Who are we?

Welcome Churches is a registered charity (1177344) which exists to equip the UK Church to welcome and integrate refugees, asylum seekers and other migrants into their communities. Our vision is for every refugee to be welcomed by the local church. That means we partner with local churches across the UK; training and supporting them in connecting with those seeking refuge within their community. 

Welcome Churches has a responsibility to let you know how we control and process any information we hold on you. This privacy policy explains how we do that.




Welcome Churches collects, processes and stores personal data when you interact with us. 

Information may be collected in person, over the phone, through our websites, social media, email or from something you’ve posted to us. 


What data do we collect?

This can include:

  • Name
  • Email address
  • Phone number
  • Postal Address
  • Church attended and religious beliefs
  • Details of contact with Welcome Churches
  • Information regarding any financial donations made to Welcome Churches (including Gift Aid details)
  • Consent to process your data
  • Non-personal data such as IP addresses, web browser type and version (automatically collected); operating system (automatically collected); A list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected)
  • Market research and demographic data: Analytical data collected through our websites (hosted by Squarespace and First Avenue), Customer Relationship Management System (SalesForce), emails sent through our marketing automation platform (MailChimp) and through social media accounts (e.g. Facebook, Instagram and Twitter).

Welcome Churches is not responsible for links to any external sites that are outside of Welcome Churches control, including any data that may be collected by those sites.

Whose data do we collect?

Depending how you have got in touch with us will affect what data we collect. Data is collected so that Welcome Churches can provide you with the service that you require from us and ensure that our communication is relevant. We also use the data collected to monitor our own performance; measuring our impact and effectiveness across the UK. 

Enquirers: Any one who has enquired about the projects and training that Welcome Churches offers. 

– Supporters: Individuals who are signed up to receive our mailings, who have given financially in the last two years or give financially on a regular basis. 

– Neighbours: Refugees and asylum seekers or other migrants who have been referred to receive a Welcome Box or other service from their local church. Referrals can be made by organisations, friends or by a self-referral. It is vital that the Neighbour’s permission has been given for the referral to be made. 

– Job applicants (both voluntary and employed): This includes anyone who is working within the Welcome Churches Head Office team, or who is a volunteer for Welcome Churches or a church in the network e.g. a Welcome Boxes Coordinator for a church


When do we share data with third parties?

We use online computer systems to help us to store and process your data. These include Salesforce, Mailchimp and CAF online. 

Data is only shared if it has been provided on a welcome churches contact form or through one of our websites: welcomeboxes.org; welcomechurches.org; network.welcomechurches.org; afghanwelcome.org, ukhk.org or hospitalitypledge.org. We will share data given through one of these sites with our local partner church in your area, in order for them to provide the relevant services to you. Partner churches are required to sign a confidentiality agreement with Welcome Churches in order for us to do this, as well as have their own data protection policies in place which are GDPR compliant. 

From time to time we may also share strictly necessary information with partner organisations who have signed a Memorandum of Understanding with Welcome Churches in order for them to provide relevant services as needs arise. For example, this may include local organisations coordinating local crisis response (e.g. Upbeat Communities) or national organisations providing services or practical equipment (e.g. Baby Basics UK). Partnering organisations are also required to have their own data protection policies which are GDPR compliant and to maintain the confidentiality of any information shared with them.

How do we store the data?

Personal data is only stored on password-protected systems and can only be accessed by the relevant Welcome Churches employees and volunteers. Data stored on our private networks, network.welcomechurches.org and ukhk.org, is encrypted and information about neighbours (refugees, asylum seekers or migrants) is not transferred to an external database. 

Enquirers and supporters: data may be processed through Form assembly or GSuite form handling, Salesforce and one of our websites cited above . We also use MailChimp to help us keep in touch with our supporters. 

Financial givers: Any online financial giving is normally processed through CAF online. Other donation channels such as Donorbox and Stripe, The Big Give, Just Giving etc. may be used for particular campaigns. Individuals can also choose to give to us through Stewardship or by payroll giving if they prefer. Details are also retained on Salesforce and in Sage accounting software. 

Neighbours (Refugees and asylum seekers or migrants) – anyone who is referred to receive a Welcome Box or other service from their local church will be processed through one of our websites cited above. Welcome Churches will process the individuals’ data and pass on to one of our volunteers from a participating church in their local area in order for the service to be provided. All partner churches are required to sign a confidentiality agreement with Welcome Churches covering all their volunteers to ensure that they treat the data with respect and sensitivity. 

Job applicants – Stored on GSuite. 

Market Research and demographic data – We use Google Analytics and Squarespace (where our websites are hosted) in order to analyse how people are engaging with Welcome Churches. This data will only be used collectively and individuals will not be identified. 

How long do we store the data?

Enquirers: We will store the data as long as the enquirer is in active communication with us. We will store the data for up to 2 more years after the enquirer has been in contact with us, after which it will be deleted. 

Supporters: We will store the data as long as the individual is signed up to our mailing list. Should the individual ask to be taken off our mailing list, their data will be removed from the mailing list. If there is no further contact for up to 2 years, their data will then be deleted. 

Regular financial givers: We will store the data as long as the individual is financially giving to Welcome Churches. Should the individual stop giving to Welcome Churches, we will store the data for up to 2 years of no further contact after which it will be deleted unless required for compliance with auditing requirements. 

Neighbours (refugees, asylum seekers and migrants): Data will be stored by Welcome Churches and the partner church as long as the Neighbour is being welcomed to the new area (normally about three months). After this, the data will be stored for up to 2 years, after which it will be deleted. 

Job applicants – We will keep the data of unsuccessful job applicants for up to 2 years after their application. Any successful applicants, both voluntary and employed, will be kept on our systems as long as they continue to work with Welcome Churches, and for up to 2 years after they stop working with us. 

What information does our website store?

Our website may record some of your personal information, for example, by logging your IP address or the location of your computer or network. It may also record information about you that you enter into online forms. Other data may be collected anonymously about your use of our site from cookies. Cookies are small text files that are placed on your computer by websites that you visit. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org.


Lawful basis for processing data

In the majority of cases, one of the following lawful bases will be used to process your data: 

  • Consent: the individual has given clear consent for us to process their personal data for a specific purpose.

o We will seek consent that is freely given, specific, informed and unambiguous. We will use a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. Consent will also be separate from other terms and conditions, and we aim to have simple ways for people to withdraw consent. 

o Welcome Churches’ processes for consent will be reviewed annually. 


  •  Legitimate interest: the processing is necessary for Welcome Churches’ legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (e.g. it is necessary for us to be in contact with a volunteer from our partner churches in order for us to support the church effectively). 
    • Market research and demographic data – We have a legitimate interest in ensuring we continue to improve, and we may use your contact details to contact you to ask for your comments and opinions on how we might improve and develop our services. We may also use your information to study and better understand the composition of our client and supporter base. Welcome Churches maintains the right to process the data to provide analysis to shape our future resources and training. We also collect information on user behaviour on our websites to improve content and provide better services. 


What are your rights?

Under the General Data Protection Regulation of 2018 your rights as an individual include: 

  • the right to be informed; 
  • the right of access; 
  • the right to rectification; 
  • the right to erasure; 
  • the right to restrict processing; 
  • the right to data portability; 
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

How can you contact us?

Please contact us if you have any questions about our privacy policy or information we hold about you: 

Registered address: Bridge House, Riverside Court, Derby, DE24 8HY 

Email: info@welcomechurches.org 

For more information about your legal rights in relation to the information we hold about you, please visit the Information Commissioner’s Office at ico.org.uk. 

Subject access requests 

If you request access to the data we hold on you, Welcome Churches will seek to comply within one month of the request. If the request is unfounded or excessive, Welcome Churches may refuse this request. In this instance, Welcome Churches will inform the individual why and that they have the 

right to complain to the supervisory authority and to a judicial remedy within the UK.

This policy was last updated in September 2021