Please do click on the titles below to find out answers to our most frequently asked questions.
Concerned about the GDPR (General Data Protection Regulations)?
ChurchBuilder is currently putting measures into place to help your church comply with the new laws coming in next May (2018). For more information on this do get in touch with us.
Does ChurchBuilder comply with data protection laws?
We are required by law to adhere to the Data Protection Act requiring that data is kept inside the EU unless we can guarantee that the people running the system will adhere to the same data protection rules to which EU members are subject.
Our servers are in the EU and are owned by us which means that we have complete control over what happens to the data after a server is decommissioned, and can ensure that the disks are destroyed.
Concordant Systems Ltd is registered with the Information Commissioner's Office.
How secure is ChurchBuilder?
Access to ChurchBuilder is controlled by username and password and strength checking is done on passwords providing you with information on how to make your password stronger.
The decision as to who can login to your church site is at the discretion of your church leaders. All 3 versions of ChurchBuilder allow you to set automatic logins for groups of your choosing, so that you control who logs in without the burden of having to issue individual passwords to each church member.
The connection between the user's browser and ChurchBuilder is encrypted using a similar type of encryption as online banking and other secure websites.
Once a user is logged in, the system uses a powerful protection mechanism for deciding what level of access to each feature that user is allowed. All of these protections are set up by your own webmasters/site administrator so that you can choose what people can see or change.
Where is our data kept?
We own and maintain our own servers which are housed in the RapidSwitch data centre in Maidenhead, Berkshire.
By owning the servers we can have tight control over what happens to your data:
- we can be sure that it stays in the EU to be compliant with EU data protection laws
- we can be sure that only our own trusted staff have access to it
- we can be sure that when the disks reach the end of their life they get destroyed.
We also back-up the data to a secondary location every night, encrypting it so that the backups cannot be read by anyone else.
How to I convince our church members that their data is safe with ChurchBuilder?
There is always an understandable fear of data being kept somewhere out of your own control and we deal regularly with this question.
Until churches come to think about putting their data officially online, their members often don't think about where their data is currently stored. That could be on a church office computer or in the homes of members of staff or church volunteers who are each storing differing sets of information. These computers may not be backed up and the data is probably not encrypted. Home PC's are often very susceptible to viruses which can give access to your data to people who could misuse it. When the computers needs replacing the hard discs containing church data aren't necessarily physically destroyed, rather they can be put into the rubbish where they can be found and potentially restored.
Similarly, church members leave copies of physical church address books on display in their homes or carry them around in their bags, which carries the potential for theft.
In contrast, ChurchBuilder data is kept locked in a secure data centre with regular back ups and encryption to afford you further peace of mind. Our team are all committed Christians and we don't look at your data unless you ask us to or we view your site for the purposes of product development or to improve our service.
It is often a case of needing to listen to the fears of church members, particularly those not part of the new "technological" generation that has dawned and then gently reassuring them with the facts.
How should our church comply with data protection laws?
Any organisation is entitled to store information about people without their permission as long as it is necessary for the day-to-day running of the organisation.
You do have an obligation to keep people's personal information secure and to remove information about people who are no longer connected with the church. To help with these tasks, ChurchBuilder has many security features and search features that allow you to control, access and manage your data.
If you want to publish contact information - for example, having an online or printed church directory, or if you want to send out emails advertising for example, upcoming church events, then you need to gain permission from your members. Firstly permission to publish their information and secondly permission to send them what are classified as "marketing" emails.
The best way to deal with this may be to produce a form for your church members with tick boxes for the different options, which they can fill in and sign.
For more help with Data Protection and your obligations as an organisation, do visit the Information Commissioner's Office website.