Privacy Notice for Library Patrons
Privacy Notice for Library Patrons
This privacy notice outlines how and why the American University in Bulgaria (AUBG) collects, uses and stores your personal data, and your rights in relation to the personal data we hold. We may modify or amend this Privacy Notice. The most current version will always be available on our Website. If you have any questions about such matters you can contact us at email@example.com.
What personal data do we collect?
The personal information we collect from you may include the following:
- identification data including your name, AUBG ID number;
- contact data including your home address, email address;
- reading history;
- senior and master’s thesis papers (for AUBG bachelor’s and master’s degree students);
- research and publications (for AUBG faculty members);
- reserve records (for AUBG faculty members);
- fines you may have.
How do we collect your personal data?
We collect information about you when you:
- enroll as a student in AUBG bachelor’s or master’s programs;
- become an AUBG faculty member;
- register with us as a new staff member;
- register with us as an alumni member;
- register with us as an external patron;
- become a researcher of the Center of Advanced Study (based on a Memorandum of Cooperation, dated March 14, 2013).
Note: * When we obtain personal data from third party sources, we will look to ensure that the third party has lawful authority to provide us with your personal data.
The basis for processing your information and how we use it
The lawful base for data processing is a contractual obligation, or steps on your part to enter into a contract with AUBG – based on your affiliation with AUBG – a student, a faculty or staff member, an alumni or external patron. In this respect, we use your personal data for the following:
- to provide library services to you, as detailed on AUBG Panitza Library website: https://www.aubg.edu/borrow-renew-request;
- to provide reference help at your request.
We may also process your personal data because it is necessary for our legitimate interests. In this respect, we may use your personal data for the following:
- to collect fines you may owe to AUBG Panitza Library;
- to seek advice on our rights and obligations as a provider of Library services.
We may also process your personal data in relation to compliance with our legal obligations. In this respect, we may use your personal data for the following:
- financial audits;
- compliance with anti-money laundering laws and safeguarding requirements;
- prevention and detection of crime;
- criminal investigations - assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
We may also process your personal data where:
- it is necessary to protect your or another person’s vital interests;
- or we have your specific or, where necessary, explicit consent to do so.
Control and care over your data
We, as an institution with one of the highest rankings in Bulgaria, are striving to improve and upgrade our control systems – to include pseudonymization of the collected and processed data, access controls, defined within the university, and most importantly – applied due care by our staff and faculty members. All measures are implemented against inadvertent or deliberate manipulation, loss, or destruction, and access by unauthorized persons.
Whom we share your data with
Your data may be shared with public authorities, such as Bulgarian Ministry of Education, National Agency for Evaluation and Accreditation, external auditors, etc. as part of our legal obligations.
For the purpose of providing online access to e-resources and Information Literacy evaluation processes we provide information about you, i.e. your name, AUBG ID and email, to ProQuest Ebook Central, EZproxy, FT.com, Credo Instruct, Virtua Library Management System, with respect to AUBG contractual obligations and in their role of access providers.
In cases, we need to transfer your personal data to other third parties - internal auditors, software providers, etc. you will be notified, and asked for consent if the data transfer process requires us to do so. In any case, we will share your personal data with high attention to the third parties’ level of technical and organizational ability to manage personal data as required by the GDPR standards.
How long we keep it
Personal data we collect through registration (i.e. name, AUBG ID number and email, home address) will be stored for the period of your affiliation with AUBG. Senior and Master thesis papers will be retained forever. Information on faculty reserve records is kept for the duration of the academic course. Information on your fines is kept for one semester. Personal data of alumni and external patrons is retained for one year if membership is not renewed. Personal data of CAS associates is stored for the duration of their affiliation with CAS.
Certain personal data will be retained according to the legal requirements of national and local authorities, as part of your record.
Collection and use by third-party vendors
We do not sell data or databases to third parties for any reasons.
You rights in relation to the personal data we hold:
- to request access to your personal data we hold;
- to rectify or erasure your personal data;
- to restrict or object to processing concerning your data;
- to request data transfer to other parties;
- to withdraw consent at any time, in certain cases, without affecting the lawfulness of processing based on consent before its withdrawal;
- to lodge a complaint with the supervisory authority – Commission for Personal Data Protection, address - 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.
You may address your concerns or inquiries to our Data Protection Officer (DPO) – Margarita Petkova, e-mail: firstname.lastname@example.org; tel +359 73 888 337.
Please visit AUBG Internal Rules for Data Protection for more information.