This privacy notice outlines how and why the American University in Bulgaria (AUBG) collects, uses and stores your personal data, and your rights in relation to the personal data we hold. We may modify or amend this Privacy Notice. The most current version will always be available on our Website and, where appropriate, notified to you by e-mail. If you have any questions about such matters you can contact us at [email protected].
What personal data do we collect?
The personal information we collect from you is the following:
- details you provided in your CV and/or cover letter;
- personal identification number/social security number;
- permanent and correspondence address;
- number of your identity document;
- date and place of issuance of your identity document;
- your contact email and phone number;
- your spouse’s name; date of birth; passport or personal ID number, date of issuance, and expiration date.
How do we collect your personal data?
Personal data we collect is provided only by you via email or post.
The basis for processing your information and how we use it
By becoming an AUBG Board of Trustees member you commit your participation in the supreme governing body of the University. The jurisdiction of the Board of Trustees relates to and is exercised over, all educational services and research policies and financial policies of the University. The Board of Trustees shall have, including but not limited, sole responsibility for the investment, reinvestment, expenditure and accounting for all funds committed to the University from whatever source.
The data we retain and process will be used for our management and administrative use only. We will keep and use it only to enable us to operate the University business and manage our relationship with you effectively, lawfully and appropriately, during the appointment process, while associated with us, and after you leave. This includes using information to enable us to comply with any legal requirements, pursue the legitimate interests of the University and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will inform you about any implications of that decision.
We will not use your personal information to carry out any wholly automated decision-making that affects you. We will process your personal information for a range of contractual, statutory or public interest purposes, including the following:
- to administer daily operations in all areas;
- to comply with legal requirements and registration purposes in Bulgaria and the United States;
- to communicate effectively with you by post, email and phone;
- to monitor and evaluate the performance and effectiveness of the university;
- to maintain and improve the academic, corporate, financial, estate and human resource; management of the university.
We may also process your personal data where:
- it is necessary to protect your or another person’s vital interests;
- we have your specific or, where necessary, explicit consent to do so
Control and care over your data
We, as an institution with one of the highest rankings in Bulgaria, are striving to improve and upgrade our control systems – to include pseudonymization of the collected and processed data, access controls, defined within the university, and most importantly – applied due care by our staff and faculty members. All measures are implemented against inadvertent or deliberate manipulation, loss, or destruction, and access by unauthorized persons. Access to your personal data is limited only to the Office of the President staff who use it to perform their job obligations.
Who we share your data with
Your data may be shared with public authorities, such as the Bulgarian Ministry of Education, National Agency for Evaluation and Accreditation, Ministry of Foreign affairs, National Revenue Agency etc. as part of our legal obligations. In cases we need to transfer your personal data to other third parties – internal and external auditors, etc., you will be notified, and asked for consent if the data transfer process requires us to do so. In any case, we will share your personal data with high attention to the third parties’ level of technical and organizational ability to manage personal data as required by the GDPR standards.
How long do we keep it
We store your personal information as part of your governing body participant record for the duration of your relationship with us. After you leave AUBG we will be retaining only the elements of your data imposed by legal requirements. We will keep other data if you provide your explicit consent to us.
The American University in Bulgaria (AUBG) can implement mandatory COVID-19 testing as part of its measures to prevent/limit the spreading of COVID-19 on the territory of the University and with the aim to protect the life and health of its students, employees and visitors. The mandatory COVID-19 testing is based on the legitimate interest of the controller AUBG – Art. 6, p. 1, (f) of the General Data Protection Regulation (GDPR). Please note that the actual testing is carried out in licensed laboratories by medical practitioners and AUBG does not process personal data at that stage. Once presented with information about the medical status of individuals, the processing of this data by the University is based on Art. 9, p. 2, (b) of the GDPR – processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.
AUBG has chosen tests that are most appropriate for the purposes of the testing and expenses for the tests are covered by the University. AUBG will apply short retention periods by keeping the data related to the tests only for as long as it is necessary in order to make decisions connected with the purposes mentioned above: preventing/limiting the spreading of COVID-19 on the territory of the University and protecting the life and health of its students, employees and visitors. For your as a data subject in relation to the personal data we hold, please refer to the last section of this privacy notice.
Collection and use by third party vendors
We do not sell data or databases to third parties for any reason.
Your rights in relation to the personal data we hold:
- to request access to your personal data we hold;
- to receive copies of your personal data in a machine-readable and commonly-used format – known as the right to data portability;
- to rectify or erase, in certain circumstances, your personal data;
- to restrict or object to processing concerning your data;
- to request data transfer to other parties;
- to object to a decision based solely on automated decision-making using your personal data;
- to withdraw consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal, for data storage based on consent;
- to lodge a complaint with the supervisory authority – Commission for Personal Data Protection, address – 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.
You may address your concerns or inquiries to our Data Protection Officer (DPO) – Gugushev and Partners Law Office, Yoanna Ivanova, e-mail: [email protected]; Address: 11A Aksakov Street, floor 5, Sofia 1000, Bulgaria, Telephone: +359 2 815 75 10.
Please see AUBG Internal Rules for Data Protection for more information.