Privacy Notice for AUBG Staff

Privacy Notice for Staff

This privacy notice outlines how and why the American University in Bulgaria (AUBG) collects, uses and stores your personal data, and your rights in relation to the personal data we hold. We may modify or amend this Privacy Notice. The most current version will always be available on our Website and, where appropriate, notified to you by e-mail. If you have any questions about such matters you can contact us at  dpo@aubg.edu .

What personal data do we collect?

The personal information we collect from you is the following:

  • details you provided through your job application (CV, cover letter and list of references), any supporting documents requested and additional details provided by any referees and recorded following any interview process, contact details;
  • contract of employment and any amendments to it - name, date of birth, personal  ID number, passport/ID card number;
  • correspondence with or about you, for example, letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary;
  • information needed for payroll, benefits and expenses purposes;
  • contact and emergency contact details;
  • records of holiday, sickness and other absence;
  • records relating to your career history, such as training records, appraisals, other performance measures;
  • performance evaluation forms;
  • disciplinary and grievance records;
  • bank account details;
  • social security status.

How do we collect your personal data?

Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees. We collect information about you when you:

  • sign on a contract of employment;
  • deposit or withdraw money;
  • present a medical leave of absence;
  • request information or service.

The basis for processing your information and how we use it

As your employer, AUBG needs to keep and process information about you for the usual employment purposes. The information we maintain and process will be used for our management and administrative use only. We will keep and use it only to enable us to operate the University business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, while employed with us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the University and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will inform you about any implications of that decision.

We will process your personal information for a range of contractual obligations including the following:

  • to communicate effectively with you by post, email and phone, including the distribution of relevant newsletters and circulars;
  • to assess your suitability for a particular role or task (including any relevant right to work checks);
  • to administer remuneration, payroll, pension and other standard employment functions, to process a payment;
  • to administer HR-related processes, including those relating to performance/absence management, disciplinary issues and complaints/grievances;
  • to support your training, health, safety and welfare;
  • to process a medical leave of absence;
  • to deliver facilities (e.g. library), services and staff benefits to you, and where appropriate to monitor your use of those facilities in accordance with University policies;
  • to report  to the National Revenue Agency and  National Social Security Institute;
  • to issue financial declarations and/or reports, at your request.

We will process your personal information for a range of legal obligations including the following:

  • to fulfill and monitor our responsibilities under equalities, immigration and public safety legislation;
  • to fulfill governance, audit, regulation and quality assurance arrangements and obligations;
  • to comply with our regulatory and legal report obligations – NRA, NSSI;
  • to comply with anti-money laundering laws and safeguarding requirements;
  • to prevent and detect crime.

We will process your personal information for the university’s legitimate interest including the following:

  • to ensure safety and security within the university;
  • to compile statistics and conduct surveys and research for internal and statutory reporting purposes;
  • to monitor and evaluate the performance and effectiveness of the university;
  • to maintain and improve the academic, corporate, financial, estate and human resource; management of the university;
  • to promote equality and diversity throughout the university;
  • to maintain and improve the financial resource management of the University;
  • to seek legal advice on our rights and obligations.

We may also process your personal data based on your consent for the following:

  • tax relief documentation;
  • additional life and medical insurance;
  • other, at your request.

We may also process your personal data where:

  • it is necessary in relation to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, health insurance or life insurance policies, as applicable;
  • it is necessary to protect your or another person’s vital interests;
  • we have your specific or, where necessary, explicit consent to do so.

Control and care over your data

We, as an institution with one of the highest rankings in Bulgaria, are striving to improve and upgrade our control systems – to include pseudonymization of the collected and processed data, access controls, defined within the university, and most importantly – applied due care by our staff and faculty members. All measures are implemented against inadvertent or deliberate manipulation, loss, or destruction, and access by unauthorized persons. Access to your personal data is limited only to HR and Business offices staff who use it to perform their job obligations.

We will not use your personal information to carry out any wholly automated decision-making that affects you.

Who we share your data with

Your data may be shared with public authorities, such as Bulgarian Ministry of Education, National Agency for Evaluation and Accreditation, Ministry of Foreign affairs (for visa purposes), National Revenue Agency, NSSI, etc. as part of our legal obligations. AUBG may transfer your personal data if and when it finds it appropriate to use subcontractors, i.e. external payroll administration, work health and safety provider, marketing companies for internal and external surveys, evaluation and performance measurement, internal and external auditors, insurance companies etc. In cases we need to transfer your personal data to third parties, you will be notified, and asked for consent, if the data transfer process requires us to do so. In any case, we will share your personal data with high attention to the third parties’ level of technical and organizational ability to manage personal data as required by the GDPR standards.

How long we keep it

We store your personal information as part of your staff record for the duration of your employment (and it may be used as part of our assessment of any future application you make for further employment at AUBG). After you leave certain records pertaining to your employment are retained indefinitely so that the details of your employment can be confirmed and for statistical or historical research. Your payroll records will be retained according to the legal requirements for a period of fifty years.

Your rights in relation to the personal data we hold:

  • to request access to your personal data we hold;
  • to receive copies of your personal data in a machine-readable and commonly-used format - known as the right to data portability;
  • to rectify or erase your personal data;
  • to restrict or object to the processing of your data, where applicable;
  • to request data transfer to other parties, in certain cases;
  • to object a decision based solely on automated decision-making using your personal data;
  • to withdraw consent at any time, in certain cases, without affecting the lawfulness of processing based on consent before its withdrawal; and,
  • to lodge a complaint with the supervisory authority – Commission for Personal Data Protection, address - 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.

You may address your concerns or inquiries to our Data Protection Officer (DPO) – Margarita Petkova, e-mail:  dpo@aubg.edu; tel +359 73 888 337.

Please visit AUBG Internal Rules for Data Protection for more information.

We are Social