Policy for the protection of personal data processed by the GATE Institute through its website and the services provided through it
This personal data protection policy explains how the GATE Institute processes your personal information when you contact us, attend one of our events or use one of our services.
This notice is presented in several layers so that, if you wish, you can easily select the context in which we process your personal information and learn how we process it.
General information
In this notice, you can find information about:
- why we may process your personal information;
- for what purpose we process it;
- whether you have to provide it to us;
- how long we keep it;
- whether there are other recipients of your personal information;
- whether we intend to transfer it to another country; and
- whether we carry out automated decision-making or profiling.
The first part of the notice is information that applies to all individuals whose personal data we process (known as data subjects).
Changes to our privacy policy
We regularly update and adapt our privacy notice to ensure that the information it contains is up to date and accurate.
March 2024
We have updated the How to contact us page [link].
September 2023
We have updated the Apply for a job page [link].
June 2022
We have updated the page “Attend an event, seminar or workshop” [link].
Contact details for the personal data administrator – GATE Institute
Sofia University “St. Kliment Ohridski”, with administrative address: Sofia, 15 Tsar Osvoboditel Blvd., BULSTAT: 000670680, represented by Prof. Dr. Georgi Valchev, in his capacity as Chairman of the Board of Directors. 15 Tsar Osvoboditel Blvd., BULSTAT: 000670680, represented by Prof. Georgi Valchev, PhD, in his capacity as Rector, through his proxy Prof. Silvia Ilieva, PhD – Director of the GATE Institute, power of attorney No. 70.56-46/07.02.2024, is the controller of the personal data we process, unless otherwise specified. power of attorney No. 70.56-46/07.02.2024, is the administrator of the personal data we process, unless otherwise specified.
There are many ways you can contact us, including by phone, email, and post. More information can be found here.
Our postal address:
GATE Institute
5 James Bourchier Blvd. (Lozenech Campus)
1164 Sofia
Contact telephone number: (telephone)
Email address:contact@gate-ai.eu
For general contact, please use this page on our website.
Contact details for our data protection officer
Our data protection officer is Stefan Georgiev. If you wish to contact him, you can do so by using the form below or by sending a message todpo@gate-ai.eu . If you send your enquiry by post, please mark the envelope “GATE Institute – Data Protection Officer”.
You can also use the following contact form.
Contact details for the data protection supervisory authority – Personal Data Protection Commission
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. GPS coordinates: N 42.668839 E 23.377495
Email: xml-ph-0000@deepl.internal
Email:kzld@cpdp.bg
Website: www.cpdp.bg
How do we obtain information about you?
You have submitted an enquiry to us.
- You have submitted a request to us.
- You have submitted a request for information to us.
- You want to attend or have attended an event organised by us or in partnership with another organisation.
- You have subscribed to our e-newsletter.
- You have applied for a job with us.
- You represent your organisation.
- You visit our website and agree to the use of cookies.
Your rights as a data subject
Under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Personal Data Protection Act, you have rights that we must inform you about. The rights you have depend on the reason why we process your personal information.
Right of access
You have the right to request copies of your personal information from us. You can exercise this right at any time. However, there are some exceptions, which means that you may not always be able to obtain all the information we process. You can read more about this right here [link] to a separate page containing the information from the file:
Right to rectification
You have the right to ask us to correct any information that you believe is inaccurate. You also have the right to ask us to supplement any information that you believe is incomplete. You can exercise this right at any time. You can learn more about this right here [link] to a separate page containing the information from the file:
Right to erasure
You have the right to request that we erase your personal information in certain circumstances. You can read more about this right here [link] to a separate page containing the information from the file:
Right to restrict processing
You have the right to request that we restrict the processing of your information in certain circumstances. You can read more about this right here [link] to a separate page containing the information from the file:
Right to object to processing
You have the right to object to processing if we can process your information because the processing is part of our public tasks or is in our legitimate interest. You can read more about this right here [link] to a separate page containing the information from the file:
Right to data portability
This right only applies to information that you have provided to us. You have the right to request that we transfer the information you have provided to us from one organisation to another or provide it to you. This right can only be exercised if we process information based on your consent or in the context of contract negotiations and the processing is automated. You can read more about this right here [link] to a separate page containing the information from the file:
You are not required to pay any fees to exercise your rights. In general, we have one month to respond to you.
Sharing your information
We may share your personal information, but only when it is fair and lawful to do so. We will not share your information with third parties for direct marketing purposes.
We use data processors who are third parties that provide elements of services to us. We have contracts in place with our data processors. This means they cannot do anything with your personal information unless we instruct them to do so. They will not share your personal information with any organisation other than us. They will store it securely and keep it for the period we instruct them to do so.
In some circumstances, we are legally obliged to share information. For example, under a court order or when cooperating with other authorities. We may also share information with supervisory authorities to achieve their objectives. In any case, we will ensure that we have a legal basis for sharing the information and will document the decision, ensuring that we have a legal basis for sharing the information.
When it is necessary to transfer your personal information outside the European Union, this will only be done in accordance with the General Data Protection Regulation.
Links to other websites
When we provide links to other organisations’ websites, this privacy policy does not cover the way in which those organisations process personal information. We recommend that you read the privacy notices and/or privacy policies of the other websites you visit.
Your right to lodge complaints
We work to high standards in processing your personal information. If you have any queries or concerns, please contact us.
If you remain dissatisfied, you can lodge a complaint with the Data Protection Commission about the way we process your personal information.
How can you contact us?
Telephone and email
You can contact us on our main helpline (telephone) or by email at:contact@gate-ai.eu .
We use Transport Layer Security (TLS) to encrypt and protect email traffic. Most webmail services, such as Gmail and Outlook, use TLS by default.
We use machine learning tools to review the content of emails sent to us. We use this information to train our systems, gain insight into the demand for our services, and improve how we work. You may receive an automated response, but your initial email request will remain unchanged and will be processed by GATE Institute staff.
We will also monitor all emails sent to us, including attachments, for viruses or malicious software. You must ensure that all emails you send are lawful.
Social networks
If you send a message via a social network that requires a response from us, we may process it in our case management system as an enquiry or request for information. When you contact us via a social media platform, we advise you to also read the privacy notice of the relevant platform. The social media platforms we currently use are:
Purpose and legal basis
The legal basis on which we rely to process personal data for the above purposes is Article 6(1)(a) of the GDPR on data protection, which allows us to process personal data on the basis of consent to the processing of your personal data.
Visitors to our website
If we collect personal data through our website, we will inform you of this. We will clarify when we collect personal information and explain what we intend to do with it.
Cookies
We use a cookie tool on our website to obtain consent for the non-essential (non-functional) cookies we use.
Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.
You can read more about how we use cookies and how to change your cookie preferences on our cookie management page [link].
Analysis
We use Google Analytics on our website. Google Analytics collects information about how visitors use our website. We use the information to compile reports that help us improve the website. We collect information including the number of visitors to the website, where visitors to the website come from and which pages they visited. The information is collected and processed in a way that does not directly identify anyone. We rely on consent as our legal basis for processing and only collect analytical information if you agree to the use of non-functional cookies and similar tracking technologies.
Security and efficiency
All security measures implemented by Superhosting.bg and the WordPress platform provider are also applicable to our website and the applications offered through it. In order to provide security services, these providers process the IP addresses of website visitors.
Purpose and legal basis for processing
The purpose of the above is to maintain and monitor the operation of our website and to constantly strive to improve the site and the services it offers to our users. The legal basis on which we rely to process your personal data is either Article 6(1)(a) of the GDPR, for example when we request your consent for the non-essential cookies we use, or Article 6( paragraph 1(f), which allows us to process personal data when it is necessary for our legitimate interests, for example, to maintain the integrity of our information systems and the continuity of our business.
What are your rights?
As we process your personal data for our legitimate interests as described above, you have the right to object to our processing of your personal data. There are legal reasons why we may refuse to accept your objection, depending on the reason why we are processing it.
Visitors to our building
We welcome visitors to our building at 5 James Bourchier Boulevard, including:
- senior officials;
- external training providers;
- job applicants;
- suppliers and traders;
- interested parties.
If your visit is planned, we will send your name and visit details to reception prior to your arrival.
If you arrive without a prior appointment, you will be welcomed and accompanied by one of our staff members.
We ask all visitors to enter and exit at reception and to sign the visitors’ book with their full name.
For security reasons, a closed-circuit television (CCTV) system operates outside the building. The information is recorded on a local storage device at the GATE Institute and stored for a period of 10 (ten) days, after which it is deleted.
The purpose of processing this information is for security and safety reasons. The legal basis on which we rely to process your personal data is Article 6(1)(f) of the GDPR, which allows us to process personal data when it is necessary for the purposes of our legitimate interests.
We have Wi-Fi available on site for visitors to use with free access.
We do not expect you to agree to any terms and conditions, only to the fact that we are not responsible for and do not control the use of the Internet network while you are in the GATE Institute building, and we do not require you to provide any information about yourself in order to receive this service.
The purpose of processing this information is to provide you with internet access while you are on our premises. The legal basis on which we rely to process your personal data is Article 6(1)(f) of the GDPR, which allows us to process personal data when it is necessary for the purposes of our legitimate interests.
We sometimes record audio and video recordings of training sessions conducted by us and by external training providers for distribution to GATE Institute employees or to external persons who are not present at the sessions. We do not do this without the prior consent of the training provider, and no recordings are distributed outside the GATE Institute without the express consent of the participants in the training course in question. The legal basis on which we rely for the processing of personal data is Article 6(1)(e) of the GDPR, which allows us to process personal data when it is necessary for the performance of a task carried out in the public interest, namely to promote our research activities, inform the public about our new training courses and raise awareness of current trends in the field of artificial intelligence and big data.
For information on how long we store personal data, see our Policy on the Storage and Destruction of Data Related to Communications and Marketing [link] to the document .
Reasons to contact us
In this section of the privacy policy, we provide information specific to the reason you are contacting us.
Job application
Purpose and legal basis for processing
Our purpose for processing this information is to assess your application against the requirements of the position you have applied for and to develop and improve our recruitment process.
The legal basis we rely on for processing your personal data is Article 6(1)(b) of the GDPR, which refers to processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract. paragraph 1(b) of the GDPR, which refers to processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract, as well as Article 6(1)(f) for the purposes of our legitimate interests.
The legal basis we rely on to process any information you provide as part of your application that constitutes special category data, such as information about your health, religion, sexual orientation or ethnicity, is Article 9(2)(b) of the GDPR, which relates to our obligations in the field of employment and the protection of your fundamental rights, or Article 9(2)(g) – necessary for reasons of substantial public interest.
We process information about candidates’ criminal convictions. The legal basis we rely on to process this data is Article 6(1)(e) for the performance of a task carried out in the public interest.
What do we do with the information you provide?
We will use all the information you provide during the recruitment process to consider your application with a view to offering you an employment contract with us or to comply with regulatory requirements, if necessary.
We will not share any of the information you provide with third parties for direct marketing purposes.
We will use the contact details you have provided to contact you to discuss your application. We may also contact Jaas to request feedback on our recruitment process. We will use the other information you provide to assess your suitability for the role.
What information do we require and why?
We do not collect more information than we need to fulfil the stated purposes, and we will not keep it longer than necessary.
The information we request is used to assess your suitability for the job. You are not required to provide what we ask for, but if you do not, it may affect your application.
We will use any feedback you provide about our recruitment process to develop and improve our future recruitment campaigns.
Application stage
If you use our online application system, your data will be collected directly by us.
If you are unable to use our online application system, you can send your CV and cover letter to hr@gate-ai.eu.
We will ask you to provide your personal data, including your name and contact details. We will also ask you about your previous experience, education, references and answers to questions related to the position. Our recruitment team will have access to all of this information.
We will not share the information with employees outside our recruitment team, including administrative directors and human resources specialists, in a way that could identify you. Any information you provide will be used to compile and monitor equal opportunities statistics.
Shortlisting
Our recruitment managers shortlist candidates for interview. They will not receive your name or contact details.
Assessments
We may ask you to participate in assessment days; complete tests or questionnaires for a professional personality profile; attend an interview; or a combination of these. The information will be generated by you and by us. For example, you may complete a written test or we may take notes from the interview. This information is stored by us.
If you are not approved after assessment for the position, we may ask you if you would like your details to be kept on our candidate list. If you agree to this, we will proactively contact you if other suitable vacancies arise.
If you attend an assessment day, we may ask you to bring identification documents and evidence of your qualifications. We will take copies of these if we need to carry out a pre-employment check. We collect this information from all candidates during the assessment day to minimise the delay in successful candidates starting work at the GATE Institute. If you are not appointed to a position, we will delete your information immediately.
Offer
If we make a final offer, we will ask you for the following:
- Bank details – to process salary payments
- Emergency contact details – so we know who to contact in the event of an emergency at work
- Possible membership in a pension scheme.
How long is the information stored?
For information on how long we store personal data, please see our Policy on the Storage and Destruction of Data Related to Communications and Marketing [link].
How do we make hiring decisions?
Final recruitment decisions are made by hiring managers and members of our recruitment team. We take into account all the information gathered during the application process.
All online tests are marked and the result is generated automatically. However, if you wish to contest the score you have received, the result can be checked manually.
You can ask about decisions regarding your application by contacting the relevant person in our recruitment team or by sending an email tohr@gate-ai.eu .
Your rights
As a natural person, you have certain rights regarding your own personal data.
For more information about your rights, please see “Your rights as a data subject”.
Attending an event, seminar or workshop
Purpose and legal basis for processing
The purpose of collecting this information is to enable us to run the event and provide you with a high-quality service.
The legal basis on which we rely to process your personal data is your consent pursuant to Article 6(1)(a) of the GDPR. When we collect any information about dietary requirements, preferences or restrictions, we also need your consent (pursuant to Article 9(2)(a) of the GDPR), as this type of information is classified as special category data.
What we need
If you wish to attend one of our events, you will be asked to provide contact information, including the name of your organisation, and, if you are offered a place, information about any dietary requirements or access conditions you may need. We may also ask for payment if the event is fee-based.
Why we need this information
We use this information to run the event and provide you with a high-quality service. We also need this information to be able to respond to you.
What we do with it
If you are unable to reserve a place, we will notify you and keep your details on a reserve list in case a place becomes available.
If you are allocated a place for an event, we will ask for information about any dietary/access requirements. We do not share this information in any way with event organisers, who may be third parties, and we delete it after the event.
We do not publish lists of event attendees.
During online events, we may use Slido to create interactive polls, Q&As, and live quizzes. We will store the data from these events for 3 months to analyse the responses and evaluate the success of the event. The use of Slido is not mandatory to attend our events.
How long we store it
For information on how long we store personal data, see our Communications and Marketing Data Retention and Destruction Policy [link].
What are your rights?
We rely on your consent to process the personal data you provide to us in order to run the event. This means that you have the right to withdraw your consent at any time. If at any point you wish to withdraw your consent, please email us or call us on (telephone number). If you exercise this right, we will immediately update our records to reflect your wishes.
For more information about your rights, please see “Your rights as a data subject”.
Do we use data processors?
Yes, we use data processors to facilitate the running of events.
We collect registration information through the online reporting tool Microsoft Forms, hosted by Microsoft Corporation, who process the information in accordance with our instructions.
For in-person events, we may print name badges for attendees. For this purpose, we will share your information with our external printer.
We may sometimes charge a fee to attend an event. If this happens, our event communications will include details of the data processor we use to collect payments.
We may use Slido when hosting interactive online events, for example when we want to use polls, Q&As, and live quizzes. You can read Slido’s privacy notice here.
Registering for a webinar or live-streamed event
Purpose and legal basis for processing
Our purpose for collecting this information is to facilitate the conduct of a video conference, focus group, webinar or live streamed event and to provide wider access to its content.
The legal basis we rely on for processing your personal data is Article 6(1)(e) GDPR – performance of a task carried out in the public interest.
What we need
If you are a participant or presenter at one of these events, we will need your email address.
Some events are recorded and all hosts will have their image and sound in the recording. If you are a participant, you may have the opportunity to share your image and sound during the session. If you choose to do so, this will also be captured on the recording.
Some events will have moderated questions and answers. If you decide to participate in the questions and answers, your comments may be published for other participants in the event and will also be part of the recording.
If the event is being recorded, we will always notify you in advance.
What we do with it
We use your email address to provide you with details about the event. This will include information about any recording that may be made. For recorded events, we will also send you a link to the recording after the event has ended.
For some events, we may publish the recording on our website or YouTube channels to make it available to a wider audience. If the recording of an event will be published, we will always notify you before the event.
We do not publish lists of attendees for video conferences, focus groups, webinars or live-streamed events, but your name and email address may be visible to other attendees during the event.
How long we keep it
We will store your email address and any recording of the event for 12 months.
For information on how long we store personal data, see our Communications and Marketing Data Retention and Destruction Policy [link].
What are your rights?
For more information about your rights, please see “Your rights as a data subject”.
Do we use data processors?
We use Microsoft Teams to host our webinars and live-streamed events.
We use YouTube to publish recordings of some events.
All three websites place non-functional cookies on your device.
Do we transfer data outside the European Union?
Yes, we transfer data to Microsoft or Google data centres.
Subscribing to our e-newsletter
Purpose and legal basis for processing
The purpose of collecting your contact details is to enable us to provide you with a service and to inform you about the work, policies and events of the GATE Institute.
We collect analytical information so that we can provide personalised services, monitor the impact of our work and improve our newsletter.
The legal basis on which we rely for the processing of your contact details and interest preferences is your consent pursuant to Article 6(1)(a) of the GDPR.
The legal basis we rely on for processing analytical information is Article 6(1)(e) – performance of a task carried out in the public interest.
What we need
Your email address.
You can also provide your name and specify specific topics you would like to receive emails about, but this is not mandatory.
We also collect data on the links you click on in the newsletter.
Why we need this
We use your email address to send you our newsletter and your name, if provided, to personalise the newsletter you receive.
We use your topic preferences to ensure that you receive content that is interesting and relevant to you or your organisation.
We collect data about the links you click on using encoded URL strings. Encoded URL strings do not use any technologies (e.g. local storage, cookies, etc.) to store or access data on your device. We collect this information to evaluate the impact of our work and to help us improve the content of our newsletter.
We may also use these records to send you content tailored to your sector or areas of interest. For example, if you click on a link about artificial intelligence, we may send you more frequent newsletters about our work in the field of technology.
What we do with it
We only use your data to provide the service, monitor the impact of our work, and improve the newsletter.
You will receive a confirmation email after submitting your details. We send one monthly newsletter and then special newsletters when there are important announcements or publications.
How long we keep it
For information on how long we store personal data, see our Communications and Marketing Data Retention and Destruction Policy [link].
What are your rights?
We rely on your consent to process your contact details and your interests. This means that you have the right to withdraw your consent or object to the processing of your personal data for this purpose at any time. If you wish to withdraw your consent at any time, please send us an email or call us on (telephone number). We will immediately update our records to reflect your wishes.
We rely on a public task for the processing of analytical data. This means that you have the right to object to the processing of your personal data for this purpose at any time.
If you unsubscribe from the newsletter, we will still process your contact information and analytical data. If you wish to object to our processing of this information, please send your request todpo@gate-ai.eu .
For more information about your rights, please see “Your rights as a data subject”.
Do we use data processors?
Yes, we use [platform] to deliver our newsletter. For more information, please see [platform]’s privacy notice.
Do we transfer data outside the European Union?
No – subscriber data is stored in Bulgaria and is only accessible to GATE Institute employees.
Last update: 2 September 2024.