Privacy Notice for AUBG Staff
Privacy Notice for Staff
This privacy notice outlines how and why the American University in Bulgaria (AUBG) collects, uses and stores your personal data, and your rights in relation to the personal data we hold. We may modify or amend this Privacy Notice. The most current version will always be available on our Website and, where appropriate, notified to you by e-mail. If you have any questions about such matters you can contact us at firstname.lastname@example.org.
What personal data do we collect?
The personal information we collect from you is the following:
- details you provided through your job application (CV, motivation letter and list of references), any requested supporting documents, additional details provided by any referees; interview details, contact details;
- contract of employment and any amendments to it - name, date of birth, personal ID number, passport/ID card number; nationality;
- correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary;
- information needed for payroll, benefits and expenses purposes;
- contact and emergency contact details;
- records of holiday, sickness and other absence;
- health data, as required;
- records relating to your career history, such as training records, appraisals, other performance measures;
- performance evaluation forms;
- disciplinary and grievance records; bank account details;
- social security status.
How do we collect your personal data?
We collect information about you when you:
- sign an employment contract;
- deposit or withdraw money at the cashiers;
- present a medical leave of absence;
- request information or service, i.e. additional medical and life insurance, additional pension insurance;
- participate in the annual evaluation process.
We may further have some information about you coming from your previous employers, as referees, and/or an HR company, it this has been part of your application for employment.
The basis for processing your information and how we use it
As your employer, AUBG needs to keep and process information about you for the usual employment purposes – main employment folder (staff record), payroll, medical and other leaves, work health and safety conditions, performance and evaluation, additional benefits to employees. Pension plans. The information we retain and process will be used for our management and administrative use only, to enable us to operate the University business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, while employed with us, at the time when your employment ends and after you leave AUBG. This includes using information to enable us to comply with employment contract clauses, to comply with legal requirements, pursue the legitimate interests of the University and protect our legal position in the event of legal proceedings.
Considering the complete and exhaustive labor legislation, processing personal data directly related to employment contract is based on Art. 6,p. 1, © of General Data Protection Regulation (GDPR) - legal obligation. This includes:
- registering and administering employment contracts;
- administering remuneration, payroll, pension and other standard employment functions;
- processing payments; administering HR-related processes, including those relating to performance/absence management, disciplinary issues and complaints/grievances;
- supporting your health, safety and welfare at work; processing medical leave of absences;
- delivering facilities and services, necessary for the job (e.g. library, bookstore, security; IT);
- reporting to the National Revenue Agency and National Social Security Institute, Internal Revenue Service (IRS);
- issuing financial declarations and/or reports, at your request;
- submitting tax relief documentation;
- complying with anti-money laundering laws and safeguarding requirements, preventing and detecting crime;
- monitoring and fulfilling our responsibilities under equalities, immigration and public safety legislation;
- fulfilling governance, audit, regulation and quality assurance arrangements and obligations.
Processing personal data about additional benefits is based on Art. 6,p. 1, © of GDPR – consent of the data subject. This may include additional medical insurance for you and close family members, additional pension insurance, additional life insurance, celebrations for children of AUBG, etc.
We will process some personal information for the university’s legitimate interest for the following:
- ensuring safety and security within the university;
- monitoring use of AUBG facilities in accordance with University policies;
- supporting your training and professional development;
- assessing your suitability for a particular role or task (including any relevant right to work reviews and inspections);
- communicating effectively with you by post, email and phone, including the distribution of relevant newsletters and circulars;
- compiling statistics, and conducting surveys and research for internal and statutory reporting purposes;
- monitoring and evaluating the performance and effectiveness of the university;
- maintaining and improving academic, corporate, financial, estate and human resource management of the university;
- promoting equality and diversity throughout the university;
- seeking a legal advice on institutional rights and obligations.
We may also process your personal data where:
- it is necessary to protect your or another person’s vital interests;
- we have your specific or, where necessary, explicit consent to do so.
Control and care over your data
We, as an institution with one of the highest rankings in Bulgaria, are striving to improve and upgrade our control systems – to include pseudonymisation of the collected and processed data, access controls, defined within the university, and most importantly – applied due care by our staff and faculty members. All measures are implemented against inadvertent or deliberate manipulation, loss, or destruction, and access by unauthorized persons. Access to your personal data is limited to HR and Business offices staff who use it to perform their job obligations.
We will not use your personal information to carry out any wholly automated decision-making that affects you.
Who we share your data with
Your data will be shared with public authorities, such as Bulgarian Ministry of Education, National Agency for Evaluation and Accreditation, Ministry of Foreign affairs (for visa purposes), National Revenue Agency, National Social Security Institute, Internal Revenue Service (IRS), Ministry of Internal Affairs, external audit companies, etc. as part of our legal obligations. AUBG may transfer your personal data if and when it finds it appropriate to contract companies for external payroll administration, work health and safety provider, marketing companies for internal and external surveys, evaluation and performance measurement, internal and external auditors, insurance and pension companies, etc. In cases we need to transfer your personal data to third parties, you will be notified, and asked for consent, if the data transfer process requires us to do so. In any case, we will share your personal data with high attention to the third parties’ level of technical and organizational ability to manage personal data as required by the GDPR standards.
How long we keep it
We store your personal information as part of your staff record for the duration of your employment (and it may be used as part of our assessment of any future application you make for further employment at AUBG). After you leave, certain records pertaining to your employment are retained indefinitely so that the details of your employment can be confirmed, and for statistical or historical research. Your payroll records will be retained according to the legal requirements for a period of fifty years.
Your rights in relation to the personal data we hold:
- to request an access to your personal data we hold;
- to receive copies of your personal data in a machine-readable and commonly-used format - known as the right to data portability;
- to rectify or erase your personal data;
- to restrict or object to the processing of your data, where applicable;
- to request data transfer to other parties, in certain cases;
- to withdraw consent at any time, in certain cases, without affecting the lawfulness of processing based on consent before its withdrawal;
- and, to lodge a complaint with the supervisory authority – Commission for Personal Data Protection, address - 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.
You may address your concerns or inquiries to our Data Protection Officer (DPO) – Margarita Petkova, e-mail: email@example.com; tel +359 73 888 337.
Please visit AUBG Internal Rules for Data Protection for more information.