Who are we?
Welcome Churches is a registered charity (1177344) which exists to equip the UK Church to welcome and integrate refugees and asylum seekers into their communities. Our vision is for every refugee to be welcomed by the local church. That means we partner with local churches across the UK; training and supporting them to connecting with those seeking refuge within their community.
Welcome Churches collects, processes and stores personal data when you interact with us.
Information may be collected in person, over the phone, through our websites, social media, email or from something you’ve posted to us.
What data do we collect?
This can include:
- Email address
- Phone number
- Postal Address
- Church attended and religious beliefs
- Details of contact with Welcome Churches
- Information regarding any financial donations made to Welcome Churches (including Gift Aid details)
- Consent to process your data
- Welcome Network (network.welcomechurches.org)
- The Welcome Network is a private network.
- All data that is being imported into the system is encrypted
- Cases handled in the network will not be transferred to an external database. Welcome Churches maintains the right to process the data to provide analysis to shape our future resources and training.
- Welcome Churches & Welcome Boxes website (welcomechurches.org & welcomeboxes.org)
- Google Analytics: Collect user behaviour on our platform to improve content and provide better services.
- Adobe Fonts: Adobe may store their fonts on users devices to provide better services
Whose data do we collect?
Depending how you have got in touch with us will affect what data we collect. Data is collected so that Welcome Churches can provide you with the service that you require from us and ensure that our communication is relevant. We also use the data collected to monitor our own performance; measuring our impact and effectiveness across the UK.
- Enquirers: Any one who has enquired about the projects and training that Welcome Churches offers.
- Supporters: Individuals who are signed up to receive our mailings, who have given financially in the last two years or give financially on a regular basis.
- Neighbours: Refugees and asylum seekers who have been referred to a local church in the Welcome Network. Referrals can be made by organisations, friends or by a self-referral. It is vital that the Neighbour’s permission has been given for the referral to be made.
- Job applicants (both voluntary and employed): This includes anyone who is working within the Welcome Churches team from Head Office, or who is a Welcome Boxes Coordinator for a church.
- Market research and demographic data: Analytical data collected through our website, Customer Relational Management System (SalesForce), emails sent through our marketing automation platform (MailChimp) and through social media accounts (Facebook and Twitter).
When do we share data with third parties?
We use online computer systems to help us to store and process your data. These include: Salesforce, GSuite, Mailchimp and CAF Online.
Data is only shared if it has been provided through our Welcome Network. We will share data given with our local partner church in your area, in order for them to contact and welcome the new Neighbour. Partner and Associate churches are required to sign a data protection agreement with Welcome Churches in order for us to do this, as well as have their own data protection policies in place which are GDPR compliant.
How do we store the data?
Personal data is only stored on password-protected systems and can only be accessed by the relevant Welcome Churches employees and volunteers.
- Enquirers and supporters: data is stored on SalesForce – a Customer Relationship Management System. We also use MailChimp to help us keep in touch with our supporters.
- Financial givers: Any online financial giving is processed through CAF Online. If you set up a regular gift in Summer 2018 then it will be processed through Donorbox and Stripe instead. Individuals can also prefer to give to us through Stewardship, if they prefer.
- Neighbours (Refugees and asylum seekers) – anyone who is referred to by welcomed by a local church will be processed through the Welcome Network website. Welcome Churches will process the individuals’ data and pass on to one of our volunteers in their local area in order for a Welcome Box visit to be made. All Partner and Associate churches are required to sign a data protection agreement with Welcome Churches to ensure that they treat the data with respect and sensitivity.
- Job applicants – Stored on GSuite.
- Market Research and demographic data – We use Google Analytics in order to analyse how people are engaging with the Welcome Churches website. This data will only be used collectively and individuals will not be identified.
How long do we store the data?
- Enquirers: We will store the data as long as the enquirer is in active communication with us. We will store the data for one more year after the enquirer has been in contact with us, after which it will be deleted.
- Supporters: We will store the data as long as the individual is signed up to our mailing list. Should the individual ask to be taken off our mailing list, their data will be deleted.
- Regular financial givers: We will store the data as long as the individual is financially giving to Welcome Churches. Should the individual stop giving to Welcome Churches, we will store the data for one year after which it will be deleted.
- Neighbours (refugees and asylum seekers): Data will be stored by Welcome Churches and the Partner or Associate Church as long as the Neighbour is being welcomed to the new area (normally about three months). After this, the data will be stored for one year, after which it will be deleted.
- Job applicants – We will keep the data of unsuccessful job applicants for one year after their application. Any successful applicants, both voluntary and employed, will be kept on our systems as long as they continue to work with Welcome Churches, and for one year after they stop working with us.
- Market research and demographic data – We have a legitimate interest in ensuring we continue to improve, and we may use your contact details to contact you to ask for your comments and opinions on how we might improve and develop our services. We may also use your information to study and better understand the composition of our client and supporter base.
What information does our website store?
Our website may record some of your personal information, for example, by logging your IP address or the location of your computer or network. It may also record information about you that you enter into online forms. Other data may be collected anonymously about your use of our site from cookies. Cookies are small text files that are placed on your computer by websites that you visit. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org.
Lawful basis for processing data
In the majority of cases, one of the following lawful bases will be used to process your data:
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
- We will seek consent that is freely given, specific, informed and unambiguous. We will use a positive opt-in – consent cannot be inferred from silence, preticked boxes or inactivity. Consent will also be separate from other terms and conditions, and we aim to have simple ways for people to withdraw consent.
- Welcome Churches’ processes for consent will be reviewed annually.
- Legitimate interest: the processing is necessary for Welcome Churches’ legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (e.g. it is necessary for us to be in contact with volunteer from our partner churches in order for us to support the church effectively).
What are your rights?
Under the General Data Protection Regulation of 2018 your rights as an individual include:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
How can you contact us?
Registered address: Bridge House, Riverside Court, Derby, DE24 8HY
For more information about your legal rights in relation to the information we hold about you, please visit the Information Commissioner’s Office at ico.org.uk.
Subject access requests
If you request access to the data we hold on you, Welcome Churches will seek to comply within one month of the request. If the request is unfounded or excessive, Welcome Churches may refuse this request. In this instance, Welcome Churches will inform the individual why and that they have the right to complain to the supervisory authority and to a judicial remedy.
This policy was last updated in October 2019