UNIVERSITY OF THE PHILIPPINES (UP)
PRIVACY NOTICE FOR STUDENTS
To exercise and safeguard academic freedom and uphold your right to quality education, the University of the Philippines needs to process your personal and sensitive information - that is, information that identifies you as an individual.
UP is committed to comply with the Philippine Data Privacy Act of 2012 (DPA) in order to protect your right to data privacy.
This notice explains in general terms the purpose and legal basis for the processing of the typical or usual examples of personal information that UP collects from students like you, the measures in place to protect your data privacy and the rights that you may exercise in relation to such information. Please note that this document does not contain an exhaustive list of all of UPs processing systems as well as the purpose and legal basis for processing.
The term UP/University/us refers to the University of the Philippines System and Constituent University (CU) offices.
The term you/your refers to all students of the University of the Philippines System, and, in the case of minors, where the context so indicates, their parents or guardians who also sign registration and other enrollment related forms such as change of matriculation, dropping and leave of absence forms.
PERSONAL INFORMATION COLLECTED FROM STUDENTS, AND THE PURPOSE AND LEGAL BASIS FOR COLLECTING THESE INFORMATION
Various UP offices collect your personal information through paper based and online processing systems. Some applications require you to provide a photograph. In some instances, your image is captured by UP's CCTV cameras.
When you applied for admission to UP you provided us, through the forms you submitted and signed (and in the case of minors that your parents/guardians also signed), among others, your name, sex assigned at birth, date and place of birth, citizenship, your photograph, information about your family (names of your parents, their citizenship, civil status) and other personal information that we use, along with other documents you provide us e.g. information contained in educational records to be able to verify your identity in the course of determining your eligibility to enroll in UP. We required you to attest that the information that you provided us is true and correct as we also use the information in order to prevent the commission of fraud. Such processing is necessary for compliance with our legal obligation as a publicly funded University and to uphold our legitimate interest as an educational institution as well as that of taxpayers.
In the case of UPCAT qualifiers, you also provided the highest educational attainment and occupation of your parents as well as your family's annual household income. UP required the submission of a photocopy of the family's income tax return for applicants whose gross family income is at or below a certain level in order to be exempted from paying the UPCAT fee. UP processed such that information along with your permanent address and other information, e.g. grades, as the selection of campus qualifiers also considers socioeconomic and geographic factors as explained in the UPCAT Bulletin. Such processing is pursuant to Section 9 of RA 9500 which requires UP to take affirmative steps to enhance the access of disadvantaged students to the University's programs and services.
Non-Filipino citizens seeking admission to the University are required to provide personal and sensitive personal information in order for UP to ascertain that their admission and enrollment is allowed under applicable Philippine laws, rules and regulations and University rules and procedures.
In order for the UP to exercise its right to academic freedom and to uphold academic standards under its Charter it processes the educational records and other personal information provided by UPCAT applicants, shiftees, and transferees from other Universities as well as prospective graduate students to determine their eligibility to enroll.
UP processes your personal information in the course of fulfilling its obligation to provide you quality education by exercising its right to academic freedom and upholding academic standards when the University's duly authorized personnel evaluate the work that you submit in fulfillment of your academic requirements and give you grades, determine your academic progress and compliance with the University's retention and other academic as well as disciplinary rules, including the rules covering student organizations , evaluate and recommend you for graduation, and in the event you are qualified under the rules, recommend that you be awarded honors upon your graduation.
Aside from sensitive personal information in the form of grades, you also provide UP with health information as part of the admission process so that the University may determine your physical fitness to enroll and be able to provide you with the proper care when you avail of UP's health services or in case of an emergency or in compliance with University rules that are meant to uphold academic standards. For instance, submission of medical certificates in order for your absences to be excused, for you to drop a subject, go on leave of absence, or justify underloading in an appeal to graduate with honors, etc.
UP processes information regarding your religious affiliation in the course of verifying your identity— e.g. offices match information in your birth certificate and school records provided to us etc. — to conduct research to see to it that we uphold the principle of democratic access and that, as a non- sectarian institution, we do not discriminate on the basis of religious creed and to uphold your right to freedom of religion, e.g. by providing you with services that are consistent with your beliefs in relation to your health needs and food preparation, etc.
The University may compile statistics and conduct research subject to the provisions of the DPA and applicable research ethics guidelines in order to carry out its mandate as the National University.
Contact information is processed by UP in order to be able to communicate effectively with you and to enable us to contact your family or other people you identify in the case of an emergency. UP offices or your teachers may use the information generated by the applicable registration system in order to contact you via email and/or SMS for class related and other academic matters.
In some instances, because UP is aware that not all students have access to the Internet at all times and/or that you may have failed to update email and/or telephone numbers, UP may inform you of the need to contact certain UP offices or to submit certain requirements by a certain date or otherwise disseminate information that you need to know by posting your name and other relevant personal information on UP bulletin boards in the University Registrar/ College Secretary/ Department office. In the case of email correspondence, your email address may be disclosed to other members of the class so that other students to whom you may have disclosed your new email address or other contact details will be able to relay email messages to you.
UP processes financial information related to your studies, e.g. tuition payments, State- funded scholarships, etc. pursuant to its contractual or, legal obligations as part of the University's legitimate interests and that of taxpayers.
Your personal information may also be processed in order for UP to provide you with services (e.g. library services, dormitory, health service, counselling and guidance), determine whether the student organization or association to which you belong may be recognized and given access to University services , etc. pursuant to UP's contractual or legal obligations, or to protect your vitally important interests.
CCTVs and other security measures which may involve the processing of your personal information are intended to protect your vitally important interests, for public order and safety and pursuant to the University's and the public's legitimate interests.
You may also be required to present your UP ID when you avail yourself of University services or when you request for documents containing your personal information. If you request such information through a representative, UP will require that you provide a letter of authorization specifying the information or document requested, the purpose(s) for which the same will be used, and the presentation of your UP ID or other valid government- issued identification cards (GIID) as well the GIID of your duly authorized representative in order for UP to see to it that fraud is prevented and your right to data privacy is upheld.
UP does not process your personal information to carry out any wholly automated decision making that affects you.
When consent is the appropriate or relevant basis for collecting your personal information, the University will obtain such consent in written, electronic, or recorded form at the appropriate time. Pursuant to the DPA, you are allowed to withdraw consent at any time.
After you graduate, the University will retain and provide for the secure archival of your educational record and other relevant personal information needed to verify your identity so that we will be able to provide you with the proper transcripts, certifications, and other documents that you may request as required by the Education Act of 1982, and comply with obligations to UP alumni and the UP Alumni Association under the UP Charter and University rules, as well as for historical and research purposes as permitted by law. Other non- relevant documents containing personal information will be securely disposed of.
NON-DISCLOSURE OF YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT UPON YOUR CONSENT OR AS REQUIRED OR PERMITTED BY LAW
As a general rule, UP will only disclose your personal and sensitive personal information to third parties with your consent.
The University will disclose or share such information only when required or allowed by law. For instance, the Joint Memorandum Circulars of the Commission on Higher Education and Department of Budget and Management for AY 2017-18 re Free Tuition 2017, the subsidy for medical students, and the Tulong Dunong grant require UP to submit the list of beneficiaries along with quarterly reports to the DBM and Congress and to post the list of beneficiaries on its website.
Other examples of applicable legal norms that may require UP to disclose your information pursuant to law include the Implementing Rules and Regulations and Implementing Guidelines for the Universal Access to Quality Tertiary Education Act of 2017 (RA 10931) and the UNIFAST Act (RA 10687). Please note that under the UNIFAST Act, among others, the UNIFAST Board is authorized under Section 15 to:
- (e) Promulgate the minimum guidelines, rules and regulations for determining qualified Beneficiaries of student financial assistance for Tertiary Education;
- (f) Provide general guidelines for the drawing up of contracts with the student Beneficiaries specifying the rights and obligations of the parties that may include a service clause or such other stipulations of cost recovery the Board may deem in the best interest of the public and consistent with, or responsive to, national, social, economic, and human resources development plans, subject to Section 12;
- (g) Monitor, assess and make impact evaluation of StuFAPs and projects, with the end in view of determining whether these programs shall be adopted, continued, or terminated.
Under the DPA, personal information may be processed, e.g. disclosed, for instance, when it is necessary in order for UP to comply with a legal obligation; to protect your vitally important interests including life and health; necessary to respond to a national emergency, public order, and safety; necessary to fulfill the functions of public authority or for the pursuant to the legitimate interests of the University or a third party, except where such interests are overridden by your fundamental rights.
Sensitive personal information (e.g. confidential educational records, age/birthdate, civil status, health, religious affiliation) on the other hand may be processed, e.g. disclosed, when such is allowed by laws and regulations, such regulatory enactments provide for the protection of such information and the consent of the data subject is not required for such law or regulation. For example, e.g. under the Education Act of 1982, parents have the right to access the educational records of children who are under their parental responsibility. This can also happen when; such processing is needed to protect the life and health of the data subject or another person and the data subject is unable to legally or physically express consent, in the case of medical treatment, or needed for the protection of lawful rights and interests of natural or legal persons in court proceedings, and for the establishment, exercise or defense of legal claims or where provided to government or public authority.
HOW UP PROTECTS YOUR PERSONAL INFORMATION
Even prior to the effectivity of the DPA, UP put in place physical, organizational and technical measures to protect your right to privacy and is committed to reviewing and improving the same, so as to be able to comply, among others, with its obligations under the applicable provisions of the Education Act of 1982 which require us to keep your educational records confidential. You may wish, for instance, to read UP's Acceptable Use Policy for IT Resources (AUP).
From time to time UP posts information on relevant sites and sends emails that explain how you can secure and maintain the confidentiality of your personal information.
Rest assured that UP personnel are allowed to process your personal information only when such processing is part of their official duties. This is enforced in the case of ICT-based processing systems, e.g. SAIS, CRS etc. by assigning access to modules, e.g. to give grades, enlist, give advice, or tag students as ineligible, etc. based on the official functions of personnel.
ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION
You have the right to access personal information being processed by UP about you. You may access your personal information, for instance, through UP's information systems such as SAIS or CRS or request for documents from relevant offices, e.g. the University Registrar or your College Secretary. In order for UP to see to it that your personal information is disclosed only to you, as above stated these offices will require the presentation of your UP ID or other documents that will enable UP to verify and confirm your identity. In case you process or request documents through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information and your UP ID or other valid government-issued ID (GIID) as well as the valid GIID of your representative.
As mentioned above, UP requires you to provide correct information. In the event that your information needs to be updated, the relevant University websites and offices provide information regarding how you can request for the correction of your personal information. Please note that the correction of grades is subject to University rules and procedures.
QUERIES REGARDING DATA PRIVACY
We encourage you to visit this site from time to time to see any updates regarding the Privacy Notice for students, including the latest information about the implementation of the Universal Access to Quality Tertiary Education Act of 2017 and the UNIFAST Act as it relates to the processing of your personal information. We will alert you regarding changes to this Policy through this site and/or through written notices, e.g. email or SMS.
If you have any Data Privacy queries or concerns as it relates to your student records you may contact the UP Diliman Data Protection Officer through the following:
UP Diliman Data Protection Team
L/GF, Phivolcs Bldg.
C.P. Garcia Avenue
Diliman, Quezon City 1101
Through the following landlines
981-8500 local 2621
For queries, comments or suggestions regarding this System-wide privacy notice, please contact the University of the Philippines System Data Protection Officer through the following:
c/o the Office of the President
2F North Wing Quezon Hall
(Admin Building) University Avenue,
UP Diliman, Quezon City 1101
Through the following landlines
Phone | (632) 9280110; (632) 9818500 loc. 2521