{"id":69526,"date":"2026-05-19T05:02:31","date_gmt":"2026-05-19T05:02:31","guid":{"rendered":"https:\/\/youngexplorersclub.ch\/understanding-swiss-camp-social-media-policies\/"},"modified":"2026-05-19T05:02:31","modified_gmt":"2026-05-19T05:02:31","slug":"understanding-swiss-camp-social-media-policies","status":"publish","type":"post","link":"https:\/\/youngexplorersclub.ch\/es\/understanding-swiss-camp-social-media-policies\/","title":{"rendered":"Understanding Swiss Camp Social Media Policies"},"content":{"rendered":"<h2>Young Explorers Club \u2014 Swiss Social Media Policy<\/h2>\n<p>We, at the <strong>Young Explorers Club<\/strong>, present our <strong>Swiss-focused social media policy<\/strong>. It defines covered platforms and content types and puts <strong>minors&#8217; privacy<\/strong> first. We require <strong>centralised account ownership<\/strong> and clear <strong>role-based access<\/strong>. The summary covers the revised <strong>Swiss FADP<\/strong> (effective 1 Sept 2023) and <strong>GDPR<\/strong> issues. It sets strict <strong>consent<\/strong> rules for images of minors, mandates response and escalation timeframes, and includes practical <strong>implementation checklists<\/strong>.<\/p>\n<h2>Key Takeaways<\/h2>\n<ul>\n<li><strong>Scope and governance:<\/strong> centralise account ownership. Keep credentials in an <strong>encrypted vault<\/strong>. Enforce <strong>role-based access<\/strong> and enable <strong>2FA<\/strong>. Run regular <strong>access audits<\/strong> to catch drift and stale privileges.<\/li>\n<li><strong>Consent and safeguarding:<\/strong> get <strong>explicit<\/strong>, time-limited, revocable written consent for minors. Use separate checkboxes for <strong>live streams<\/strong> and for <strong>paid or third-party use<\/strong>. Keep consent records according to <strong>retention rules<\/strong> and make them easy to retrieve.<\/li>\n<li><strong>Response and escalation times:<\/strong> reply to general social queries within <strong>24 hours<\/strong>. Escalate urgent safety issues within <strong>2 hours<\/strong>. Publish a <strong>holding statement<\/strong> in <strong>1\u20132 hours<\/strong>. Provide a substantive update within <strong>24\u201348 hours<\/strong>.<\/li>\n<li><strong>Legal compliance:<\/strong> comply with the revised <strong>Swiss FADP<\/strong> (administrative fines can apply). Assess cross-border transfers and whether the <strong>GDPR<\/strong> applies. Conduct <strong>DPIAs<\/strong> for any large-scale or high-risk processing that involves minors.<\/li>\n<li><strong>Operational controls and training:<\/strong> implement formal content approval workflows. Use templates for <strong>photo releases<\/strong>, <strong>DM triage<\/strong>, and <strong>incident logs<\/strong>. Train staff during onboarding and provide annual refreshers. Enforce progressive disciplinary steps for breaches.<\/li>\n<\/ul>\n<h2>Scope and Governance<\/h2>\n<h3>Accounts and Ownership<\/h3>\n<p><strong>Centralised account ownership<\/strong> is mandatory. All organisation social accounts must be registered under an organisational email and listed in a central directory. Nominate an <strong>account owner<\/strong> responsible for policy compliance and contact details.<\/p>\n<h3>Access Controls<\/h3>\n<p>Enforce <strong>role-based access<\/strong> (e.g., Admin, Editor, Moderator, Viewer). Require <strong>two-factor authentication (2FA)<\/strong> for all roles with publishing or moderation rights. Perform quarterly <strong>access audits<\/strong> to remove stale accounts and adjust privileges.<\/p>\n<h3>Credential Management<\/h3>\n<p>Store all credentials in an <strong>encrypted vault<\/strong>. Do not share passwords through email or insecure chat. Rotate keys and credentials when staff change roles or leave.<\/p>\n<h2>Consent and Safeguarding<\/h2>\n<h3>Consent Requirements<\/h3>\n<p>Obtain <strong>explicit, written, time-limited, and revocable consent<\/strong> from a parent or legal guardian before publishing images, videos, or personal information of minors. Consent forms must:<\/p>\n<ul>\n<li>Identify the <strong>child<\/strong> and the <strong>guardian<\/strong>.<\/li>\n<li>Describe the <strong>specific uses<\/strong> (e.g., website, Instagram, printed materials).<\/li>\n<li>Include separate checkboxes for <strong>live streaming<\/strong>, <strong>paid or promotional use<\/strong>, and <strong>third-party sharing<\/strong>.<\/li>\n<li>State the <strong>retention period<\/strong> and how to <strong>revoke<\/strong> consent.<\/li>\n<\/ul>\n<h3>Record Keeping<\/h3>\n<p>Keep consent records in an organised, searchable system. Apply the organisation&#8217;s <strong>data retention<\/strong> schedule and delete or archive materials when consent expires or is revoked.<\/p>\n<h3>Special Safeguards<\/h3>\n<p>Never publish sensitive personal data about minors (e.g., health details, home address). Use <strong>privacy-first<\/strong> framing: crop images, avoid full names, and minimize identifying metadata.<\/p>\n<h2>Response and Escalation<\/h2>\n<h3>Timelines<\/h3>\n<ul>\n<li><strong>General queries:<\/strong> respond within <strong>24 hours<\/strong>.<\/li>\n<li><strong>Urgent safety issues:<\/strong> escalate to the safeguarding lead within <strong>2 hours<\/strong>.<\/li>\n<li><strong>Holding statement:<\/strong> publish within <strong>1\u20132 hours<\/strong> of acknowledging a public incident.<\/li>\n<li><strong>Substantive update:<\/strong> provide within <strong>24\u201348 hours<\/strong>.<\/li>\n<\/ul>\n<h3>Escalation Path<\/h3>\n<p>Define a clear chain: Moderator \u2192 Social Media Lead \u2192 Safeguarding Lead \u2192 Executive. Maintain an incident log and follow a DM triage template when direct messages involve minors or allegations.<\/p>\n<h2>Legal Compliance<\/h2>\n<h3>Swiss FADP<\/h3>\n<p>Comply with the revised <strong>Swiss Federal Act on Data Protection (FADP)<\/strong>; be aware of administrative fines and mandatory breach notifications. Document lawful basis for processing and retention justifications.<\/p>\n<h3>GDPR and Cross-Border Transfers<\/h3>\n<p>Assess whether the <strong>GDPR<\/strong> applies (e.g., processing of EU\/EEA residents&#8217; data). Where data transfers cross borders, implement appropriate safeguards (e.g., SCCs, adequacy decisions, or contractual measures) and document transfer risk assessments.<\/p>\n<h3>DPIAs<\/h3>\n<p>Conduct <strong>Data Protection Impact Assessments (DPIAs)<\/strong> for any large-scale or high-risk processing that involves minors, including behavioural profiling, automated decision-making, or broad public dissemination of images.<\/p>\n<h2>Operational Controls and Training<\/h2>\n<h3>Content Approval and Templates<\/h3>\n<p>Use a formal <strong>content approval workflow<\/strong> for posts that include minors. Maintain templates for <strong>photo releases<\/strong>, <strong>DM triage<\/strong>, <strong>holding statements<\/strong>, and <strong>incident logs<\/strong>.<\/p>\n<h3>Training and Onboarding<\/h3>\n<p>Train all social media staff on the policy during <strong>onboarding<\/strong> and conduct <strong>annual refreshers<\/strong>. Include scenario-based training for consent handling, DM triage, and escalation.<\/p>\n<h3>Discipline and Enforcement<\/h3>\n<p>Enforce a <strong>progressive disciplinary<\/strong> policy for breaches (e.g., retraining, suspension of access, termination). Log and review all breaches to improve controls.<\/p>\n<h2>Implementation Checklist<\/h2>\n<ol>\n<li>Register all accounts under an <strong>organisation-owned<\/strong> email and add to the central directory.<\/li>\n<li>Configure <strong>role-based access<\/strong> and enable <strong>2FA<\/strong> for privileged users.<\/li>\n<li>Move credentials to an <strong>encrypted vault<\/strong> and rotate affected credentials.<\/li>\n<li>Deploy standardised <strong>consent forms<\/strong> with separate checkboxes for live streaming and third-party use.<\/li>\n<li>Set up a searchable <strong>consent record system<\/strong> with defined retention schedules.<\/li>\n<li>Create templates for <strong>holding statements<\/strong>, DM triage, and incident logging.<\/li>\n<li>Run a <strong>DPIA<\/strong> if processing meets high-risk criteria related to minors.<\/li>\n<li>Schedule quarterly <strong>access reviews<\/strong> and annual policy training.<\/li>\n<li>Publish public-facing <strong>response time<\/strong> commitments on relevant channels.<\/li>\n<li>Test incident escalation with tabletop exercises and update the policy based on lessons learned.<\/li>\n<\/ol>\n<h2>Summary<\/h2>\n<p>This policy puts <strong>minors&#8217; privacy<\/strong> and safety at the centre of our social media activity. Centralised ownership, robust consent practices, defined response times, legal compliance with <strong>Swiss FADP<\/strong> and <strong>GDPR<\/strong> where relevant, and operational controls with ongoing <strong>training<\/strong> are the core pillars. Follow the implementation checklist to operationalise these requirements.<\/p>\n<p><div class=\"entry-content-asset videofit\"><iframe loading=\"lazy\" title=\"An Outdoor Camping Trip. Young Explorers Club for Kids &amp; Teens in Switzerland\" width=\"720\" height=\"405\" src=\"https:\/\/www.youtube.com\/embed\/C_RCrT9fAwY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/p>\n<h2>Essential policy snapshot \u2014 scope, purpose and urgent timeframes<\/h2>\n<p>We define the <strong>scope<\/strong> of our <strong>social media policy<\/strong> to cover all <strong>official camp accounts<\/strong> and related content across key platforms. <strong>Official camp accounts<\/strong> include <strong>Facebook<\/strong>, <strong>Instagram<\/strong>, <strong>TikTok<\/strong>, <strong>YouTube<\/strong>, <strong>Twitter\/X<\/strong> and <strong>LinkedIn<\/strong>. Account types covered are <strong>official camp accounts<\/strong> (e.g., <strong>campname_official<\/strong>), <strong>camp-branded program accounts<\/strong> and <strong>staff-run profiles<\/strong> versus <strong>centrally managed profiles<\/strong>. Content types include <strong>posts<\/strong>, <strong>stories<\/strong>, <strong>reels<\/strong>, <strong>livestreams<\/strong>, <strong>videos<\/strong>, <strong>comments<\/strong>, <strong>direct messages (DMs)<\/strong>, <strong>third-party embeds<\/strong> and <strong>platform-native ads<\/strong>. Primary audiences are <strong>campers<\/strong>, <strong>parents\/guardians<\/strong>, <strong>alumni<\/strong>, <strong>partners<\/strong> and <strong>sponsors<\/strong>. The policy prioritises <strong>minors<\/strong>, <strong>consent<\/strong> and <strong>data protection<\/strong> while preserving our <strong>brand voice<\/strong> and clarifying <strong>account ownership<\/strong>.<\/p>\n<p>Our <strong>purpose<\/strong> is clear: <strong>protect camper privacy and safety<\/strong>, preserve <strong>brand and reputation<\/strong>, ensure <strong>legal compliance<\/strong> with data protection and child protection rules, and enable consistent, timely <strong>crisis communications<\/strong>. <strong>Switzerland<\/strong> has a population of roughly ~8.7 million, so our reach can be significant even for local incidents. We keep <strong>legal risk<\/strong> low by enforcing <strong>consent for imagery of minors<\/strong> and by <strong>centralising credential control<\/strong>.<\/p>\n<p>At a high level we require:<\/p>\n<ul>\n<li><strong>Centralised account ownership<\/strong> and stored credentials with <strong>role-based access<\/strong>.<\/li>\n<li><strong>Formal content approval workflows<\/strong> and <strong>scheduled publishing<\/strong> to maintain consistent <strong>brand voice<\/strong>.<\/li>\n<li><strong>Explicit privacy and consent rules<\/strong> for photos\/videos of minors; see our <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-photo-consent-policies\/\">photo consent<\/a> guidance.<\/li>\n<li><strong>Retention and deletion rules<\/strong> for consent records, incident logs and exported <strong>PII<\/strong>.<\/li>\n<\/ul>\n<p><strong>Crisis and operational timeframes<\/strong> are non-negotiable. We expect an <strong>initial response<\/strong> to social media inquiries within <strong>24 hours<\/strong>. <strong>Urgent safety incidents<\/strong> must be escalated within <strong>2 hours<\/strong>. In a <strong>life-safety risk<\/strong> we instruct staff to <strong>call emergency services immediately<\/strong> and then notify the <strong>crisis team<\/strong>. <strong>Preserve evidence<\/strong> with screenshots and timestamps. Appoint a single <strong>authorised spokesperson<\/strong> for public communications. Publish a public <strong>holding statement<\/strong> within <strong>1\u20132 hours<\/strong> and provide a full substantive update within <strong>24\u201348 hours<\/strong>.<\/p>\n<h3>Quick reference \u2014 user-facing artifacts and mandatory times<\/h3>\n<p>Below are the items we publish for front-line staff and parents:<\/p>\n<ul>\n<li><strong>Platforms:<\/strong> <strong>Facebook<\/strong>, <strong>Instagram<\/strong>, <strong>TikTok<\/strong>, <strong>YouTube<\/strong>, <strong>Twitter\/X<\/strong>, <strong>LinkedIn<\/strong><\/li>\n<li><strong>Account types:<\/strong> <strong>Official camp accounts<\/strong> (<em>campname_official<\/em>) vs <strong>staff-run accounts<\/strong><\/li>\n<li><strong>Content types:<\/strong> <strong>posts<\/strong>, <strong>stories<\/strong>, <strong>reels<\/strong>, <strong>livestreams<\/strong>, <strong>DMs<\/strong><\/li>\n<li><strong>Audiences:<\/strong> <strong>campers<\/strong>, <strong>parents<\/strong>, <strong>alumni<\/strong>, <strong>partners<\/strong><\/li>\n<li><strong>Mandatory response times:<\/strong> <strong>24-hour<\/strong> general inquiries; <strong>2-hour<\/strong> urgent safety escalation<\/li>\n<\/ul>\n<p>We <strong>train staff<\/strong> on these rules, <strong>audit account access regularly<\/strong>, and <strong>update the policy<\/strong> as laws and platform features change.<\/p>\n<p>\n<div class=\"entry-content-asset videofit\"><iframe loading=\"lazy\" title=\"Summer Camp in The Alps - Young Explorers Club\" width=\"720\" height=\"405\" src=\"https:\/\/www.youtube.com\/embed\/bcVgdBuWG3I?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/p>\n<h2>Swiss legal snapshot and compliance checklist<\/h2>\n<p>We, at the <strong>Young Explorers Club<\/strong>, treat <strong>social media compliance<\/strong> as a core operational duty. The <strong>Federal Act on Data Protection (FADP)<\/strong> (revised law) is enforced by the <strong>Federal Data Protection and Information Commissioner (FDPIC)<\/strong>.<\/p>\n<p>The <strong>revised Swiss FADP<\/strong> entered into force on <strong>1 September 2023<\/strong>. The revised FADP allows <strong>administrative fines<\/strong> (benchmarked up to <strong>CHF 250,000<\/strong> for certain breaches).<\/p>\n<p><strong>GDPR (EU)<\/strong> has been in force since <strong>25 May 2018<\/strong>. Switzerland benefits from an <strong>EU adequacy decision<\/strong> enabling <strong>data flows<\/strong>, but transfers to platforms outside Switzerland (for example, <strong>US-hosted social platforms<\/strong>) require <strong>safeguards<\/strong> or clear <strong>transparency<\/strong> to users.<\/p>\n<p>I\u2019ll summarize the operational implications you need to act on and where the biggest risks lie. Start by <strong>mapping every social-media touchpoint<\/strong>: what we collect, where it\u2019s stored, who can access it and which vendors handle exports. Treat <strong>minors\u2019 images<\/strong> and <strong>sensitive categories<\/strong> as <strong>high-risk<\/strong> and run a <strong>DPIA<\/strong> when processing is large-scale or systematic. <strong>Update consent forms<\/strong> so photo\/video permission is specific and revocable. Keep <strong>processing records<\/strong> and <strong>consent logs<\/strong> that survive staffing changes. <strong>Limit exported PII<\/strong> and apply clear <strong>retention schedules<\/strong>; delete data when the purpose ends. <strong>Assess vendors<\/strong> for cross-border data transfer safeguards and be transparent to parents when platforms store data outside Switzerland.<\/p>\n<p>If you process <strong>EU residents\u2019 data<\/strong> (for example, EU parents), <strong>GDPR rules<\/strong> may apply in addition to Swiss law.<\/p>\n<h3>Practical compliance checklist<\/h3>\n<p>Use the checklist below to convert requirements into tasks:<\/p>\n<ul>\n<li><strong>Perform data mapping<\/strong> for all social-media activities (what is collected, where stored, who has access).<\/li>\n<li><strong>Update photo\/video consent forms<\/strong> to be specific and revocable (see consent section).<\/li>\n<li><strong>Run a DPIA<\/strong> (Data Protection Impact Assessment) for large-scale or systematic processing of <strong>minors<\/strong> or <strong>sensitive categories<\/strong>.<\/li>\n<li><strong>Maintain records<\/strong> of processing activities and <strong>consent records<\/strong>.<\/li>\n<li><strong>Ensure cross-border transfer safeguards<\/strong> (e.g., vendor assessments, terms &amp; transparency) or explicit user transparency where required.<\/li>\n<li><strong>Limit exported PII<\/strong> and keep it protected or deleted per <strong>retention rules<\/strong>.<\/li>\n<\/ul>\n<p>For <strong>parent-facing templates<\/strong> and plain-language explanations I rely on our guidance about <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-data-protection-for-families\/\">Swiss data protection<\/a>, which helps convert legal points into <strong>consent language<\/strong> and <strong>operational steps<\/strong>.<\/p>\n<p>\n<div class=\"entry-content-asset videofit\"><iframe loading=\"lazy\" title=\"Bike Camp   Baby Driver | Teen Travel Camp in Switzerland  | The Best Summer Camps in Switzerland\" width=\"720\" height=\"405\" src=\"https:\/\/www.youtube.com\/embed\/_m3RNwHmGXc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/p>\n<h2>Consent, photography and safeguarding (minors, DMs and incident logs)<\/h2>\n<p>We, at the <strong>Young Explorers Club<\/strong>, always obtain <strong>written consent<\/strong> before publishing identifiable images or videos of <strong>minors<\/strong>. Consent must be <strong>specific<\/strong> (platforms and types of use listed), <strong>time-limited<\/strong> and <strong>revocable<\/strong>. We insist on <strong>revocable consent<\/strong> and clearly labelled options for special uses such as <strong>paid ads<\/strong> or <strong>third-party reuse<\/strong>. <strong>Separate live-streaming consent<\/strong> and distinct checkboxes for <strong>third-party reuse<\/strong> and <strong>paid advertising<\/strong> are mandatory in our forms.<\/p>\n<p>For Swiss context and policy detail see our note on <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-photo-consent-policies\/\">parental consent<\/a> and on <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-data-protection-for-families\/\">data protection<\/a> for families.<\/p>\n<p>We use digital tools to time-stamp and manage forms: <strong>DocuSign<\/strong>, <strong>Jotform<\/strong> and <strong>Google Forms<\/strong> for timestamped digital consent forms. Those platforms speed collection and make audits simpler, but we keep the <strong>master copies<\/strong> in our secure records.<\/p>\n<h3>Minimum consent checklist<\/h3>\n<p>Below is the checklist we include on every photo release form:<\/p>\n<ul>\n<li><strong>Child\u2019s name \/ ID<\/strong><\/li>\n<li><strong>Parent \/ guardian name<\/strong><\/li>\n<li><strong>Date of consent<\/strong><\/li>\n<li><strong>Permitted platforms<\/strong> (list each)<\/li>\n<li><strong>Permitted use<\/strong> (promotional, newsletter, third-party)<\/li>\n<li><strong>Revocation clause<\/strong> (how to revoke)<\/li>\n<li><strong>Signature<\/strong> (electronic or handwritten)<\/li>\n<\/ul>\n<p>We also add checkboxes for <strong>live-streaming consent<\/strong>, <strong>third-party reuse<\/strong> and <strong>paid advertising<\/strong> as separate consent lines. If a parent checks \u201cno\u201d for a specific item, we enforce that limitation in all publication workflows.<\/p>\n<p><strong>Consent<\/strong> should be <strong>renewed annually<\/strong> or whenever the use changes; <strong>store consent records for a minimum of 3 years<\/strong> after last use (recommendation; adjust to legal advice); <strong>retain for 5 years<\/strong> if an incident concerns safety (follow legal advice). <strong>Initial DM response target:<\/strong> 24 hours; <strong>urgent safety DM escalation:<\/strong> 2 hours.<\/p>\n<p>When consent is withheld we use alternatives that remove identifying features. Practical options include anonymized or cropped photos, silhouettes, back-of-head shots and generic group images without identifying features. We document the substitute approach chosen for the record.<\/p>\n<h3>Direct messages and safeguarding<\/h3>\n<p>We treat <strong>direct messages (DMs)<\/strong> like emails \u2014 they can contain <strong>sensitive personal information<\/strong>. If a parent shares medical or safety information via DM, we transfer the details into a <strong>secure incident record<\/strong> and delete the DM copy from the social platform if possible. Our moderation workflow sets an <strong>initial DM response target<\/strong> of 24 hours and an <strong>urgent safety DM escalation<\/strong> of 2 hours. Use this template for triage responses: <strong>\u201cPlease email privacy@campname and include details; we will respond within 24 hours.\u201d<\/strong> We also log the <strong>staff member<\/strong> who handled the DM and the <strong>action taken<\/strong>.<\/p>\n<h3>Incident log requirements<\/h3>\n<p>Every incident entry includes <strong>screenshots<\/strong>, <strong>date\/time<\/strong>, <strong>staff responder name<\/strong> and <strong>action taken<\/strong> \u2014 we add context and follow-ups. We maintain an <strong>incident log<\/strong> that clearly flags <strong>safeguarding concerns<\/strong> and documents escalation steps. For safety-related incidents we retain records for the recommended <strong>5 years<\/strong> if the incident concerns safety (follow legal advice). <strong>Access<\/strong> is restricted to <strong>designated safeguarding leads<\/strong>.<\/p>\n<h3>Practical phrasing and templates we use<\/h3>\n<ul>\n<li><strong>Photo release form line:<\/strong> \u201cI grant the camp permission to use images of my child for the platforms and purposes listed below. I understand this consent is revocable.\u201d<\/li>\n<li><strong>Revocation instruction:<\/strong> \u201cTo revoke consent, email privacy@campname with the child\u2019s name and date of original consent.\u201d<\/li>\n<li><strong>DM triage template (non-urgent):<\/strong> \u201cPlease email privacy@campname and include details; we will respond within 24 hours.\u201d<\/li>\n<li><strong>DM triage template (urgent):<\/strong> \u201cIf this is an immediate safety concern, please call emergency services and then notify us via phone; we will escalate within 2 hours.\u201d<\/li>\n<\/ul>\n<p>We <strong>monitor moderation closely<\/strong> and <strong>train staff<\/strong> on escalation and safeguarding best practice. We keep processes simple so parents understand the <strong>photo release form<\/strong>, <strong>revocable consent<\/strong> and <strong>live-streaming consent<\/strong> options. Clear forms and disciplined incident logs protect children and keep our communications professional and compliant.<\/p>\n<p><p>https:\/\/youtu.be\/P6xxnGEblvE <\/p>\n<\/p>\n<h2>Account ownership, access control, training and enforcement<\/h2>\n<p>We, at the <strong>Young Explorers Club<\/strong>, require that official social accounts are registered and owned by the <strong>camp entity<\/strong>\u2014not an individual. I keep centralized credentials in a <strong>credential vault<\/strong> and maintain a documented access list that names two account administrators: the <strong>camp director<\/strong> and the <strong>communications lead<\/strong>, plus emergency contact info for both. <strong>Account ownership is non-negotiable<\/strong>; shared personal logins are forbidden.<\/p>\n<p>I enforce strict access control: apply the <strong>minimum-privilege principle<\/strong>, enable <strong>2FA<\/strong> on every account, and require a <strong>password manager<\/strong> for storing credentials. New accounts must be created, <strong>2FA enabled<\/strong>, credentials added to the password manager, and the role logged in the access list as part of <strong>onboarding<\/strong>. Onboarding training is completed within <strong>7 days<\/strong> for seasonal hires. When staff leave, I <strong>revoke access within 24 hours<\/strong>.<\/p>\n<p><strong>Recovery and audits<\/strong> are routine. I run an <strong>access audit<\/strong> <strong>every 3 months<\/strong> and immediately after any staff turnover. If account recovery is needed, the <strong>two designated administrators<\/strong> handle emergency resets using <strong>documented procedures<\/strong> in the credential vault; recovery steps are <strong>tested after each audit<\/strong>.<\/p>\n<p><strong>Training and disciplinary action<\/strong> are clear and consistent. All staff and volunteers get social media and data protection training on onboarding and a refresher training <strong>annually<\/strong>. Training covers <strong>privacy basics<\/strong>, <strong>consent procedures<\/strong>, <strong>emergency escalation<\/strong>, <strong>content approval workflow<\/strong>, <strong>password safety<\/strong> and a one-page social media cheat-sheet for staff phones. I reference Swiss <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-data-protection-for-families\/\">data protection<\/a> guidance in those modules. Breaches follow a <strong>progressive enforcement ladder<\/strong>: verbal warning, written warning, suspension of social privileges, then termination for severe breaches. Disciplinary action is documented and applied fairly.<\/p>\n<p>Under the single role matrix and tool checklist below I list role definitions, core training items, recovery rules and recommended tools for implementation.<\/p>\n<h3>Role matrix, checklist and recommended tools<\/h3>\n<ul>\n<li><strong>Administrator:<\/strong> full access, can add\/remove users, approve crisis posts.<\/li>\n<li><strong>Editor:<\/strong> create and schedule posts, submit content for approval.<\/li>\n<li><strong>Moderator:<\/strong> respond to comments and DMs within the escalation protocol.<\/li>\n<li><strong>Viewer:<\/strong> analytics access only.<\/li>\n<li><strong>Onboarding checklist:<\/strong>\n<ul>\n<li><strong>Create account<\/strong><\/li>\n<li><strong>Enable 2FA<\/strong><\/li>\n<li><strong>Add to password manager<\/strong><\/li>\n<li><strong>Log role<\/strong> in access list<\/li>\n<li><strong>Complete onboarding training within 7 days<\/strong><\/li>\n<\/ul>\n<\/li>\n<li><strong>Offboarding rule:<\/strong> <strong>revoke access within 24 hours<\/strong> of exit; document removal in audit log.<\/li>\n<li><strong>Audit cadence:<\/strong> run an <strong>access audit every 3 months<\/strong> and after staff turnover; <strong>log findings<\/strong> and remediate immediately.<\/li>\n<li><strong>Training checklist:<\/strong>\n<ul>\n<li><strong>Privacy basics<\/strong><\/li>\n<li><strong>Consent procedures<\/strong><\/li>\n<li><strong>Emergency escalation process<\/strong><\/li>\n<li><strong>Content approval workflow<\/strong><\/li>\n<li><strong>Password safety<\/strong><\/li>\n<li><strong>One-page cheat-sheet<\/strong> for staff phones<\/li>\n<\/ul>\n<\/li>\n<li><strong>Recommended password managers:<\/strong>\n<ul>\n<li><strong>LastPass<\/strong><\/li>\n<li><strong>1Password<\/strong><\/li>\n<li><strong>Bitwarden<\/strong><\/li>\n<\/ul>\n<\/li>\n<li><strong>Recommended role-based platforms:<\/strong>\n<ul>\n<li><strong>Meta Business Suite<\/strong><\/li>\n<li><strong>Hootsuite Teams<\/strong><\/li>\n<li><strong>Sprout Social<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><p>https:\/\/youtu.be\/TxzJUThsDGE <\/p>\n<\/p>\n<h2>Content standards, brand voice, promotions and influencer partnerships<\/h2>\n<p>We, at the <strong>young explorers club<\/strong>, keep a clear, friendly <strong>brand voice<\/strong> that stays <strong>safety-first<\/strong>, <strong>inclusive<\/strong> and <strong>privacy-first<\/strong>. I expect all social content to be <strong>non-political<\/strong>, use <strong>inclusive language<\/strong>, and avoid sharing <strong>personal<\/strong> or <strong>sensitive details<\/strong>. Posts and DMs must never disclose <strong>personal contact details<\/strong>, <strong>medical histories<\/strong>, or <strong>disciplinary information<\/strong>. Follow these hard rules exactly: <strong>No last names in posts<\/strong>; <strong>No posting of medical or behavioral incidents<\/strong>.<\/p>\n<p>I set simple captioning rules so teams and partners can post confidently. Use <strong>short, neutral captions<\/strong> that <strong>describe the activity, not the incident<\/strong>. An OK example: \u201c<strong>Campers enjoying canoeing.<\/strong>\u201d A non-example: \u201c<strong>John (last name) cut his arm at lunchtime.<\/strong>\u201d Safe captioning options include:<\/p>\n<ul>\n<li><strong>Use first names only.<\/strong><\/li>\n<li><strong>Use numbered IDs<\/strong> (e.g., Camper #12).<\/li>\n<li><strong>Obtain explicit, documented consent<\/strong> for full identification before publishing; see our <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-photo-consent-policies\/\">photo consent policies<\/a> for consent templates and consent language.<\/li>\n<\/ul>\n<p>I require an internal <strong>content calendar<\/strong> and a clear <strong>approval workflow<\/strong>. All posts go into the calendar with scheduled publish times and creative drafts. The <strong>marketing lead approves posts 48 hours before scheduled publication<\/strong>. That approval timeline gives time to check for privacy issues, brand voice alignment, and legal compliance.<\/p>\n<p><strong>Promotions and competitions<\/strong> must follow <strong>transparent competition rules<\/strong> and terms &amp; conditions. Every promotion needs:<\/p>\n<ul>\n<li><strong>Clear legal terms and eligibility.<\/strong><\/li>\n<li><strong>A privacy statement<\/strong> explaining how entrant data will be used.<\/li>\n<li><strong>A prize-delivery plan and timeline.<\/strong><\/li>\n<li><strong>Consent to publish winners\u2019 images<\/strong> before any public announcement.<\/li>\n<\/ul>\n<p>I set the <strong>data retention period<\/strong> for entrants at <strong>6 months post-campaign<\/strong> unless legal requirements demand otherwise. <strong>Define the entry period and the winner selection date<\/strong> in every campaign brief.<\/p>\n<h3>Operational checklists and sample clauses<\/h3>\n<p>Use the following lists to operationalize campaigns and agreements.<\/p>\n<p><strong>Promotions checklist:<\/strong><\/p>\n<ul>\n<li><strong>Legal terms &amp; conditions drafted and approved.<\/strong><\/li>\n<li><strong>Entry period stated<\/strong> (example: 1\u201330 June).<\/li>\n<li><strong>Winner selection date set<\/strong> (example: 5 July).<\/li>\n<li><strong>Privacy statement included<\/strong> explaining data use and retention (example retention: <strong>6 months post-campaign<\/strong>).<\/li>\n<li><strong>Prize delivery plan and responsible owner named.<\/strong><\/li>\n<li><strong>Tax implications assessed and noted.<\/strong><\/li>\n<li><strong>Winner notification template ready.<\/strong><\/li>\n<li><strong>Consent to publish winners\u2019 images documented.<\/strong><\/li>\n<li><strong>Marketing lead approves posts 48 hours before scheduled publication.<\/strong><\/li>\n<\/ul>\n<p><strong>Sample influencer clause list:<\/strong><\/p>\n<ul>\n<li><strong>Influencer must disclose paid status<\/strong> and include <strong>#ad<\/strong> or the local equivalent in each relevant post.<\/li>\n<li><strong>Influencer will adhere to approved key messages<\/strong> and <strong>inclusive language<\/strong>.<\/li>\n<li><strong>Influencer must obtain written parental consent<\/strong> before featuring minors and provide copies on request.<\/li>\n<li><strong>Influencer agrees to content approval rights<\/strong> and will submit drafts <strong>X days before posting<\/strong>.<\/li>\n<li><strong>Compensation, deliverables, and cancellation terms<\/strong> specified in the agreement.<\/li>\n<li><strong>Influencer must handle any entrant or follower data<\/strong> according to our <strong>privacy-first<\/strong> rules and delete or return data per the agreement.<\/li>\n<\/ul>\n<p>I expect teams to keep these items in campaign folders and to run a quick <strong>pre-publish privacy check<\/strong> before any live post. That protects minors\u2019 privacy, preserves <strong>brand voice<\/strong>, and keeps our <strong>community trust<\/strong> strong.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/youngexplorersclub.ch\/wp-content\/uploads\/2025\/11\/IMG_9890-1.jpg\" alt=\"Summer camp Switzerland, International summer camp\" title=\"\"><\/p>\n<h2>Data protection, analytics, reporting and implementation checklist<\/h2>\n<h3>Data minimization, retention and DPIA<\/h3>\n<p>We, at the <strong>young explorers club<\/strong>, enforce strict <strong>data minimization<\/strong>: collect only what\u2019s necessary (for example, contact email for sign-ups). That means we prefer <strong>aggregated metrics<\/strong> over individual social-profile records and we limit exported <strong>PII<\/strong>. We keep <strong>raw PII<\/strong> only as long as required for the purpose. For practical guidance we use these <strong>retention windows<\/strong>: <strong>consent forms<\/strong> = retention for <strong>3 years<\/strong> after last use (adjust to legal advice); <strong>safety incident logs<\/strong> = <strong>5 years<\/strong> (guideline).<\/p>\n<p>We run a <strong>DPIA<\/strong> whenever social activity involves <strong>systematic monitoring<\/strong> or <strong>profiling of minors<\/strong>, <strong>large-scale processing of sensitive data<\/strong>, or when we introduce new <strong>analytics technologies<\/strong>. That includes cases where <strong>A\/B testing<\/strong> segments users in ways that could profile children.<\/p>\n<p>We recommend <strong>GA4<\/strong> for website traffic from social and design analytics to store <strong>aggregated metrics<\/strong> (reach, impressions, engagement) rather than per-profile data.<\/p>\n<h3>KPIs, tools, dashboard and rollout checklist<\/h3>\n<p>Below are practical <strong>KPIs<\/strong>, <strong>tools<\/strong>, <strong>dashboard<\/strong> items and an <strong>implementation checklist<\/strong> to publish with the policy.<\/p>\n<ul>\n<li>\n    <strong>Reporting cadence and KPIs we track:<\/strong><\/p>\n<ul>\n<li><strong>Monthly report<\/strong>: analytics summary to communications lead<\/li>\n<li><strong>Quarterly<\/strong>: risk and incident report to leadership<\/li>\n<li><strong>Annual<\/strong>: full policy review<\/li>\n<li><strong>Engagement rate targets<\/strong> \u2014 Facebook <strong>1\u20133%<\/strong>, Instagram <strong>1\u20135%<\/strong> (benchmarks; vary by audience)<\/li>\n<li><strong>Response time<\/strong> \u2264 <strong>24 hours<\/strong>; aim for fast replies across DMs and comments<\/li>\n<li><strong>Safety incidents<\/strong>: track number reported via social (target: <strong>zero<\/strong>; report and investigate)<\/li>\n<\/ul>\n<\/li>\n<li>\n    <strong>Recommended tools and dashboard items:<\/strong><\/p>\n<ul>\n<li><strong>GA4<\/strong> for website referrals from social<\/li>\n<li><strong>Meta Business Suite Insights<\/strong> for Facebook\/Instagram<\/li>\n<li><strong>Sprout Social<\/strong> or <strong>Hootsuite Analytics<\/strong> for cross-channel reporting<\/li>\n<li>Sample monthly dashboard items: <strong>reach<\/strong>, <strong>impressions<\/strong>, <strong>engagement rate<\/strong>, <strong>follower growth<\/strong>, <strong>top-post examples<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>\n    <strong>Implementation and rollout (recommended 30\/60\/90 day plan):<\/strong><\/p>\n<ol>\n<li><strong>30 days:<\/strong> register and centralize accounts; enable <strong>2FA<\/strong> and set up <strong>password manager<\/strong><\/li>\n<li><strong>60 days:<\/strong> update <strong>terms and consent forms<\/strong>; publish policy and staff cheat-sheet; begin staff training cadence<\/li>\n<li><strong>90 days:<\/strong> full rollout, run first monthly report and adjust KPIs; store signed consent forms digitally with timestamp on a secure camp server or encrypted cloud storage with restricted access<\/li>\n<\/ol>\n<\/li>\n<li>\n    <strong>Must-have checklist items to publish with the policy:<\/strong><\/p>\n<ul>\n<li><strong>Register and centralize accounts<\/strong><\/li>\n<li><strong>Update terms &amp; consent forms<\/strong><\/li>\n<li><strong>Implement 2FA and a password manager<\/strong><\/li>\n<li><strong>Publish policy and staff cheat-sheet<\/strong><\/li>\n<li><strong>Train staff according to cadence<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>\n    <strong>Must-have templates to include:<\/strong><\/p>\n<ul>\n<li><strong>Photo consent form<\/strong><\/li>\n<li><strong>DM response templates<\/strong><\/li>\n<li><strong>Holding statement templates<\/strong><\/li>\n<li><strong>Influencer agreement checklist<\/strong><\/li>\n<li><strong>Incident report form<\/strong><\/li>\n<li><strong>Account access log<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>We publish our <a href=\"https:\/\/youngexplorersclub.ch\/understanding-swiss-photo-consent-policies\/\">photo consent policies<\/a> alongside the <strong>photo consent form template<\/strong> to keep <strong>consent handling<\/strong> consistent and auditable.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/youngexplorersclub.ch\/wp-content\/uploads\/2025\/11\/IMG_2399-Copy.jpg\" alt=\"Summer camp Switzerland, International summer camp\" title=\"\"><\/p>\n<section>\n<h2>Sources<\/h2>\n<p><a href=\"https:\/\/www.fedlex.admin.ch\/eli\/cc\/2020\/338\/en\" target=\"_blank\" rel=\"noopener\">Fedlex \u2014 Federal Act on Data Protection (FADP, revised)<\/a><\/p>\n<p><a href=\"https:\/\/www.edoeb.admin.ch\/edoeb\/en\/home.html\" target=\"_blank\" rel=\"noopener\">Federal Data Protection and Information Commissioner (FDPIC) \u2014 Guidance and resources<\/a><\/p>\n<p><a href=\"https:\/\/commission.europa.eu\/strategy-and-policy\/data-protection\/data-transfers\/adequacy_en\" target=\"_blank\" rel=\"noopener\">European Commission \u2014 Adequacy of the protection of personal data in Switzerland<\/a><\/p>\n<p><a href=\"https:\/\/www.bfs.admin.ch\/bfs\/en\/home\/statistics\/population.html\" target=\"_blank\" rel=\"noopener\">Federal Statistical Office (FSO) \u2014 Population statistics<\/a><\/p>\n<p><a href=\"https:\/\/datareportal.com\/reports\/digital-2024-switzerland\" target=\"_blank\" rel=\"noopener\">DataReportal (We Are Social &#038; Hootsuite) \u2014 Digital 2024: Switzerland<\/a><\/p>\n<p><a href=\"https:\/\/www.statista.com\/topics\/3872\/social-networks-in-switzerland\/\" target=\"_blank\" rel=\"noopener\">Statista \u2014 Social networks in Switzerland<\/a><\/p>\n<p><a href=\"https:\/\/ico.org.uk\/for-organisations\/social-media\/\" target=\"_blank\" rel=\"noopener\">Information Commissioner&#8217;s Office (ICO) \u2014 Social media and data protection<\/a><\/p>\n<p><a href=\"https:\/\/www.unicef.org\/globalinsight\/reports\/protecting-childrens-data\" target=\"_blank\" rel=\"noopener\">UNICEF \u2014 Protecting children&#8217;s data<\/a><\/p>\n<p><a href=\"https:\/\/www.facebook.com\/business\/help\" target=\"_blank\" rel=\"noopener\">Meta Business Help Centre \u2014 Meta Business Help Center<\/a><\/p>\n<p><a href=\"https:\/\/www.tiktok.com\/business\/en\/resources\" target=\"_blank\" rel=\"noopener\">TikTok For Business \u2014 Resources<\/a><\/p>\n<p><a href=\"https:\/\/support.google.com\/analytics\/answer\/10089681\" target=\"_blank\" rel=\"noopener\">Google Analytics Help \u2014 Get started with Google Analytics 4<\/a><\/p>\n<p><a href=\"https:\/\/bitwarden.com\" target=\"_blank\" rel=\"noopener\">Bitwarden \u2014 Password manager for teams and individuals<\/a><\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Young Explorers Club: Swiss social media policy protecting minors\u2014centralised accounts, explicit consent, FADP\/GDPR compliant, 24h\/2h responses.<\/p>\n","protected":false},"author":1,"featured_media":64468,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[307,298,302,291,292],"tags":[],"class_list":["post-69526","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-camping-en","category-climbing-en","category-cycling-en","category-explores","category-travel-en"],"wpml_language":null,"taxonomy_info":{"category":[{"value":307,"label":"Camping"},{"value":298,"label":"Climbing"},{"value":302,"label":"Cycling"},{"value":291,"label":"Explores"},{"value":292,"label":"Travel"}]},"featured_image_src_large":["https:\/\/youngexplorersclub.ch\/wp-content\/uploads\/2025\/11\/IMG_2163-Copy-768x1024.jpg",768,1024,true],"author_info":{"display_name":"grivas","author_link":"https:\/\/youngexplorersclub.ch\/es\/author\/grivas\/"},"comment_info":"","category_info":[{"term_id":307,"name":"Camping","slug":"camping-en","term_group":0,"term_taxonomy_id":307,"taxonomy":"category","description":"","parent":0,"count":564,"filter":"raw","cat_ID":307,"category_count":564,"category_description":"","cat_name":"Camping","category_nicename":"camping-en","category_parent":0},{"term_id":298,"name":"Climbing","slug":"climbing-en","term_group":0,"term_taxonomy_id":298,"taxonomy":"category","description":"","parent":0,"count":564,"filter":"raw","cat_ID":298,"category_count":564,"category_description":"","cat_name":"Climbing","category_nicename":"climbing-en","category_parent":0},{"term_id":302,"name":"Cycling","slug":"cycling-en","term_group":0,"term_taxonomy_id":302,"taxonomy":"category","description":"","parent":0,"count":564,"filter":"raw","cat_ID":302,"category_count":564,"category_description":"","cat_name":"Cycling","category_nicename":"cycling-en","category_parent":0},{"term_id":291,"name":"Explores","slug":"explores","term_group":0,"term_taxonomy_id":291,"taxonomy":"category","description":"","parent":0,"count":564,"filter":"raw","cat_ID":291,"category_count":564,"category_description":"","cat_name":"Explores","category_nicename":"explores","category_parent":0},{"term_id":292,"name":"Travel","slug":"travel-en","term_group":0,"term_taxonomy_id":292,"taxonomy":"category","description":"","parent":0,"count":563,"filter":"raw","cat_ID":292,"category_count":563,"category_description":"","cat_name":"Travel","category_nicename":"travel-en","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/posts\/69526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/comments?post=69526"}],"version-history":[{"count":0,"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/posts\/69526\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/media\/64468"}],"wp:attachment":[{"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/media?parent=69526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/categories?post=69526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/youngexplorersclub.ch\/es\/wp-json\/wp\/v2\/tags?post=69526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}