UNIVERSITY OF THE PHILIPPINES (UP) PRIVACY NOTICE FOR STUDENTS
(REVISED AS OF THE 1ST SEMESTER/TRIMESTER 2019-2020)
To exercise and safeguard academic freedom and uphold your right to quality education, the University of the Philippines needs to process your personal and sensitive personal information—that is, information that identifies you as an individual.
UP is committed to comply with the Philippine Data Privacy Act of 2012 (DPA) in order to protect your right to data privacy.
This notice explains in general terms the purpose and legal basis for the processing of the typical or usual examples of personal and sensitive personal information that UP collects from students like you, the measures in place to protect your data privacy and the rights that you may exercise in relation to such information. Please note that this document does not contain an exhaustive list of all of UP's processing systems as well as the purpose and legal basis for processing.
Under the DPA, personal information may be processed (e.g. collected, used, stored, disclosed, etc.) with the consent of the data subject, pursuant to a contract with the data subject; when it is necessary in order for UP to comply with a legal obligation; to protect your vitally important interests including life and health; respond to a national emergency, public order, and safety; fulfill the functions of public authority or pursuant to the legitimate interests of the University or a third party; except where such interests are overridden by your fundamental rights.
Sensitive personal information (e.g. confidential educational records, age/birthdate, civil status, health, religious affiliation etc.) on the other hand may be processed with the consent of the data subject, when such is allowed by laws and regulations, such regulatory enactments provide for the protection of such information, and the consent of the data subject is not required for such law or regulation. For example, under the Education Act of 1982, parents have the right to access the educational records of children who are under their parental responsibility. Processing may also be done when needed to protect the life and health of the data subject or another person, and the data subject is unable to legally or physically express consent; in the case of medical treatment; or needed for the protection of lawful rights and interests of natural or legal persons in court proceedings; and for the establishment, exercise or defense of legal claims; or where provided to government or public authority.
The term UP/University/us refers to the University of the Philippines System and Constituent University (CU) offices.
The term you/your refers to all students of the University of the Philippines System, as well as those seeking to be admitted to the University (except for those seeking admission through the UPCAT who are covered by the UP Privacy Notice for UPCAT applicants) and, where the context so indicates, in the case of minors, their parents or guardians who also sign registration related and other forms that students fill out, such as leave of absence and scholarship application forms.
PERSONAL AND SENSITIVE PERSONAL INFORMATION COLLECTED FROM STUDENTS, AND THE PURPOSE/S AND LEGAL BASIS FOR PROCESSING SUCH INFORMATION
Various UP offices collect your personal information through paper based and online processing systems. UP may likewise collect publicly available information about you. Some application forms require you to provide a photograph. In some instances, your image is captured by UP's closed-circuit television (CCTV) cameras, or when UP documents, records, broadcasts (including live streaming), or publishes University activities or events.
When you applied for admission to UP you provided us, through the forms you submitted and signed (and in the case of minors that your parents/guardians also signed), among others, your name, sex assigned at birth, date and place of birth, civil status, citizenship, your photograph, information about your family (names of your parents, their citizenship, civil status ), your signature and other personal information that we use, along with other documents you provide us (e.g. information contained in educational records) to be able to verify your identity in the course of determining your eligibility to enroll in UP. We required you to attest that the information that you provided us is true and correct as we also use the information in order to prevent the commission of fraud. Such processing is necessary for compliance with our legal obligation as a publicly funded University and to uphold our legitimate interest as an educational institution as well as that of taxpayers. When you provide UP with the personal and sensitive personal information of third parties you warrant that you have obtained their consent for UP to process their information.
In the case of students who were admitted through the UPCAT, you also provided the highest educational attainment and occupation of your parents as well as your family's annual household income. UP processed that information along with your permanent address and other information (e.g. grades) as the selection of campus qualifiers also considers socioeconomic and geographic factors as explained in the UPCAT Bulletin. Such processing is pursuant to Section 9 of RA 9500 which requires UP to take affirmative steps to enhance the access of disadvantaged students to the University's programs and services.
Non-Filipino citizens seeking admission to the University are required to provide personal and sensitive personal information in order for UP to ascertain that their admission and enrollment is allowed under applicable Philippine laws, rules and regulations, and University rules and procedures.
In order for UP to exercise its right to academic freedom and to uphold academic standards under its Charter it processes the educational records and other personal information provided by prospective students to determine their eligibility to enroll.
UP processes your personal and sensitive personal information, in the course of fulfilling its obligation, to provide you quality education by exercising its right to academic freedom, and upholding academic standards, when the University's duly authorized personnel process your enrollment; evaluate the work that you submit in fulfillment of your academic requirements and give you grades; act on your applications for change of matriculation, dropping, leave of absence and the like; determine your academic progress and compliance with the University's retention and other rules; evaluate and recommend you for graduation; act on appeals on such matters; and, in the event you are qualified under the rules, recommend that you be awarded honors upon your graduation.
Aside from sensitive personal information in the form of grades, you also provide UP with health information as part of the admission and registration processes so that the University may determine your physical fitness to enroll; and be able to provide you with the proper care when you avail of UP's health services; or in case of an emergency; or in compliance with University rules that are meant to uphold academic standards (e.g., submission of medical certificates in order for your absences to be excused, for you to drop a subject, go on leave of absence, or justify underloading in an appeal to graduate with honors, etc.).
UP processes information regarding your religious affiliation in the course of verifying your identity (e.g. offices match information in your birth certificate and school records provided to us etc.) to conduct research to see to it that we uphold the principle of democratic access; and that, as a non-sectarian institution, we do not discriminate on the basis of religious creed; and to uphold your right to freedom of religion (e.g. by providing you with services that are consistent with your beliefs in relation to your health needs and food preparation, etc.).
The University may process your personal and sensitive personal information in order to compile statistics and conduct research, subject to the provisions of the DPA and applicable research ethics guidelines, in order to carry out its mandate as the National University.
Contact information is processed by UP in order to be able to communicate effectively with you, and to enable us to contact your family or other people you identify, in the case of an emergency. For example, UP offices or your teachers may use the information generated by the applicable registration system in order to contact you via email or via a messaging system for class related and other academic matters, as well as UP related activities and information. UP may also contact you in order to solicit your consent to participate in academic or non-commercial research.
In some instances, because UP is aware that not all students have access to the Internet at all times, or that you may have failed to update email or contact details, UP may inform you of the need to contact certain UP offices, or to submit certain requirements by a certain date, or otherwise disseminate information that you need to know by posting your name or other relevant personal information on UP bulletin boards. In the case of email correspondence, your email address may be disclosed to other members of the class so that other students to whom you may have disclosed your new email address, or other contact details, will be able to relay email messages to you.
UP processes personal and sensitive personal information, and, in particular, financial information related to your studies, in order to administer State-funded and privately financed scholarships, as well as grants or other forms of assistance, pursuant to its contractual or legal obligations as part of the University's legitimate interests and that of taxpayers, as well as relevant third parties, such as donors or sponsors.
Your personal and sensitive personal information may also be processed in order for UP to provide you with services, such as the issuance of your ID card, stickers or gate passes, library, dormitory, health, counseling and guidance services and the like; facilitate the processing of applications for insurance and insurance claims; determine whether the student organization or association to which you belong may be recognized and given access to University services, etc., to enable your participation in student elections, exchange programs, internships, training programs, conferences, etc.; administer scholarships, grants and other forms of assistance, pursuant to UP's contractual or legal obligations; or to protect your vitally important interests.
CCTVs and other security measures which may involve the processing of your personal information are intended to protect your vitally important interests, for public order and safety, and pursuant to the University's and the public's legitimate interests. UP processes personal and sensitive personal information in order to comply with its duty as an academic institution to exercise due diligence to prevent harm or injury to you or others.
You may also be required to present your UP ID when you avail of University services, or when you request documents containing your personal and sensitive personal information.
If you request such information through a representative, UP will require that you provide a letter of authorization specifying the information or document requested, the purpose(s) for which the same will be used, and the presentation of your UP ID or other valid government-issued identification card (GIID), as well the GIID of your duly authorized representative, in order for UP to see to it that fraud is prevented, and your right to data privacy is upheld.
UP will process your name, student number and photograph in order to issue your UP radio-frequency enabled identification (RFID). A unique, randomly generated number, as well as your student number, will be encoded in the RFID tag or chip of your UP ID such that these will be the only information that can be read by a compatible RFID reader.
UP, using its RFID readers, will process the abovementioned information when you tap or wave your UP ID card in close proximity to such readers in order to:
- regulate access to libraries and other University buildings in order to supplement other existing security measures in place;
- provide you with RFID enabled services in UP offices where these are applicable or available; and
- provide benefits to qualified students pursuant to the UP Charter and relevant internal rules.
UP has a legitimate interest in securing the UP community, its buildings and other assets and adopting means in order to provide services in a more efficient manner. UP is also required under its Charter to adopt measures in order to provide democratic access to its services. Rest assured that the University will process the above UP RFID information only for legitimate purposes, and for such periods allowed by the DPA and other applicable laws. UP has adopted appropriate measures to safeguard your right to data privacy over your abovementioned information.
The University provides for the secure processing and, when applicable, secure archival of the educational record and other relevant personal information of its students that are needed to verify their identity so that UP will be able to provide the proper transcripts, certifications, and other documents that current or former students or alumni may request as required by the Education Act of 1982, and comply with obligations to the UP Alumni Association under the UP Charter and University rules, as well as for historical and research purposes as permitted by law. The relevant application forms and supporting documents submitted by those who are not qualified to enroll in UP, including those who are not accepted as shiftees or transferees, as well as qualified applicants who do not thereafter enroll in UP are securely disposed of within a reasonable period of time as determined by the University pursuant to applicable laws and regulations.
INSTANCES WHEN YOUR RELEVANT PERSONAL AND/OR SENSITIVE PERSONAL INFORMATION MAY BE DISCLOSED BY UP TO THIRD PARTIES AND THE PURPOSE/S AND LEGAL BASIS FOR SUCH DISCLOSURES
The University will disclose or share your relevant personal and/or sensitive personal information to third parties in order to carry out its mandate as an academic institution, comply with legal obligations, perform its contractual obligations to you, promote and protect your interests, and in order to pursue its legitimate interests or that of a third party. UP discloses such information when required or allowed by law, or with your consent. Examples of these include:
- posting the list of students qualified to enroll in UP as well as waitlisted applicants online or on bulletin boards pursuant to its functions under its Charter, and for transparency in the admissions process;
- submission of information required by the UNIFAST Board and the Commission on Higher Education in order to implement the Universal Access to Quality Tertiary Education Act of 2017 (RA 10931) and the UNIFAST Act (RA 10687);
- disclosure of information to the proper bodies to enable you to take licensure, board, bar examinations and the like;
- information sharing with the UP Alumni Association in order for UP to comply with its mandate under the UP Charter.
- disclosure of your personal and/or sensitive personal information to relevant third parties in order for UP to respond to an emergency and comply with its duty to exercise due diligence to prevent harm or injury to you and/or others;
- disclosure of your personal and/or sensitive personal information in compliance with University policies, rules and processes adopted pursuant to the UP Charter, or with your consent, in order to uphold or promote your interest and/or the principle of transparency, promote the legitimate interests of the University or third parties, such as in relation to the processing of applications for leave of absence; the conduct of student elections (e.g. posting of list of candidates and results); disclosures contained in the minutes of University bodies such as the Board of Regents in connection with graduation, student discipline, and the like;
- providing information pursuant to the provisions of the Data Privacy Act or other applicable laws, and lawful orders or processes issued by government agencies, courts, and law enforcement agencies.
- disclosures to enable UP to participate in university ranking exercises and other similar activities;
- sharing personal and sensitive personal information with your parent(s)/guardian/spouse, or other next of kin, in order to promote your best interests as required by law, or when necessary in order for the University to respond to an emergency, uphold your vitally important interests, or to prevent harm to you and/or others, or with your consent;
- disclosures for your benefit, or in support of your interests, such as those intended to enable you to participate in exchange programs, conferences, trainings and the like, academic, athletic and other similar competitions or events; to apply for, receive and comply with terms and conditions of scholarships, grants and other forms of assistance; to be granted Civil Service eligibility based on Latin honors under PD 907 or in relation to internship, employment or other career opportunities with your consent;
- disclosures to recognize your achievements such as through the publication and distribution of the commencement program, and other materials containing the names of graduates, their respective courses/certificates and honors received, or sharing of relevant information with honor societies or entities that confer awards with your consent;
- information that we share with third parties who process your information in order to provide products or services to you or UP (e.g. cloud service providers) for registration systems that contain your enrollment information and grades, email providers, entities that provide insurance, process your UP ID and the like for which we require your consent. Unless your consent is given, it will not be possible for such products or services to be provided to you;
- in the exercise of the sound discretion of UP pursuant to its mandate as a research university we may share your name, email, and other relevant personal information, with your consent, with researchers conducting academic or non-commercial research who have put in place applicable measures required by ethical guidelines and the DPA to uphold your privacy so that they can solicit your consent to participate in research;
- news or feature articles about your achievements, awards received, research and public service activities and the like in University publications, websites or social media posts, disclosures that the University may make in the exercise of its sound discretion in response to inquiries from the press, or press releases and other similar disclosures for journalistic purposes, as allowed by the DPA, or with your consent;
- publishing, broadcasting or live streaming of University activities or events pursuant to the legitimate interests of the University and third parties or for journalistic purposes, as allowed by the DPA;
- other instances analogous to the foregoing.
Where applicable, UP will take reasonable steps to require third parties who receive your information to uphold your right to data privacy.
HOW UP PROTECTS YOUR PERSONAL INFORMATION
Even prior to the effectivity of the DPA, UP put in place physical, organizational and technical measures to protect your right to privacy and is committed to reviewing and improving the same, so as to be able to comply, among others, with its obligations under the applicable provisions of the Education Act of 1982, which require us to keep your educational records confidential. You may wish, for instance, to read UP's Acceptable Use Policy for Information Technology (IT) Resources (AUP).
From time to time UP posts information on relevant sites and sends emails that explain how you can secure and maintain the confidentiality of your personal information.
UP System and CU offices are permitted by the DPA and other laws to share information with each other for the purpose of carrying out the mandate of UP pursuant to the Constitution, its Charter and other applicable laws. For instance, the UP System Office of Admissions transmits or shares your relevant information to the proper CU Registrar. Registrars disclose or share information required by System officials or offices such as the Board of Regents, the UP President, the Executive Vice President, the Vice Presidents, the Secretary of the University, or the Office of Alumni Relations, to carry out their respective functions. Rest assured that UP officials and personnel in such offices are allowed to process your personal and sensitive personal information only when such processing is part of their official duties. This is enforced in the case of ICT-based processing systems (e.g. SAIS, CRS etc.) by assigning access to modules (e.g. to give grades, enlist, give advice, or tag students as ineligible, etc.) based on the official functions of said UP personnel.
ACCESS TO AND CORRECTION OF YOUR PERSONAL AND SENSITIVE PERSONAL INFORMATION AND YOUR RIGHTS UNDER THE DPA
You have the right to access personal and sensitive personal information being processed by UP about you. You may access your personal and sensitive personal information, for instance, through UP's information systems such as SAIS or CRS or request documents from relevant offices (e.g. the University Registrar or your College Secretary). In order for UP to see to it that your personal and sensitive personal information are disclosed only to you, these offices will require the presentation of your UP ID or other documents that will enable UP to verify your identity. In case you process or request documents through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information, and your UP ID or other valid government-issued ID (GIID), as well as the valid GIID of your representative.
As mentioned above, UP requires you to provide correct information. In the event that your information needs to be updated please follow the instructions found in the relevant website, or kindly get in touch with the proper University office(s). Please note that the correction of grades is subject to University rules and procedures.
Aside from the right to access and correct your personal data, you have the following rights subject to the conditions and limitations provided under the DPA and other applicable laws and regulations:
- The right to be informed about the processing of your personal data through this and other applicable privacy notices.
- The right to object to the processing of your personal data, to suspend, withdraw or order the blocking, removal or destruction thereof from our filing system. Kindly note however that, as mentioned above, there are various instances when the processing of personal data you have provided is necessary for us to comply with UP's mandate, statutory and regulatory requirements, or is processed using a lawful basis other than consent. In the case of your UP ID it is your duty to immediately report the loss of such card to your University Registrar and the UP ITDC so that UP can prevent the unauthorized use of the same.
- The right to receive, pursuant to a valid decision, damages due to the inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, taking into account any violation of your rights and freedoms as a data subject and
- The right to lodge a complaint before the National Privacy Commission provided that you first exhaust administrative remedies by filing a request with the proper offices or a complaint with the proper DPO through the email address indicated below regarding the processing of your information, or the handling of your requests for access, correction, blocking of the processing of your personal data and the like.
HOW WE OBTAIN YOUR CONSENT AND HOW YOU CAN WITHDRAW CONSENT
UP obtains your consent for the processing of your personal and sensitive personal information pursuant to this privacy notice by asking you to sign the relevant form. If you are a minor, we will require your parent or guardian to sign the proper form. If you wish to withdraw consent, kindly write or send an email to your University Registrar at email@example.com and identify the processing activity for which you are withdrawing consent. Please attach a copy of your UP ID so that the Registrar will be able to verify your identity. Note that consent may be withdrawn only for a processing activity/ies for which consent is the only applicable lawful ground for such processing. Kindly await your Registrar's action regarding your request. Rest assured that once your Registrar confirms that you have validly withdrawn consent for a processing activity/ies the same shall be effective unless you thereafter send a letter or email to the Registrar with a copy of your ID that you are consenting to such processing activity/ies.
REVISIONS TO THE PRIVACY NOTICE AND QUERIES REGARDING DATA PRIVACY
The previous privacy notices issued for the 1st and 2nd semesters/trimester 2018-19 have been revised. This amended notice will take effect on 27 August 2019.
We encourage you to visit this site from time to time to see any further updates regarding this privacy notice. We will alert you regarding changes to this notice through this site.
If you have any Data Privacy queries or concerns as it relates to your student records, you may contact the UP Diliman Data Protection Office through the following:
UP Diliman Data Protection Office
L/GF, Phivolcs Bldg.
C.P. Garcia Avenue
Diliman, Quezon City 1101
981-8500 local 2621
UP Diliman Data Protection Office:
UP Diliman Data Protection Officer:
For queries, comments or suggestions regarding this System-wide privacy notice, please contact the University of the Philippines System Data Protection Officer through the following:
c/o the Office of the President
2F North Wing Quezon Hall
(Admin Building) University Avenue,
UP Diliman, Quezon City 1101
Through the following landlines
Phone | (632) 9280110; (632) 9818500 loc. 2521
- Through email