This Policy sets out how Quantum College («Քվանտ» վարժարան, hereinafter – "We", "Us", "Our") collects, uses, stores and protects personal data, as well as what rights data subjects have in accordance with the applicable legislation.
1.1. This Policy applies to all individuals whose personal data we process – employees, students, parents/legal representatives, partners, suppliers, visitors of the website, the Eschool Mobile application, and other electronic platforms, and other persons (hereinafter – "Data Subjects").
1.2. Personal data are processed in accordance with the legislation of the Republic of Armenia, including the Law "On Personal Data Protection" and other applicable legal acts. Where our services are used by residents of jurisdictions with stricter data protection requirements (such as the European Union — GDPR, or the United States — COPPA for minors), we apply the stricter standard.
1.3. This Policy applies to personal data stored both on digital (electronic) media and on paper (physical) media.
For the purposes of this Policy, the following terms are used:
We process personal data based on the following principles:
Depending on the nature of the relationship, we may process the following categories of personal data:
In cases provided for by law and upon request of competent authorities, we may also process special categories of data (for example, certain health-related information) strictly in the cases permitted by law and with additional safeguards.
We process personal data on the following legal bases:
6.1. Personal data may be disclosed to:
6.2. In all cases, we ensure that only the minimum necessary data are transferred to third parties and that such transfer is carried out in a secure manner.
6.3. We do not sell, rent, or trade personal data. We do not use personal data for behavioral advertising, cross-app tracking, or profiling for commercial purposes. We do not share personal data with advertising networks or data brokers.
7.1. Personal data are stored for as long as necessary to achieve the purposes for which they were collected, for the duration of contractual relations, and for the fulfillment of accounting and tax obligations.
7.2. Specific retention periods applied by us:
7.3. Upon expiry of the retention periods, personal data are deleted or irreversibly anonymized, unless otherwise required by law.
8.1. We implement various technical and organizational measures to ensure the security of personal data, including but not limited to:
8.2. Data breach notification. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, we will notify affected individuals and the competent data protection authority without undue delay, in accordance with applicable legislation.
8.3. Two-factor authentication (2FA). To protect access to personal data — including data of minors — all sign-ins to the Eschool Mobile application require two-factor authentication (2FA) in addition to the login and password. The applicable second factor depends on the user's role and account configuration:
8.4. Two-factor authentication applies to every sign-in session in the Eschool Mobile application. Users are responsible for keeping their e-mail account and/or authenticator device secure and for not sharing their credentials or one-time codes with any other person.
8.5. If a user suspects that their account has been compromised, or if they have lost access to their registered e-mail address or authenticator, they should contact the school administration immediately via the channels described in Section 12 to restore or reset access.
In accordance with applicable legislation, Data Subjects have the following main rights:
Requests to exercise these rights may be submitted via the contact details provided in Section 12. We will acknowledge the request within 3 business days and respond on the merits within 30 calendar days, unless a longer period is permitted by applicable law.
Our websites and electronic platforms may use cookies and similar technologies for the following purposes:
Users can manage cookie settings in their browser; however, blocking certain cookies may affect the functionality of the website.
11.1. We may amend or supplement this Personal Data Protection Policy from time to time due to changes in legislation or internal processes. The updated version will be published at https://eschool.am/en/policy/ with a new "Last updated" date.
11.2. For significant changes — including changes to the categories of personal data collected, new types of processing, new third-party service providers, or material changes to data subjects' rights — we will additionally notify users:
11.3. Continued use of the services after the effective date of the updated Policy constitutes acknowledgment of such updates. Users who do not agree may exercise their rights as described in Section 9 or contact us at admin@quantum.am.
If you have any questions, suggestions or wish to exercise your rights in the field of personal data protection, you can contact us via:
We will make every effort to respond to your requests as soon as possible in accordance with the applicable legislation.
13.1. Our mobile application Eschool Mobile may use push notifications to inform users about important updates, messages, educational activities, and system events (for example: new announcements and news, upcoming lessons, new study materials, new grades and teacher comments, new homework assignments, received chat messages, files shared with the user (see Section 23.6), conduct-related records issued to the student (see Section 20.11), scheduled reviews of the student's case by the school's disciplinary council, and, for verified parents, notifications about their child's entry to or exit from the school premises — see Section 14).
13.2. Push notifications are delivered using the following third-party services:
These services may process technical data such as device identifiers, push tokens, and delivery status information solely for the purpose of delivering notifications.
13.3. Users can manage or disable push notifications at any time:
13.4. Integrated services. The following services are used within the Eschool Mobile application. They are hosted on our own infrastructure at eschool.am and do not transmit personal data to any external third party:
13.4.1. BigBlueButton — privacy-by-default configuration. Our BigBlueButton installation is self-hosted on the school's own servers under the eschool.am domain. Audio and video streams are transmitted directly between the participants and our servers and are not routed through or processed by any external third-party service.
The platform is configured with the following privacy-protecting defaults for online lessons:
Recordings of online lessons, if made by the teacher, are stored on our own infrastructure for the period specified in Section 7 and are governed by the access controls described in Section 8. Recordings are not made by default and are not automatically shared with third parties.
Additional self-hosted educational services (such as integrated document editing, programming environments, and interactive mathematics tools) may be introduced in future versions of the application. Users will be informed of any such additions through an updated version of this Policy in accordance with Section 11.
13.5. The Eschool Mobile application does not contain third-party advertising, behavioral advertising, advertising identifiers (such as IDFA or AAID), or analytics tools that transmit personally identifiable information of users to any third party.
13.6. No financial transactions within the application. The Eschool Mobile application does not process payments and does not handle any banking or card data. No credit/debit card numbers, bank account numbers, or other financial instrument data are collected, transmitted, or stored by the application.
Payment for tuition and related educational services (where applicable) is handled exclusively outside of the Eschool Mobile application — either through the web version of eschool.am (for students of the distance learning department) or through traditional offline channels. Only non-sensitive payment records (such as the fact of payment, date, and amount) may be retained by the school for accounting and reporting purposes; full card or banking details are not stored by the school.
13.7. No device location (GPS) tracking. The Eschool Mobile application does not use the device's GPS or any other device-based location services. The application does not request the "Location" permission from the operating system and does not track the physical location of the user's device.
The only location-related data processed in connection with the application are RFID entry/exit events recorded at the school's physical turnstiles (see Section 14), which are generated by the school's on-site access control system — not by the user's mobile device.
14.1. Quantum College operates an RFID card-based access control system at the school premises (turnstiles installed at school entrances). Each student is issued a personal RFID card for identification when entering or leaving the school building.
14.2. When a student's RFID card is scanned at a turnstile, we record the following data:
14.3. Parents or legal representatives of a student, upon linking their account in the Eschool Mobile application to the profile of their child, may receive push notifications about entries to and exits from the school premises by that child.
14.4. Legal basis. This processing is carried out on the basis of:
14.5. Access restrictions. Entry/exit data of a specific student is accessible only to:
Entry/exit data of one student is never disclosed to parents or representatives of other students.
14.6. Notification controls. Parents can disable turnstile notifications at any time through the application settings, without affecting their child's ability to use the RFID card for physical access to the school.
14.7. Data retention. RFID entry/exit records are retained for the current academic year plus one additional year, after which they are deleted or anonymized, unless a longer retention period is required by law.
14.8. RFID entry/exit data is never transferred to third parties for marketing, analytics, advertising, or any commercial purpose. Such data is used solely for the educational, safety, and administrative purposes of the school.
15.1. Our educational services are primarily provided to students aged 5 to 18, a significant portion of whom are minors under applicable legislation.
15.2. Processing of personal data of students who are minors is carried out exclusively on the basis of verifiable consent of their parents or legal representatives, obtained in writing at the time of the student's enrollment at Quantum College. Such consent explicitly covers:
15.3. We do not knowingly collect personal data of children for advertising, marketing, behavioral profiling, or any commercial purposes unrelated to the educational services of the school. The Eschool Mobile application and related services do not contain third-party advertising, behavioral advertising, or targeted advertising of any kind.
15.4. Any third-party services used (see Section 13.2) are configured to limit data transmission to technical information strictly necessary for service operation, and do not receive personally identifiable information about minors beyond what is required to deliver the service (for example, a push token required to deliver a notification).
15.5. Parents or legal representatives may at any time:
15.6. We comply with applicable children's privacy laws, including the Law of the Republic of Armenia on Personal Data Protection. Where the Eschool Mobile application is made available to users in jurisdictions with stricter children's privacy requirements — such as the United States (COPPA) or the European Union (GDPR and GDPR-K provisions relating to children) — we apply the stricter standard to the extent applicable.
16.1. Account creation. Accounts for the Eschool Mobile application are not created within the application. They are issued by the school administration at the time of student enrollment or employee onboarding, in accordance with the legislation of the Republic of Armenia that requires educational institutions to maintain official enrollment and employment records.
At the time of account registration, the school administration records the e-mail address provided by the user (parent, student's family, or employee). This e-mail address is used for sign-in verification (two-factor authentication — see Section 8.3) and for official communications regarding the account.
Users receive their account credentials from the school administration through secure offline channels. The Eschool Mobile application provides only a "Sign In" screen for access to an existing account issued by the school.
16.2. User controls available within the application. The application provides the following controls over the user's data and account, accessible from Settings → Account:
Because accounts in the Eschool Mobile application are issued by the school administration and are not created within the application (see Section 16.1), full account lifecycle management — including account deletion and data correction — is handled by the school administration through the channels described in Section 16.5. This structure reflects the legal obligation of Quantum College, as an educational institution operating under the legislation of the Republic of Armenia, to maintain official academic and employment records throughout the period of active enrollment or employment (see Section 16.4).
16.3. Processing of deletion requests. Upon receipt of an account deletion request:
16.4. Regulated educational environment. As an educational institution operating under the regulatory framework of the Republic of Armenia, Quantum College is legally required to maintain an official academic journal (electronic and/or paper) for each enrolled student for the duration of their enrollment. Immediate and complete deletion of an active student's or employee's account record is not legally permissible during their period of active enrollment or employment. Full deletion rights, subject only to statutory archival retention periods, become available after termination of enrollment or employment.
16.5. Channels for data deletion and correction requests. Users may submit account deletion or data correction requests through the following channels:
16.6. Deletion of personal data is irreversible. After deletion, we are not able to restore the user's chat history, personal preferences, or other deleted content.
16.7. Deletion of data in the Eschool Mobile application does not automatically terminate the student's enrollment or the employee's employment contract with Quantum College. Termination of enrollment or employment is a separate administrative process initiated through the school administration.
17.1. The Eschool Mobile application does not track users across applications and websites owned by other companies. We do not use the Apple Identifier for Advertisers (IDFA) or equivalent advertising identifiers on any platform, and we do not request Apple's App Tracking Transparency (ATT) permission.
17.2. All personal data processing within the application occurs solely for the purpose of providing the educational services described in this Policy, and strictly within our own infrastructure and the limited third-party services listed in Section 13.2.
17.3. We do not engage in, and do not permit third parties to engage in, cross-app tracking, behavioral profiling for advertising, or sale of personal data through the Eschool Mobile application.
18.1. The Eschool Mobile application includes messaging functionality (personal chats and group chats) between students, teachers, parents, and school staff.
18.2. Communication permissions. To protect students — especially minors — from unsolicited contact, the application enforces strict rules on who can initiate a chat with whom:
18.3. Content rules. All messages and other user-generated content are subject to the school's internal Code of Conduct. Users are prohibited from sending offensive, harassing, unlawful, or otherwise inappropriate content, and from publishing personal data of other persons without a legal basis.
18.4. Reporting and moderation. Users can report inappropriate messages or behavior through the in-app reporting function or by contacting admin@quantum.am. Reported content is reviewed by school administration, and appropriate measures (including removal of content, restriction of access to the chat functionality, or disciplinary measures in accordance with the school's internal rules) may be applied.
18.5. We reserve the right to block, suspend, or remove user accounts that violate the Code of Conduct or applicable law. Users may also block other users to prevent further communications from them.
18.6. Chat content is stored on our servers for the retention period specified in Section 7, after which it is deleted or anonymized, subject to earlier user-initiated deletion.
18.7. Chat messages sent within closed groups (such as class groups or school-wide staff groups) are visible only to the members of the respective group. Access to messages is governed by the role-based access control described in Section 8.
18.8. File attachments in chats. Users may attach files to chat messages from their personal cloud storage in the school's file manager (see Section 23). The recipient of such a message may view the file within the limits of the application (see Section 23.5) and may save a copy of the file to their own cloud storage. Chat file attachments are governed by the same access restrictions and communication permissions described in this Section.
19.1. Quantum College operates a video surveillance (CCTV) system on the school premises for the purposes of ensuring safety and security of students, staff, and visitors, and for the protection of school property.
19.2. Closed system — not integrated with the Eschool Mobile application. The video surveillance system is a closed internal infrastructure of the school. It is not integrated with the Eschool Mobile application or with any publicly accessible service. Users of the Eschool Mobile application do not have access to live or recorded video through the application. The application does not request access to, stream, or display any content from the video surveillance system.
19.3. Legal basis. Video surveillance is carried out on the basis of:
19.4. Coverage. Cameras are installed in common and perimeter areas of the school where monitoring is necessary for safety purposes (such as entrances, corridors, courtyards, and other public areas). Cameras are not installed in areas where individuals have a reasonable expectation of privacy (such as restrooms, changing rooms, or private offices designated for confidential activities).
19.5. Notice to data subjects. The presence of video surveillance is indicated by visible signage at the entrances and in the monitored areas, in accordance with applicable Armenian legislation.
19.6. Access restrictions. Access to live video streams and recorded footage is limited to authorized school personnel (school administration and designated security staff) acting within their professional duties. Access is logged for audit purposes.
19.7. Data retention. Video surveillance recordings are retained for up to 30 days from the date of recording, after which they are automatically overwritten, unless a specific recording has been preserved for the investigation of a safety incident, in which case it is retained only for the duration strictly necessary for the investigation and related legal or disciplinary procedures.
19.8. Use of recordings. Recordings may be used only for:
19.9. Video surveillance data is never transmitted to third parties for marketing, analytics, advertising, or any commercial purpose. Recordings are not used for facial recognition, automated profiling, or biometric identification of individuals beyond what is strictly necessary for the safety purposes described in this Section.
19.10. Requests regarding video surveillance data. Data subjects may submit requests relating to video surveillance recordings (for example, requesting information about whether their image has been recorded, or requesting preservation of a recording relevant to a safety incident) via the contact details provided in Section 12. Due to the short retention period (Section 19.7), such requests should be submitted promptly.
20.1. Legal basis. Every student and their parents or legal representatives sign the school's internal Code of Conduct and disciplinary rules at the time of entering into the educational services contract with Quantum College. These rules describe the types of conduct records, the disciplinary procedure, and the consequences of repeated violations, including termination of the educational services contract. Processing of conduct-related data is carried out on the basis of this contractual relationship and the legitimate interests of the school in maintaining a safe and orderly educational environment.
20.2. Types of conduct records. The school uses the following types of conduct records, as established in its internal rules:
20.3. Disciplinary procedure. Conduct records are never created arbitrarily. The procedure is the following:
The full disciplinary workflow — submission of reports, investigation, and assignment of records — is carried out exclusively through the web version of the eschool.am platform. Records cannot be issued or modified through the Eschool Mobile application.
Because a formal investigation precedes every disciplinary decision, the decisions are considered final within the school's internal disciplinary framework. The statutory rights of data subjects described in Section 9 (including the right to request correction and the right to lodge a complaint with the competent data protection authority) remain applicable.
20.4. Display in the Eschool Mobile application. Once a conduct record has been assigned through the web-based disciplinary workflow described above, the record is displayed to the concerned student and to the student's parents or legal representatives within the Eschool Mobile application in read-only form. Each record is displayed together with the reason (description of the specific violation) for which it was issued, so that the student and parents understand the context and basis of the record.
The purpose of this display is:
The Eschool Mobile application does not provide any functionality to create, assign, modify, or delete conduct records. It provides read-only display of records that were created through the web platform.
Synchronization. Conduct records, their reasons, and any subsequent status changes (such as write-off at the end of the academic year, or removal of a Formal Warning as described in Section 20.10) are synchronized between the web version of the eschool.am platform and the Eschool Mobile application, so that both channels display consistent up-to-date information to the authorized users.
20.5. Access restrictions. Conduct records concerning a specific student are accessible only to:
Conduct records of one student are never visible to other students, to parents of other students, or to teachers who do not teach that student. Such records are never published publicly, disclosed to third parties for commercial purposes, or used for behavioural profiling, advertising, or automated scoring.
20.6. Retention and expiry of conduct records. Almost all types of conduct records — verbal notices, yellow cards, red cards, and remedial time assignments — are automatically cleared (written off) at the end of the academic year in which they were issued.
A Formal Warning (Նախազգուշացում) is retained for a longer period, as defined in the school's internal rules, in order to maintain an accurate record of the student's disciplinary history relevant to the continuation of the educational services contract.
Upon expiry of the applicable retention period, or when the record is written off at the end of the academic year, the record is deleted or irreversibly anonymized.
20.7. Consequences of repeated violations. In accordance with the school's internal rules (signed by the student and the parents / legal representatives at the time of enrollment), accumulation of a certain number of conduct records, or any further violation after a Formal Warning has been issued, may serve as a basis for termination of the educational services contract by the school. These consequences and the applicable thresholds are described in the internal rules and are known to the parents from the moment of signing the contract.
20.8. No automated decision-making. Conduct records and disciplinary decisions are never generated or assigned automatically by software. Every record is the result of a human report, human investigation, and a human decision by an authorized staff member. Algorithmic ranking, automated behavioural scoring, or machine-based discipline decisions are not used.
20.9. Rights of the student and parents. Without prejudice to Section 20.3 (finality of decisions within the school's internal procedure), students and their parents or legal representatives retain all rights granted by applicable legislation, as described in Section 9, including:
20.10. Removal of a Formal Warning. A Formal Warning (Նախազգուշացում) may be removed before its standard retention period expires. This is a formal procedure intended to recognize a student's positive progress and corrected behaviour:
This procedure ensures that disciplinary records do not remain permanently attached to a student who has demonstrably improved their conduct, while preserving the school's ability to respond appropriately to behaviour that has not been corrected.
20.11. Push notifications related to conduct records and council reviews. To ensure that students and their parents are promptly and transparently informed, the Eschool Mobile application may send push notifications related to conduct-related events, including:
20.11.1. Recipients. Push notifications about a specific student's conduct are sent only to:
Such notifications are never sent to other students, to parents of other students, or to any third party.
20.11.2. Content of notifications. Conduct-related push notifications are drafted to balance awareness with privacy. They indicate that a new conduct record or a scheduled council review exists and prompt the user to open the application to view the full details. Detailed reasoning and sensitive context are displayed inside the application after authentication, not in the push notification preview that may be visible on a locked device screen.
20.11.3. User controls. Users can manage or disable push notifications, including conduct-related notifications, at any time:
Disabling push notifications does not cancel the underlying conduct record. The record continues to be viewable by authorized users in the web version of the eschool.am platform and in the Eschool Mobile application after sign-in.
20.11.4. Delivery. Push notifications are delivered via the third-party services described in Section 13.2 (Firebase Cloud Messaging for Android and Apple Push Notification Service for iOS). These services receive only the push token of the recipient's device and the notification payload; they do not receive any additional personal data related to the recipient or to other students.
21.1. The Eschool Mobile application displays academic information related to the student's own educational process, including:
21.2. Access restrictions. Academic information concerning a specific student is visible only to:
Marks, comments, and homework submissions of one student are never visible to other students or to parents of other students.
21.3. Use of academic data. Academic data is processed solely for educational purposes: tracking the student's progress, providing feedback, and supporting communication between teachers, students, and parents. Academic data is never used for advertising, commercial profiling, or transmitted to third parties for commercial purposes.
21.4. No automated grading decisions. Grades and teacher comments are assigned by human teachers based on their assessment of the student's work. The school does not use automated algorithms to assign final grades that significantly affect the student.
22.1. The Eschool Mobile application supports linking of multiple accounts on a single device. This reflects common family and professional situations at Quantum College, for example:
In such cases, the user may link the relevant accounts to their device and switch between them within the application.
22.2. The school's account model. The Eschool Mobile application and the web version of eschool.am operate on a "one person — one account" principle, in which each student, teacher, or school employee has their own individual account, issued by the school administration at the time of enrollment or onboarding (see Section 16).
The school does not create separate "parent" accounts: parents or legal representatives of minor students sign in using their child's account, with the credentials that the school administration records at the time of enrollment and securely communicates to the family through offline channels. It is the family's responsibility to protect these credentials and to restrict their use to the appropriate legal representatives of the child.
22.3. Linking accounts on a device. Linking an account on a device is only possible after a successful sign-in with the account's credentials (login and password) and the second authentication factor (see Section 8.3). Without these, a user cannot link someone else's account to their device. A person who does not possess the credentials issued by the school for a given account cannot obtain access to that account.
22.4. Data isolation between linked accounts. Even though multiple accounts are available on the same device, the data of each account is strictly isolated:
22.5. Push notifications for linked accounts. Push notifications are delivered to the device for each linked account separately. The notification indicates clearly to which linked account it belongs (for example, which child's account received a new grade, or which teacher account received a chat message). This ensures that the user — even when managing several accounts — can immediately identify the recipient of each notification.
22.6. Removing a linked account. At any time, the user may remove any linked account from the device through the application settings. Removing a linked account:
22.7. Shared device considerations. The ability to link multiple accounts on a single device is provided for the convenience of authorized users (such as a parent signing in with their children's accounts, or a teacher who is also a parent). Users are responsible for the physical security of their device and for not granting access to unauthorized persons. We recommend enabling device-level protection (passcode, biometric authentication) to prevent unauthorized access to linked accounts.
23.1. The Eschool Mobile application and the web version of eschool.am include a File Manager, which provides each authorized user with their own personal cloud storage space on our self-hosted infrastructure. Files (documents, images, media) uploaded by the user are stored physically on our self-hosted Nextcloud servers under the eschool.am domain; file metadata (names, sizes, owners, sharing links, timestamps) is stored in the corresponding databases of the school platform.
No file data is transmitted to any external cloud storage service or third-party provider.
23.2. Upload and storage. Users may upload files to their own personal cloud storage. Uploaded files are accessible by default only to the owner of the storage, subject to the role-based access control described in Section 8 and to sharing actions explicitly initiated by the user (Section 23.3).
23.3. Sharing permissions. To protect students — especially minors — from unsolicited sharing, the application enforces strict rules on who can share files with whom:
23.4. Sharing via chat. Files may also be sent as attachments within chat messages (see Section 18.8). The recipient may save a copy of a received file to their own personal cloud storage.
23.5. Viewing and opening files. The capabilities for handling files differ between the web version of eschool.am and the Eschool Mobile application:
23.6. Push notifications upon sharing. When a file is shared with a specific user, that user receives a push notification informing them of the new shared file. The notification indicates that a new shared file exists and prompts the user to open the application to view the details. Sensitive file content is not displayed in the push notification preview.
Push notifications upon sharing are delivered via the third-party services described in Section 13.2 (Firebase Cloud Messaging and Apple Push Notification Service). These services receive only the push token of the recipient's device and the notification payload, not the content of the shared file.
23.7. Access restrictions and audit. Access to files in personal cloud storage is limited to:
Access events are logged for security audit purposes.
23.8. Data retention. Files remain in the user's personal cloud storage until the user deletes them or until the retention period specified in Section 7 applies (for example, upon termination of enrollment or employment, following the procedure described in Section 16).
23.9. Prohibited content. Users are responsible for the content they upload and share. The school's Code of Conduct (Section 20) applies equally to files. Unlawful, offensive, or otherwise inappropriate content may be reported to the school administration and, upon review, removed.
24.1. Quantum College operates a school library, from which students and staff may borrow physical books and other printed materials. A record of currently borrowed items and of borrowing history is maintained by the school library in the school's internal system.
24.2. Display in the Eschool Mobile application. The Eschool Mobile application and the web version of eschool.am include a section that displays, to the user, the list of books and other printed materials currently borrowed by the user from the school library. The purpose of this display is to help the user keep track of borrowed items and return them on time.
If the user has no currently borrowed items, the section shows an informational message (for example: "You have no rented literature at the moment") instead of an empty list.
24.3. Access restrictions. A user's library records are visible only to:
Library records of one user are never visible to other students, teachers who are not involved with library operations, or any third parties.
24.4. Push notifications. Library records are not, as a rule, accompanied by push notifications in the current version of the application. Changes to the borrowed items list (new items borrowed or items returned) are reflected in the application upon the next synchronization with the server.
24.5. Use of library records. Library records are used exclusively for the legitimate educational and administrative purposes of the school library (tracking borrowed items, managing returns, maintaining the library's collection). Library records are never used for behavioural profiling for commercial purposes, targeted advertising, or disclosed to any third party for commercial reasons.
24.6. Data retention. Active borrowing records (currently borrowed items) are retained as long as the items are out on loan. Historical borrowing records are retained for the period necessary for the legitimate administrative and educational purposes of the school library, in accordance with Section 7 and applicable legislation, after which they are deleted or anonymized.
