Privacy Policy

Last Updated: February 12th, 2026

This Privacy Policy explains how the EDUKOM eDnevnik mobile and web application (the "App"), published on Google Play by Ministarstvo prosvjete i kulture Republike Srpske (Ministry of Education and Culture of the Republic of Srpska), collects, uses, discloses, and protects personal information. Please read this Privacy Policy carefully before using the App.

1. Data Controller

The data controller responsible for processing personal data through the EDUKOM eDnevnik App is:

Ministarstvo prosvjete i kulture Republike Srpske

(Ministry of Education and Culture of the Republic of Srpska)

Trg Republike Srpske 1, 78000 Banja Luka, Bosnia & Herzegovina

Data Protection Officer (DPO):

Email: i.tomic@mp.vladars.rs

Phone: +387 65 492-414

Address: Trg Republike Srpske 1, 78000 Banja Luka, Bosnia & Herzegovina

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact the Data Protection Officer using the information above.

The developer account on Google Play for the EDUKOM eDnevnik App is registered under the name MINISTARSTVO PROSVJETE I KULTURE RS, which is the abbreviated form of the data controller named above.

2. About the App

EDUKOM eDnevnik is an educational platform operated by the Ministry of Education and Culture of the Republic of Srpska (Ministarstvo prosvjete i kulture Republike Srpske). It enables students, parents/guardians, teachers, and school administrators to access academic information such as grades, attendance records, class schedules, and other school-related data. The App also provides a controlled in-app messaging feature for communication within the educational community.

The App is available as a mobile application (published on Google Play under the name "EDUKOM eDnevnik") and as a web application. This Privacy Policy applies to both versions.

3. Target Audience

The App is designed for use by students of primary and secondary schools (ages 6 and above), their parents/guardians, teachers, and school administrative staff. Because our target audience includes children under the age of 18, we are committed to protecting children's privacy and complying with all applicable child protection laws and regulations, including the U.S. Children's Online Privacy Protection Act (COPPA), the E.U. General Data Protection Regulation (GDPR), and Google Play's Families Policy.

The App targets the following age groups: Ages 6–8, Ages 9–12, Ages 13–17, and Ages 18+. The App provides separate accounts and roles for students, parents/guardians, teachers, and administrators.

4. Information We Collect

4.1 Personal Information

We collect the following personal information, which is provided through the educational institution's enrollment and account provisioning process:

Full name
Email address
Alternative email address
Phone number
Username and password (for authentication purposes)
Profile photograph (optional, uploaded at the user's discretion)

User accounts are created and provisioned by the Ministry of Education and Culture and distributed to users through their respective educational institutions. Users do not create accounts independently within the App.

4.2 Educational Data

As an educational platform, we collect and process the following academic information:

Student grades and academic performance records
Course enrollment and class schedules
Attendance and absence records
Student behavior (conduct) records
Exam schedules and results
Literature and reading lists
Extracurricular activity information
Student identification card data

4.3 Communication Data

When users utilize the in-app messaging feature, we collect:

Messages sent and received within the App
Conversation history
Message read receipts and timestamps
Attachments shared in conversations

All communication data, including attachments, is stored on our servers. Messages cannot be forwarded, shared, or transmitted outside of the App.

4.4 Device and Technical Information

We automatically collect certain technical information necessary for the App's operation:

Device type and model
Operating system and version
IP address
App configuration and settings
Firebase Cloud Messaging token (for push notifications; currently not active in production — see Section 9)
Error logs and crash reports
Network status information

4.5 Usage Data

We collect information about how users interact with the App:

Features accessed and actions taken
Time and date of use
Notification interaction data
Language and theme preferences

4.6 Information We Do NOT Collect

We want to be transparent about the data we do not collect:

We do not collect precise or approximate device location (GPS or network-based).
We do not collect the Android Advertising ID (AAID). We do not request the AD_ID permission.
We do not collect persistent device identifiers such as IMEI, MAC address, SIM Serial, Build Serial, BSSID, SSID, or IMSI.
We do not collect any financial or payment information.
We do not use interest-based advertising or remarketing technologies.
We do not collect contact lists or phonebook data from user devices.

5. How We Collect Information

5.1 Information Provided Through Educational Institutions

Most personal and educational data is collected through the school enrollment process managed by educational institutions under the authority of the Ministry of Education and Culture. Account credentials are provisioned by the Ministry and delivered to users through their respective schools.

5.2 Information You Provide Directly

We collect information directly from you when you:

Log in to the App
Update your profile information
Upload a profile photograph (optional)
Send messages to other users within the App
Change your notification, language, or theme preferences
Contact us with inquiries

5.3 Automatic Collection

We automatically collect technical and usage data through:

Firebase Cloud Messaging services (for push notification delivery only; currently not active in production — see Section 9)
Error logging and crash reporting tools built into the App
Network monitoring for connectivity status

5.4 Device Permissions

The App may request the following device permissions:

Camera Access: To allow you to take a profile photo directly from the App. This is optional.
Photo Library Access: To allow you to select a profile photo from your device and to save images when requested. This is optional.
Storage Access: To read and write files necessary for the App's functionality, including downloading and uploading documents.
Push Notifications: To send important notifications about grades, attendance, messages, and other educational updates (currently not active in production).
Internet Access: To communicate with our servers and provide the App's core functionality.

6. How We Use Your Information

6.1 Provide and Maintain the Service

Authenticate your identity and manage your account
Display your educational information (grades, schedules, attendance, behavior records, exams, literature, student card)
Enable communication between students, parents, teachers, and school administrators through in-app messaging
Deliver push notifications about important academic and administrative updates (when activated)

6.2 Improve the Service

Analyze usage patterns to improve App functionality
Diagnose technical issues and fix bugs
Develop new features based on user needs

6.3 Communication

Send notifications about academic updates
Facilitate in-app messaging between authorized users
Respond to your inquiries and support requests
Send important service announcements

6.4 Security

Protect against unauthorized access
Detect and prevent fraudulent activities
Ensure the integrity of educational data

We do not use personal information for advertising, marketing, profiling, or any purpose unrelated to the educational services described in this Privacy Policy.

7. In-App Messaging and Communication Features

The App includes an in-app messaging feature that allows communication within the educational community. This feature is not a social networking service. It is a structured, closed communication tool strictly limited to authorized educational participants. There are no public profiles, no content sharing to external platforms, no ability to forward messages outside of the App, and no discovery of users outside of the user's own educational institution and role-based scope.

The only personal information visible to other users within the messaging feature is the user's name and optional profile photograph. No other personal data (such as email address, phone number, or academic records) is shared or visible through messaging.

7.1 Messaging Scope

Communication within the App is restricted based on user roles:

Teachers may communicate with other teachers at the same school, school administrators, students they teach, and parents of those students.
Students may communicate with their parents/guardians, classmates within the same class/group, teachers who teach them, and school administrators.
Parents/Guardians may communicate with their children, their children's teachers, and school administrators.
School Administration (principal, pedagogues, psychologists, secretary) may communicate with all teachers, parents, and students at their school, and with one another.
School IT Administrators may communicate with school administration and administrators of other schools.
Ministry/Institutional roles (ministry staff, pedagogical institute, technical support) may communicate only with users at the same access level.

7.2 Children's Use of Messaging

Students, including those under the age of 18, can send messages to classmates within the same class/group, their teachers, their parents/guardians, and school administrators. All messaging between minors takes place within a controlled, role-based environment and is limited exclusively to members of their educational community. Children cannot communicate with any user outside of their school's defined educational structure.

The App displays an in-app safety reminder to young users before they begin using the messaging feature.

Important notice for young users: Be safe online. Be aware that messages you send can be read by recipients. Never share passwords, personal identification numbers, or other sensitive personal information through messages. If you receive any message that makes you uncomfortable, report it to a teacher, parent, or school administrator immediately.

7.3 Parental Oversight and Controls

Parents and guardians have access to the App through their own dedicated parent accounts and can view their child's educational information, including grades, attendance, and school communications.

Because the messaging feature operates within a strictly controlled, role-based educational environment — where students can only communicate with their own classmates, their own teachers, their own parents/guardians, and school administrators — all communication is supervised by school staff (teachers, pedagogues, psychologists, and administrators) who are employees of the educational institution and the Ministry of Education and Culture. School administrators and teachers have oversight of messaging activity within their educational domain.

Parents who have concerns about their child's use of the messaging feature may contact the school administration or the Data Protection Officer (see Section 1) to request restrictions or adjustments to their child's messaging capabilities. The school administration can restrict or disable messaging for individual student accounts upon a parent's or guardian's written request.

We recommend that parents maintain open communication with their children about responsible online behavior.

7.4 Attachments

File attachments sent through the messaging feature are stored on our servers and are accessible only to the sender and authorized recipients within the App. Attachments cannot be forwarded or shared outside of the App.

8. Data Storage and Security

8.1 Server Location

All personal and educational data is stored on secure servers located in the data center of the Government of the Republic of Srpska in Bosnia and Herzegovina. No data is transferred outside of Bosnia and Herzegovina or the European Economic Area.

8.2 Local Storage (On-Device Caching)

The App caches certain data locally on your device to enable partial offline functionality. Locally cached data includes: user profile information, home screen data, courses and grades, student card data, literature lists, exam information, absence records, behavior (conduct) records, authentication tokens, Firebase messaging tokens, and language and theme preferences.

Cached data has an expiration date and is refreshed upon reconnection to the server.

8.3 Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption in transit: All data transmitted between the App and our servers is encrypted using HTTPS/TLS protocols. No user data is transmitted in unencrypted form.
Secure token-based authentication: The App uses JWT (JSON Web Tokens) for session management.
Encrypted local storage: Sensitive credentials are stored locally using Android Keystore or iOS Keychain.
Role-based access control: Users can only access data and features appropriate to their role.
Regular security assessments: We conduct periodic reviews of our security practices.

While we strive to protect your personal information using commercially reasonable measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

9. Third-Party Services

The App uses a limited number of third-party services. We are committed to minimizing third-party data exposure.

9.1 Firebase Cloud Messaging (Google LLC)

The EDUKOM eDnevnik App integrates Firebase Cloud Messaging (FCM) solely for the purpose of delivering push notifications. Important: As of the date of this Privacy Policy, push notifications via Firebase Cloud Messaging are not active in the production version of the App. FCM is currently in a beta testing phase and has not been enabled for end users. When FCM is activated in a future update, this service may collect Firebase installation IDs and messaging tokens for the sole purpose of delivering notifications.

Firebase Cloud Messaging does not collect personally identifiable information from our App. We do not use Firebase Analytics, Firebase Crashlytics, or any other Firebase services beyond Cloud Messaging.

Firebase Privacy Policy: https://firebase.google.com/support/privacy

9.2 Google Play Services (Google LLC)

The App utilizes Google Play Services for core Android functionality.

Google Privacy Policy: https://policies.google.com/privacy

9.3 Capacitor Plugins

The App uses Capacitor framework plugins for native device functionality (camera, storage, notifications). These plugins process data locally on your device and do not transmit data to third-party servers.

We do not use any advertising SDKs, analytics SDKs, tracking SDKs, or any other third-party data collection services beyond those listed above. We do not use any SDKs that are not approved for use in child-directed services.

10. Data Sharing and Disclosure

10.1 Within the Educational System

Your educational data is shared with authorized participants within the educational system as necessary to fulfill the App's educational purpose:

Teachers and school administrators may access student academic data relevant to their responsibilities.
Parents/guardians may access their child's academic information.
School administrative staff (principal, pedagogues, psychologists, secretary) may access data necessary for their administrative and pedagogical duties.

10.2 Service Providers

We share limited technical data with Google LLC (Firebase Cloud Messaging and Google Play Services) solely for the purpose of delivering push notifications (when activated) and providing core Android functionality. These service providers process data on our behalf and in accordance with their respective privacy policies and our instructions.

10.3 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities, including courts, regulatory bodies, or government agencies, in accordance with the laws of the Republic of Srpska and Bosnia and Herzegovina.

10.4 What We Do NOT Do With Your Data

We do not sell personal or sensitive user data to any third party.
We do not share data for advertising or marketing purposes.
We do not provide data to unauthorized parties.
We do not transfer data to third parties for purposes unrelated to the educational services described in this Privacy Policy.
We do not use personal data for interest-based advertising or user profiling.

11. Data Retention

11.1 Active Account Data

Personal and educational data associated with active accounts is retained for as long as the account remains active and the user is enrolled in or employed by an educational institution within the system.

11.2 Legally Required Retention

In accordance with the laws and regulations of the Republic of Srpska governing educational record-keeping, the following records are retained permanently:

Student register (matična knjiga učenika)
Register of external students (matična knjiga vanrednih učenika)
School chronicles (ljetopis škole)
Records of issued certificates and diplomas
Curriculum and syllabus (nastavni plan i program)
Register accompanying the student register

The following records are retained for a period of ten (10) years:

Class registers / daily work logs (odjeljenska knjiga / dnevnik rada)
Examination records

11.3 Post-Deletion Retention

When a data deletion request is fulfilled, we delete all personal data that is not subject to mandatory legal retention. Data that must be retained under applicable laws will continue to be stored securely and will be used solely for legal and archival purposes.

12. Children's Privacy

The EDUKOM eDnevnik App is designed for educational purposes and is used by students of primary and secondary schools, including children under the age of 18. We take children's privacy seriously and are committed to complying with the U.S. Children's Online Privacy Protection Act (COPPA), the E.U. General Data Protection Regulation (GDPR), Google Play's Families Policy, and all other applicable child protection laws and regulations. We have implemented the following safeguards.

12.1 Parental/Guardian Consent

For students who are minors, parental or guardian consent for the use of the App and the processing of their child's personal data is obtained through the educational institution's enrollment process. When a parent or guardian enrolls their child in a school within the Republic of Srpska educational system, they consent to the collection and processing of educational data necessary for the provision of educational services, in accordance with applicable laws and regulations.

12.2 Data Minimization

We collect only the information that is necessary for the App's educational purposes. We do not collect more data from children than is reasonably necessary to provide the educational services described in this Privacy Policy.

12.3 No Advertising or Marketing to Children

We do not display advertisements of any kind within the App. We do not use children's personal information for marketing purposes, targeted advertising, interest-based advertising, or remarketing. The App contains no in-app purchases.

12.4 No Collection of Sensitive Device Identifiers From Children

We do not collect Android Advertising ID (AAID), IMEI, MAC address, SIM Serial, Build Serial, BSSID, SSID, or IMSI from any user, including children. We do not request the AD_ID permission.

12.5 No Location Data Collection

We do not collect precise or approximate location data from any user, including children. The App does not request location permissions.

12.6 SDKs and Third-Party Services

The only third-party SDK integrated into the App is Firebase Cloud Messaging, which is used solely for push notification delivery and is currently not active in the production version of the App (see Section 9). We do not use any SDKs that are not approved for use in child-directed services. We do not use advertising SDKs, analytics SDKs, or tracking technologies.

12.7 Parental/Guardian Rights

Parents and guardians of minor students may:

Access and review their child's personal and educational information through their own parent account in the App.
Request correction of inaccurate or incomplete information about their child.
Request deletion of their child's personal data, subject to legally mandated retention requirements for educational records.
Request that the school administration restrict or disable their child's access to the in-app messaging feature.

To exercise these rights, please contact the Data Protection Officer using the contact information provided in Section 1 of this Privacy Policy, or contact your child's school administration directly.

12.8 Reporting Concerns

If you believe that we have collected personal information from a child without proper parental consent, or if you have any concerns about a child's privacy, please contact us immediately at i.tomic@mp.vladars.rs.

13. Legal Basis for Processing

We process personal data on the following legal bases under applicable law:

Legal obligation: Processing is necessary for compliance with legal obligations related to the provision of education and the maintenance of educational records, as required by the laws and regulations of the Republic of Srpska and Bosnia and Herzegovina.
Public interest / official authority: Processing is necessary for the performance of tasks carried out in the public interest by the Ministry of Education and Culture.
Consent: Where required by law, parental/guardian consent is obtained through the educational institution's enrollment process for the processing of children's personal data.

14. Your Rights

Depending on applicable laws, you may have the following rights regarding your personal data:

14.1 Right of Access

You may request access to the personal information we hold about you or your child.

14.2 Right to Correction

You may request correction of inaccurate or incomplete personal information.

14.3 Right to Deletion

You may request deletion of personal information, subject to legally mandated retention requirements for educational records as described in Section 11.

14.4 Right to Restriction of Processing

You may request that we restrict the processing of your personal data under certain circumstances.

14.5 Right to Object

You may object to the processing of your personal data under certain circumstances.

14.6 Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Agency for Personal Data Protection in Bosnia and Herzegovina (Agencija za zaštitu ličnih podataka u Bosni i Hercegovini)
Insurance Agency of the Republic of Srpska (Agencija za osiguranje Republike Srpske)

14.7 How to Exercise Your Rights

To exercise any of the above rights:

By email: Send your request to i.tomic@mp.vladars.rs from your verified email address associated with your account.
By mail: Send a written request to: Ministry of Education and Culture of the Republic of Srpska, Trg Republike Srpske 1, 78000 Banja Luka, Bosnia & Herzegovina.
In person: Submit a written request at the address above.

Requests related to the personal data of minor students must be submitted by the student's parent or guardian.

We will respond to your request within 30 days of receipt. If the request is complex or we receive a large number of requests, we may extend this period by an additional 30 days, in which case we will notify you of the extension.

15. Account and Data Deletion

User accounts are created and managed by the Ministry of Education and Culture and are provisioned through educational institutions. Users do not create accounts independently.

To request the deletion of an account and associated personal data, you may use any of the following methods:

Online: Submit a deletion request through our account deletion form here.
By email: Send a request to i.tomic@mp.vladars.rs from your verified email address.
By mail: Send a written request to: Ministry of Education and Culture of the Republic of Srpska, Trg Republike Srpske 1, 78000 Banja Luka, Bosnia & Herzegovina.

Requests related to the deletion of a minor student's account must be submitted by the student's parent or guardian.

Upon receiving a valid deletion request, we will delete all personal data associated with the account, except for data that must be retained under applicable laws and regulations as described in Section 11. We will confirm the completion of the deletion process within 30 days of receipt of the request.

When an account is deleted, all locally cached data should be removed by uninstalling the App from your device.

16. Links to Other Sites

The App may contain links to external websites or services that are not operated by us, such as links to the Firebase Privacy Policy or the Google Privacy Policy referenced in Section 9. If you click on a third-party link, you will be directed to that third party's website or service.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every external site you visit.

The inclusion of any link does not imply endorsement, approval, or control by the Ministry of Education and Culture of the Republic of Srpska over the linked website or its content.

17. Cookies and Similar Technologies

The EDUKOM eDnevnik mobile application does not use cookies. However, the web version of the App (accessible via a web browser) may use cookies and similar technologies to support essential functionality.

17.1 What Are Cookies

Cookies are small text files that are stored on your device by a web browser when you visit a website. They are widely used to enable websites to function properly, improve user experience, and provide information to website operators.

17.2 How We Use Cookies

The web version of the App uses only strictly necessary cookies for the following purposes:

Authentication cookies: To keep you securely logged in during your session and to manage your authentication state.
Session cookies: To maintain your session and preferences (such as language and theme) while you use the web application.

We do not use cookies for advertising, marketing, analytics, tracking, or any purpose other than essential App functionality. We do not use third-party cookies.

17.3 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling strictly necessary cookies may affect the functionality of the web version of the App. For more information on how to manage cookies in your browser, please refer to your browser's help documentation.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes to this Privacy Policy, we will update the "Last Updated" date at the top of this page.

If we make material changes that significantly affect how we handle personal data, we will provide prominent notice through the App (such as an in-app notification or a banner displayed upon login) prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the App after any changes to this Privacy Policy constitutes your acknowledgment of the changes.

The current version of this Privacy Policy is always available at: https://edukom.org/resources/privacy_and_policy.html

19. Applicable Law

This Privacy Policy and any disputes arising from or relating to it shall be governed by and construed in accordance with the laws of the Republic of Srpska and Bosnia and Herzegovina, including but not limited to:

The Law on Protection of Personal Data of Bosnia and Herzegovina (Zakon o zaštiti ličnih podataka Bosne i Hercegovine)
The General Law on Education of the Republic of Srpska (Opšti zakon o obrazovanju i vaspitanju Republike Srpske)
The E.U. General Data Protection Regulation (GDPR), where applicable to users within the European Economic Area

Any disputes related to this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in Banja Luka, Republic of Srpska, Bosnia and Herzegovina.

20. Consent

By using the EDUKOM eDnevnik App, you acknowledge that you have read and understood this Privacy Policy.

For adult users (teachers, school administrators, and parents/guardians), your use of the App constitutes your acknowledgment of the data practices described in this Privacy Policy. The processing of your personal data is carried out on the legal bases described in Section 13, including legal obligation and public interest.

For minor students, consent for the collection and processing of personal data is provided by the student's parent or guardian through the educational institution's enrollment process, as described in Section 12.1. Parents and guardians may withdraw their consent or request restrictions on data processing by contacting the Data Protection Officer (see Section 1) or the school administration, subject to the mandatory data processing requirements under applicable education laws.

If you do not agree with this Privacy Policy, please refrain from using the App and contact your educational institution or the Data Protection Officer for further assistance.

↑ Back to Top