Europia Privacy Policy 

Europia is committed to protecting all information that we handle about people we support and work with, and to respecting people’s rights regarding how their information is handled. 

The legislation under the General Data Protection Regulations (“GDPR”), sets out requirements on us in relation to your personal data, as well as providing you with rights in relation to your personal data. 

This Privacy Policy sets out how and why Europia collects, stores, processes and shares your personal data. If you have any questions about this Privacy Policy or your rights under it, please contact us at or

Conditions for Processing Data

We are only entitled to hold and process your data where the law allows us to. The current law on data protection sets out a number of different reasons for which a charity may collect and process your personal data. We might collect data to communicate with our users, provide them with the requested information or to improve our services.

We might collect your data for the following reasons:

Contractual obligation

The main purpose of our holding your data is to provide you with advice, support and legal services that you have requested or been referred to. This is based on the agreement we have with you. This agreement is a contract between us and the law allows us to process your data for the purposes of performing a contract (or for the steps necessary to enter into a contract).

Legitimate interest

In specific situations, we require your data to pursue our legitimate interest in a way that might reasonably be expected as part of running the charity and which does not materially impact your rights. This may include satisfying our external quality auditors or our Regulators.


If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity.


In some situations, we can collect and process your data with your consent. When collecting your personal data, we’ll always make clear to you which data is necessary for connection with a particular service.

We may also record your data and contact you in regard to the payments you make to Europia, communicate with you in regard to our work and campaigns, and obtain information to improve our services and user experience.


When do we collect your data?

We collect your data when you provide it to us or someone provides it to us on your behalf. The collection of data may be face to face, via email, phone call, zoom call or through the referral process.


What data do we collect?


Purpose Data (key elements) Basis
General inquiry  Name, email address/ phone number Legitimate interest
Welfare and immigration advice Name, contact details, demographics, address, NINo*, copy of ID*, financial information*

*on request

Contractual obligations
Europia Emergency Fund Name, email address, phone number, address, copy of ID, payment information Consent
Advocacy, legal advice Name, demographics, phone number, address Consent
Website Website activity collected through cookies Legitimate interest
Donation Name, email address, payment information Legitimate interest
Newsletter Name, email address Consent


Sensitive Data

We sometimes also collect sensitive, personal data about individuals, This includes information about your health, religion, sexuality, ethnicity, and criminal records. We will normally only record this data where we have your explicit consent unless we are permitted to do so in other circumstances under data protection laws. For example, we may make a record that a person is vulnerable to comply with requirements under charity law and for safeguarding purposes. Where we are providing you with advice or support services, we may record your sensitive personal data if this is necessary for the advice, or if it is in the substantial public interest because we would not be able to provide our services without doing so.


How do we use your data?


When you supply personal information to us, we are legally obliged by the General Data Protection Regulation 2018 to ensure that the information you have provided is only used for the purpose for which it was intended, and to ensure that the data is kept securely. We will only use your data in a manner that is appropriate considering the basis on which that data was collected. We will use an electronic case management system that will store all the relevant personal information, including contact details, case notes, emails, and relevant documents. 


When do we share your data?


We will only pass your information to a third party under these circumstances:


  • You have provided your explicit consent for us to share your data with a named third party;
  • We are obliged by law to share your personal information.


Where is your data processed?


Your personal information is processed and stored within the UK. We will ask for your specific consent if it will be needed to share your data outside the UK.


Retention of your data


We aim to keep your data for as long as necessary for your purpose(s). According to our Regulator, we should store it for six years after your case ends.


Rights you have over your data

We will process your personal data in line with your rights to:

a)    request access to any of your personal data held by us (known as a Subject Access Request);

b)    ask to have inaccurate personal data changed;

c)    restrict processing, in certain circumstances;

d)    object to processing, in certain circumstances, including preventing the use of your data for direct marketing;

e)   data portability, which means to receive your data, or some of your data, in a format that can be easily used by another person (including the data subject themselves) or organisation;

f)    not be subject to automated decisions, in certain circumstances; and

g)  withdraw consent when we are relying on consent to process your data.


Our registrations:

We are registered with IOC; our Registration reference: ZA148986. 

We are currently working towards becoming a Cyber Essentials Standard organisation as well. 


How to complain


If you have any concerns about our use of your personal data or would like to access your rights, contact us at or


If you’re not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the UK data protection authority, the Information Commissioner’s Office (ICO).


The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane Wilmslow




Helpline number: 0303 123 1113 

ICO website:

                                                                                                                                                                                               Updated in April 2022


Europia Newsletter

Subscribe to our newsletter to get updates and news on Europia

Click to listen highlighted text!