Introduction
Advent Group Sofia Ltd., a company registered according to the laws of the Republic of Bulgaria, UIC 205430851, having its seat and business
address at: 11 Georgi Benkovski str, Sofia 1000, Bulgaria, is the data controller of the personal data provided by you when you register to use our services.
We have appointed a Data Protection Officer (hereinafter referred to as “DPO”), whose contact details are specified in the
section “How to Contact Us” at the end of this Privacy Policy.
Your privacy is important to us and we are committed to protecting and respecting it. For that reason, we have adopted this
Privacy Policy which explains what personal data Advent Group Sofia Ltd.. collects from you, through our direct interactions with you
and through our services, how we use that data, and what rights you have according to the General Data Protection Regulation (EU) 2916/679
and how you can exercise those rights.
Advent Group Sofia Ltd. offers a wide range of products in the higher education sector, from the organisation of international education
and learning events, both in the physical and virtual realm, customised marketing solutions for the higher education sector,
and services developed to assist prospective MBA and Masters students in every step of their journey to business school.
The official brands under which we operate and provide services are: Access Masters, Access Schools, PrepAdviser, MERIT Summit, UniMy, and UniMy & Beyond.
Advent Group Sofia Ltd. is also the official representative in Europe for the Access MBA and Premier EMBA brands, owned by Advent Group.
Once we collect your personal data for any of our services, we will include them in our centralized data base and will use them to provide you
with up-to-date information on all of our services. You can always change your preferences and we will timely comply with your choices.
Definitions
Any reference in this Privacy Policy to your ‘personal data’, means any information that we collect about
you (such as name, age, address, date of birth, education, information on your employment, etc.) and based on which you can be identified.
Generally, all of the information you provide us when registering for any of our services is personal data and we will protect it as such.
This Privacy Policy describes how we process your personal data. When we refer to the ‘processing’ of your personal data, we mean anything that we do with your
data, including its collection, recording, organisation, structuring, storage, adaptation or alteration, use, disclosure erasure or destruction.
We will always strictly observe the requirements of the applicable data protection laws when processing your personal data.
Information We Collect
Advent Group Sofia Ltd. collects data to operate effectively and provide you the best experience with our services.
You will provide some of this data directly, such as when you sign up for our email communication or register for an event on our websites.
We also collect the information in other various ways such as on social media channels, in-person communication, or during the pre-event selection
process when we may contact you for additional clarification regarding your profile or to organise One-to-One meetings for you.
We also obtain data from third parties. We protect data obtained from third parties according to the practices described in
this Privacy Policy, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included:
- Database providers from trusted sources;
- Social networks when you grant permission to Advent Group Sofia Ltd. to access your data;
- Partners with which we offer co-branded services or engage in joint marketing activities;
- Publicly-available sources such as open government databases or other data in the public domain.
You have choices about the data we collect. When you are asked to provide personal data, you may decline.
But if you choose not to provide data that is necessary to provide you a service, you may not be able to use that service.
Therefore, we will always inform you on the consequences of your refusal to provide us with your personal data.
The data we collect depends on the context of your interactions with Advent Group Sofia Ltd.. The data we collect can include the following:
Name and contact data.
We collect your first and last name, email address, postal address, phone number, and other similar contact data.
Credentials.
We collect your username and password when you create your personal account on our any of our websites that service our brands.
Demographic data.
We collect data about you such as your date of birth, age, gender, country, citizenship and preferred language.
Educational and professional background.
We collect data about your employment history, education history and possibly your standardised test scores.
Content.
Information contained in your resume or CV, information you provide regarding your career and educational development interests and other
information about your qualifications for MBA or Masters programmes.
Videos and pictures.
Photographs or video recordings may be taken during our physical events. You will always be informed when entering any of our events
if there is ongoing video recording on premises. We may use the visual or video captures of your person on our websites or
promotional material for marketing purposes. Under no circumstances will we associate your personal information (such as your name) with your image.
Other information you may provide to us, such as in feedback forms or through the “Contact Us” feature on our Sites.
Information Collected by Automated Means
When you visit our websites, we may collect certain information by automated means, such as cookies, web beacons and web server logs.
The information we may collect in this manner includes:
- IP address;
- unique device identifier;
- browser characteristics;
- device characteristics;
- operating system;
- language preferences;
- referring URLs;
- information on actions taken on our websites;
- dates and times of visits to our sites and other usage statistics.
A “cookie” is a file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser
or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links webpages to
web servers and their cookies and is used to transmit information collected through cookies back to a web server. Through these automated
collection methods, we may obtain “clickstream data,” which is a log of the links and other content on which a visitor clicks while browsing a website.
As the visitor clicks through the website, a record of the action may be collected and stored. We link certain data elements we have collected through
automated means, such as your browser information, with other information we have obtained about you to let us know, for example, whether
you have opened an email we sent to you. Your browser may tell you how to be notified when you receive certain types of cookies or how to
restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of
our websites. To the extent required by applicable law, we will obtain your consent before collecting personal information using cookies
or similar automated means.
The providers of third-party apps, tools, widgets and plug-ins on our websites, such as social media sharing tools,
also may use automated means to collect information regarding your interactions with these features.
This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers.
How We Use the Information We Collect
We use the data we collect from you to operate our business and provide you the services you register for any of our different brands.
We use your data to improve our products and personalise your experience by providing you the best-fit product based on your preferences
so that you gain the highest added value from our services. We may also use the data to communicate with you, for example, informing you
about your account, security updates, and product information or to send you promotional communication.
Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations.
This includes operating the services under our different brands, developing new features and conducting research.
Examples of such uses include the following:
Providing our services.
We use data to make the connection between the prospective MBA and Masters candidates and the business schools and to deliver a
personalised pre-selection process for both sides.
We use data to provide guidance services to the MBA and Masters candidates, including personalised candidate matching and advising,
assessing candidates suitability for MBA and Masters programmes, associate candidate qualifications for the specific programmes,
provide assistance with the preparation for business schools’ admissions, and provide enrolment services.
We use data also to perform data analytics, such as using information to match individuals and potential opportunities,
and analysing pipeline data (trends regarding higher education sector).
We use your personal data to make generalizations about you (profiling) for the purposes of finding MBA programs,
business schools and events that best suit your preferences.
We use data to connect professionals who are interested in the education sector and would like to use our services as mediator in
their connection with business schools.
We use your data to administer your presence on our physical events, including for access control purposes and the conduct your
One-to-One meetings with the different business schools.
We use your data to administer the webinars hosted by business schools.
Product Improvement.
We use data to continually improve our services. For example, we use your feedback forms to add features to our services,
to change them according to your experience or to offer you new services under our existing or new brands.
Communication.
We use data we collect to communicate with you and personalise our communication with you. For example, we may contact you by
phone or email to inform you when we need clarification on the data in your personal account, when your subscription is ending or
to discuss educational opportunities that you may be interested in, according to your preference settings and our evaluation on the best-fit services for you.
Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional
communications from one or more of our brands and in relation with the services that our clients are providing. We may send you promotional
communication for products of Advent Group Sofia Ltd. that differ from the product chosen by you with your initial registration. We will only
send such marketing communication to the extent we consider it could be useful for you based on your preferences shared with Advent Group Sofia Ltd.
You can at any time object to receiving such promotional communication either for any of the products of Advent Group Sofia Ltd. you have not
registered for or of all products of Advent Group Sofia Ltd. by using the unsubscribe button/link in your email or by contacting us.
In addition, we use information collected through cookies, web beacons, pixels, web server logs and other automated means for
purposes such as (i) customising our users’ use of our websites; (ii) delivering content tailored to our users’ interests and the
manner in which our users use our websites; and (iii) managing our websites and other aspects of our business.
To the extent required by applicable law, we will obtain your consent before collecting information using cookies or similar automated means.
We also use third-party analytics services on our websites, such as those of Google Analytics.
The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons
to help us analyse your use of our websites. The information collected through these means (including IP address) may be disclosed
to these analytics providers and other relevant third parties who use the information, for example, to evaluate use of the websites.
To learn more about these analytics services and how it collects data, please visit the following site:
https://policies.google.com/technologies/partner-sites?hl=en.
To review how to opt-out, please visit the following sites and any sites contained in the country-specific addenda:
Google Analytics: https://tools.google.com/dlpage/gaoptout
Legal Grounds for Processing your Personal Data
Consent:
We process your personal data based on your explicit consent which you provide at the time of registration for
any of our services. You can withdraw your consent at any time by contacting our DPO through the contact
information incorporated in the section “How to Contact Us” at the end of this Privacy Policy, or where relevant,
by following the unsubscribe link in any marketing communication you receive from us. If you do choose to withdraw your consent,
this will not mean that our processing of your personal data before you withdrew your consent was unlawful.
If you choose to withdraw your consent for the processing of your personal data for the delivery of our services,
we will no longer be able to cooperate with you.
Legitimate interests:
We also process your personal data based on our legitimate interests:
- when we video record the physical events organized by us so that we can use the photographs or the video recordings in order to promote our future events. We will never associate your visuals with the other personal information we have on you. Yet, you may object at any time against us processing your personal data for marketing purposes by contacting our DPO through the contact information incorporated in the section “How to Contact Us”.
- in the event that we sell any of our business or assets (including any of our brands), in which case we will disclose your personal data to the prospective buyer of such business or assets (at all times in accordance with all applicable data protection laws); or if Advent Group Sofia Ltd. or substantially all of its assets are acquired by a third party, in which case personal data held by Advent Group Sofia Ltd. about its customers will be one of the assets transferred to the purchaser. If you object to our use of your personal data in this way, the relevant buyer of our business may not be able to provide services to you.
Legal obligations:
Your personal data is also in certain situations processed in order for Advent Group Sofia Ltd. to comply with its legal
obligations according to the applicable legislation, court rulings, or decisions taken by the authorities.
Information We Share
We do not disclose personal information we collect about you, except as described in this Privacy Policy or in separate
notices provided in connection with activities.
-
We share your personal data with your consent or to provide the services you have requested from us or you have authorised us to deliver.
For example, we share your information with third parties when you tell us to do so, such as when you register for our events and express the
will to meet business school representatives that provide more information about their educational opportunities.
In such cases, the third parties that receive your personal data become data controllers on their own account and are responsible for
their compliance with the applicable data protection laws when processing your personal data. If you have any objections to the
way such third parties process your personal data, we encourage you to directly contact them.
-
We share personal data among Advent Group, to which Advent Group Sofia Ltd. is part to based on our intra-group agreements for data transfers.
-
We share personal data with vendors or agents working on our behalf for the purposes described in this Privacy Policy.
For example, companies we have hired to provide customer service support or assistance in protecting and securing our
systems and services may need access to personal data to provide these functions. In such cases, these companies must abide
by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
We have also concluded data protection agreements in order to ensure adequate level of protection of your personal data.
-
We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.
We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or
assets (including in the event of a re-organisation, dissolution, or liquidation).
-
In addition, we may disclose information about you (i) if we are required to do so by law or legal process; (ii) to law enforcement
authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or
appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
-
When your personal data is transferred to third countries (outside the European Union), we make sure that there is an adequacy
decision adopted by the European Commission. If there is no such decision applicable, we will always conclude with the data recipient a
data protection agreement that ensures adequate level of protection of your personal data, including by incorporating the Standard contractual
clauses issued by the European Commission.
Your Rights and Choices
Under data protection law, you have rights we need to make you aware of. Below we have provided a list of the rights you can exercise at
any time by contacting our DPO. Contact information to our DPO can be found at the end of this Privacy Policy in the section “How to Contact Us”.
- Right to access: you can ask us at any time what information we hold about you and how we process it. You can ask us for copies of your personal information. We will provide you the information free of charge unless your requests are repeating in a short period of time in which cases, we will impose a reasonable fee;
- Right to rectification: you can ask us to correct your personal data if you think it is inaccurate. You can ask us to complete your information if you think it is incomplete;
- Right to erasure: you can ask us to delete your personal data under certain circumstances, for example, if you consider that there is no good reason for us to continue to process it. Please be aware that we may refuse to delete your data if the retention periods for the respective personal data have not yet lapsed.
- Right to withdraw your consent: You may at any time withdraw your consent to process your data.
- Right to restriction of processing: You have the right to ask us to stop using your information for a period of time in certain circumstances for instance if you believe we are not doing so lawfully.
- Right not to be subject to decision based solely on automated processing: you have the right not be subject to solely automated decision making. We will always inform you if the automated decision making of your personal data leads to us reaching decisions that may affect your legal rights or have similar effect on you. In such cases you will have the right to request human interference in the decision-making process.
- Right to data portability: You have the right to ask that we transfer the information you gave us to another data controller or give it to you. The right only applies if we are processing information based on your consent or for the performance and conclusion of a contract and the processing is automated.
- Right to object: you can object to us processing your personal data if the processing forms part of our public tasks, or is in our legitimate interests, including profiling, unless we do not demonstrate overriding legitimate grounds. You can always object if the processing is for direct marketing purposes.
If your request places Advent Group Sofia Ltd. in breach of the applicable legislation, we may refuse to fulfil it.
We have one month to respond to your request. We may sometimes need to extend this term by two additional months if your request
is very complexed or we are overwhelmed by the number of the requests we have received. We will timely let you know if an extension will apply.
Data Transfers
We transfer the personal information we collect about you to countries outside of the country in which the information originally was collected.
Those countries may not have the same data protection laws as the country in which you initially provided the information.
When we transfer your information to other countries, we will protect that information as described in this Privacy Policy in section “Information We Share” above.
If you are located in the European Economic Area (“EEA”) or Switzerland, we will comply with applicable legal requirements providing
adequate protection for the transfer of personal information to recipients in countries outside of the EEA or Switzerland.
Intra-group international data transfers will be subject to legally binding intragroup agreements which provide enforceable rights for data subjects.
Our Retention of Personal Data
We retain personal data for as long as necessary to provide the services you have requested, or for other essential purposes such as complying with
our legal obligations, resolving disputes, and enforcing our agreements.
If you have given consent to the processing of your personal data, Advent Group Sofia Ltd. will process your personal data for the specific purpose,
until you withdraw your consent.
When the need to process your personal data no longer applies and the set retention periods expire, we will erase your personal data in a secure manner.
How We Protect Personal Information
We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide
against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
Your personal data is stored on servers of Advent Group Sofia Ltd., where they are protected by all modern and fit for the
purposes standard hardware and software means of protection – fire walls, anti-virus programs, data encrypting etc.
We update and test our security technology on an ongoing basis.
To enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations.
For example, photographs or video recordings of our physical events will not be connected to your personal data.
Advent Group Sofia Ltd. ensures that access to your personal information is only granted to employees who need to process it in order
to fulfil their work assignments, and that they abide by confidentiality in accordance with the applicable policies and procedures of
Advent Group Sofia Ltd. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
We have entered into data protection agreements with our service providers and business schools to ensure the adequate protection of your personal data
when these data are shared with them for the purposes described in this Privacy Policy.
Links on our website
Each of our brands’ websites may, from time to time, contain links to and from the websites of our partner networks and affiliates.
Our service connects you to different websites. If you follow a link to any of these websites or use our service, please note that you have left our
website and these websites have their own privacy policies. We do not accept any responsibility or liability for these policies or websites.
Please check these policies before you submit any personal data to these websites.
Supervision and compliance
If you are dissatisfied with the way we have used your information or if you believe that your information was processed contrary to
the applicable data protection rules and regulations, you can contact our DPO.
You can also lodge a complaint to the competent supervisory data protection authority in the country where you reside, the country where you work or the
country where you were situated when the alleged breach of your rights has occurred. The competent authority in Bulgaria where we are seated is
the Commission for Personal Data Protection (www.cpdp.bg).
How to Contact Us
If you have any questions or comments about this Privacy Policy, would like to exercise your rights or would like us to update information we have about
you or your preferences, please contacts our DPO at:
Address: 11 Georgi Benkovski str.
1000 Sofia, Bulgaria
Phone: +359 2 810 54 80
Email: dpo@adventgroup.net
Updates to this Privacy Policy
We regularly review and, if appropriate, update this Privacy Policy from time to time as our services and use of personal data evolve.
If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and,
if necessary, ask for your consent.
We will update the version number and date of this document each time it is changed.