Who are we?
Welcome Churches oversees three referral websites where data is collected by Welcome Churches and then passed on to a local church we partner with: network.welcomechurches.org, welcomeboxes.org and ukhk.org/church. This Data Protection Agreement covers all three of these websites. Some churches may choose to feature on all three, some may only feature on one or two, depending on the projects the church chooses to partner with Welcome Churches in.
Welcome Churches is a registered charity (1177344) which exists to equip the UK Church to welcome and integrate refugees, asylum seekers, and other migrants into their communities. Our vision is for every refugee to be welcomed by the local church. That means we partner with local churches across the UK, training and supporting them in connecting with those seeking refuge within their community. We also operate under the names of UKHK and Welcome Homes.
Welcome Churches has a legal duty to protect your information and provide you with information about the rights that you have. This privacy notice explains how we collect, process, store, and use any personal information when you interact with us.
Definitions:
The following list below of definitions of the technical terms we have used and is intended to aid understanding of this policy.
Our websites
Our websites may include but are not, and will not be, exhaustive of: welcomechurches.org; welcomeboxes.org; ukhk.org, welcome-homes.org; findyourwelcome.org
Neighbour
Our Neighbours are the people we are trying to reach - refugees and people seeking asylum.
Network Church
Our Network churches are churches that have signed up to be a part of the Welcome Network.
Network Plus Church
Our Network Plus churches are Network churches that have undertaken additional training, and are proactively offering help and support to refugees and those seeking asylum in their local area.
Supporter
Our supporters are individuals and organisations who support our work through financial donations, volunteering and prayer.
UKHK Church Network: ukhk.org/church: referrals from newly-arrived Hong Kongers in the UK and looking to connect with people from a local church. These referrals will be made directly by the Neighbour (not from another organisation or church).
Welcome Network: network.welcomechurches.org: connects refugees and asylum seekers with a local church when they move to a new part of the UK. These referrals are most likely to come from other churches in the Welcome Network but they may also be self-referrals.
Welcome Boxes: welcomeboxes.org: referrals to churches running the Welcome Boxes project, intentionally welcoming newly-arrived refugees and asylum seekers to a new area, through the introduction of a Welcome Box. The church then welcomes the new Neighbour over a period of approximately 3 months, recording the interactions with the Neighbour on the Welcome Boxes system (under the church login at network.welcomechurches.org). These referrals may come from another organisation working with refugees and asylum seekers, another local church or a self-referral.
What personal information do we collect?
We collect information about you when you enquire about using any of our services, as part of us providing you with our service(s), or when you register an interest in supporting us. We will also collect information about you if you contact us to apply for a role working for Welcome Churches or if you complete one of our short supporter or beneficiary satisfaction surveys. Website usage information is collected using cookies. We will normally process your personal information on the basis that we have your consent to do so. We may also process some of your personal information on the basis that we believe there is a legitimate interest for us to do so.
Why do we collect this information?
Neighbours: We will initially use the information we collect from you to refer you to support from a local church. Referrals can be made by organisations, friends, or by a self-referral.
We may use your information for the following legitimate interests: to contact you with information about other free services Welcome Churches offers that may be suitable for you, or to invite you to take part in research and feedback in relation to our services.
Supporters: We will use the information we collect from you, including your level of interest, support for us and location, to tell you more about our work and improve the experience we offer you. We will also thank you for your support, and invite you to continue to support us.
We may also use your information to invite you to fundraising or other events, or to ask if you would be able to increase your support.
We will also process your information on the basis of our legitimate interest to improve our fundraising strategies. This will include analysing the information we collect about you and using publicly available information to aid our understanding of our supporters, understand the level of potential donations, profile supporters into categories and help provide a personalised service to you on our website content and emails.
This may also include social media advertising. We will always do this in compliance with the rules in relation to direct marketing, including those set out by the Fundraising Regulator.
Job applicants: We will use the information we collect from you to process and consider your application for a role at Welcome Churches.
How do we store the data?
We use online computer systems to help us to store and process your data. These include Salesforce, Mailchimp, and CAF online. Personal data is only stored on password-protected systems and can only be accessed by the relevant Welcome Churches employees and volunteers. Data stored on our private networks, such as ukhk.org and the Welcome Network, is encrypted and information about Neighbours (refugees, asylum seekers, or migrants) is not transferred to an external database.
Neighbours (refugees, asylum seekers, or migrants): Anyone who is referred to receive support from their local church will be processed through one of our websites. Welcome Churches will process the individual's data and pass it on to one of our volunteers from a participating church in their local area in order for the service to be provided. All Network churches are required to sign a confidentiality agreement with Welcome Churches covering all their volunteers to ensure that they treat the data with respect and sensitivity (See Appendix 1 - Welcome Churches Data Protection Agreement with local churches) .
Supporters: Data may be processed through FormAssembly or GSuite form handling, Salesforce, and one of our websites. We also use MailChimp to help us keep in touch with our supporters. Any online financial giving is normally processed through CAF online. Other donation channels such as Donorbox and Stripe, The Big Give, Just Giving, etc., may be used for particular campaigns. Individuals can also choose to give to us through Stewardship or by payroll giving if they prefer. Details are also retained on Salesforce and in Xero accounting software.
Job applicants – Your information will only be shared with our Senior Management Team who will be involved in the selection and recruitment process. We will only request a reference or a DBS disclosure with your prior consent.
Market Research and demographic data – We use Google Analytics and Squarespace (where our websites are hosted) to analyse how people are engaging with Welcome Churches. This data will only be used collectively and individuals will not be identified.
When will we share your information?
Where Neighbours are concerned, we will share data given through one of these sites with our local Network church in your area in order for them to provide the relevant services to you. Network churches are required to sign a confidentiality agreement with Welcome Churches in order for us to do this, and have their own data protection policies in place which are GDPR compliant. We will not normally share any information we hold about you to others without your prior consent, unless one of the following exceptions apply:
If it is necessary for law enforcement or similar purposes;
As a necessary part of providing you with our service(s) or contacting you as a supporter — for example, by using a third party mailing house to process our communications;
As a necessary part of ensuring we comply with our legal obligations as a data controller — for example, by using a third party to migrate data or ensure it is accurate and up-to-date;
We may collect information that you make available on, for example, Twitter, Meta, LinkedIn or similar organisations. You may wish to check their privacy policy to find out more information on how they will process your data.
When do we transfer your information out of the UK?
We will normally keep your information in the UK, but may transfer your information to other countries that have appropriate safeguards in place – for example, processors based in the European Union or the USA, where they are certified to the EU-US Privacy Shield. In particular, we may host your data on G‑Suite servers operated by Google LLC which conform to the standards of the EU-US Privacy Shield.
How long do we keep your information for?
We will take all reasonable steps to ensure that the information we hold about you is kept secure. We will only hold your personal data for as long as it is required in line with our Data Protection Policy. Deleting your information may involve either the removal of the data or its anonymisation, meaning that it no longer continues to be personal data that will identify you. The following list sets out some of the main retention periods we have in place for the data we hold:
Supporters: We will store the data for up to 7 years from the date of the last interaction to allow us to keep supporters informed of our work. This is also a HMRC requirement in relation to Gift Aid records.
Neighbours (refugees, asylum seekers, or migrants): Welcome Churches and the Network Church will store data as long as the Neighbour is being welcomed to the new area (normally about three months). After this, the data will be stored for three years to allow us to analyse our client outcomes.
Partner organisations: We have a legitimate interest in building strong relationships with partner organisations that operate in sectors that we work in, and may store and use details of contacts at these companies to send regular communications. Any regular email communications sent will include an unsubscribe link, and we will remove contact details on request.
Job applicants: we will keep the data of unsuccessful job applicants for one year after their application.
What are your rights over your information?
You have the following rights in relation to your information:
You may withdraw consent where we are using your information on the basis of this
You may object where we are using your information on legitimate interest grounds
You can ask us what information we hold about you and can request a copy of this. There is normally no fee for this — unless a request is manifestly unfounded or excessive
You can ask us to correct information we hold about you if it is inaccurate
You can ask us to erase your information in some circumstances
You can ask us to stop using your information for a period of time if you believe we are not doing so lawfully
To submit a request by email, post or telephone, please use the contact information provided below. We will deal with your request within one month, unless it is particularly complex, in which case we will contact you within one month to let you know that we may need a further two months to comply.
For more information about your legal rights under the UK’s GDPR in relation to the information we hold about you, please visit the Information Commissioner’s Office at ico.org.uk
What information do our websites collect?
Our websites may record some of your personal information, for example, by logging your IP address or the location of your computer or network. It may also record information about you that you enter into online forms.
Other data may be collected anonymously about your use of our site from cookies. Cookies are small text files that are placed on your computer by websites that you visit. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org.
We may use cookies:
To establish the needs of visitors and customise the content of our websites
To process any forms, requests, or applications you send
To inform advertising on social media
For internal administration and analysis
Welcome Churches is not responsible for links to any external sites that are outside of Welcome Churches’s control, including any data that may be collected by those sites. This privacy policy only applies to this websites, so, when you link to other websites via Welcome Churches, you should read their own privacy policies.
What is your right to complain?
If you have a complaint about use of your information by Welcome Churches, you can contact the Information Commissioner’s Office via their website at ico.org/concerns or write to them at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
How can you contact us?
Please contact us if you have any questions about our privacy policy or information we hold about you:
Registered address: Bridge House, Riverside Court, Derby, DE24 8HY
Email: info@welcomechurches.org
For more information about your legal rights in relation to the information we hold about you, please visit the Information Commissioner’s Office at ico.org.uk
We keep our privacy policy under regular review and we will place any updates on this webpage.
This privacy policy was last updated in May 2023.
Appendix 1 - Welcome Churches Data Protection Agreement with local churches
Welcome Churches oversees three referral websites where data is collected by Welcome Churches and then passed on to a local church we partner with: network.welcomechurches.org, welcomeboxes.org and ukhk.org/church. This Data Protection Agreement covers all three of these websites. Some churches may choose to feature on all three, some may only feature on one or two, depending on the projects the church chooses to partner with Welcome Churches in.
Definitions:
Neighbour: The person referred to the church to be welcomed.
Welcome Network: network.welcomechurches.org: connects refugees and asylum seekers with a local church when they move to a new part of the UK. These referrals are most likely to come from other churches in the Welcome Network but they may also be self-referrals.
Welcome Boxes: welcomeboxes.org: referrals to churches running the Welcome Boxes project, intentionally welcoming newly-arrived refugees and asylum seekers to a new area, through the introduction of a Welcome Box. The church then welcomes the new Neighbour over a period of approximately 3 months, recording the interactions with the Neighbour on the Welcome Boxes system (under the church login at network.welcomechurches.org). These referrals may come from another organisation working with refugees and asylum seekers, another local church or a self-referral.
UKHK Church Network: ukhk.org/church: referrals from newly-arrived Hong Kongers in the UK and looking to connect with people from a local church. These referrals will be made directly by the Neighbour (not from another organisation or church).
The responsibilities of Welcome Churches and the local church:
As the data controllers, Welcome Churches have a responsibility to ensure that all local churches we partner with will treat any data that we pass to them responsibly and with sensitivity. Welcome Churches will ensure that any data passed to you will comply with any data protection regulations required in the Data Protection Act (2018). However, please note that it is the responsibility of your church to ensure they do everything possible to ensure correct provisions are in place to adhere to the Act. (This responsibility cannot be conferred to Welcome Churches).
The personal details you receive about the Neighbour should always be treated sensitively, as there could be security issues for the Neighbour if they are accessed by people the church does not take responsibility for.
In order for us to pass refugee referrals to the church, your church is required to agree to the following:
Processing data:
To have an up-to-date Church Data Protection Policy (Data Protection Act 2018).
To adhere to the General Data Protection Regulations as a church.
To include receiving referral data from Welcome Churches in the Church Data Protection Policy, depending on which projects you partner with Welcome Churches in.
To only share referral data on a need-to-know basis. The primary responsibility for this data lies with the Coordinator for the church. The only other people who should be given the personal data are the designated volunteers (Welcomers) for the Neighbour you are contacting. This data should be treated confidentially with the understanding that sharing it with unknown people could put lives at risk.
To only store referral data on the secure, online system provided by Welcome Churches. It should not be downloaded to any other computer or paper system.
To let Welcome Churches know if the church has designated an administrator to help the Coordinator in the processing of the data.
Liaising with the referrer (for Welcome Boxes and the Welcome Network):
To contact the referrer (e.g. church in a different part of the UK) to tell them when you are making contact with the refugee and to let them know once you have met the refugee being referred. You can also contact them to ask for their help introducing you to the refugee if you wish.
To not store the referrer’s contact details longer than necessary.