When you work with a web service such as ChurchTools, you store and process data, e.g. about your congregation or the people who belong to your congregation.
The correct and, above all, legally correct handling of this data is essential. That is why the topic of data protection has been highly relevant not only since the GDPR came into force and you must ensure that you handle the data in your ChurchTools correctly.
ChurchTools can be used in full compliance with data protection regulations, but it is up to you to make the necessary settings and find out about the legal regulations that apply to you and your congregation. Only if you know which rules apply to you can you implement them.
Parishes may have very different data protection requirements, depending on the legal form under which a parish is organized.
For this reason, it is also impossible for ChurchTools to be delivered perfectly compliant with data protection requirements.
It is therefore best to find out from your church association, data protection officer or appropriately trained lawyer which regulations apply to you and then implement them in your ChurchTools installation.
In this article, we explain how you can configure the various data protection settings in your ChurchTools.
You can find the privacy settings in the system settings in the Privacy/Security tab.
They can only be adjusted by a super admin of your ChurchTool.
General #
In the General tab you will find some basic data protection settings.
You can specify whether people for whom you create a new Account should automatically receive a data protection email informing them which of their data is stored in ChurchTools (1).
You can also use the OpenStreetMap maps (2). This is a map service that runs via the ChurchTools server and provides you, for example, with the map data in the user maps of the people saved in your ChurchTools installation.
If the ChurchTools app is used in your congregation, you can also set that users must enter the security code for their smartphone (PIN, Face ID, etc.) if they want to access personal data in the app (3). People who have not protected their smartphone in this way will not be able to access personal data in the app.
Confidentiality agreement #
The settings for the confidentiality agreement can also be found in the General tab.
A confidentiality agreement obliges users to treat the data they can see in ChurchTools confidentially. You can specify here whether users must accept the confidentiality agreement when they register for the first time before they can use ChurchTools.
To make it easier for you to draw up such an agreement, we have provided a template in ChurchTools that you can adapt to your congregation’s situation.
You can find out how to adapt the template or create your own confidentiality agreement in ChurchTools here.
CSRF prevention #
This setting is only relevant if you are still using the old ChurchTools API.
You can find more information about CSRF and the associated setting here.
Two-factor authentication for the LDAP service #
If you use the LDAP service and want Registration to use 2-factor authentication if this is activated for the specific user, you can set this.
You can find more information on this here.
Declaration of consent #
If you store personal data in ChurchTools, it is usually necessary for these persons to give their consent. The form in which consent is given is not specified, the only important thing is that you record that the persons have consented to the data storage.
You can either enter this entry manually or you can give the users themselves the opportunity to give their consent (3). You can also specify whether the information about the declaration of consent is mandatory when a new person is created (1) and whether this should also be the case when you import people via the API (2).
You can of course adapt the text of the declaration of consent. You can find out exactly how this works here.
Privacy policy #
Every church that uses ChurchTools needs a privacy policy. Since you process data in ChurchTools, there is no way around it.
A privacy policy does not have to be complicated and should not be complicated at all, and if your church does not yet have its own privacy policy, we have provided you with a template in ChurchTools that you can adapt to your church situation.
Basically, the privacy policy must inform the people whose data you store in ChurchTools in an uncomplicated and transparent manner that their data is stored and processed in ChurchTools, which data this is specifically and for what purpose this is done.
Typical components of the privacy policy can be, for example
- Cookies: What are they used for?
- IP addresses: Why does this website store the IP?
- Tracking: Which tracking tools are used? (Google Analytics, Matomo/Piwik)
- Data transmission: If YouTube videos or social media posts are used, this must be mentioned.
Your privacy policy can always be viewed at the URL of your ChurchTools installation with the addition /dataprivacy, e.g. https://demo.church.tools/dataprivacy .
You can find out how to edit the privacy policy in ChurchTools here.
Imprint #
In most cases, your congregation will need an imprint. This is basic information about the identity of the operator of a website (such as the ChurchTools installation of your congregation).
You can find basic information about who must provide an imprint and what information it must contain here.
If your church already has a public imprint, e.g. on your website, you can probably use this imprint and link it in ChurchTools. However, you can also create an imprint directly in ChurchTools. You can find out how to do this here.
Right to information #
All persons about whom you have stored data in your ChurchTools installation have the right to receive information about this data.
To make this data information as easy as possible for you, you can use ChurchTools to create a data sheet in pdf format for each person stored and send it to the person concerned, e.g. by e-mail.
