Overview (clear & extended)
This page explains how the Entsperrte Freiheit pilot handles personal information, session and device logs, payments and lawful requests. It is intended to be readable and practical — but it is not a substitute for legal advice. Before collecting identifiable student data, your school leadership and legal counsel must review and approve the operational procedures described below.
Brief summary: minimal logging for safety and troubleshooting; strict, limited access to logs; compliance with applicable national and international privacy laws; parental/guardian consent for minors.
Data collection — what and why
We collect only the minimum information needed to run the pilot safely and fairly. That may include:
- Operational logs: timestamps, anonymised session/device IDs, bandwidth metrics, connection success/failure.
- Contact details: when a participant requests private follow-up (name + contact handle for payment/collection).
- Incident notes: staff notes for misuse or safety incidents.
Purpose: troubleshoot, detect misuse, support billing/collection, and evaluate the pilot.
Consent & students
When participants are minors, the school’s parental/guardian consent processes apply. We will not enrol or store identifiable data for children without following the school’s consent procedures or where local law requires parental consent.
Security & retention
Reasonable technical and organisational measures are used: role-based access, secure storage, and limited retention. Logs are retained only as necessary and deleted according to an approved retention schedule unless retained for investigation or legal obligations.
Third parties & carriers
The pilot uses third-party carriers for connectivity (example: Belong). Carriers have separate terms and lawful-access obligations. We limit sharing to what provisioning and troubleshooting require — review carrier terms as needed.
Lawful requests & disclosures
We will comply only with lawful requests (court orders, warrants). Any legally compelled disclosure will be minimised, logged, and reviewed internally. We do not intercept private communications.
Risk & disclaimers
Important risk notice: this is an experimental pilot. Connectivity and coverage are not guaranteed. Purchasers accept experimental operation and supervision under school policy. Purchases do not guarantee uninterrupted access.
Individual rights & complaints
Individuals may request access to data we hold about them, ask for corrections, or file complaints. Contact the project coordinator, or your school’s privacy officer. Escalation to regulators (OAIC or equivalent) is available if unresolved.
Not legal advice — get a lawyer
This is an informational summary. It is not legal advice. Consult your school’s legal counsel before collecting student personal information, implementing retention policies, or responding to lawful access requests.
Relevant laws & frameworks — expanded
Australia
Key Australian regimes: the Privacy Act 1988 (Australian Privacy Principles), state education privacy policies, and telecommunications law (Telecommunications (Interception & Access) Act) which restricts interception — we comply with lawful procedures only.
United States — COPPA
If the service collects data about children under 13 in the U.S., COPPA will apply. COPPA requires verifiable parental consent and strict handling of children’s data. Do not collect identifiable data from US children without COPPA-compliant consent.
International — GDPR & other regimes
For EU/EEA residents, GDPR imposes strong obligations (lawful basis, data minimisation, rights, breach notifications, cross-border transfer rules). Other countries have similar laws — ensure compliance before collecting data from those jurisdictions.
Where to read more
- OAIC guidance and the Australian Privacy Principles (Privacy Act).
- COPPA guidance — US Federal Trade Commission.
- GDPR resources — EDPB and national data protection authorities.
- Your state education department privacy guidance and school privacy officer.