A. Introduction

The University of Northern Philippines is committed to the protection of Personal Information/Sensitive Personal Information/Privileged Information of all stakeholders. This Data Privacy and Protection Policy (“Policy”) details the collection, processing and disclosure of your Personal Information pursuant to the Republic Act No. 10173, also known as the “Data Privacy Act of 2012” [An Act protecting the privacy of individuals while making sure of free flow of information to promote innovation and growth; regulating the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of personal data; and making sure that Government Agencies are compliant with international standards set for data protection through the National Privacy Commission (NPC)] which took effect on September 8, 2012 (the “Act”).

By availing university services or by providing your Personal Information/Sensitive Personal Information/Privileged Information, or otherwise by acknowledging receipt of this Policy, you have read and consent and/or you are deemed to have read and consent to us using, collecting, and processing your Personal Information/Sensitive Personal Information/Privileged Information in the manner described in this Policy.

Kindly note that the university reserves the right to change, amend and/or vary this Policy at any time. You are advised to check this Policy from the university website from time to time for amendments or updates.

B. Collection of Personal Data

The university collects your personal data in the course of your transactions with us including:

  1. Your personal information/sensitive personal information (as reflected in the Registration Form, including details relating to other person(s) who may be identified from the data;
  2. The contents of all information obtained from the document(s) collected by the different Colleges or the Registrar’s Office; and/or
  3. Other information (collectively referred to as “Personal Data”).

C. Purposes

  1. Providing/enhancing stakeholder care and satisfaction, including but not limited to, resolving complaints, and dealing with and/or responding to requests and enquiries;
  2. To keep stakeholders informed of events;
  3. To enhance university services;
  4. For internal record keeping, including but not limited to administration, processing, and matching any Personal Information held which relates to you for any of the purposes listed herein;
  5. For information and security purposes, including but not limited to managing and administrating stakeholder accounts, handling and investigating any security related issue, vulnerability, and/or incidents;
  6. For the exercise of any functions conferred on any person by law and/or towards the administration of justice; and/or
  7. For any purpose incidental, ancillary or in furtherance to the abovementioned purposes (collectively referred to as “Purposes”).

D. Disclosure to Third Parties

If and when necessary, your Personal Information/Sensitive Personal Information/Privileged Information may be disclosed to the following third parties:

  1. Authorized contractors and third-party service providers who provide services to the university for any of the Purposes contemplated at the paragraph above;
  2. External professional advisors and auditors; and/or
  3. Governmental departments and authorities;
  4. Authorized University Officials

 E. Security of Personal Information

The university store your information in paper and electronic formats. The security of your personal data is important to us and we take reasonable steps to protect it from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by establishing and enforcing:

  1. Confidentiality requirements and data privacy training of our employees;
  2. Document storage security policies;
  3. Security measures to control access to our systems and premises;
  4. Limitations on access to personal data;
  5. Strict selection of third-party data processors and partners; and
  6. Electronic security systems, such as firewalls and data encryption of our network, websites and information systems applications. 

F. Access and Correction

  1. The Personal Information/Sensitive Personal Information/Privileged Information must be accurate, complete, not misleading and kept up-to-date. Should you be made aware of any inaccurate, incomplete or misleading Personal Information or where the Personal Information provided to us earlier have become incorrect or out of date, kindly notify the Registrar’s Office and the contact provided.
  2. You have the right to request access and correct your Personal Information/Sensitive Personal Information/Privileged Information and to withdraw your consent given to us hereunder. Such request however, may be subject to the requirements in the Act and the university’s process procedure.

G. Retention Standard

  1. Any Personal Information shall not be kept longer than is necessary for the fulfilment of the Purposes. The final IRR of the Data Privacy Act of 2012 contains a provision stating that personal data may not be retained in perpetuity in contemplation of a future use yet to be determined.  The university shall ensure that all Personal Information is destroyed or permanently deleted if it is no longer required for the Purposes for which it was to be processed.