Privacy & cookies

National Churches Trust Privacy Policy

Who are we

The National Churches Trust (The Charity, we, or us) exists to support church buildings from all Christian denominations, of all ages and listing status that are open and accessible across the United Kingdom. The National Churches Trust is a registered charity (registered charity number 1119845) and we are also registered as a company limited by guarantee (company number 06265201). The National Churches Trust is registered with the ICO (registration number Z8724032) as a data controller.

The National Churches Trust is registered at Faith House, 7 Tufton Street, Westminster, London SW1P 3QB.

If you have any questions about this Privacy Policy, please contact us at

We take your privacy seriously and treat all the personal data you give us with great care. We will not sell or swap your details with any other organisation, ever, and will keep your details private and secure. Our Privacy Policy explains how we collect, store, and use the personal data you give to us. We’ll keep this page updated so that you can be confident when sharing your data with us that it will only be used in accordance with this policy. If you have any questions concerning your personal data and how we look after it or you would like to update how you would prefer to hear from us then please email

We will inform you of any update to our Privacy Policy that will affect you.

Who is the controller of your data?

National Churches Trust is the controller of your personal data. If you have any questions about this Privacy Policy, please contact us on

What personal data do we process?

We process personal data about you that you give to us when you make a donation, apply for a grant, register for events, sign up to our mailing list, submit an entry for an award, or join as a Friend such as your name, billing and delivery addresses, email address, telephone number and payment card details. When you visit our website, we also automatically receive your IP address which is a unique identifier for your computer or other device you are using to access our site. We may also use information from publicly available sources to carry out research to assess your inclination and capacity to support the Charity financially or by volunteering your time.

The personal information we store and process, the majority of which is given to us by our Friends and supporters but some of which we may obtain from other sources, may include:

name, title, gender, and date of birth;

contact details including postal address, email address, phone number and links to social media accounts;

your occupation and professional activities;

your recreations and interests;

family and spouse/partner details and your relationships to other supporters and friends;

records of donations and Gift Aid status, where applicable (as required by HMRC);

records of communications sent to you by the Charity or received from you;

volunteering by you on behalf of the Charity;

information about your wealth;

media articles about you;

information on your engagement in Chairty, events, groups, or networks;

information to help us improve the effectiveness of our communications with you including tracking whether the emails we send are opened and which links are clicked within a message, and tracking interactions with our website and/or social media adverts (via cookies).

If you use your credit or debit card to donate to us or to purchase a membership, item, or service, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here

We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.

Visitors to our websites

When someone visits we collect standard internet log information and details of visitor behaviour patterns in order to provide the best experience we can for users and keep the sites up to date and relevant. We will not associate any data gathered from this site with any personal data from any source.

Device information

We collect information from or about the computers, phones, or other devices where you access our websites. We may associate the information we collect from your different devices, which helps us provide a consistent user experience.

Use of cookies

As is common practice with almost all professional websites our sites use cookies, which are tiny files that are downloaded to your computer, to improve your experience.

We use necessary cookies to make our site work. We also use optional analytics cookies to help us make improvements to the website. Our media players and maps have their own cookies. The media will not work without cookies enabled. Accepting standard settings will turn Analytics cookies on.

Essential cookies

Essential cookies enable core functionality such as page navigation and access to secure areas. You can disable these by changing your browser settings, but this may affect how the website functions. We use maps (Google maps), video (YouTube and Vimeo) and sound (SoundCloud) on this website. Maps and media players set cookies and won't work if they are disabled.


Google Analytics cookies help us to improve our website by collecting information about how it is used. The cookies collect information in a way that does not directly identify you.

How do we use your data?

Personal data collected and processed by us may be used for the following key purposes:

  • Administration of membership;
  • Administration of donations, legacies and events
  • Administration/payment of our grants;
  • Responding to requests for support;
  • Research and statistical analysis;
  • Communication about our grants, support for churches, church tourism, maintenance services, membership, awards schemes, fundraising and other activities that we think may be of interest to you, including training events; and
  • Distribution of our e-newsletters;
  • Fundraising, marketing and public affairs.

Personal data provided to us will be used for the purposes outlined at the time of collection or registration in accordance with the preferences you express.

If you are a Friend of us this will include sending you confirmation of your subscription, membership materials, an annual review, and details of our events and offers by post. If you have opted in to receive our regular e-newsletters you may unsubscribe at any time.

We process your data for fundraising and marketing purposes to ensure that we are contacting you with the most appropriate communication, which is relevant and timely and will ultimately provide you with an improved experience. In doing so, we may use profiling techniques using publicly available data (such as Companies House, the internet & the media) or information that you have already provided to us, as well as statistical analysis to identify patterns and characteristics. We may carry out wealth screening, a process which uses trusted third-party partners, to automate some of this work. These actions help us to make appropriate requests to potential and existing donors who may have the means and the desire to give more. Importantly, it enables us to raise more funds in a cost-effective way.

You can opt out of your data being used in this way at any time by contacting us on 0207 222 0605, or by writing to us at 7 Tufton Street, London, SW1P 3QB.

If you are enquiring about a grant, or looking for advice around a church project, and request or agree to being sent grant support or fundraising information via email, we will consider that you are interested in hearing from us and therefore may, from time to time, send you information about other relevant events, competitions, and awards.

If you are entering your church details, we will need your contact details so that we can be in touch via mail or email to let you know about updates to the site, ask you to upload new information, ask for and give you feedback and user statistics, ask for ideas about future content, and inform you of relevant regional events and workshops, awards, and competitions.

If you are nominating an individual, a church activity or a capital project under any of our award schemes, we will require your contact details so we can get in touch with you regarding your nomination. We may also use your details in the future to ask for your feedback. You may contact us at any time to ask us to remove your details by contacting

Wherever possible and appropriate we will seek consent from a parent or guardian before collecting or using information about children or adults at risk.

Receiving marketing information from the National Churches Trust will always be your choice You can change your mind at any time and we will keep your preferences up to date. You can contact us on 0207 222 0605, or by writing to us at 7 Tufton Street, London, SW1P 3QB at any time to be removed from our lists.

Where does your personal data come from?

Most of the data we process about you comes from you, for example, information you provide to us online. Some information comes from third parties such as our partners who recommend applicants to funders or share the details of applications.

Other information is gathered during your use of our website (e.g., IP addresses or information obtained via cookies).

Do you have to provide your personal data?

In most cases, providing your personal data to us is optional, however, in some circumstances if you do not provide it, we will probably not be able to fulfil your donation, keep you up to date with news or events, subscription materials or e-newsletters, or our website may not work properly for you. We will also need to process your personal data if you have applied for a grant.

For example:

  • If you make a donation or pay for an event on our websites, we need details such as your name and address and payment card details to be able to take your payment.  If you do not provide your data we will not be able to process your payment. Once we have processed your payment, card details will be securely deleted;
  • You can turn off cookies on your browser and we will not place any cookies on your device or computer.  However, this is likely to mean that you may not be able to use parts of our website. 

What are the legal grounds for processing your personal data?

Data protection laws require us to tell you what legal basis we use for processing your personal data. These bases are set out in the applicable data protection law. We generally use the following:

  • The processing is necessary to perform a contract with you (i.e. the contract for the sale and purchase of your subscription or event tickets), or to take steps requested by you before entering into this contract;
  • The processing is in our or someone else's legitimate interests, and these interests are not overridden by your interests or rights in the protection of your personal data;
  • The processing is necessary to meet a legal obligation which applies to the National Churches Trust
  • You have consented to our processing of your personal data. If you have consented, you can withdraw your consent at any time by contacting us at

Who do we share your personal data with?

Personal data collected and processed by us may be shared in the following situations:

  • With our employees and volunteers;
  • Other funders such as local churches trusts or other relevant funding bodies (from time to time opportunities may arise where we can recommend applicants to other funders, or share details of applications – all applicants are asked if we may share their application details as part of our application process);
  • With contractors, agents and other third parties who provide services to us.

If you use our website to make a donation or pay for an event, details will be processed by Stripe on our behalf. If you make a payment by credit or debit card over the phone, your payment will be processed by Worldpay on our behalf. If you donate by direct debit your payments will be processed by Access and GoCardless on our behalf. Data which is processed includes your payment information, such as your credit or debit card number and other card information, bank account numbers and sort codes and other account and authentication information, as well as billing, and contact details. We ensure that these suppliers abide by our data processing agreement. Membership, grant applications and contact information is shared with our CRM provider Donorfy.

Grant applicants are required to submit bank information to us either at application or payment stage – this can either be done via our grant application system or emailed or posted to us. Our grant application system Benefactor is hosted by the Gallery Partnership whose privacy statement can be found here:

Data retention

We will hold your personal information on our systems in accordance with our data retention policy. For example we will keep a record of donations for at least seven years.

If you request that we remove your details we will keep a skeleton record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us in future.

The nature of our work is such that we may have lifelong relationships with donors, beneficiaries, and supporters. Legacy income is vital to the running of the charity. We may keep data you provide to us for a specified length of time, to carry out legacy administration and communicate effectively with the families of people leaving us legacies. This also enables us to identify and analyse the sources of legacy income we receive.

Security and performance

National Churches Trust uses a third party service to help maintain the security and performance of the website and we may share information with this third party where necessary.

What are your rights?

You have several rights in relation to your personal data. These include accessing your data, correcting any mistakes, having your data erased, restricting the processing of your data, objecting to the processing of your data, data portability, and rights relating to automated decision making and profiling.  In most cases there are conditions attached to these rights. Please see below for further information on each of these.

Accessing your data

You can ask us to:

  • Confirm whether we are processing your personal data;
  • Give you a copy of that data;
  • Provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we carry out any automated decision making or profiling.  We aim to give you all this information in this privacy policy, although if anything is unclear, please contact us on

You do not have to pay a fee for a copy of your information unless your request is unfounded, respective, or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.

We aim to respond to you within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months. We will let you know if we are going to take longer than 1 month in dealing with your request. If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive. This will help us action your request more quickly.

Correcting your data

You can ask us to correct any data which is inaccurate or incomplete. This is free of charge.

If we have shared the data with anyone else, we will tell them about the correction wherever possible.  We aim to deal with requests for correction within 1 month, although it might take us up to 3 months if your request is particularly complicated.

If we can't action a request to correct your data, we will let you know and explain why this is.

Erasing your data

This right is sometimes referred to as "the right to be forgotten".  This is not an absolute right but you have the right to have your data erased, free of charge, in certain circumstances. 

You can ask for your data to be erased where:

  • It is no longer necessary for the purpose for which it was originally collected or processed;
  • We are processing your data based on your consent, and you withdraw that consent;
  • You object to the processing and we do not have an overriding legitimate interest for continuing;
  • Your data has been unlawfully processed;
  • Your data must be erased to comply with a legal obligation;

There are some exceptions to this right. If one of these applies, we do not have to delete the data.

If we have shared your data with third parties, we will tell them about the erasure of your data unless this is impossible or would involve disproportionate effort.

Restricting the processing of your data

You can ask us to restrict the processing of your personal data in some circumstances, free of charge. This is not an absolute right. If processing is restricted we can store the data and retain enough information to make sure the restriction is respected, but we cannot further process your data.

You can restrict the processing of your personal data in the following cases:

  • If you contest the accuracy of your data, we will restrict processing until we have made sure the data is accurate;
  • If you object to our processing and we are considering this objection;
  • If the processing is unlawful but you do not want us to erase your data;
  • If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.

If we have disclosed the data to a third party, we will inform them about the restriction unless it is impossible or would require a disproportionate effort. We will tell you if we decide to lift a restriction on processing your data.

Objecting to the processing of your data

Objecting to the processing of your data is free of charge. It is not an absolute right but you can object to our processing of your data where it is:

  • Based on legitimate interest; or
  • For the purposes of scientific/historical research and statistics.

We will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the data for the establishment, exercise, or defence of legal claims.

You can require us to stop using your data for direct marketing purposes. We will stop as soon as we receive your request. There are no exemptions or reasons for us to refuse.

Data Portability

This allows you to obtain and reuse your personal data for your own purposes across different services. It applies where the following conditions are met:

  • You provided the personal data to us yourself;
  • We are processing the data either based on your consent or because it is necessary for the performance of a contract; and
  • The processing is carried out by automated means.

We will provide your data free of charge in a structured, commonly used and machine readable form. We aim to provide your data within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months. If we are going to take longer than 1 month we will let you know and explain why we need more time. If we consider that we cannot provide you with your data, we will contact you and explain why this is.

Keeping your data up to date

If your personal details change, please help us to keep your information up to date by notifying us. You can also request access to any information we hold about you at any time by

  • Emailing; or
  • Writing to the Finance and Governance Officer, the National Churches Trust, 7 Tufton Street, London SW1P 3QB

Contact and complaints

If you have any questions about this policy or about how we use your personal data please email call 020 7222 0605, or write to the Finance and Governance Officer,  The National Churches Trust, 7 Tufton Street, London SW1P 3QB.

If you are unhappy about how we are processing your data or how we have responded to a request or complaint, you have the right to make a complaint to the UK's data protection regulator, the Information Commissioner's Office (ICO). You can find more details about how to contact the ICO on their website


Changes to this policy

We may change or update this policy from time to time so please check this page periodically.

This policy was last reviewed on 2nd October 2023