1. Scope of Policy Application

This policy applies to all personal data of children and those legally considered as such, which is collected or processed by Jouf University or any of its affiliated entities.

Categories Covered by This Policy:

This policy includes the personal data of children under the age of 18 years, and others legally treated as minors, such as:

• Minor students enrolled in the university’s education and training programs.
• Children participating in university-organized events, activities, or awareness programs.
• Children whose data is processed via educational platforms, digital applications, and Learning Management Systems (LMS).

Data Covered Under This Policy:

The data collected or processed in accordance with this policy includes, but is not limited to:

• Personal Information: Full name, date of birth, national ID or residency number.
• Contact Information: Phone number, email address, residential address.
• Educational Information: Academic records, grades, attendance, academic reports.
• Health Information: Medical reports, information about special needs (when required).
• Behavioral and Digital Interaction Data: Usage logs of educational systems, analysis of academic performance.

2. Core Principles for the Protection of Children’s Data

Principle of Prior Consent

• Children’s data must not be collected, processed, or shared without obtaining written consent from parents or legal guardians.
• Consent must be obtained via an official form, either electronic or paper-based, clearly outlining how the data will be used and for what purpose.
• Parents or guardians may withdraw consent at any time, after which the data shall be deleted in accordance with approved procedures.

Principle of Minimum Data Collection

• Data collection must be limited to the minimum necessary to achieve the educational or administrative purpose.
• The collection or storage of non-essential data, such as biometric or financial information, is prohibited unless clearly required by applicable regulations.

Confidentiality and Security Protection

• All children’s data must be stored in encrypted and secure systems in compliance with established security standards.
• Access to the data shall be restricted to authorized personnel only, with strict limitations on its usage.
• Strong encryption measures (e.g., AES-256) must be applied to protect data during both transfer and storage.

Prohibition on Use for Marketing or Commercial Purposes

• Children’s data may not be shared with any external party for marketing or advertising purposes.
• The use of children’s data for any non-educational or non-research-related purpose not explicitly approved by the regulatory authority is strictly prohibited.

Right to Modify or Delete Data

• Parents or legal guardians have the right to request modification or deletion of their child’s data from databases at any time.
• Requests must be responded to within 15 business days from the date of submission.