UNIVERSITY OF THE PHILIPPINES (UP) PRIVACY NOTICE FOR STUDENTS
(REVISED AS OF THE 2ND SEMESTER/TRIMESTER 2018-2019)
To exercise and safeguard academic freedom and uphold your right to quality education, the University of the Philippines needs to process your personal and sensitive personal information—that is, information that identifies you as an individual.
UP is committed to comply with the Philippine Data Privacy Act of 2012 (DPA) in order to protect your right to data privacy.
This notice explains in general terms the purpose and legal basis for the processing of the typical or usual examples of personal and sensitive personal information that UP collects from students like you, the measures in place to protect your data privacy and the rights that you may exercise in relation to such information. Please note that this document does not contain an exhaustive list of all of UP’s processing systems as well as the purpose and legal basis for processing.
Under the DPA, personal information may be processed e.g. collected, used, stored, disclosed, etc. with the consent of the data subject, pursuant to a contract with the data subject; when it is necessary in order for UP to comply with a legal obligation; to protect your vitally important interests including life and health; respond to a national emergency, public order, and safety; fulfill the functions of public authority or pursuant to the legitimate interests of the University or a third party, except where such interests are overridden by your fundamental rights.
Sensitive personal information (e.g. confidential educational records, age/birthdate, civil status, health, religious affiliation etc.) on the other hand may be processed with the consent of the data subject, when such is allowed by laws and regulations, such regulatory enactments provide for the protection of such information and the consent of the data subject is not required for such law or regulation. For example, under the Education Act of 1982, parents have the right to access the educational records of children who are under their parental responsibility. Processing may also be done when needed to protect the life and health of the data subject or another person and the data subject is unable to legally or physically express consent, in the case of medical treatment, or needed for the protection of lawful rights and interests of natural or legal persons in court proceedings, and for the establishment, exercise or defense of legal claims or where provided to government or public authority.
The term UP/University/us refers to the University of the Philippines System and Constituent University (CU) offices.
The term you/your refers to all students of the University of the Philippines System, as well as those seeking to be admitted to the University, except for those seeking admission through the UPCAT who are covered by the UP Privacy Notice for UPCAT applicants and, where the context so indicates, in the case of minors, their parents or guardians who also sign registration related and other forms that students fill out, such as leave of absence and scholarship application forms.
PERSONAL AND SENSITIVE PERSONAL INFORMATION COLLECTED FROM STUDENTS, AND THE PURPOSE/S AND LEGAL BASIS FOR PROCESSING SUCH INFORMATION
Various UP offices collect your personal information through paper based and online processing systems. UP may likewise collect publicly available information about you. Some application forms require you to provide a photograph. In some instances, your image is captured by UP’s CCTV cameras or when UP documents, records or live streams University activities or events.
When you applied for admission to UP you provided us, through the forms you submitted and signed (and in the case of minors that your parents/guardians also signed), among others, your name, sex assigned at birth, date and place of birth, civil status, citizenship, your photograph, information about your family (names of your parents, their citizenship, civil status ) and other personal information that we use, along with other documents you provide us e.g. information contained in educational records to be able to verify your identity in the course of determining your eligibility to enroll in UP. We required you to attest that the information that you provided us is true and correct as we also use the information in order to prevent the commission of fraud. Such processing is necessary for compliance with our legal obligation as a publicly funded University and to uphold our legitimate interest as an educational institution as well as that of taxpayers. When you provide UP with the personal and sensitive personal information of third parties you warrant that you have obtained their consent for UP to process their information.
In the case of students who were admitted through the UPCAT, you also provided the highest educational attainment and occupation of your parents as well as your family’s annual household income. UP processed that information along with your permanent address and other information, e.g. grades, as the selection of campus qualifiers also considers socioeconomic and geographic factors as explained in the UPCAT Bulletin. Such processing is pursuant to Section 9 of RA 9500 which requires UP to take affirmative steps to enhance the access of disadvantaged students to the University’s programs and services.
Non-Filipino citizens seeking admission to the University are required to provide personal and sensitive personal information in order for UP to ascertain that their admission and enrollment is allowed under applicable Philippine laws, rules and regulations and University rules and procedures.
In order for the UP to exercise its right to academic freedom and to uphold academic standards under its Charter it processes the educational records and other personal information provided by prospective students to determine their eligibility to enroll.
UP processes your personal and sensitive personal information in the course of fulfilling its obligation to provide you quality education by exercising its right to academic freedom and upholding academic standards when the University’s duly authorized personnel process your enrollment, evaluate the work that you submit in fulfillment of your academic requirements and give you grades, act on your applications for change of matriculation, dropping, leave of absence and the like, determine your academic progress and compliance with the University’s retention and other academic as well as disciplinary rules, including the rules covering student organizations, evaluate and recommend you for graduation, act on appeals on such matters and in the event you are qualified under the rules, recommend that you be awarded honors upon your graduation.
Aside from sensitive personal information in the form of grades, you also provide UP with health information as part of the admission and registration processes so that the University may determine your physical fitness to enroll and be able to provide you with the proper care when you avail of UP’s health services or in case of an emergency or in compliance with University rules that are meant to uphold academic standards (for instance, submission of medical certificates in order for your absences to be excused, for you to drop a subject, go on leave of absence, or justify underloading in an appeal to graduate with honors, etc).
UP processes information regarding your religious affiliation in the course of verifying your identity — e.g. offices match information in your birth certificate and school records provided to us etc. — to conduct research to see to it that we uphold the principle of democratic access and that, as a non-sectarian institution, we do not discriminate on the basis of religious creed and to uphold your right to freedom of religion, e.g. by providing you with services that are consistent with your beliefs in relation to your health needs and food preparation, etc.
The University may process your personal and sensitive personal information in order to compile statistics and conduct research subject to the provisions of the DPA and applicable research ethics guidelines in order to carry out its mandate as the National University.
Contact information is processed by UP in order to be able to communicate effectively with you and to enable us to contact your family or other people you identify in the case of an emergency. For example, UP offices or your teachers may use the information generated by the applicable registration system in order to contact you via email and/or SMS for class related and other academic matters as well as UP related activities and information. UP may also contact you in order to solicit your consent to participate in academic or non-commercial research.
In some instances, because UP is aware that not all students have access to the Internet at all times and/or that you may have failed to update email and/or telephone numbers, UP may inform you of the need to contact certain UP offices or to submit certain requirements by a certain date or otherwise disseminate information that you need to know by posting your name and other relevant personal information on UP bulletin boards. In the case of email correspondence, your email address may be disclosed to other members of the class so that other students to whom you may have disclosed your new email address or other contact details will be able to relay email messages to you.
UP processes personal and sensitive personal information, and in particular financial information related to your studies in order to administer State-funded and privately financed scholarships as well as grants or other forms of assistance pursuant to its contractual or legal obligations as part of the University's legitimate interests and that of taxpayers as well as relevant third parties such as donors or sponsors.
Your personal and sensitive personal information may also be processed in order for UP to provide you with services such as the issuance of your ID card, stickers or gate passes, library, dormitory, health, counseling and guidance services and the like, facilitate the processing of applications for insurance and insurance claims, determine whether the student organization or association to which you belong may be recognized and given access to University services, etc., to enable your participation in student elections, exchange programs, internships, training programs, conferences etc., manage and administer scholarships, grants and other forms of assistance, pursuant to UP's contractual or legal obligations, or to protect your vitally important interests.
CCTVs and other security measures which may involve the processing of your personal information are intended to protect your vitally important interests, for public order and safety and pursuant to the University's and the public's legitimate interests. UP processes personal and sensitive personal information in order to comply with its duty as an academic institution to exercise due diligence to prevent harm or injury to you and/or others.
You may also be required to present your UP ID when you avail yourself of University services or when you request documents containing your personal and sensitive personal information. If you request such information through a representative, UP will require that you provide a letter of authorization specifying the information or document requested, the purpose(s) for which the same will be used, and the presentation of your UP ID or other valid government-issued identification cards (GIID) as well the GIID of your duly authorized representative in order for UP to see to it that fraud is prevented and your right to data privacy is upheld.
UP does not process your personal information to carry out any wholly automated decision making that affects you.
The University provides for the secure processing and, when applicable, secure archival of the educational record and other relevant personal information of its students that are needed to verify their identity so that UP will be able to provide the proper transcripts, certifications, and other documents that current or former students or alumni may request as required by the Education Act of 1982, and comply with obligations to the UP Alumni Association under the UP Charter and University rules, as well as for historical and research purposes as permitted by law. The relevant application forms and supporting documents submitted by those who are not qualified to enroll in UP, including those who are not accepted as shiftees or transferees, as well as qualified applicants who do not thereafter enroll in UP are securely disposed of within a reasonable period of time as determined by the University pursuant to applicable laws and regulations.
INSTANCES WHEN YOUR RELEVANT PERSONAL AND/OR SENSITIVE PERSONAL INFORMATION MAY BE DISCLOSED BY UP TO THIRD PARTIES AND THE PURPOSE/S AND LEGAL BASIS FOR SUCH DISCLOSURES
The University will disclose or share your relevant personal and/or sensitive personal information to third parties in order to carry out its mandate as an academic institution, comply with legal obligations, perform its contractual obligations to you, promote and protect your interests and in order to pursue its legitimate interests and/or that of a third party. UP discloses such information when required or allowed by law or with your consent. Examples or instances of these include:
- posting the list of students qualified to enroll in UP as well as waitlisted applicants online and/or on bulletin boards pursuant to its functions under its Charter and for transparency in the admissions process
- submission of information required by the UNIFAST Board and the Commission on Higher Education in order to implement the Universal Access to Quality Tertiary Education Act of 2017 (RA 10931) and the UNIFAST Act (RA 10687).
- disclosure of information to the proper bodies to enable you to take licensure, board, bar examinations and the like
- information sharing with the UP Alumni Association in order for UP to comply with its mandate under the UP Charter R.A. 9500
- disclosure of your personal and/or sensitive personal information to relevant third parties in order for UP to respond to an emergency and comply with its duty to exercise due diligence to prevent harm or injury to you and/or others.
- disclosure of your personal and/or sensitive personal information in compliance with University policies, rules and processes adopted pursuant to the UP Charter or with your consent in order to uphold or promote your interest and/or the principle of transparency, promote the legitimate interests of the University or third parties such as in relation to the processing of applications for leave of absence; the conduct of student elections e.g. posting of list of candidates and results; disclosures contained in the minutes of University bodies such as the Board of Regents in connection with for example graduation, appeals and the like
- providing information pursuant to the provisions of the Data Privacy Act or other applicable laws and lawful orders or processes issued by government agencies, courts, law enforcement agencies and other public authorities
- disclosures to enable UP to participate in university ranking exercises and other similar activities
- sharing personal and sensitive personal information with your parent(s)/guardian/spouse or other next of kin in order to promote your best interests as required by law; or when necessary in order for the University to respond to an emergency, uphold your vitally important interests or to prevent harm to you and/or others; or with your consent
- disclosures for your benefit or in support of your interests such as those intended to enable you to participate in exchange programs, conferences, trainings and the like, academic, athletic and other similar competitions or events, to apply for, receive and comply with terms and conditions of scholarships, grants and other forms of assistance, to be granted Civil Service eligibility based on Latin honors under PD 907 or in relation to internship, employment or other career opportunities with your consent
- disclosures to recognize your achievements such as through the publication and distribution of the commencement program and other materials containing the names of graduates their respective courses/certificates and honors received, sharing of relevant information with honor societies or entities that confer awards with your consent
- information that we share with third parties who process your information in order to provide products and/or services to you and/or UP e.g. cloud service providers for registration systems that contain your enrollment information and grades, email providers, entities that provide insurance, process your UP student ID and the like for which we require your consent. Unless your consent is given, it will not be possible for such products and/or services to be provided to you
- in the exercise of the sound discretion of UP pursuant to its mandate as a research university we may share your name, email and other relevant personal information with your consent with researchers conducting academic or non-commercial research who have put in place applicable measures required by ethical guidelines and the DPA to uphold your privacy so that they can solicit your consent to participate in research
- news or feature articles about your achievements, awards received, research and public service activities and the like in University publications, websites or social media posts, disclosures that the University may make in the exercise of its sound discretion in response to inquiries from the press or press releases and other similar disclosures for journalistic purposes as allowed by the DPA or with your consent
- live streaming of University activities or events pursuant to the legitimate interests of the University and third parties or for journalistic purposes as allowed by the DPA
- other instances analogous to the foregoing
Where applicable, UP will take reasonable steps to require third parties who receive your information to uphold your right to data privacy.
HOW UP PROTECTS YOUR PERSONAL INFORMATION
Even prior to the effectivity of the DPA, UP put in place physical, organizational and technical measures to protect your right to privacy and is committed to reviewing and improving the same, so as to be able to comply, among others, with its obligations under the applicable provisions of the Education Act of 1982 which require us to keep your educational records confidential. You may wish, for instance, to read UP's Acceptable Use Policy for IT Resources (AUP).
UP System and CU offices are permitted by the DPA and other laws to share information with each other for the purpose of carrying out the mandate of UP pursuant to the Constitution, its Charter and other applicable laws. For instance, the UP System Office of Admissions transmits or shares your relevant information to the proper CU Registrar. Registrars disclose or share information required by System officials or offices such as the Board of Regents, UP President, Executive Vice President, Vice Presidents, Secretary of the University or Office of Alumni Relations to carry out their respective functions. Rest assured that UP officials and personnel in such offices are allowed to process your personal information only when such processing is part of their official duties. This is enforced in the case of ICT-based processing systems, e.g. SAIS, CRS etc. by assigning access to modules, e.g. to give grades, enlist, give advice, or tag students as ineligible, etc. based on the official functions of personnel.
ACCESS TO AND CORRECTION OF YOUR PERSONAL AND SENSITIVE PERSONAL INFORMATION
You have the right to access personal information being processed by UP about you. You may access your personal information, for instance, through UP's information systems such as SAIS or CRS or request documents from relevant offices, e.g. the University Registrar or your College Secretary. In order for UP to see to it that your personal information is disclosed only to you, these offices will require the presentation of your UP ID or other documents that will enable UP to verify and confirm your identity. In case you process or request documents through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information and your UP ID or other valid government-issued ID (GIID) as well as the valid GIID of your representative.
As mentioned above, UP requires you to provide correct information. In the event that your information needs to be updated please follow the instructions found in the relevant website or kindly get in touch with the proper University office(s). Please note that the correction of grades is subject to University rules and procedures.
HOW WE OBTAIN YOUR CONSENT AND HOW YOU CAN WITHDRAW CONSENT
UP obtains your consent for the processing of your personal and sensitive personal information pursuant to this privacy notice by asking you to sign the relevant form. If you are a minor, we will require your parent or guardian to sign the proper form. If you wish to withdraw consent, kindly write or send an email to your University Registrar at firstname.lastname@example.org and identify the processing activity for which you are withdrawing consent. Please attach a copy of your UP ID so that the Registrar will be able to verify your identity. Note that consent may be withdrawn only for a processing activity/ies for which consent is the sole applicable lawful ground for such processing. Kindly await your Registrar's action regarding your request. Rest assured that once your Registrar confirms that you have validly withdrawn consent for a processing activity/ies the same shall be effective unless you thereafter send a letter or email to the Registrar with a copy of your ID that you are consenting to such processing activity/ies.
REVISIONS TO THE PRIVACY NOTICE AND QUERIES REGARDING DATA PRIVACY
The previous privacy notice issued for the 1st semester 2018-2019 has been revised. This amended notice will take effect starting the first day of the regular registration period for the 2nd semester or trimester 2018-2019.
We encourage you to visit this site from time to time to see any further updates regarding this privacy notice. We will alert you regarding changes to this notice through this site.
If you have any Data Privacy queries or concerns as it relates to your student records you may contact the UP Diliman Data Protection Office through the following:
UP Diliman Data Protection Office
L/GF, Phivolcs Bldg.
C.P. Garcia Avenue
Diliman, Quezon City 1101
981-8500 local 2621
UP Diliman Data Protection Office:
UP Diliman Data Protection Officer:
For queries, comments or suggestions regarding this System-wide privacy notice, please contact the University of the Philippines System Data Protection Officer through the following:
c/o the Office of the President
2F North Wing Quezon Hall
(Admin Building) University Avenue,
UP Diliman, Quezon City 1101
Through the following landlines
Phone | (632) 9280110; (632) 9818500 loc. 2521
- Through email