Privacy policy and data protection

Preamble

We, the English House Language School team, respect our clients and we protect their privacy – therefore we need to be open about how we process your personal data. As a controller English House collects, stores, processes and shares according to the General Data Protection Regulation (EU) 2016/679 of the European Union and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and related laws and regulations in the Republic of Bulgaria. The privacy policy may be updated periodically without notice. Please check our website regularly to stay informed about the latest changes.

Information regarding the controller of personal data

English House Language School is managed by G&F Engineering Ltd. The company is incorporated and exists under the legislation of the Republic of Bulgaria, it is registered in the Commercial Register of the Bulgarian Registry Agency with UIC 205129245, with address: Plovdiv 4002, Central District, 13 Anton Strashimirov Str., Fl. 4. The subjects of activity of the English House Language School are foreign language training as well as translations from and into several languages.

Concepts

“Personal data” – any information relating to an identified or identifiable natural person (“data subject”); identifiable natural person is an identifiable person, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier, or by one or more specific attributes to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual, as well as any other information that is determined by the applicable law as personal data;

“Processing” – means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collection, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing by transmission, disseminating or otherwise making the data accessible, arranging or combining, limiting, deleting or destroying them;

“Controller” – any natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for determining it may be laid down in Union or Member State law;

“Data subject” – any living natural person who is the subject of personal data stored by the Controller.

“Data subject’s consent” – any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clear affirmative action expressing his / her consent to the processing of personal data related to him/her;

“Child” – The General Regulation defines a child as anyone under the age of 16, although it may be reduced to 13 by the law of a Member State. The processing of personal data of a child is legal only if the parent or guardian has consented. The controller makes reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give his or her consent.

“Recipient” – a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as ‘recipients’; the processing of such data by the designated public authorities complies with the applicable data protection rules for the purposes of processing;

“Third Party” – any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct control of the controller or the processor, have the right to process the personal data.

Categories of personal data

The following categories of personal data are collected and stored in the English House Language School in relation to:
Provision of translation services as well as foreign language education services to minors and adults in the form of courses:

  • Bank account details upon payment of the respective fees by bank transfer;
  • Information related to the objectives of language training and the progress of learners.

Types of information gathering

  • Personal submission of data in our office;
  • Personal submission of data by telephone;
  • Personal submission of data by email;
  • Filling in and submitting the contact form on our website;
  • Sending online messages on social networks.

Purposes for collecting information

English House Language School collects the personal information above for several purposes:

  • Human resources management at the English House Language School, fulfillment of obligations under employment and civil relations, financial and accounting activity, pension, health, and social security activities, correspondence;
  • Provision of information services to stakeholders;
  • Maintenance of study logs to track the progress of learners;
  • Issuance of certificates and other documents related to the training process;

Processing of personal data and information sharing

Personal data are stored both on paper as a declaration, application and form completed on-site at the English House Language School office, as well as by submitting online forms of applications, forms, and declarations, including Declarations of consent on our website.
English House Language School undertakes not to disclose the personal data of natural persons without their explicit consent to third parties, except where necessary for the performance of contractual obligations to individuals (data subjects).
English House Language School may share personal data with law enforcement authorities and institutions in response to legitimate requests.
Personal data processed on a legal basis are stored for the period specified in the relevant law or given the statute of limitations. Where data are processed based on the consent of the data subject, they shall be stored for a period relevant to the achievement of the purposes for which they were collected.

Rights of individuals – data subjects

According to the GDPR, the data subjects have the following rights concerning the processing of their personal data:

  • To obtain information about the personal data related to them that is processed by the controller and the purpose for which it is processed, including access to the data, as well as information about the recipients of that data and the third parties to whom the data are being transmitted;
  • To request a copy of their personal information from the controller;
  • To ask the controller to correct personal data when it is inaccurate or when it is no longer up to date;
  • To require the controller to delete personal data (the right to be “forgotten”);
  • To ask the controller to restrict the processing of personal data, in which case the data will only be stored but not processed;
  • To object to the processing of their personal data;
  • To object to the processing of personal data relating to them for direct marketing purposes;
  • To appeal to the supervisory authority if they consider that any of the provisions of the GDPR have been violated;
  • To require and to be provided with the personal data in a structured, widely used and machine-readable format;
  • To withdraw consent to the processing of personal data at any time with a separate request made to the controller;
  • To not be a subject to automated decision-making that would significantly affect them without the possibility of human intervention;
  • To oppose automated profiling that happens without their consent;

Data security

Employees of the controller who, by virtue of their job descriptions, have an obligation to process certain personal data on behalf of the controller, are required to ensure the security of their processing and storage, including ensuring that they do not disclose data to third parties other than if the English House Language School did not grant such third party rights to access the data (for example, based on a contract/confidentiality clause).

Notification of changes in current policy

English House Language School reserves the right to make amendments to this Policy. When making changes to the Policy, they will be reflected in it in a timely manner and made available to all persons on the official website www.englishhouse-edu.com.

Contact English House on privacy issues

English House Language School acts as the personal data controller in relation to the personal data processed. Questions or comments about the English House Privacy Policy or practices may be directed to:

  • Postal address: 51 Iztochen Blvd., Plovdiv
  • Individuals also have the right to submit inquiries and complaints to the supervisory authority of the Republic of Bulgaria on the protection of personal data – CPDP, as well as complaints to the courts of the Republic of Bulgaria.