Introduction
Grounds for processing of personal data by TSOIDUEM
What personal data we process
Basic principles of data processing
The rights of the persons whose personal data are processed
Ability to exercise rights
Right of appeal to a supervisory authority
Supervisory authority in the Republic of Bulgaria
TRANSPARENCY POLICY OF THE CENTER FOR EDUCATIONAL INTEGRATION OF CHILDREN AND STUDENTS FROM ETHNIC MINORITIES (TSOIDUEM) IN THE PROCESSING OF PERSONAL DATA
This Transparency Policy aims to provide information on why and what personal data is collected by TSOIDUEM, how it is processed, stored, including when it is necessary to disclose personal data to third parties and what the rights of individuals are.
To contact the Center for the Educational Integration of Children and Students from Ethnic Minorities (TSOIDUEM):
Sofia 1000, Blvd. "G. M. Dimitrov" No. 52A
Email: coiduem@mon.bg
Website: http://coiduem.mon.bg/
Data Protection Officer (DPO)
The Center for Educational Integration of Children and Students from Ethnic Minorities (TSOIDUEM) processes personal data in connection with compliance with legal obligations, the exercise of official powers, the performance of tasks in the public interest, legitimate interest of TSOIDUEM, archiving in the public interest, as well as for purposes for which the data subject (the natural person to whom the data relates) has consented to the processing of his data.
Information that may contain personal data is processed for the following purposes:
1. Human Resources:
2. Counterparties:
Complaints, signals and other requests.
1. Human Resources
For the purposes of human resources management, we process personal data of job applicants, trainees, current and former employees of TSOIDUEM.
In the course of human resource management activities, data on the physical identity of natural persons, education and qualification data, health data, contact data, as well as other data required under special laws regulating labor and service are processed legal relations, tax-insurance legal relations, accounting of the activity, safe and healthy working conditions, as well as social issues.
Personnel selection procedures comply with the requirements of special laws governing this activity.
TSOIDUEM processes and publishes, when required by law, personal data of civil servants and persons holding high public positions, in accordance with the Law on Combating Corruption and Confiscation of Illegally Acquired Property. The declaration is kept in the employee's file.
The activities to ensure healthy and safe working conditions are regulated by a contract with the occupational medicine service in accordance with Ordinance No. 3 of January 25, 2008 on the terms and conditions for carrying out the activities of the occupational medicine services.
In connection with the performance of employment or service legal relationships, only the personal data required by law are processed, which are stored within the terms determined by the labor and insurance legislation.
The collected data is used only for the above-mentioned purposes and is provided to third parties only in cases where this is provided for by law. In such cases, data may be provided, for example, to the National Revenue Agency, the Audit Office, DG Labor Inspection and other public bodies, in view of their powers and competence.
The information is not stored outside the EU and the European Economic Area. TSOIDUEM provides the appropriate technical and organizational measures to protect the collected personal data.
2. Counterparties/Beneficiaries
In the performance of its activities and in connection with its powers, TSOIDUEM processes personal data of natural persons for the performance of contracts concluded by TSOIDUEM in the sense of the Law on Obligations and Contracts, the Law on Public Procurement, the Commercial Law, etc.
Insofar as personal data of individual individuals are processed in connection with the execution of these contracts, information is processed for them in a minimal amount, sufficient only for the exact performance of the obligations under the relevant contract. Access to this information is provided to third parties only when this is specified in a special law.
The information is not stored outside the EU and the European Economic Area. TSOIDUEM provides appropriate technical and organizational measures to protect personal data.
For the implementation of projects financed by TSOIDUEM, it may be necessary to process personal data of individuals in the education system - children and students, teaching and non-teaching staff, teachers, academic staff of higher schools, parents/guardians of children/students in the system of education etc. Funding is carried out only for the purposes of the implementation of the projects financed by TSOIDUEM.
In fulfilling its obligations, TSOIDUEM processes data on the physical identity of natural persons, education and qualification data, contact data, as well as other data required under special laws, contracts for the implementation of projects financed by TSOIDUEM.
The collected data is provided to third parties only in cases where this is provided by law, for example to public authorities, in view of their powers and competence.
The information is not stored outside the EU and the European Economic Area. MES provides appropriate technical and organizational measures to protect your personal data.
3. Applications under the Law on Access to Public Information
In connection with the processing of applications under the GDPR, information about individual data subjects is processed, which may contain data on the physical, economic, social or other identity of individuals. TSOIDUEM provides such information only and to the extent that it meets the objectives of the Law on Access to Public Information.
The collected data is provided to third parties only in cases where this is provided by law, for example to public authorities, in view of their powers and competence.
The information is not stored outside the EU and the European Economic Area. TSOIDUEM provides appropriate technical and organizational measures to protect your personal data.
4. Complaints, reports and other requests
Complaints, signals and other requests in connection with the exercise of the powers of TSOIDUEM are submitted according to the terms and conditions of the current legislation.
When processing the information contained in complaints, reports and other requests submitted to TSOIDUEM, only personal data relevant to the specific case is processed.
Data made known to TSOIDUEM in this connection may be provided to third parties only if provided for by law.
The information is not stored outside the EU and the European Economic Area. TSOIDUEM provides appropriate technical and organizational measures to protect your personal data.
TSOIDUEM respects the inviolability of the private life of natural persons and guarantees to the maximum extent the protection of their personal data, processed in the performance of its statutory obligations, provision of administrative services, conclusion of contracts.
TSOIDUEM processes personal data in compliance with the principles of legality, good faith and transparency, expediency and accuracy, proportionality, accountability, integrity and confidentiality.
TSOIDUEM provides the appropriate technical and organizational measures to protect personal data.
Individuals have the right to exercise their rights under Art. 15-22 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46 /EC (Regulation) before TSOIDUEM, for the personal data that TSOIDUEM processes, namely:
1. Right to information – the person's right to receive information about the processing of his personal data by TSOIDUEM;
2. Right of access:
3. Right to rectification – right to request the correction or completion of personal data if the same is inaccurate or incomplete;
4. Right to erasure (the right "to be forgotten") - right to request the erasure of personal data, if the grounds for this provided for in the Regulation are present;
5. Right to limit the processing of personal data - right to demand from TSOIDUEM the limitation of the processing of personal data within the framework of the provisions of the Regulation, if the grounds for this provided for in the same are present;
6. Notification of third parties – right to require TSOIDUEM to notify the third parties to whom the personal data was disclosed of any correction, deletion or restriction of the processing of personal data, unless this is impossible or requires disproportionately large efforts from TSOIDUEM;
7. Right to data portability – the right of the individual to receive the personal data concerning him in a structured, widely used and machine-readable format and to transfer this data to another controller.
This right does not apply to the processing necessary for the performance of a task in the public interest or in the exercise of official powers that have been granted to the controller.
The right to data portability applies when the following two conditions are simultaneously met:
If it is technically feasible, the person whose data is processed has the right to receive a direct transfer of the personal data from TSOIDUEM to another administrator. The right to data portability can be exercised in a way that does not adversely affect the rights and freedoms of others
8. Rights in automated individual decision-making, including profiling - right of the individual not to be subject to an automated decision based solely on automated processing (i.e. processing without human intervention), including profiling within the meaning of the Regulation, which gives rise to legal consequences for the person or in a similar way affects him to a significant extent, unless the grounds provided for in the Regulation are present and appropriate guarantees are provided to protect the rights and freedoms and legitimate interests of the person.
Such guarantees are at least the right to human intervention on the part of TSOIDUEM, the right of the person to express his point of view and to challenge the decision.
9. Right to withdraw consent to processing – where the processing of personal data is based solely on consent given by the individual, the individual may withdraw their consent at any time. Such withdrawal does not affect the lawfulness of the processing based on the consent given until the time of its withdrawal.
10. Right to object - The person whose data is processed has the right at any time and on grounds related to his situation to object to the processing of personal data concerning him, including against profiling within the meaning of the Regulation, which is based on public interest, exercise of official powers or the legitimate interests of TSOIDUEM or a third party.
In these cases, TSOIDUEM will stop the processing of personal data, unless it proves that there are convincing legal grounds for the processing that take precedence over the interests of the specific person, rights and freedoms, or for the establishment, exercise or defense of legal claims.
The rights under Art. 15-22 of the Regulation can be exercised personally or by an expressly authorized person (with a notarized power of attorney) by submitting a written application. The application should contain:
When submitting a request for the exercise of rights within the meaning of the Regulation to TSOIDUEM, it is necessary for the applicant to identify himself - by presenting an identity document (when submitting a request on site in the building of TSOIDUEM) or by means of a qualified electronic signature (when submitting a request through the Electronic Document Portal of TSOIDUEM or by e-mail). The application for exercising rights can also be sent by mail with return receipt, in which case the application should be notarized.
A response will be provided subject to the applicable deadlines – up to one calendar month, and the deadline may be extended by another two months, taking into account the complexity and number of requests. In the event of the need to extend the term, you will be notified of the same, as well as the reasons that require the extension.
The personal data processed in connection with the consideration of the individual requests will be used only for the purposes of exercising the specified rights. In this regard, personal data may be provided to third parties only if provided by law.
Any data subject has the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State (EU/EEA) of his/her habitual residence, place of work or the place of the alleged infringement, if he/she considers that the processing of his personal data violates the provisions of the Regulation or other applicable requirements for the protection of personal data.
The supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data, address: Sofia 1592, "Prof. Tsvetan Lazarov" No. 2, website: www.cpdp.bg