Under the GDPR processing of personal data includes every aspect of the data lifecycle, from initial collection (whether or not collected from the Data Subject itself) to data destruction, including data usage, access and transfers. All processing of personal data shall be in line with the data protection principles of:
- Lawfulness, fairness and transparency;
- Confidentiality, accuracy and integrity;
- Data minimisation;
- Purpose limitation;
- Storage limitation; and
The management of privacy risks is intended to be an interactive process, with improvements being made to better manage existing and emerging privacy risks on an ongoing basis. For clarifications or queries, please get in touch with Omega Coders support team on email@example.com.
1.INFORMATION WE COLLECT
1.1.We collect personal data from You, whether when directly provided by You, through our interactions with You, or by means of your interactions, use and experiences with our website. If You want additional info, we go into more detail below.
1.2.Information You give Us.
You choose to give Us certain information when using our website or when interacting with Us through other means. This includes:
- 1.2.1. When You complete and submit applications through our website to apply for any of the courses we have on offer, You provide Us with additional information, such as personal phone number, personal identification number, gender, resume and academic qualifications. Some of the information You choose to provide Us may be considered “special” or “sensitive” in the Republic of Bulgaria or in certain other jurisdictions, for example your racial or ethnic origins, sexual orientation and religious beliefs. By choosing to provide this information, You consent to our processing of that information.
- 1.2.2. When You sit for the entrance exam or submit assessed work as part of any course requirement, We collect information about your performance such as marks or test results.
- 1.2.3. Whilst You are enrolled to any one of our courses, We may collect the following personal data: (i) your image and audio, which may be collected through different sources, e.g. video surveillance systems, images taken during the lectures, classes and/or activities; video recordings of meetings, online lectures, classes and/or activities; (ii) your course records, e.g. performance assessment, examination marks, final results and attendance records; and (iii) any communications between You and Us, or between You and other students or third parties (which shall not be limited to its contents, but also include its date and time of issue).
- 1.2.4. When You participate in surveys or focus groups, You give Us your insights into our courses, responses to our questions and testimonials.
- 1.2.5. When You choose to participate in our promotions, events or contests, We collect the information that You use to register or enter.
- 1.2.6. If You contact our support team on firstname.lastname@example.org, We collect the information You give Us during the interaction. Sometimes, We monitor or record these interactions for training purposes and to ensure a high quality of service.
1.3.Information We receive from others.In addition to the information You provide Us directly, We receive information about You from others, including:
- 1.3.1. Other Academy Members and/or Students. Other Academy members and/or students may provide information about You whilst enrolled in any one of our courses. For instance, We may collect information about You from other Academy members and/or students if they contact Us about You.
1.4.Information that is automatically collected.
By accessing our website You provide Us with certain non-personal information that is automatically collected and analysed to improve your user experience. This information may include, but is not limited, to your IP address (i.e. the address used to identify a computer on the internet), browser type (i.e. the software you are using to view the website - Chrome, Safari, Firefox, etc.), operating system (i.e. Windows, Linux, Mac OS), device type (i.e. computer, tablet or smartphone), behaviour while using the website (i.e. which elements you click on), country and city from which you access our website, time and date of your visit, duration of your visit. We obtain this information directly via cookies or through third-party services and use it to ensure our website is accessible and easy to use by different types of users. For more information about cookies, please read our Cookies Policy.
We collect information that You provide Us with by filling out forms on our website, participating in events and promotions and being a part of our Academy courses. We also can receive information about You from other members/students of the Academy or from social media. When You use our website, We automatically collect log data, which is used solely to ensure the accessibility and ease of use of our website.
2.WHAT DO WE USE YOUR INFORMATION FOR?
2.1.In accordance with the data minimisation principle, only data which is strictly necessary for the purpose for which it is being collected shall be collected by Us. Data is collected for the purposes of:
- 2.1.1. subscription to the website and subsequent communication to subscribers who consent to the receipt of such communication;
- 2.1.2. enrolment of members and subsequent communication to members;
- 2.1.3. enrolment of students for courses, seminars and/or Omega Coders events and communication with same;
- 2.1.4. academic progress monitoring which includes performance data, examination and, or assessment results associated with the students;
- 2.1.5. marketing, where justified in terms of legitimate interest or where consent for same is obtained.
2.2.Omega Coders photographs its events on a regular basis and uses the photographs for its various markeing efforts, including by posting on social media. It is in the legitimate interest of Omega Coders to promote its courses, activities and events. You may request Omega Coders not to upload any picture where You are visually identifiable, provided that in such case, Omega Coders may proceed with publishing the picture once your identifiable features are obscured.
2.3.To carry out the processing of your personal data for the above-mentioned purposes, We use automated, as well as manual processing methods.
We use personal information to communicate with You when You reach out for information, use the website to contact Us or apply to any of our Academy courses. We also use the information for tracking the academic progress of students and for marketing purposes.
3.MONITORING AND RECORDING COMMUNICATIONS
3.1.We may monitor and record communications made between You and Us, between You and other students or other third parties, including, but not limited to, telephone conversations, electronic messages, electronic records and video recordings of meetings, online lectures or activities.
3.2.Such communications may be done through different platforms, for example, Slack, Outlook, Google Classroom, Bitbucket, thus, when using those platforms, You will also be subjected to their own privacy policies, therefore, We strongly advise You to read their privacy policies.
3.3.Except as otherwise prohibited by any applicable law, You agree that We may monitor and record such communications without your further approval or notice to You.
Whenever You send Us an email to ask a question, apply for a course or use the various communication channels available – We keep a record of this information.
4.CCTV SURVEILLANCE CAMERAS
4.1.Location and Purpose
- 4.1.1. CCTV surveillance is installed in Omega Coders’ premises at 2 Rayko Daskalov Square, Sredets, Stolichna, Sofia, p.k. 1000, Bulgaria and other properties being used by Omega Coders. Cameras are located in the perimeter areas of the premises. CCTV signages are placed in prominent and easily visible locations within the monitored area/s. In this instance the sole purpose of surveillance is to ensure security including safeguarding of assets, equipment and property contained in both the building complex/es and perimeter areas.
- 4.1.2. Relevant footage will not be used for any other purpose other than the one intended. CCTV data processing for a distinct activity that is not compatible with the original reason for which cameras were installed will only be done if prior notice is given to the Data Subject.
- 4.1.3. In view of Chapter II, Article 5 of the GDPR the Omega Coders justifies the use of a CCTV Surveillance Camera system for the above-mentioned purpose. The recognisable images captured by the cameras will be processed adequately and in a relevant manner and shall be necessary in relation to the purposes of the processing as per Chapter II, Article 6 of the GDPR.
4.2.Access to Footage and Data
- 4.2.1. Access to the CCTV footage is restricted to authorised personnel only by means of an authorisation access process. Omega Coders shall authorise further access to footage if so required when relevant to the purpose/s specified above.
- 4.2.2. In the case of an activity captured by a camera which might lead to disciplinary investigation and/or legal enforcement actions, the relevant extract of the camera’s footage shall only be disclosed to officer/s nominated to investigate the case by Omega Coders.
- 4.2.3. In the case of an activity captured by the CCTV surveillance camera leads to criminal charges, the relevant extract of the camera’s footage shall only be disclosed by Omega Coders to law enforcement authorities and this subsequent to the filing of a Police report by Omega Coders.
- 4.2.4. Any other requests for footage captured by these CCTVs in general must be made to Omega Coders through the submission of a Police request which is authorised by a Police Inspector or higher grade.
- 4.2.5. Omega Coders undertakes to comply with a strict security policy vis-à-vis the access to recorded images. Any internal access to visual images by Omega Coders or any disclosure of such images further to a request by a law enforcement authority or by the Data Subject shall be logged and kept as evidence.
4.3.Right of Access
- 4.3.1. The Data Subject whose personal data is held by Omega Coders, in the form of CCTV recording, can request access to that recording. Omega Coders is obliged to provide access to the footage without disclosing the identity of third parties.
- 4.3.2. If the Data Subject is not satisfied with the reply as provided or with the manner of access that has been granted, the matter may be referred to the Commission for Personal Data Protection which will investigate the case and ascertain that the right of access is properly granted.
- 4.3.3. Right of access request shall be made in writing and addressed to Omega Coders. For operational efficiency purposes request is to indicate exact location of incident and approximate timeframes that would need to be reviewed, along with a proper explanation as to why request is being made.
- 4.4.1. CCTV footage data is retained for a maximum of ten (10) months (except for the yearly shutdown period and exceptional cases). This period is the necessary period for which the data was obtained. After the lapse of this period, images are automatically overwritten by the system with new images. Once overwritten, footage cannot be restored.
- 4.4.2. If data is extracted in relation to an investigation, it will only be held for the period as established by Law.
We have a number of CCTV cameras on the premises of our office in Sofia, Bulgaria - if You are participating in an activity at our office, We might have a recording of your presence. The sole purpose of recording this information is to prevent any security risks to our property and staff. It is only monitored when such a risk is identified. You have the right to request access to these recording from Us. They are kept for a maximum of ten (10) months and automatically deleted afterwards.
5.LEGAL GROUNDS FOR LAWFUL PERSONAL DATA PROCESSING
5.1.To process your information as described above, We rely on the following legal grounds:
- 5.1.2. Performance of a contract. Most of the time, the reason We process your information is to perform the contract that You have with Us. We need Your data to provide You with the Course or other ancillary services.
- 5.1.3. Legitimate interest. When it satisfies a legitimate interest, which is not overridden by your data protection interests, such as for research and development, to market and promote any of our courses and to safeguard our interests and those of third parties.
The process of your personal data is either based on your consent, the performance of contractual obligations to You or for a legitimate interest that doesn’t put your information at risk. You have the right to withdraw your consent at any time.
6.PERSONAL DATA PROTECTION MEASURES
6.1.To maintain the safety of your personal data against any accidental or unlawful destruction or accidental loss, alteration, unauthorised use, unauthorised modification, disclosure or access, as well as to any other unlawful forms of processing, We implement the following technical, physical and organisational measures:
- 6.1.1. We regularly monitor our systems for possible vulnerabilities and attacks, and review our information collection, storage and processing practices to update our technical, physical and organisational measures.
- 6.1.2. We ensure that all our employees are subjected to full confidentiality, moreover, all our affiliates, subsidiaries, subcontractors, agents or representatives working on our behalf, shall be required to sign a confidentiality agreement (if full confidentiality is not already part of the main agreement We have signed with them).
- 6.1.3. We do our best to keep You informed at all times about any changes with respect to the processes used to protect and secure your personal data, including our practices and policies.
- 6.1.4. We enable your right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also the rights in relation to automated decision making and profiling. You can find further information in that regard in section 9.
- 6.1.5. We use security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorised or accidental changes are made. System performance and availability is monitored from both internal and external monitoring services.
- 6.1.7. In the event that your data is compromised, We will notify You and the competent supervisory authority(ies) within seventy-two (72) hours by e-mail together with the information about the extent of the breach, the effected data, as well as our action plan or measures to secure the personal data and limit any possible detrimental effect on the Data Subjects.
We make sure your information is secure by monitoring our systems and taking necessary preventive measures and ensuring that our employees and affiliates are subjected to full confidentiality. We will inform You whenever there is any change in the processes related to protecting your data. You retain the right to request access to your data or request its movement, removal, etc.
7.DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
7.1.We do not sell, trade or otherwise transfer your personal data to third parties.
7.2.The above-mentioned statement shall not include our affiliates, subsidiaries, subcontractors, agents or representatives working on our behalf, who assist Us in operating our Website, delivering the courses, or servicing somehow You. Such trusted parties may have access to your personal data on a need-to-know basis and will be contractually obliged to keep your personal data confidential.
7.3.We will also share your personal data if it’s required by law, an order from a judicial body or a governmental authority, as well as to comply with legal processes, to protect lives, to ensure our products’ security, to protect ours and our students’ rights, property or safety, as well as to enforce our policies, rules and regulations. When a lawful demand for your personal data is made to Us, We will strive to limit such disclosure, therefore, We will only release specific personal data mandated by the relevant legal demand.
7.4.If compelled to disclose your personal data, We will promptly notify You and provide a copy of the demand, unless legally prohibited from doing so for whatever reason.
7.5.Disclosure of personal data outside the EU/EEA. We may share your personal data with third parties based outside the EU/EEA (and not subject to the GDPR). Where Personal Data is transferred from the EU/EEA (or otherwise subject to the GDPR), the provisions included in Chapter V of the GDPR will be applied in order to ensure that the level of protection of natural persons guaranteed by the GDPR is not undermined. In this case, We will ensure that the recipient has an adequate level of data protection according to the adequacy decision by the European Commission for the country at issue. In the absence of such adequacy decision, We may transfer personal data only if the recipient has provided appropriate safeguards, such as a legally binding and enforceable instruments before public authorities or bodies; a binding corporate rule; or compliance with standard data protection clauses approved by the Commission. Where personal data is transferred from the EU to non-EU countries, We will separately sign an addendum about such transfer with such third parties, where We will have into consideration the standard data protection clauses approved by the Commission, namely Standard
We do not sell or share your data with third parties. This doesn’t apply to our affiliates or representatives, who are under a confidentiality agreement. We can also share it if this is required by law. You will be informed in such situations.
8.1.Occasionally, at our own discretion, We may include or offer third-party products or services on our Website. These third-party sites have separate and independent privacy policies. We therefore shall not be held responsible, nor liable for the content and activities of these linked websites.
We do not take responsibility for the privacy policies of third-party services that we use. Please read their policies carefully when necessary.
9.DATA SUBJECT’S RIGHTS
9.1.Under the GDPR and local supplementary legislation, You have the right to enforce the following rights:
- 9.1.1. Right to be informed. You have the right to obtain at any time confirmation as to whether or not Omega Coders is processing your personal data.
- 9.1.2. Right of access. You have the right to obtain a copy of your personal data, as well as other supplementary information. Notwithstanding the foregoing, in some circumstances We may restrict your exercise of this right, including, but not limited to, when such request is manifestly unfounded or excessive.
- 9.1.3. Right to rectification. You have the right to request the rectification of your personal data when it is inaccurate.
- 9.1.4. Right to erasure.You may request the erasure of personal data concerning You, and We shall erase the personal data without undue delay when, for example, one of the following applies:
- if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- the Data Subject withdraws consent on which the processing is based;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- if the personal data has been unlawfully processed; or
- if the personal data needs to be erased in order to comply with a legal obligation under EU or any other domestic law.
- 9.1.5. Right to data portability. may at any time request Us to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
- 9.1.6. Right to restriction of processing.In certain circumstances, You may request that the processing of your personal data is limited, in which case We will only keep it for the exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of public interest. For instance, You may at any time request Us to restrict the processing of your personal data when found in any of the following circumstances:
- if You contest the accuracy of the personal data, where such restriction will be enforced for a period that enables Us to verify the accuracy of such personal data;
- if the processing is unlawful and You oppose the erasure of the personal data and request the restriction of their use instead;
- if We no longer need the personal data for the purposes of the processing, but it is required by You for the establishment, exercise or defence of legal claims; or
- Data Subject has objected to processing pending the verification whether the legitimate grounds of Omega Coders override those of the Data Subject.
- 9.1.7.Right to object. Under certain circumstances, You may object to the processing of your personal data. In this case, Omega Coders will stop processing your personal data, except for compelling legitimate reasons, or the exercise or defence of any legal claims.
- 9.1.8.Rights related to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.
Whenever You request this, We are obliged to: keep You informed as to whether We are keeping/using your data, provide You with access, rectify, erase, or move your data if required. You also have the right to request limited processing of your data or object to its processing altogether.
10.DATA RETENTION PERIOD
10.1.We will process your personal data only as long as is necessary to provide You with our courses or any ancillary services, or to comply with legal or regulatory obligations, including, but not limited to, tax and securities laws. In the latter case, You understand and acknowledge that our legal basis for the processing of your personal data would be compliant with the relevant laws or regulations.
10.2.Personal Data may also be retained until there is a request for revocation of consent or deletion of unnecessary, excessive, or processed personal data in violation of the law.
10.3.After this period, if applicable, some personal information may be kept for the period necessary to meet the legal obligation and for the regular exercise of rights in court or the administrative sphere.
We keep your data only as long as We need it, or until You request its deletion or if required for legal obligations.
11.1.We will cooperate with You in order to ensure compliance with the applicable data protection provisions, e.g. to enable You to effectively guarantee the exercise of Data Subject’s rights, to manage incidents, including, but not limited to, forensic analysis in case of security breach.
12.1.If You consider that Your rights have been infringed in regard to the protection of Your personal data, especially when You have not obtained satisfaction in the exercise of your rights, You may file a complaint with the Commission for Personal Data Protection.
12.2.You can lodge a complaint or alert to the Commission for Personal Data Protection in one of the following ways:
- 12.2.1.In person – at the CPDP’s Registry at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592;
- 12.2.2. By post to : 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Commission for Personal Data Protection;
- 12.2.3. By fax: +3592/91-53-525;
- 12.2.4. By e-mail - email@example.com.IMPORTANT! When loging a complaint in this way, the complaint must be formed as anelectronic document signed with a qualified electronic signature (QES). CPDP takes no action for complaints that are scanned or photographed and submitted to our e-mail, but not signet with QES.
- 12.2.5. By the Secure Electronic Service System, maintained by the State e-Government Agency
You can file complaints to the contacts provided.
Last update: 17/05/2022