This Privacy Manual is hereby adopted in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and other relevant policies, including issuances of the National Privacy Commission.
It is the policy of University of Perpetual Help System DALTA (UPHSD) to respect and uphold data privacy rights, and to ensure that all personal data collected from students, their parents or guardians, employees and other third parties, are processed pursuant to the general principles of transparency, legitimate purpose, and proportionality as stated in DPA.
This Manual outlines the data protection and security measures adopted by the University to protect data privacy rights, and shall serve as a guide in the exercise of rights under the DPA.
1. UPHSD adheres to the general principles of transparency, legitimate purpose and proportionality in the collection, processing, securing, retention and disposal of personal information.
2. The students, parents, guardians, employees or third parties whose personal information is being collected shall be considered as data subjects for purposes of these policies.
3. Data subjects shall be informed of the reason or purpose of collecting and processing of personal data.
4. The data subjects shall have the right to correct the information especially in cases of erroneous or outdated data, and to object to collection of personal information within the bounds allowed by privacy and education laws.
5. The data subject has the right to file a complaint in case of breach or unauthorized access of his personal information.
6. UPHSD shall secure the personal information of students, parents, guardians, employees and third parties from whom personal information is collected and shall take adequate measures to secure both physical and digital copies of the information.
7. UPHSD shall ensure that personal information is collected and processed only by authorized personnel for legitimate purposes of the University.
8. Any information that is declared obsolete based on the internal privacy and retention procedures of the University shall be disposed of in a secure and legal manner.
10. Data subjects may inquire or request for information from the Data Privacy Response Team, regarding any matter relating to the processing of their personal data under the custody of UPHSD including the data privacy and security policies implemented to ensure the protection of their personal data.
What are the Privacy Principles and Provisions espoused by the University?
1. TRANSPARENCY. Data Subject’s consent should be obtained before collecting the information and the latter should be informed of the purpose for which the information is to be collected.
Collection of information is done with the consent of Data Subjects (Students and their guardians) which consent is included in the forms filled-out during application for admission, enrollment or availing of student services such as scholarships, on the job trainings, etc.
In case there is no form or written document containing the privacy statement, the authorized personnel tasked to collect the information may verbally notify them of the purpose and ask the Data Subject to allow the University personnel to collect and process the information and shall record the processing of information with consent in writing.
2. FOR LEGITIMATE PURPOSE. In collecting personal information, the University shall use the information only for legitimate purposes.
Only authorized personnel are allowed to access and process the personal information collected from the students, their parents or guardians in accordance with Data Privacy policies of the University and the MORPHE which requires that student records as well as the information contained therein are to be kept confidential.
3. PROPORTIONALITY. Personal Information collected must be reasonably necessary or directly related to the University’s functions.
Authorized university personnel shall collect personal information that is reasonably necessary or directly related to the University’s primary or secondary functions or activities. Personal Information shall not be collected in anticipation that it may be useful in the future (“just in case” it is needed). The physical records, or those which are not digitally stored and secured in the UPHSD database, are stored in the particular offices of each Department. For student records from previous years that are required to perpetually stored and maintained by the University, a secured location is maintained. Access is restricted here such records may only be retrieved upon specific instructions of the University Registrar and only for legitimate purposes or upon request of the student or alumni for copies of their individual school record pursuant to the procedures and policies of the University Registrar’s on request for records. Personal information shall be collected by lawful and fair means and allowed under the University’s policies and the provisions of the MORPHE.
What are the Security Measures that the University adheres to?
The University shall take reasonable steps to protect the personal information in its possession from misuse, loss or unauthorized access, modification or disclosure.
As most of the personal information of students and employees are stored in the University data bases, access to personal information in digital or 14 digitized form by authorized IT personnel is restricted and individually identifiable. An approval process is in place for internal requests (i.e. special requests for authority to view student profile for disciplinary cases, counseling, or health concerns) for access to restricted student or employee records contained in the University information systems. As a general rule only authorized personnel with the necessary approvals may request for access of the information systems of personal information in accordance with the Article VIII (B) of this Manual.
Physical access to the servers and network equipment is highly restricted to authorized personnel only. Various security devices and facilities are employed to safeguard the university network and its systems.
24-hour security is also provided by the University to secure the areas where the University servers are located.
Access to student and employee personal information is limited to authorized personnel of the specific departments collecting or processing the information.
Aside from access restriction, the storage facilities for the hard copies of documents containing personal information are also secured (i.e. locked) in cabinets. Only authorized personnel can open. The storage unit is placed in areas that are not usually accessible to the public, safe from physical hazards such as rain, wind and dust, and located in areas manned by the authorized personnel.
Security is also provided for the entire University including areas where the hard copies of such documents are kept and secured.
Who should be contacted for inquiries and complaints?
UPHS Data Privacy Response Team
Dr. Rosalie M. Armando
Data Privacy Officer
Tel No. 874-8515 local 658 | 871-0639 local 136
E-mail Address: firstname.lastname@example.org
Dr. Joven O. Sepino
Assistant Data Privacy Officer
Tel No. 871-0639 local 204
E-mail address: email@example.com
Dr. Raul C. Trinidad
Compliance Officer for Privacy – DALTA LP
Tel No. 871-0639 local 115
Email Address: firstname.lastname@example.org
Ms. Melanie L. Serrano
Compliance Officer for Privacy – DALTA MOL
Tel No. (046) 477-0602 local 145
Email Address: email@example.com
Mr. Renato N. Manreza Jr.
Compliance Officer for Privacy – DALTA CAL
Tel No. (049) 576-6584
Email Address: firstname.lastname@example.org