DATA PRIVACY POLICY

INTRODUCTION

Pamantasan ng Lungsod ng Pasig (University of Pasig City) is committed to protecting the privacy and personal data of its students, faculty, staff, alumni, and other stakeholders in compliance with Republic Act No. 10173, or the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR). This policy outlines how the University collects, processes, stores, shares, and disposes of personal data.

 

SCOPE

This policy applies to all personal data collected and processed by the University, whether in electronic, paper, or any other format, and covers all students, faculty, staff, alumni, applicants, researchers, third-party service providers, and visitors who interact with the University’s systems and services.

 

DEFINITION OF TERMS

  • Personal Data – Any information that identifies an individual, including name, address, student/employee number, contact details, and academic or employment records.
  • Sensitive Personal Data – Includes information about race, ethnicity, health, education, financial status, government-issued identifiers, and other sensitive details.
  • Processing – Any operation performed on personal data, such as collection, recording, organization, storage, updating, retrieval, consultation, use, dissemination, and deletion.
  • Data Subject – Any individual whose personal data is collected and processed by the University.
  • Data Protection Officer (DPO) – The designated officer responsible for ensuring compliance with data privacy regulations.

 

DATA COLLECTION

The University collects personal data for legitimate academic, administrative, research, and operational purposes. Data may be collected from various sources, including:

  • Online application and registration forms
  • Enrollment and employment records
  • Research and survey responses
  • CCTV surveillance systems
  • Digital platforms (e.g., Learning Management Systems, HR portals)

 

PURPOSE OF DATA PROCESSING

The University processes personal data for the following purposes:

  • Academic and Student Services: Enrollment, academic records management, library access, scholarships, and student assistance programs.
  • Employment and Human Resources: Recruitment, payroll, benefits administration, performance evaluation, and training.
  • Research and Development: Academic research, institutional studies, and publication requirements.
  • Security and Safety: Campus security monitoring (CCTV), emergency contact tracing, and access control.
  • Marketing and Communications: Alumni engagement, promotions, and event management.

 

DATA SHARING AND DISCLOSURE

Personal data may be shared with:

  • Government agencies (e.g., CHED, DepEd, DOH, SSS, PhilHealth) for regulatory compliance.
  • External service providers (e.g., cloud storage, IT support) with contractual data protection agreements.
  • Partner institutions for exchange programs, internships, and collaborations.
  • Law enforcement authorities when required by law.
  • DATA STORAGE, RETENTION, AND DISPOSAL

The University employs secure storage systems for physical and digital records. Personal data is retained only as long as necessary for its intended purpose, following retention schedules set by academic and legal standards. Secure disposal methods, such as data anonymization and shredding, are implemented.

 

DATA PROTECTION MEASURES

The University adopts reasonable organizational, physical, and technical security measures to protect personal data, including:

  • Organizational Measures: Appointment of a Data Protection Officer (DPO), staff training, and privacy impact assessments.
  • Physical Measures: Restricted access to records, secure filing cabinets, and surveillance systems.
  • Technical Measures: Encrypted databases, password-protected systems, firewalls, and regular security audits.

 

DATA SUBJECT RIGHTS

Data subjects have the following rights under the DPA:

  • Right to be Informed – Know how their data is collected and used.
  • Right to Access – Request a copy of their personal data.
  • Right to Rectification – Correct any inaccuracies.
  • Right to Erasure or Blocking – Request deletion of unnecessary or unlawfully processed data.
  • Right to Object – Opt-out of data processing under certain conditions.
  • Right to Data Portability – Obtain and transfer personal data for other purposes.
  • Right to File a Complaint – Seek redress for privacy violations with the University’s DPO or the National Privacy Commission (NPC).

 

POLICY REVIEW AND UPDATES

This policy shall be reviewed annually or as necessary to align with legal and regulatory updates. The University reserves the right to amend this policy with proper notice to data subjects.

 

Downloads