Data protection is very important to us. We value your privacy and private life. Therefore, we will inform in the following about the processing of personal data when you use the services within the online applications as well as the internal processing activities provided by Bucharest International School of Management (BISM).
As regards us, Bucharest International School of Management (BISM), we are an integral part of the BISM Group, with entities such as BISM INTERNATIONAL Association, BISM EDUCATION SRL and BISM EXECUTIVE SRL.
As operator, Bucharest International School of Management (BISM), hereinafter referred to as BISM or the Organization, is a Romanian legal entity, with registered office in Bucharest, sector 3, Puțul lui Zamfir Street, no. 36, 3rd floor, office 3, registered in the Special Register of Associations and Foundations, under no. 41/23.07.2010, Fidcal Code 27239140.
Our organization, as well as the rest of the legal entities in the BISM group, are responsible for compliance with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, abbreviated to GDPR ).
You can also access the Video Surveillance Policy, where you can find information about how BISM process your personal data when you visit one of BISM locations.
Usually, the website can be used without entering personal data. If there is, however, such collection through this website, this process is due to the fact that the data subject provides this data willingly. Such an assumption exists when, for example, the data subject applies to participate in events hosted by BISM or to apply to the licensing program made available by BISM.
To the extent that you do not want your personal data to be processed by BISM please do not to access our website, not to register or not to send us documents/information containing personal data.
BISM data protection practices comply with applicable law. However, if for any reason the terms set out in this data protection policy are not acceptable to you, you may notify us of your objection at [email protected].
What personal data we collect?
Personal data refers to all data relating to you personally. This generally includes identification data and personal characteristics (first name, last name, CNP, nationality, home mailing address, e-mail address phone number, data that may result from social media profiles such as Facebook, Linkedin, Instagram, Youtube etc.), electronic identification data (identifiers from various applications, IP, Skype ID, Facebook ID, Instagram, etc.), financial data for scholarships and possibly financial data to see if they fall into the scholarship category -for example, financial data on parents’ situation may be requested), information on educational history (details of institutions attended, year of graduation from high school, profile followed, high school graduated, average of baccalaureate, year of graduation from baccalaureate, as well as the rest of the education information requested through the application form to the bachelor program made available by BISM -as far as an interested person wants to participate in it) or professional history (details of professional history, professional experience: to the extent that you wish to apply to participate in the recruitment process for a position within BISM, the personal data provided by you to apply for this position will be processed by us for the purpose of identifying suitable candidates), data on family members (information on parents or guardians) to be involved when necessary, image and voice: if you visit the faculty premises, participate in online interviews through dedicated tools (Zoom, Teams), respectively if you participate in our events or apply to the degree programme;
Information made available by you to BISM for the purpose of participating in the study programme will be transferred primarily to other entities within a BISM group – to the extent and for the purpose of fulfilling BISM’s business purpose. Your personal data may also be shared with external entities; more details about this type of sharing will be found hereunder.
In order to guarantee the security of the transmission and processing of these data, a collective DPA (Data Protection Agreement) has been concluded, signed and assumed by each of the parties of the BISM group.
What processing of personal data means?
Processing of your personal data means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automatic means, such as collection, recording, organizing, structuring, storing, adapting or altering, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Therefore, whenever personal data provided by you, or on your behalf, is collected and then used in various ways, BISM may assume that processing of your personal data is taking place.
Who is processing your personal data?
Within the limits of the purposes and means of processing of personal data declared under the GDPR, BISM fulfills the role of controller by processing personal data received from individuals who make use of the services and facilities BISM offers. In the same way, BISM is the entity that establishes the framework and rules for processing. In this context, it ensures the compliance of BISM’s processing activity with the rules imposed by the GDPR, for the safety of those who entrust their personal data to fulfill certain purposes.
BISM also works with processors acting as the controller, i.e. persons who evaluate applications for participation in the subsidy programme and/or support pedagogical activities or consultants and/or collaborators in the BISM team who dedicate their work to the purpose of fulfilling BISM’s business. They will only process the personal data collected with the consent of the BISM controller, within the limits and under the conditions imposed by the BISM controller.
From whom and how does BISM collect personal data?
As a rule, BISM collects and processes the data that website users or prospective students/potential candidates and their parents/guardians freely choose to provide. BISM may also process personal data of individuals who, at some point in time, have been interested in an event organised by BISM or have been interested in receiving news about BISM work, have participated in an event organised by BISM, or of individuals applying for a position within BISM.
BISM collects and processes personal data that users/visitors make available to BISM, by accessing and visiting the website, by registering for its events, by filling in the forms provided by BISM -on line or off line- by contacting the faculty, through one of the methods made available to you (chat, telephone, e-mail) or from public sources.
It is also possible that third parties acting as providers of applications, tools, widgets and plug-ins on our website may use automated means of collecting data about your interaction with those platforms. In this situation, the data is collected directly by those providers, which means that in connection with the collection of data by those providers, individuals whose data is processed by those providers should consult the data protection policies and information notices of those providers as the providers’ policies apply to that processing. Subject to applicable law, BISM is not responsible for the data protection practices of these providers.
In addition, BISM may use third party analytics services on the website, such as Google Analytics. Vendors that administer these services use technologies such as cookies, web server logs and web beacons to help us analyze how you use our website. Data collected through these means (including IP addresses) may be passed on to these providers or other relevant third parties who use this data, for example, to evaluate website usage.
Why does BISM collect your personal data and what is it used
BISM collects data for the following specific purposes: administration, providing services, giving information, authorizing access and tracking how the website is used.
The personal data that is being collected from prospective students, students and alumni concerns all of the above listed purposes. It is important for BISM to administrate the personal data of these groups because of the internal operational processes. The processing is done only for the following purposes:
● Education programs: giving advice to prospective students about programs, applying for a program, contacting prospective students and accreditation purposes, completion of the pre-selection process for admission to BISM and providing the BISM educational offer sending newsletters and other emails to prospective students. To deal with any requests and/or complaints requested by you regarding the educational programme; Authorizing alumni to access the Alumni Networker and the Alumni Library, sending newsletters and other emails to alumni.
● For tracking the use of our website, your IP address and time spent on the website will be saved. However, this data is anonymous. This data is collected in order for BISM to improve the website and external communication.
● To better organize logistics for the events at which you are to participate;
● To send newsletters and marketing information if you show additional interest and only if you have consented to us doing so;
● To better understand how people interact with our lecturers. Informing you about BISM activities and actions;
● To better understand how to improve our Programs, services and communications to you.
● Evaluation of events organised by BISM;
● Complying with the BISM’s legal obligations (such as record-keeping and archiving obligations);
● Protecting security and managing access to our premises, IT and communication systems, online platforms, website and other systems;
● For the purposes of monitoring and evaluating compliance with our policies and standards;
● If you have applied for a position within our entity, the data you have provided is necessary to identify whether your professional experience and training are suitable for the position for which you have applied;
● To promote the Association’s activities and communicate with you to keep you informed about BISM, announcements and other information about the Organisation’s educational offerings, as well as BISM events and projects;
● For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data has been provided to us. By registering for an event, you are accepting and consenting that we may use your image in case the pictures enclosing you are relevant to us and published on our media channels: Facebook page, LinkedIn page, design materials and website and other channels. If you have expressly given us your consent, we may also process your personal data for the purpose of promoting the actions carried out in your events, in relation to your image.
If you send an email to BISM ’s general email account ([email protected]), your email including email address will be forwarded to the concerned team/department. Your email address will only be used for replying to your email.
If you are on the BISM mailing list, you will receive monthly newsletters. You can unsubscribe to these newsletters at all times. This also applies to all of the other mailing lists.
BISM will not use your personal data to make automated decisions that affect you or create profiles other than those described above.
What are the legal grounds of processing your data?
Any operation that constitutes processing of personal data under the law (such as, but not limited to, collection, storage, recording, structuring, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, destruction) of your personal data will only be carried out on one of the following legal grounds:
1.The processing is necessary for entering into and/or observing a contract with you – for enrolment in BISM courses or for employment in our organisation.
2.The processing is necessary for the purposes of BISM’s legitimate interests unless your interests or fundamental rights and freedoms are overridden by those interests. Specifically, with regard to the processing of your image when you visit the faculty premises, the data is processed based on BISM’s legitimate interest to protect its assets and prevent theft and abuse on the faculty premises in Bd Dacia 99 Sector 2 Bucharest and to protect the integrity of students attending classes.
3.The processing is necessary for the purposes of BISM’s legitimate interests to promote its activities and actions in order to achieve BISM’s objectives.
4.The processing is carried out on the basis of your prior and explicit consent, in the case of photographs taken at our events, expressed when registering for the event, by means of a form completed in advance.
With whom do we share your personal data?
BISM may share personal data only in the following circumstances:
- BISM may share personal data with courts, law enforcement authorities, regulators or attorneys or other persons if it is reasonably necessary for the establishment, exercise or defence of legal claims;
- BISM may use aggregated personal data and statistics for the purpose of monitoring the use of BISM websites;
- BISM may also share personal data with BISM associated entities (affiliated entities, founding organizations, partners in the conduct of the educational program, BISM group), as well as with proxy companies – mainly service providers within or outside BISM (providers for various services, such as website administration and hosting services, educational platform administration and hosting services, advertising services, financial, legal, accounting consulting services) for the purpose of processing personal data for the purposes mentioned above, on behalf of BISM and only in accordance with BISM instructions. BISM will retain control over your personal data and will use appropriate safeguards, as required by applicable law, to ensure the integrity and security of your personal data at the time of your request to those service providers. Also with this in mind, we would like to point out that in BISM’s business, data will be transferred to two entities in particular: Maastricht School of Business (https://www.msm.nl) and Abertay University (https://www.abertay.ac.uk).
BISM also reserves the right to transfer your personal data in the event of transfer of assets or parts of assets to third parties in compliance with the legal provisions in force regarding the processing of personal data.
Data collected through third party plug-ins and widgets on the sites (such as JotForm, Google Form) are collected directly by the plug-in and widget providers. These data are subject to the data protection policies of the respective providers and BISM has no liability for the data processing by them.
Otherwise,BISM will only disclose your personal data when you instruct BISM or give BISM permission, when BISM are required by applicable law or regulations or requests of judicial or official bodies to do so, or as necessary to investigate fraudulent or criminal activity.
Your personal data will not be transferred to third parties or partners for direct marketing purposes.
How do we keep your personal data safe and how long do we keep it?
It is important for BISM to keep your personal data private, safe and protected. Therefore, the data is stored in secure servers and protected by other security measures, such as firewalls. Your personal data will not be kept longer than needed, according to Article 5, section 1c of the GDPR. This means BISM will delete your personal data, if there is no purpose for it anymore. Except when your anonymized data could serve as input for statistical purposes or needs to be saved based on compulsory retention period.
Updating this privacy statement
BISM can always update this privacy statement according to new laws, legislation and/or work procedures. This privacy statement was last updated, and is effective as of 15 February 2023.