I. INFORMATION OF THE ADMINISTRATOR.
The Association of Medical Students in Bulgaria-Sofia (AMSB-Sofia, The Association) is a voluntary non-governmental organization working in the interest of medical students at the Medical University – Sofia.
Web site: http://amsb-sofia.org/
Registered in BULSTAT register under number 131186746
Headquarters and address of management: 15, Akademik Ivan Geshov Boulevard, Sofia
Contact person: Anelia Zasheva – Chairman of the Management Board of the Association
- Telephone: +359 89 342 72 56
- Email: firstname.lastname@example.org
II. ABOUT THIS POLICY.
The protection of your personal data is your fundamental right. The purpose of this Policy is to inform you:
- Which data are personal;
- What kind of your personal data do we use;
- Is it necessary to collect your personal data;
- Why (for what purposes) do we use your personal information;
- To whom we provide your personal information;
- How long we store your personal data;
- What are your rights and how you can exercise them;
- How we protect your data.
The policy is published on our web site www.amsb-sofia.org.
Personal data mean any information relating to you as an individual through which you identify yourself (for example, names) or you can be identified directly or indirectly by an identifier (personal identification number, address, telephone, location, online identifier, etc.) or by one or more specific features (race, ethnic origin, health status, online behaviour, etc.).
A personal data subject is any natural person that can be identified by the data provided by him/her.
IV. WHAT KIND OF YOUR DATA DO WE USE?
If you wish to be a member of AMSB-Sofia or to participate in one of our projects:
- Data through which we identify you (identification data):
- Full name;
- Date of birth.
- Data for communication with you (contact information):
- Telephone number (mobile and/or landline)
- Email address.
- Additional identification data:
- Faculty number;
- Course in the respective academic year;
- Additional data collected for members of the Management Board in connection with the implementation of regulatory requirements to the Association:
- Identification data – names, personal identification number, number of a personal identity document, date of issue and issuing authority of the document, address.
- Additional data collected for participants in an International Congress of Medical Sciences who do not need an invitation certifying their participation:
- Identification data – names, telephone number, e-mail address, university, specialty studied, nationality.
- Additional data collected for participants in an International Congress of Medical Sciences who need an invitation letter certifying their participation;
- Identification data – number of a personal identity document, date of issue and date of expiry of the identity document, university.
V. IS IT NECESSARY TO COLLECT YOUR PERSONAL DATA?
Without your personal data, we are not able to prove that you are a full member of AMSB-Sofia and/or that you have taken part in any of our projects.
VI. WHY (FOR WHAT PURPOSES) DO WE USE YOUR PERSONAL INFORMATION?
- In connection with the membership of the Association and, in particular, the implementation, reporting and control of its activities in order to achieve its objectives in accordance with the Statute;
- For effective communication with members of the organization in connection with its activities;
- For selection and participation of persons in initiatives and projects (inclusion in reports to exchange programs of AMSB, issuing an invitation certifying their participation, issuing of certificates after trainings, conferences, congresses, etc.);
- In order to inform you about upcoming projects, campaigns, exchanges, conferences, congresses, scholarships, etc.;
- For fulfilment of the obligations of the Association arising under a contract or assigned under the law;
- For purposes of archiving and statistics.
VII. REASONS FOR PROCESSING
The Association collects, processes and stores personal data on the following grounds:
- Entry into a membership relationship;
- Execution of its obligations under contracts, as well as taking steps for their conclusion;
- Implementation of its legal obligations;
- The explicit consent of the data subject if such is necessary and given;
- Except for the above reasons, the Association may process your personal data to protect its legitimate interests in case this is proportionate to the rights and interests of the affected entities.
VIII. TO WHOM DO WE PROVIDE YOUR PERSONAL DATA?
The Association allows disclosure of data to third parties in the following cases:
- When implementing the projects of the Organization – to the National Exchange Officers of the Association of Medical Students in Bulgaria (AMSB).
- Upon a written request by the data subject (data portability);
- When this is required by the law or state authorities.
IX. HOW LONG DO WE STORE YOUR PERSONAL DATA?
Your personal data is processed for as long as your AMSB-Sofia membership lasts. The grounds for terminating membership in the organization are set out in the AMSB Statute:
After termination of the membership, the Association restricts the processing of personal data by maintaining archival data for a period of 1 year in order to certify the actual membership and the performed activity of the persons within the Organization.
Upon achievement of the purpose for which they were collected, the processing of the personal data of non-members is limited, and the Administrator maintains them in archived form for a period of 1 year to verify the reality and nature of the participation of these persons in the activity of the Association.
X. WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM?
- Right of access to your personal data.
You have the right at any time to request the Administrator for information about whether and what kind of your personal data are processing, as well as the purposes, reasons and period of their processing.
- Right of correction of your personal data.
The responsibility for the accuracy and actuality of personal data processed by the Association is borne by the person providing the data. If you find that your personal data is inaccurate or incomplete, you can and should request their correction or addition.
- Withdrawal of consent to processing, requesting restriction of processing, ‘the right to be forgotten’.
When the processing of personal data is based solely on, and only on, consent to their processing, you may withdraw that consent at any time, and this will not affect the legality of the prior processing.
You may request a restriction of the processing of your personal data or object to unlawful processing.
When you find that the Association processes your personal data without any reason to do so, you may request the deletion of the data. The Association will review and discuss the reasonability of each request.
Where the objection is justified, the personal data of the data subject may not be processed any more.
- Right of portability.
When data processing is based on consent, you can ask the Association to provide you with your personal data processed by it, in a convenient and readable format, as well as to request their transfer to another Administrator when this is technically feasible.
- Right to appeal to a supervisory authority.
In case of a violation of the lawfulness of the processing of personal data, you may file a complaint with the Administrator or request protection of your rights by means of a complaint to the supervisory authority or by court order.
Supervisory Authority: Personal Data Protection Commission, Address: 2, Professor Tsvetan Lazarov Street, 1592 Sofia, Website: www.cpdp.bg
- Exercise of rights
You can exercise your rights by contacting the Administrator via the contact form on the Association’s website: http://amsb-sofia.org/ or by submitting a written application in a traditional or electronic form to the Administration of the Association or by e-mail to email@example.com.
XI. HOW DO WE PROTECT YOUR DATA?
Taking into consideration the privacy of the personal data, the Association takes technical and organizational measures, sufficient and necessary to ensure the protection of the data, in compliance with the current national and European legislation. The Association takes care of the security of your data except in cases of force majeure or an accidental event.
In turn, the data subject should also take appropriate measures to protect his/her data against violation.
XII. CHANGES OF THE POLICY
The Association reserves the right to change the current policy in accordance with the requirements of the current legislation and its legitimate interests.
Last Updated: 18.10.2018