Practical example of data protection

5 Min. lesen

Table of Contents

Here are some tips on how to gather additional information on data protection.
We explain general setup and administration on the data protection help page.
We also recommend taking a look around the forum. Many good questions are asked and discussed there.

Our tools for your data protection #

(This article was originally published on our blog)

Where there’s planing, there’s chipping. Or as you might say in IT: Where there’s a web service, there’s data. We wouldn’t need data protection if we didn’t store any data, and between you and me: without data, ChurchTools would be pretty desolate and empty. But the fact is that as soon as you work with ChurchTools, your data is stored, processed and output. Only with this information does it make sense to use ChurchTools for church work. However, in order for your church to be allowed to save your data, you must submit a so-called declaration of consent.

Declaration of consent #

Anyone wishing to process personal data often needs a declaration of consent from the data subject. By inference, however, this also means that a declaration of consent is not always necessary.

The GDPR describes a few cases in which a declaration is not necessary:

  • If the data processing is permitted by law.
  • If data is necessary to fulfill a contract or to initiate a contract.
  • Or if there is a legitimate interest that outweighs the privacy of the data subject.

Each congregation must decide for itself on a case-by-case basis whether one of these points applies; if necessary, this question must be clarified by the data protection officer. If none of the points apply, the law stipulates that you need a declaration of consent in order to process the data.

Functions in ChurchTools #

The following things are possible

  • Store consent information for a person.
  • Declare the consent information as a mandatory field.
  • Activate banner so that users can give their consent themselves in ChurchTools.
  • Set whether users may also consent for their children.
  • Adapt the consent texts.
  • Filter by data protection information.

Data protection information #

One declaration is not enough, at least according to the GDPR. To ensure that no one gets into trouble afterwards, the information must be stored and logged when, how and by whom.

A new “Data protection” section has therefore been added for each person, where precisely this data can be displayed, saved and changed. The date in particular is crucial. Without a date, ChurchTools assumes that this person has not yet made a declaration.

Persons - Detail information - Data protection

ChurchTools provides four reasons why a user might have made the declaration:

  1. Group registration form
  2. Direct consent by person in ChurchTools
  3. Written consent outside of ChurchTools
  4. Verbally at check-in

The information about who has consented for the person is also crucial. We differentiate here between:

  1. Person has given consent
  2. The parents have given their consent

If more reasons are required, an admin can add new reasons in the master data at any time.

Obligation to give consent #

The Super Admin* can find all settings for the declaration of consent in the System settings.
Click on Manage ” Privacy / Security ” Declaration of consent.

* the person(s) entered in the configuration file.

In the menu there is a checkbox with which you can activate the information on consent as mandatory fields.
Why does this make sense? Some congregations have their own declarations of consent on paper and therefore already have this information. It would be unnecessary to ask for the information again in ChurchTools.
Nevertheless, we recommend entering the information in ChurchTools, as this allows you to quickly filter who has not yet submitted the declaration.

System settings - Data security Data privacy - Declaration of consent
A super admin can set that the information on the declaration of consent is mandatory when creating new persons.

If the fields are mandatory, this has an effect on the new creation of a person via the People module, but this information is also required when importing via a CSV file.

Activate consent banner #

There is a second checkbox that allows users to be prompted with a banner to give their consent themselves.

From time to time we are asked whether this is even legal. The declaration of consent must be on paper. That is not correct. The GDPR does not specify a medium for consent. It can be given in writing on paper or electronically. Even verbal consent is permitted. The only important thing is that it is recorded.

Persons - Login - Consent banner
A smart blue banner is displayed if the user has not yet given their consent.

The banner is demonstratively displayed above the menu if the user has not yet given their consent. The blue button opens a pop-up with the link to the privacy policy, i.e. the option to submit the declaration for their account.

Consent for children #

You can create any kind of person in ChurchTools, whether it’s a baby or the centenarian who’s just stepped out of the church window. But that brings us to a question: If the junior uses ChurchTools but is under 16 years old, how can they give their consent?

This is because you are only of legal age at the age of 16 and, according to the GDPR, can give your consent yourself. Before that, parents or guardians are responsible. For ChurchTools users, this problem is also quickly resolved.

Parents are also able to submit the declaration of consent for their children. If your own children have not yet given their consent, a list of all children appears in the pop-up (above the banner) and you can tick the box to indicate which children you would like to give consent for.

Declaration of consent also for children
Parents can also submit a declaration of consent for their children.

The dialog now prompts you to enter the date of birth so that the tool can check whether the declaration can be made for this child.

If a child is assigned to a person in ChurchTools, this does not mean that the spouse has the same connection with the child. It is therefore crucial that the admin specifies in the settings which type of search for children should be used.

In other words, can I only see “my” children who are also connected to my account, or can I even see my partner’s children? Churches handle this connection very differently and therefore we offer these two options.

Who has not yet given their consent? #

As the information is linked to a person, we have another advantage: we can filter. Via the menu item More filters, we can use a date filter to search for people who have either already given their consent or have not yet done so.

Persons - More filter - Consent given on
Using a date filter, we can find the people who have not yet submitted a declaration of consent.

Revoke declaration #

The GDPR clearly states that the declaration of consent given can be revoked at any time. This means that if I no longer want my data to be stored, I can withdraw my consent at any time.

In our case, this means that you have to contact the admin of your ChurchTool (usually a member of the congregation) and withdraw your consent. This is best done in writing so that the whole thing can be verified.

See also practical tip: #

Use group fields for complex filters (for example for additional information on data protection, e.g. use of photo, permission for year of birth…)

Aktualisiert am 22. January 2026
Was this page helpful for you?
  • Content outdated, Screenshot outdated
Table of Contents