Privacy Policy

How We Use the Information We Collect

We use the data we collect from you to operate our business and provide you the services you register for any of our different brands. We use your data to improve our products and personalise your experience by providing you the best-fit product based on your preferences so that you gain the highest added value from our services. We may also use the data to communicate with you, for example, informing you about your account, security updates, and product information or to send you promotional communication.

Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations. This includes operating the services under our different brands, developing new features and conducting research.

Examples of such uses include the following:

Providing our services. We use data to make the connection between the prospective MBA and Masters candidates and the business schools and to deliver a personalised pre-selection process for both sides.

We use data to provide guidance services to the MBA and Masters candidates, including personalised candidate matching and advising, assessing candidates suitability for MBA and Masters programmes, associate candidate qualifications for the specific programmes, provide assistance with the preparation for business schools’ admissions, and provide enrolment services.

We use data also to perform data analytics, such as using information to match individuals and potential opportunities, and analysing pipeline data (trends regarding higher education sector).

We use your personal data to make generalizations about you (profiling) for the purposes of finding MBA programs, business schools and events that best suit your preferences.

We use data to connect professionals who are interested in the education sector and would like to use our services as mediator in their connection with business schools.

We use your data to administer your presence on our physical events, including for access control purposes and the conduct your One-to-One meetings with the different business schools.

We use your data to administer the webinars hosted by business schools.

Product Improvement. We use data to continually improve our services. For example, we use your feedback forms to add features to our services, to change them according your experience or to offer you new services under our existing or new brands

Communication. We use data we collect to communicate with you and personalise our communication with you. For example, we may contact you by phone or email to inform you when we need clarification on the data in your personal account, when your subscription is ending or to discuss educational opportunities that you may be interested in, according to your preference settings and our evaluation on the best-fit services for you.

Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional communications from one or more of our brands and in relation with the services that our clients are providing. We may send you promotional communication for products of Atendia EAD that differ from the product chosen by you with your initial registration. We will only send such marketing communication to the extent we consider it could be useful for you based on your preferences shared with Atendia EAD. You can at any time object to receiving such promotional communication either for any of the products of Atendia EAD. you have not registered for or of all products of Atendia EAD. by using the unsubscribe button/link in your email or by contacting us.

In addition, we use information collected through cookies, web beacons, pixels, web server logs and other automated means for purposes such as (i) customising our users’ use of our websites; (ii) delivering content tailored to our users’ interests and the manner in which our users use our websites; and (iii) managing our websites and other aspects of our business. To the extent required by applicable law, we will obtain your consent before collecting information using cookies or similar automated means.

We also use third-party analytics services on our websites, such as those of Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyse your use of our websites. The information collected through these means (including IP address) may be disclosed to these analytics providers and other relevant third parties who use the information, for example, to evaluate use of the websites. To learn more about these analytics services and how it collects data, please visit the following site: https://policies.google.com/technologies/partner-sites?hl=enTo review how to opt-out, please visit the following sites and any sites contained in the country-specific addenda:

Google Analytics: https://tools.google.com/dlpage/gaoptout

Legal Grounds for Processing your Personal Data

Consent: We process your personal data based on your explicit consent which you provide at the time of registration for any of our services. You can withdraw your consent at any time by contacting our DPO through the contact information incorporated in the section “How to Contact Us” at the end of this Privacy Policy, or where relevant, by following the unsubscribe link in any marketing communication you receive from us. If you do choose to withdraw your consent, this will not mean that our processing of your personal data before you withdrew your consent was unlawful. If you choose to withdraw your consent for the processing of your personal data for the delivery of our services, we will no longer be able to cooperate with you.

Legitimate interests: We also process your personal data based on our legitimate interests:

when we video record the physical events organized by us so that we can use the photographs or the video recordings in order to promote our future events. We will never associate your visuals with the other personal information we have on you. Yet, you may object at any time against us processing your personal data for marketing purposes by contacting our DPO through the contact information incorporated in the section “How to Contact Us”.
in the event that we sell any of our business or assets (including any of our brands), in which case we will disclose your personal data to the prospective buyer of such business or assets (at all times in accordance with all applicable data protection laws); or if Atendia EAD or substantially all of its assets are acquired by a third party, in which case personal data held by Atendia EAD about its customers will be one of the assets transferred to the purchaser. If you object to our use of your personal data in this way, the relevant buyer of our business may not be able to provide services to you.

Legal obligations: Your personal data is also in certain situations processed in order for Atendia EAD to comply with its legal obligations according to the applicable legislation, court rulings, or decisions taken by the authorities. 

Information We Share

We do not disclose personal information we collect about you, except as described in this Privacy Policy or in separate notices provided in connection with particular activities.

We share your personal data with your consent or in order to provide the services you have requested from us or you have authorised us to deliver. For example, we share your information with third parties when you tell us to do so, such as when you register for our events and express the will to meet business school representatives that provide more information about their educational opportunities. In such cases, the third parties that receive your personal data become data controllers on their own account and are responsible for their compliance with the applicable data protection laws when processing your personal data. If you have any objections to the way such third parties process your personal data, we encourage you to directly contact them.
We share personal data among Advent Group, to which Atendia EAD is part to based on our intra-group agreements for data transfers.
We share personal data with vendors or agents working on our behalf for the purposes described in this Privacy Policy. For example, companies we’ve hired to provide customer service support or assistance in protecting and securing our systems and services may need access to personal data to provide these functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We have also concluded data protection agreements in order to ensure adequate level of protection of your personal data.
We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a re-organisation, dissolution, or liquidation).
In addition, we may disclose information about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
When your personal data is transferred to third countries (outside the European Union), we make sure that there is an adequacy decision adopted by the European Commission. If there is no such decision applicable, we will always conclude with the data recipient a data protection agreement that ensures adequate level of protection of your personal data, including by incorporating the Standard contractual clauses issued by the European Commission.

Your Rights and Choices

Under data protection law, you have rights we need to make you aware of. Below we have provided a list of the rights you can exercise at any time by contacting our DPO. Contact information to our DPO can be found at the end of this Privacy Policy in the section “How to Contact Us”.

Right to access: you can ask us at any time what information we hold about you and how we process it. You can ask us for copies of your personal information. We will provide you the information free of charge unless your requests are repeating in a short period of time in which cases, we will impose a reasonable fee;
Right to rectification: you can ask us to correct your personal data if you think it is inaccurate. You can ask us to complete your information if you think it is incomplete;
Right to erasure: you can ask us to delete your personal data under certain circumstances, for example, if you consider that there is no good reason for us to continue to process it. Please be aware that we may refuse to delete your data if the retention periods for the respective personal data have not yet lapsed.
Right to withdraw your consent: You may at any time withdraw your consent to process your data.
Right to restriction of processing: You have the right to ask us to stop using your information for a period of time in certain circumstances for instance if you believe we are not doing so lawfully.
Right not to be subject to decision based solely on automated processing: you have the right not be subject to solely automated decision making. We will always inform you if the automated decision making of your personal data leads to us reaching decisions that may affect your legal rights or have similar effect on you. In such cases you will have the right to request human interference in the decision-making process.
Right to data portability: You have the right to ask that we transfer the information you gave us to another data controller or give it to you. The right only applies if we are processing information based on your consent or for the performance and conclusion of a contract and the processing is automated.
Right to object: you can object to us processing your personal data if the processing forms part of our public tasks, or is in our legitimate interests, including profiling, unless we do not demonstrate overriding legitimate grounds. You can always object if the processing is for direct marketing purposes.

If your request places Atendia EAD in breach of the applicable legislation, we may refuse to fulfil it.

We have one month to respond to your request. We may sometimes need to extend this term by two additional months if your request is very complexed or we are overwhelmed by the number of the requests we have received. We will timely let you know if an extension will apply.

Data Transfers

We transfer the personal information we collect about you to countries outside of the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy in section “Information We Share” above.

If you are located in the European Economic Area (“EEA”) or Switzerland, we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA or Switzerland.

Intra-group international data transfers will be subject to legally binding intragroup agreements which provide enforceable rights for data subjects.

Our Retention of Personal Data

We retain personal data for as long as necessary to provide the services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

If you have given consent to the processing of your personal data, Atendia EAD will process your personal data for the specific purpose, until you withdraw your consent.

When the need to process your personal data no longer applies and the set retention periods expire, we will erase your personal data in a secure manner.

How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

Your personal data is stored on servers of Atendia EAD, where they are protected by all modern and fit for the purposes standard hardware and software means of protection –fire walls, anti-virus programs, data encrypting and etc. We update and test our security technology on an ongoing basis. 

To enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations. For example, photographs or video recordings of our physical events will not be connected to your personal data.

Atendia EAD ensures that access to your personal information is only granted to employees who need to process it in order to fulfil their work assignments, and that they abide by confidentiality in accordance with the applicable policies and procedures of Atendia EAD. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

We have entered into data protection agreements with our service providers and business schools to ensure the adequate protection of your personal data when these data are shared with them for the purposes described in this Privacy Policy.

Links on our website

Each of our brands’ websites may, from time to time, contain links to and from the websites of our partner networks and affiliates. Our service connects you to different websites. If you follow a link to any of these websites or use our service, please note that you have left our website and these websites have their own privacy policies. We do not accept any responsibility or liability for these policies or websites. Please check these policies before you submit any personal data to these websites.

Supervision and compliance

If you are dissatisfied with the way we have used your information or if you believe that your information was processed contrary to the applicable data protection rules and regulations, you can contact our DPO.

You can also lodge a complaint to the competent supervisory data protection authority in the country where you reside, the country where you work or the country where you were situated when the alleged breach of your rights has occurred. The competent authority in Bulgaria where we are seated is the Commission for Personal Data Protection (www.cpdp.bg).

How to Contact Us

If you have any questions or comments about this Privacy Policy, would like to exercise your rights or would like us to update information we have about you or your preferences, please contacts our DPO at:

Address: 36 Alabin str.
1000 Sofia, Bulgaria
Phone: +359 2 810 54 80
Email:  dpo@adventgroup.net

Updates to this Privacy Policy

We regularly review and, if appropriate, update this Privacy Policy from time to time as our services and use of personal data evolve. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, ask for your consent.

We will update the version number and date of this document each time it is changed.