Data Privacy and Protection Policy

A. Introduction

The University of Northern Philippines (UNP) is committed to protecting the Personal Information, Sensitive Personal Information, and Privileged Information of its students, employees, alumni, partners, and other stakeholders.

This Data Privacy and Protection Policy (“Policy”) governs the collection, processing, storage, use, disclosure, and retention of personal data in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC).

As a State University and College (SUC), UNP processes personal data in the performance of its constitutional, statutory, and public functions, pursuant to applicable laws, rules, and regulations.

By availing of university services, submitting personal data, or acknowledging receipt of this Policy, data subjects confirm that they have read, understood, and consented to, or are deemed to have consented to, the collection and processing of personal data in accordance with this Policy and applicable law.

UNP reserves the right to amend or update this Policy at any time. Stakeholders are encouraged to review this page periodically for updates.

B. Collection of Personal Data

UNP collects personal data in the course of academic, administrative, research, extension, and institutional transactions, including but not limited to:

  • Personal and sensitive personal information provided through registration, enrollment, employment, scholarship, research, and other official forms, including information relating to identifiable third parties;
  • Information contained in documents, records, and databases maintained by colleges, offices, and the Registrar’s Office; and
  • Other information necessary and relevant to the legitimate operations and functions of the university
    (collectively referred to as “Personal Data”).

C. Purposes of Processing

UNP processes Personal Data for legitimate and lawful purposes, including:

  • Delivery and enhancement of academic, administrative, and stakeholder services;
  • Communication of university programs, activities, announcements, and events;
  • Internal administration, record-keeping, verification, and processing;
  • Improvement of university systems, services, and facilities;
  • Information security, account management, and investigation of security incidents;
  • Compliance with legal obligations and performance of public authority functions;
  • Exercise or defense of legal claims and administration of justice; and
  • Other purposes incidental or reasonably related to the foregoing (collectively referred to as the “Purposes”).

D. Disclosure of Personal Data

When necessary and in accordance with law, UNP may disclose Personal Data to the following:

  • Authorized contractors and third-party service providers engaged by the university;
  • External professional advisors, consultants, and auditors;
  • Government agencies, regulatory bodies, and authorities;
  • Authorized university officials with legitimate access.

All disclosures are subject to confidentiality obligations and data protection safeguards.

E. Security of Personal Data

UNP stores Personal Data in both physical and electronic formats and implements reasonable and appropriate organizational, physical, and technical security measures to protect data against accidental or unlawful destruction, alteration, disclosure, misuse, or unauthorized access. These measures include:

  • Data privacy awareness and confidentiality obligations for personnel;
  • Secure document storage and records management policies;
  • Controlled access to facilities, systems, and databases;
  • Role-based access limitations;
  • Careful selection and monitoring of third-party data processors; and
  • Technical safeguards such as firewalls, encryption, and system security controls.

F. Data Subject Rights

In accordance with the Data Privacy Act of 2012, data subjects have the following rights:

  • Right to be informed;
  • Right to access;
  • Right to object;
  • Right to erasure or blocking;
  • Right to rectification;
  • Right to data portability;
  • Right to damages; and
  • Right to lodge a complaint with the National Privacy Commission (NPC).

These rights may be exercised subject to the requirements of the law and UNP’s established procedures.

G. Access, Correction, and Withdrawal of Consent

UNP ensures that Personal Data is accurate, complete, relevant, and up-to-date. Data subjects may request access to, correction of, or updating of their Personal Data, or withdraw previously given consent, subject to legal, contractual, and institutional limitations.

Requests and notifications of inaccurate or outdated information may be submitted to the Registrar’s Office or the Data Protection Officer (DPO).

H. Retention of Personal Data

Personal Data shall be retained only for as long as necessary to fulfill the stated Purposes or as required by law, rules, and regulations. UNP does not retain personal data indefinitely for undefined future use.

Once Personal Data is no longer necessary, it shall be securely disposed of, destroyed, or permanently deleted in accordance with applicable laws and university policies.

I. Data Protection Officer (DPO)

In compliance with the Data Privacy Act of 2012, the University of Northern Philippines has designated the Head of the University Legal Office as its Data Protection Officer (DPO).

Data Protection Officer:
Head of University Legal Office
University of Northern Philippines
📧 ulo@unp.edu.ph

The DPO oversees the university’s compliance with data privacy laws and may be contacted for inquiries, concerns, or requests relating to the collection, processing, protection, and exercise of rights over personal data.