As a software development company, we are well aware of our responsibility when it comes to the development, hosting and ChurchTools support. Our Christian worldview leads us to ensure the appropriate handling of personal data according to data protection standards. We expect careful handling of our data, and therefore we would like to approach the security of all ChurchTools users in the same manner. Please be aware of the fact that it is impossible to guarantee perfect security on the internet. We believe that we are doing our very best to ensure the security of your data, however a certain residual risk concerning personal data cannot be completely eradicated by our efforts.
ChurchTools seeks to provide a platform for the central organization of contacts (friends, members, etc.), resources and documents, and to support the planning of events, including songs, facts, and calendars. Thus, ChurchTools unites the most important functions for the cooperative development of churches. ChurchTools is set up in a way which allows you to process user data purposefully. Separate modules are used to execute different functions. You can choose which functions you would like to use and which functions you would like to make available for the use of your members.
Even in the developmental stages of the software, ChurchTools places a high value on data economy. Within the modules and input masks, we implement the principles of “privacy by default,” and “privacy by design” in such a way that by default, only data fields required for the specific purpose are to be filled out. Church administrators may add additional data fields to meet their requirements. ChurchTools recommends the economical use of data but does not have an influence on the data fields added by the church administrators.
According to the above-mentioned principle of earmarking, ChurchTools is designed in such a way, that only the data necessary for a specific task is required. By only maintaining the required data, churches can still fulfil their desired purposes. We cannot influence which additional data fields may be regarded as necessary, but we generally recommend churches to only add necessary data.
Church members can personally enter their data into ChurchTools. In this way, they may determine which of their personal data is to be saved. Alternatively, an administrator can enter the data into the ChurchTools database. We recommend churches to agree on the data that is to be entered so that every church member can decide what kind of data is to be used.
Via their user accounts, church members can see which personal data is saved. They may also edit or delete their data when necessary. If an administrator creates user accounts for their members, the members will then receive an email notification. In case of questions regarding personal data, you may approach the administrators of the church. Should church administrators be unable to help, please do not hesitate to contact ChurchTools. However, the church itself is responsible for answering inquiries from the concerned parties.
Our software solution ChurchTools can either be self-hosted on a church server or hosted through us. By choosing the self-hosting option, you also take on the responsibility of ensuring the security of your web server. You may benefit from the security of our computer centers if you choose to be hosted through ChurchTools. Your ChurchTools installations are hosted through German computer centers belonging to a German provider (HETZNER Online). The storage location is in Germany and will remain there. Your data will not leave Germany.
The computer centers run by HETZNER Online passed the ISO 27001 certification and therefore meet the standards required for functioning IT security management organizations, data security and the availability of your data.
Our software has a user-friendly design which allows you to resolve most issues without further support. Please do not hesitate to contact our support team if assistance is required. Our support team will gladly help you to identify the issue. If a problem cannot be resolved via the phone or email, you can decide whether or not we attempt to find a solution by using remote maintenance (e.g. via Teamviewer) to access your computer. Remote maintenance access is encrypted with secure and up-to-date encryption processes to protect your data from unauthorized third-party access.
In the case that the remote maintenance does not lead to a solution, permission may be sought after to access directly, or to obtain a copy of your ChurchTools database. This access will be documented and is dependent on your permission.
We have taken manifold technical and organizational safety precautions to secure the use of ChurchTools. Please find an extract of these protective measures below:
Of course, it is possible to remove the data of members who decide to end their membership. ChurchTools supports the irrevocable deletion of data. Alternatively, people can also be archived. In this way, they will no longer appear in the list of people, but are still saved in the archive, which is only accessible by users with the appropriate permissions (Blocking in the case of data protection). Please find out whether your church is bound to a retention period which may not allow you to delete data (e.g. the list of participants of retreats has to be kept for 10 years).
If at any point in time you would like to stop using ChurchTools, you may end the cooperation with us any time. In this case, we will export your data in CSV format and make it available to you so that you may continue to use your data. Please let us know if and when we are to delete your data completely.
Yes, we can provide a contract for data processing. Please contact us to request the contract. You will then receive a standard agreement with the technical and organizational measures attached. We kindly ask for your understanding of the fact that we are working with a standardised agreement due to our partnership with over 1000 churches.