British English Australian English
It looks like our English site might suit you better, would you like to go there? Change to the English site
It looks like our Australian site might suit you better, would you like to go there? Change to the Australian site
ChurchSuite Privacy Notice


Any further updates to this privacy notice will be posted here.


ChurchSuite Ltd. is committed to the protection of the privacy of all our customer Organisations who use The Service and those who visit our marketing website. Your privacy is really important to us and we understand how important it is to you. Our aim is to be as clear and open as possible about what we do with your personal data and why we do it.

Definitions we use in this privacy notice

  • "Data Protection Law" means all data protection laws and regulations applicable to the UK including (i) the UK Data Protection Act 2018; (ii) UK General Data Protection Regulation ("UK GDPR"); (iii) the Privacy & Electronic Communications Regulations 2003 ("the PECR") relating to electronic communications; (iv) In the event that the EU GDPR (as defined in the Data Protection Act 2018) applies to activities, we will comply with the EU GDPR; and applicable national implementations of (iii) and (iv).

  • "The Service" means our proprietary ChurchSuite software (including where the software is made available through a CharitySuite brand), which is accessed online through a web browser, or by using our mobile applications (Apps).

  • "you", or "your Organisation" means you as an individual or the organisation you belong to as you interact with ChurchSuite. More specifically we define you as a data subject, as defined within the context of Data Protection Law, under the ‘Whose data do we collect?’ section.

  • "us", "we" and "our" refer to ChurchSuite Ltd. In the relationship between us as you use The Service, our marketing website, and our customer support services, ChurchSuite Ltd should be considered the Data Controller (the Service Provider) as defined within the context of General Data Protection Regulation Data Protection Law. This means we decide how your personal data is processed and for what purposes (explained below).

Scope of this Privacy Notice

Please be aware that this Privacy Notice does not cover data that ChurchSuite processes on behalf of its customers - only that which we handle directly. For data held by our customers please refer to their individual privacy policies.

Whose data do we collect?

We collect data from a few types of individuals for different purposes:

  • Our customers, who are churches, charities, businesses or individuals who are subscribed to The Service, including those temporarily trialling The Service.

  • End users, those who use The Service as provided by our customers or visit our marketing website.

  • Consenting users, those who have given us consent to use their data for a specific purpose (consent includes subscribing to our mailing list, engaging with us at an event, giving us a review or attending a training event, amongst others).

What data do we collect?


The data we collect from our customers includes that which is specific to the customer, as well as that relating to the contacts for the Organisation. The data collected includes:

  • Organisation name (including ‘known by’ names)

  • Contact details (account, billing and data protection contacts)

    • Full name

    • Phone numbers

    • Email addresses

    • Job titles

  • Billing address

  • Organisation type

  • Charity information

  • Organisation social media and website details

  • Billing information

  • Statistics about account usage

  • Customer referral

  • Third-party integration links

End Users

We do not collect personal data from end users for marketing, profiling, or advertising purposes as part of using The Service or our marketing website. However, like most websites, we do keep access logs for security and troubleshooting purposes which includes the following data:

  • IP addresses (Location/Country)

  • Browser type and language

  • Operating system

  • Device type

  • Timezone

If, as an end user, you contact us for support using The Service we will collect the following extra data, if provided, as a means to provide support:

  • Email address and/or telephone number

  • Full name

  • Organisational affiliation

  • Contents of the support request

  • Website or Service URL you contact us from

Consenting Users

We only hold data that is provided to us for a specific purpose and will vary depending on the context of when consent is given. Consent can be revoked at any time. Data collected may include:

  • Full name

  • Email address

  • Organisational affiliation

  • Telephone number

  • Review content

  • Job title

What data do we collect via third parties?

ChurchSuite obtains the following data for customers from third party sources (including organisation websites, social media accounts, email signatures and the Charity Commission) when you sign up for a trial of The Service:

  • Your job title within the organisation

  • Organisation social media accounts

  • Organisation type

  • Organisation ‘known by’ names and abbreviations

  • Charity information

We do not collect data from third parties about end users or other individuals.

What does ChurchSuite do with the data collected?


We collect data from customers necessary to perform and manage the contract. Organisation and account contact details are also used for good governance and accounting, market research, analysis and developing statistics.

We will use contact data to communicate with you about:

  • Technical or security issues within The Service that affect your organisation’s use of The Service.

  • Changes to the functionality that may affect your Organisation’s use of The Service.

  • Support and training we offer to help you train and resource your users and maximise your Organisation’s use of The Service.

When the contract between us has ended we will opt you out of all communication relating to The Service and will no longer contact you; unless you contact us or have requested we contact you at a later date. We will retain basic contract contact details and financial information for internal statistical and reporting purposes and to comply with our legal obligations.

End Users

The data collected as part of using The Service or marketing website is used:

  • As part of usage analytics so we can understand our general traffic patterns and Service usage. We will never use your data to track or monitor you as an individual for marketing or advertising purposes.

  • To troubleshoot issues with The Service or marketing website that need us to understand any requests relating to the issue.

  • To uphold Service security, allowing us to detect anomalous or unauthorised requests.

The data collected to provide support is used to:

  • Communicate with you regarding the support request.

  • Troubleshoot the issue with The Service or marketing website that needs us to understand and/or replicate the problem.

Consenting Users

The data collected is only used for the original intended purpose i.e. that which is necessary for us to administer the data as outlined when acquired and to communicate with you about your interest. You can revoke consent for the processing of this data at any time.

What is our lawful basis for using your information?

We only collect and use personal data as the law allows us to. We do so under four different lawful bases of processing which are:

  • You have provided us with consent to process your data for a specific purpose.

  • Necessary for the performance of a contract.

  • Necessary for our compliance with legal obligations.

  • Necessary due to our, or a third party’s, legitimate interest which does not contradict your rights or freedoms.

Where legitimate interest is identified as a lawful basis, we will undertake a legitimate interest assessment which is a three part test covering:

The purpose test – to identify the legitimate interest

Necessity test – to consider if the processing is necessary for the purpose identified

Balancing test – considering the individual’s interests, rights or freedoms and whether these override the legitimate interests identified.

How long do we keep your data?

We keep data in accordance with the guidance set out by the UK Data Protection Law and retain it for as long as it is relevant, or need to in accordance with laws, regulations and professional obligations.

We have internal processes to periodically review the data we hold and delete data that is no longer relevant to our purposes for processing.

What cookies do we use?

We only use cookies that are necessary and functional to the operation of The Service and the marketing website. You can view more information in our cookie policy.

What data does ChurchSuite share with third parties?

To support the delivery of The Service, we engage and use a range of data processors who may have access to some Service data; each a “Sub-processor”. A list of the sub-processor services that we use, their location and their role can be found on our website here.

Beyond those sub-processors we use to support and deliver The Service (and those necessary for hosting our marketing website), the information we hold about you and your Organisation for The Service will be treated as strictly confidential. Should we need to, we will only share your/your Organisation’s contact details with another party outside of our sub-processors with your prior consent, or unless required to do so by law.

How secure is your information?

We take security very seriously and will do everything within our power to keep your information safe in accordance with our obligations under Data Protection laws. We have in place technical and organisational measures to ensure your data is secured - preventing it from being accessed in an unauthorised way, altered or disclosed.

We have policies and procedures to handle any potential security breaches and will notify data subjects, third parties and any applicable regulators where we are legally required to do so.

We will never sell, rent, distribute or otherwise make your personal information commercially available to any third party, but information may be shared as outlined under the section ‘What data does ChurchSuite share with third parties?’ and we will process it as outlined in this privacy notice.

Details on the technical measures we take to manage your data securely can be found on our security page.

Does your information ever leave the UK/EEA?

While The Service and the marketing website are hosted within the UK we will share personal information to third parties outside of the UK or European Economic Area (EEA) but will only do so with our sub-processors, a list of which can be found on our website here.

Where personal data is transferred outside of the UK we will only do so with that data which is absolutely necessary. If there is no suitable adequacy decision for the country to which the data is being transferred then we will carry out a transfer risk assessment and ensure other safeguards are implemented prior to transferring data. These can include:

  • Standard Data Protection Clauses such as the International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum (Addendum)

  • Binding Corporate Rules in accordance with Article 47 of the GDPR (UK & EU)

  • An exemption as defined in Article 49 of the GDPR (UK & EU)

Does ChurchSuite use any automated decision making with your data?

When registering for a trial of The Service through our marketing website we will use automated decision making to determine whether or not to automatically approve the trial. This process takes into consideration your location, organisation website and email to determine whether or not the trial requires manual approval. This processing is done as a means to manage security risks to the service.

Your data is not used in any other automated decision making or profiling outside of this.

What happens if ChurchSuite changes how it processes data?

If we ever need to use your/your Organisation’s contact information for a new purpose, not covered by this Privacy Notice, we will provide you with a new notice explaining the new use prior to starting that processing and setting out the relevant purposes and legal basis for processing. Where and whenever necessary, we will seek your prior consent to the new processing.

Your rights and your information

Unless subject to an exemption under the UK Data Protection Law, you have the following rights with respect to your personal data: -

  • Access to your information: You have the right to request a copy of the personal information that we hold about you.

  • Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

  • Deletion of your information: You have the right to ask us to delete personal information about you where:

    • you consider that we no longer require the information for the purposes for which it was obtained or that we no longer need to retain it in accordance with our statutory obligations under UK Data Protection Law;

    • you have previously consented to us processing your data but you have now withdrawn that consent;

    • you object to the processing of your data that we are doing so under legitimate interest and there is no overriding legitimate interest to continue;

    • your data is being used for direct marketing purposes and you object to your data being used for that purpose;

    • our use of your personal information is contrary to law or our other legal obligations.

  • Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, when we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

  • Portability of your data: you have the right to transfer the personal data you have provided us to another provider or service by retrieving your data in a machine readable format.

  • Withdrawing consent using your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given. Please contact us in any of the ways set out in the ‘Who do you contact if you have any privacy concerns?’ section if you wish to exercise any of these rights.

  • Automated decision making and profiling: we do not perform any profiling of individuals, and the only automated decision making is made when you register for a trial which is required as part of registering for The Service. Details for the automated decision making can be found under the section ‘Does ChurchSuite use any automated decision making with your data?’

  • Lodging a complaint: If you feel we have used your information incorrectly or without a lawful basis, or you dispute our lawful basis, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) - details found under the section ‘Who do you contact if you have any privacy concerns?’.

Who do you contact if you have any privacy concerns?

We can provide you with access to the personal data we hold about you/your Organisation at any time. We ask that requests be made in writing to ChurchSuite Ltd, Floor 2, 1 Broadway, Nottingham, NG1 1PR, UK, or by email to

If you have a data protection, security or privacy-related question or complaint, please contact ChurchSuite by email in the first instance, where we will do our best to assist you or resolve an issue.

Alternatively you can contact our data protection officer who is Bulletproof Cyber Ltd, Unit 13, Gateway 1000, Arlington Business Park, Whittle Way, Stevenage, Hertfordshire, SG1 2FP (

Or you can contact the Information Commissioner's Office via post Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or using the contact details on their complaint portal.

European Union (EU) Representative

If you are based within the European Union, as per Article 27 of the EU GDPR, we have appointed European Data Protection Office (EDPO) as our EU representative and you can contact them using their online request form or alternatively by writing to EDPO at Regus Block 1, Blanchardstown Corporate Park, Ballycoolen Road, Blanchardstown, Dublin D15 AKK1, Ireland.

Start your free trial today!
Don’t just take our word for it. Try it for yourself! We’d love you to take up this 30 day free trial so you can see how ChurchSuite will benefit you.