1.INFORMATION WE COLLECT

1.1.We collect personal data from You, whether when directly provided by You, through our interactions with You, or by means of your interactions, use and experiences with our website. If You want additional info, we go into more detail below.

1.2.Information You give Us.

You choose to give Us certain information when using our website or when interacting with Us through other means. This includes:

• 1.2.1. When You complete and submit applications through our website to apply for any of the courses we have on offer, You provide Us with additional information, such as personal phone number, personal identification number, gender, resume and academic qualifications. Some of the information You choose to provide Us may be considered “special” or “sensitive” in the Republic of Bulgaria or in certain other jurisdictions, for example your racial or ethnic origins, sexual orientation and religious beliefs. By choosing to provide this information, You consent to our processing of that information.
• 1.2.2. When You sit for the entrance exam or submit assessed work as part of any course requirement, We collect information about your performance such as marks or test results.
• 1.2.3. Whilst You are enrolled to any one of our courses, We may collect the following personal data: (i) your image and audio, which may be collected through different sources, e.g. video surveillance systems, images taken during the lectures, classes and/or activities; video recordings of meetings, online lectures, classes and/or activities; (ii) your course records, e.g. performance assessment, examination marks, final results and attendance records; and (iii) any communications between You and Us, or between You and other students or third parties (which shall not be limited to its contents, but also include its date and time of issue).
• 1.2.4. When You participate in surveys or focus groups, You give Us your insights into our courses, responses to our questions and testimonials.
• 1.2.5. When You choose to participate in our promotions, events or contests, We collect the information that You use to register or enter.
• 1.2.6. If You contact our support team on office@omegacoders.com, We collect the information You give Us during the interaction. Sometimes, We monitor or record these interactions for training purposes and to ensure a high quality of service.

1.3.Information We receive from others.

• 1.3.1. Other Academy Members and/or Students. Other Academy members and/or students may provide information about You whilst enrolled in any one of our courses. For instance, We may collect information about You from other Academy members and/or students if they contact Us about You.

1.4.Information that is automatically collected.

By accessing our website You provide Us with certain non-personal information that is automatically collected and analysed to improve your user experience. This information may include, but is not limited, to your IP address (i.e. the address used to identify a computer on the internet), browser type (i.e. the software you are using to view the website - Chrome, Safari, Firefox, etc.), operating system (i.e. Windows, Linux, Mac OS), device type (i.e. computer, tablet or smartphone), behaviour while using the website (i.e. which elements you click on), country and city from which you access our website, time and date of your visit, duration of your visit. We obtain this information directly via cookies or through third-party services and use it to ensure our website is accessible and easy to use by different types of users. For more information about cookies, please read our Cookies Policy.

2.WHAT DO WE USE YOUR INFORMATION FOR?

2.1.In accordance with the data minimisation principle, only data which is strictly necessary for the purpose for which it is being collected shall be collected by Us. Data is collected for the purposes of:

• 2.1.1. subscription to the website and subsequent communication to subscribers who consent to the receipt of such communication;
• 2.1.2. enrolment of members and subsequent communication to members;
• 2.1.3. enrolment of students for courses, seminars and/or Omega Coders events and communication with same;
• 2.1.4. academic progress monitoring which includes performance data, examination and, or assessment results associated with the students;
• 2.1.5. marketing, where justified in terms of legitimate interest or where consent for same is obtained.

2.2.Omega Coders photographs its events on a regular basis and uses the photographs for its various markeing efforts, including by posting on social media. It is in the legitimate interest of Omega Coders to promote its courses, activities and events. You may request Omega Coders not to upload any picture where You are visually identifiable, provided that in such case, Omega Coders may proceed with publishing the picture once your identifiable features are obscured.

2.3.To carry out the processing of your personal data for the above-mentioned purposes, We use automated, as well as manual processing methods.

3.MONITORING AND RECORDING COMMUNICATIONS

3.1.We may monitor and record communications made between You and Us, between You and other students or other third parties, including, but not limited to, telephone conversations, electronic messages, electronic records and video recordings of meetings, online lectures or activities.

3.2.Such communications may be done through different platforms, for example, Slack, Outlook, Google Classroom, Bitbucket, thus, when using those platforms, You will also be subjected to their own privacy policies, therefore, We strongly advise You to read their privacy policies.

3.3.Except as otherwise prohibited by any applicable law, You agree that We may monitor and record such communications without your further approval or notice to You.

4.CCTV SURVEILLANCE CAMERAS

4.1.Location and Purpose

• 4.1.1. CCTV surveillance is installed in Omega Coders’ premises at 2 Rayko Daskalov Square, Sredets, Stolichna, Sofia, p.k. 1000, Bulgaria and other properties being used by Omega Coders. Cameras are located in the perimeter areas of the premises. CCTV signages are placed in prominent and easily visible locations within the monitored area/s. In this instance the sole purpose of surveillance is to ensure security including safeguarding of assets, equipment and property contained in both the building complex/es and perimeter areas.
• 4.1.2. Relevant footage will not be used for any other purpose other than the one intended. CCTV data processing for a distinct activity that is not compatible with the original reason for which cameras were installed will only be done if prior notice is given to the Data Subject.
• 4.1.3. In view of Chapter II, Article 5 of the GDPR the Omega Coders justifies the use of a CCTV Surveillance Camera system for the above-mentioned purpose. The recognisable images captured by the cameras will be processed adequately and in a relevant manner and shall be necessary in relation to the purposes of the processing as per Chapter II, Article 6 of the GDPR.

4.2.Access to Footage and Data

• 4.2.1. Access to the CCTV footage is restricted to authorised personnel only by means of an authorisation access process. Omega Coders shall authorise further access to footage if so required when relevant to the purpose/s specified above.
• 4.2.2. In the case of an activity captured by a camera which might lead to disciplinary investigation and/or legal enforcement actions, the relevant extract of the camera’s footage shall only be disclosed to officer/s nominated to investigate the case by Omega Coders.
• 4.2.3. In the case of an activity captured by the CCTV surveillance camera leads to criminal charges, the relevant extract of the camera’s footage shall only be disclosed by Omega Coders to law enforcement authorities and this subsequent to the filing of a Police report by Omega Coders.
• 4.2.4. Any other requests for footage captured by these CCTVs in general must be made to Omega Coders through the submission of a Police request which is authorised by a Police Inspector or higher grade.
• 4.2.5. Omega Coders undertakes to comply with a strict security policy vis-à-vis the access to recorded images. Any internal access to visual images by Omega Coders or any disclosure of such images further to a request by a law enforcement authority or by the Data Subject shall be logged and kept as evidence.

4.3.Right of Access

• 4.3.1. The Data Subject whose personal data is held by Omega Coders, in the form of CCTV recording, can request access to that recording. Omega Coders is obliged to provide access to the footage without disclosing the identity of third parties.
• 4.3.2. If the Data Subject is not satisfied with the reply as provided or with the manner of access that has been granted, the matter may be referred to the Commission for Personal Data Protection which will investigate the case and ascertain that the right of access is properly granted.
• 4.3.3. Right of access request shall be made in writing and addressed to Omega Coders. For operational efficiency purposes request is to indicate exact location of incident and approximate timeframes that would need to be reviewed, along with a proper explanation as to why request is being made.

4.4.Retention Period

• 4.4.1. CCTV footage data is retained for a maximum of ten (10) months (except for the yearly shutdown period and exceptional cases). This period is the necessary period for which the data was obtained. After the lapse of this period, images are automatically overwritten by the system with new images. Once overwritten, footage cannot be restored.
• 4.4.2. If data is extracted in relation to an investigation, it will only be held for the period as established by Law.

5.LEGAL GROUNDS FOR LAWFUL PERSONAL DATA PROCESSING

5.1.To process your information as described above, We rely on the following legal grounds:

• 5.1.1. Consent. From time to time, We may ask for your consent to use your information for certain specific reasons. You may withdraw your consent at any time by contacting Us at the address provided at the end of this Privacy Policy.
• 5.1.2. Performance of a contract. Most of the time, the reason We process your information is to perform the contract that You have with Us. We need Your data to provide You with the Course or other ancillary services.
• 5.1.3. Legitimate interest. When it satisfies a legitimate interest, which is not overridden by your data protection interests, such as for research and development, to market and promote any of our courses and to safeguard our interests and those of third parties.

6.PERSONAL DATA PROTECTION MEASURES

6.1.To maintain the safety of your personal data against any accidental or unlawful destruction or accidental loss, alteration, unauthorised use, unauthorised modification, disclosure or access, as well as to any other unlawful forms of processing, We implement the following technical, physical and organisational measures:

• 6.1.1. We regularly monitor our systems for possible vulnerabilities and attacks, and review our information collection, storage and processing practices to update our technical, physical and organisational measures.
• 6.1.2. We ensure that all our employees are subjected to full confidentiality, moreover, all our affiliates, subsidiaries, subcontractors, agents or representatives working on our behalf, shall be required to sign a confidentiality agreement (if full confidentiality is not already part of the main agreement We have signed with them).
• 6.1.3. We do our best to keep You informed at all times about any changes with respect to the processes used to protect and secure your personal data, including our practices and policies.
• 6.1.4. We enable your right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also the rights in relation to automated decision making and profiling. You can find further information in that regard in section 9.
• 6.1.5. We use security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorised or accidental changes are made. System performance and availability is monitored from both internal and external monitoring services.
• 6.1.6. We also use Cookies and similar technologies. For more information about cookies, please, read Our Cookies Policy.
• 6.1.7. In the event that your data is compromised, We will notify You and the competent supervisory authority(ies) within seventy-two (72) hours by e-mail together with the information about the extent of the breach, the effected data, as well as our action plan or measures to secure the personal data and limit any possible detrimental effect on the Data Subjects.

7.DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

7.1.We do not sell, trade or otherwise transfer your personal data to third parties.

7.2.The above-mentioned statement shall not include our affiliates, subsidiaries, subcontractors, agents or representatives working on our behalf, who assist Us in operating our Website, delivering the courses, or servicing somehow You. Such trusted parties may have access to your personal data on a need-to-know basis and will be contractually obliged to keep your personal data confidential.

7.3.We will also share your personal data if it’s required by law, an order from a judicial body or a governmental authority, as well as to comply with legal processes, to protect lives, to ensure our products’ security, to protect ours and our students’ rights, property or safety, as well as to enforce our policies, rules and regulations. When a lawful demand for your personal data is made to Us, We will strive to limit such disclosure, therefore, We will only release specific personal data mandated by the relevant legal demand.

7.4.If compelled to disclose your personal data, We will promptly notify You and provide a copy of the demand, unless legally prohibited from doing so for whatever reason.

7.5.Disclosure of personal data outside the EU/EEA. We may share your personal data with third parties based outside the EU/EEA (and not subject to the GDPR). Where Personal Data is transferred from the EU/EEA (or otherwise subject to the GDPR), the provisions included in Chapter V of the GDPR will be applied in order to ensure that the level of protection of natural persons guaranteed by the GDPR is not undermined. In this case, We will ensure that the recipient has an adequate level of data protection according to the adequacy decision by the European Commission for the country at issue. In the absence of such adequacy decision, We may transfer personal data only if the recipient has provided appropriate safeguards, such as a legally binding and enforceable instruments before public authorities or bodies; a binding corporate rule; or compliance with standard data protection clauses approved by the Commission. Where personal data is transferred from the EU to non-EU countries, We will separately sign an addendum about such transfer with such third parties, where We will have into consideration the standard data protection clauses approved by the Commission, namely Standard

8.THIRD-PARTY LINKS

8.1.Occasionally, at our own discretion, We may include or offer third-party products or services on our Website. These third-party sites have separate and independent privacy policies. We therefore shall not be held responsible, nor liable for the content and activities of these linked websites.

9.DATA SUBJECT’S RIGHTS

9.1.Under the GDPR and local supplementary legislation, You have the right to enforce the following rights:

• 9.1.1. Right to be informed. You have the right to obtain at any time confirmation as to whether or not Omega Coders is processing your personal data.
• 9.1.2. Right of access. You have the right to obtain a copy of your personal data, as well as other supplementary information. Notwithstanding the foregoing, in some circumstances We may restrict your exercise of this right, including, but not limited to, when such request is manifestly unfounded or excessive.
• 9.1.3. Right to rectification. You have the right to request the rectification of your personal data when it is inaccurate.
• 9.1.4. Right to erasure.You may request the erasure of personal data concerning You, and We shall erase the personal data without undue delay when, for example, one of the following applies:
  • if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • the Data Subject withdraws consent on which the processing is based;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • if the personal data has been unlawfully processed; or
  • if the personal data needs to be erased in order to comply with a legal obligation under EU or any other domestic law.
• 9.1.5. Right to data portability. may at any time request Us to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
• 9.1.6. Right to restriction of processing.In certain circumstances, You may request that the processing of your personal data is limited, in which case We will only keep it for the exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of public interest. For instance, You may at any time request Us to restrict the processing of your personal data when found in any of the following circumstances:
  • if You contest the accuracy of the personal data, where such restriction will be enforced for a period that enables Us to verify the accuracy of such personal data;
  • if the processing is unlawful and You oppose the erasure of the personal data and request the restriction of their use instead;
  • if We no longer need the personal data for the purposes of the processing, but it is required by You for the establishment, exercise or defence of legal claims; or
  • Data Subject has objected to processing pending the verification whether the legitimate grounds of Omega Coders override those of the Data Subject.
• 9.1.7.Right to object. Under certain circumstances, You may object to the processing of your personal data. In this case, Omega Coders will stop processing your personal data, except for compelling legitimate reasons, or the exercise or defence of any legal claims.
• 9.1.8.Rights related to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.

10.DATA RETENTION PERIOD

10.1.We will process your personal data only as long as is necessary to provide You with our courses or any ancillary services, or to comply with legal or regulatory obligations, including, but not limited to, tax and securities laws. In the latter case, You understand and acknowledge that our legal basis for the processing of your personal data would be compliant with the relevant laws or regulations.

10.2.Personal Data may also be retained until there is a request for revocation of consent or deletion of unnecessary, excessive, or processed personal data in violation of the law.

10.3.After this period, if applicable, some personal information may be kept for the period necessary to meet the legal obligation and for the regular exercise of rights in court or the administrative sphere.

11.COOPERATION

11.1.We will cooperate with You in order to ensure compliance with the applicable data protection provisions, e.g. to enable You to effectively guarantee the exercise of Data Subject’s rights, to manage incidents, including, but not limited to, forensic analysis in case of security breach.

12.COMPLAINT

12.1.If You consider that Your rights have been infringed in regard to the protection of Your personal data, especially when You have not obtained satisfaction in the exercise of your rights, You may file a complaint with the Commission for Personal Data Protection.

12.2.You can lodge a complaint or alert to the Commission for Personal Data Protection in one of the following ways:

• 12.2.1.In person – at the CPDP’s Registry at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592;
• 12.2.2. By post to : 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Commission for Personal Data Protection;
• 12.2.3. By fax: +3592/91-53-525;
• 12.2.4. By e-mail - kzld@cpdp.bg.IMPORTANT! When loging a complaint in this way, the complaint must be formed as anelectronic document signed with a qualified electronic signature (QES). CPDP takes no action for complaints that are scanned or photographed and submitted to our e-mail, but not signet with QES.
• 12.2.5. By the Secure Electronic Service System, maintained by the State e-Government Agency

13.CHANGES TO OUR PRIVACY POLICY

13.1.In the event of changes being made in our Privacy Policy, We will do our best to inform You about such changes, which might be done via posting those changes on this page, and/or updating the date of the Privacy Policy modification which can be found below.

14.CONTACT US

14.1.If You have any inquires or doubts about the processing of your personal data or any provision of this Privacy Policy, You can contact Us by sending an email on legal@omegacoders.com or by post at Omega Coders EOOD, 2 Rayko Daskalov Square, Sredets, Stolichna, Sofia, p.k. 1000, Bulgaria.

Last update: 17/05/2022