churches have a responsibility to ensure that all local churches we partner with will treat any data that we pass to them responsibly and with sensitivity. Welcome Churches will ensure that any data passed to you will comply with any data protection regulations required in the Data Protection Act (2018). However, please note that it is the responsibility of your church to ensure they do everything possible to ensure correct provisions are in place to adhere to the Act. (This responsibility cannot be conferred to Welcome Churches). 

The personal details you receive about the Neighbour should always be treated sensitively, as there could be security issues for the Neighbour if they are accessed by people the church does not take responsibility for. 

In order for us to pass refugee referrals to the church, your church is required to agree to the following:

Processing data:

  • To have an up-to-date Church Data Protection Policy (Data Protection Act 2018).
  • To adhere to the General Data Protection Regulations as a church.
  • To include receiving referral data from Welcome Churches in the Church Data Protection Policy, depending on which projects you partner with Welcome Churches in.
  • To only share referral data on a need-to-know basis. The primary responsibility for this data lies with the Coordinator for the church. The only other people who should be given the personal data are the designated volunteers (Welcomers) for the Neighbour you are contacting. This data should be treated confidentially with the understanding that sharing it with unknown people could put lives at risk.
  • To only store referral data on the secure, online system provided by Welcome Churches. It should not be downloaded to any other computer or paper system.
  • To let Welcome Churches know if the church has designated an administrator to help the Coordinator in the processing of the data.

Liaising with the referrer (for Welcome Boxes and the Welcome Network):

  • To contact the referrer (e.g. church in a different part of the UK) to tell them when you are making contact with the refugee and to let them know once you have met the refugee being referred. You can also contact them to ask for their help introducing you to the refugee if you wish.
  • To not store the referrer’s contact details longer than necessary.