(Pursuant to Board of Trustees Action No. 2018-50, dated March 24, 2018

I. Introduction

These guidelines are promulgated by ۲Ƶ University in accordance with the Data Privacy Act (DPA) of 2012 otherwise known as Republic Act (RA) 10173. This law aims to “protect the fundamental human right of privacy and of communication while ensuring free flow of information to promote innovation and growth.”

The DPA is concerned with the protection of “personal data” or “personal information”—a type of data or information, which by themselves or collectively, can distinctively identify an individual. Personal information, as used in these guidelines, refer to such things as one’s name, age, address, sex, race, religious or philosophical affiliation, contact information, among others. Personal information, at the hands of the wrong people, may be endanger the rights of the person to whom they refer to. It is for this reason that the DPA was enacted by Congress and these guidelines are promulgated by the University.

The University is aware that because of its nature as an institution, it is one where a lot of information is collected, generated, stored, transferred, or otherwise processed. The University respects the privacy rights of all persons with whom it comes into contact while being true to its mission as a Christian higher education institution committed to achieving academic excellence. In line with the mandate of the National Privacy Commission, the government agency tasked to implement the DPA, ۲Ƶ University is committed to achieving the twin purposes of the law to safeguard privacy rights as well as allowing for the meaningful and productive exchange of information.

II. Coverage

  1. These guidelines shall apply to all departments, colleges, schools, institutes, offices, and units of ۲Ƶ University with reference to its students at all levels.
  2. The Human Resource and Development Office, Office of the General Counsel, Management Information System, Business and Administration Office, Office of the Registrar, Alumni Affairs Office, and Office of Students Services, shall have separate privacy guidelines that are tailored to the specific functions of such offices in relation to their respective data subjects. In cases where the interests of a student overlaps with the function of those offices, their guidelines shall have supplemental application to these guidelines.

III. Purposes for Processing Information

The functions of the University provided by law are numerous and the processing of students’ personal information are necessary to perform these functions. These functions include those required by law, pertinent memorandum orders of the Commission on Higher Education, contractual obligations of the University with private and public entities, and other obligations of the University in accordance with public safety, health, and order. These functions include, but are not limited to:

  1. Enrolment and admissions;
  2. Processing of grades and maintaining transcripts of records;
  3. Co-ordination with law enforcement agencies on security and safety matters;
  4. Processing permits for student organization activities, outreaches, retreats, and field trips;
  5. Information logs at entry and exit points of the university;
  6. Data-gathering for statistics and research;
  7. Public information, e.g. newsletters, advisories, and articles on the university website and social media;
  8. Processing and granting of scholarships to qualified applicants;
  9. Alumni records;
  10. Sharing of graduates’ information to prospective employers.

IV. Personal Information Processed

Personal information gathered, generated, recorded, received, or used by the University takes on many forms, including written records, photographs, videos, sound recordings, and other electronic forms. These vary according to the type of information processed, the purpose for which it is gathered, and the length of time required for their purpose.

  1. Personal Information Collected During Admissions Process
    Upon application for enrolment by a new or continuing student, we collect a variety of information including, but not exclusive to: name, age, citizenship, residence of origin, religious affiliation, phone number, e-mail address, and other contact details. The University also collects previous school records, medical records, and other personal circumstances. This is done online through the online enrolment mechanism available on the ۲Ƶ University website () or when the student fills up the enrolment form that is submitted to the admissions office.
  2. Personal Information Collected or Generated While in ۲Ƶ University
    In the course of a student’s stay in ۲Ƶ University, additional information is collected or generated by the appropriate units of the University, including the following:
    a. Academic performance information, e.g. attendance records, scores, grades;
    b. CCTV recordings and photographs by security cameras in the campuses and premises of the University;
    c. Disciplinary records and/or involvement in incidents;
    d. Membership in student organizations;
    e. Details of co-curricular activities, e.g. internship, on-the-job trainings, apprenticeships, service-learning, and other
    university-sanctioned extension services;
    f. Attendance in outreach activities, seminars, workshops, or lectures;
    g. Details provided during application for permits.

  3. Personal Information Volunteered by Third Parties
    Information about students given to the University by third parties are retained and used if they are relevant to the educational purpose, the welfare of the student, and other legitimate and interests of the University. If not, they will be disposed in a manner that will protect the privacy of the student concerned. For example, in case of an accident, a student’s emergency contact person may provide information not previously available to the University, but would be helpful during the treatment of the student.

    This section also covers information regarding one student volunteered by a fellow student.

V. Storage of Information

Personal information is stored in various databases, media, and forms. Even as the University continues with its project to digitize its databases through the Management Information System, personal data is also stored in paper forms across different units and offices. Duplication is not unusual as several offices may store the same or similar sets of information for purposes of coordination. The permanence of these databases also vary across offices depending on their functions. For example, transcripts of records are permanent records. As such, the University will retain them for as long as law requires. Meanwhile, information that is only temporarily needed will be disposed of as soon as their temporary purpose has expired.

All units of the University which stores or handles personal information are required to implement physical, technical, and organizational security measures to ensure the safe storage of personal information and to ensure that such is used only by authorized personnel for legitimate purposes.

VI. Sharing of Information

The University is committed to observing the limits of law in the sharing, disclosure, and transfer of students’ personal data among its offices as well as to third party organizations or persons. In general, sharing of personal information is limited to educational, administrative, research, and statistical purposes. Instances when sharing of information is done include, but are not limited to, the following:

  1. Confirmation requests from prospective employers that a student has studied in ۲Ƶ;
  2. Evaluation of academic, co-curricular, and extra-curricular achievements for determining honor students and other awards;
  3. Sharing of academic records between registrar/records section for evaluation of scholarship criteria;
  4. Remittance of information as required by law to government regulatory bodies, e.g. Department of Education, Commission on Higher Education, Bureau of Immigration re: foreign students, etc.;
  5. Conducting surveys and other research methods for statistical purposes;
  6. Sharing of information to entities or organization for enrichment of learning, e.g. conferences with national student organizations;
  7. Documentation of student activities by photograph, video, and/or written reports;
  8. Promotion of the university through presentations, videos, photographs, and other forms of advertisement on the university website, traditional media, and/or social media;
  9. Communications, advisories, news articles posted on the website and/or social media;
  10. Office memos and other office-to-office communications; and
  11. Compliance of court or quasi-judicial agency orders and/or subpoenas on documents and other information.

VII. Amendments

The Board of Trustees, in consultation with the National Privacy Commission, the Office of the University President, the university’s Data Privacy Officer, and concerned units of the university, may make amendments, revisions, or modifications to these guidelines. Such changes to these guidelines are effective upon their publication by the Office of Information and Publication.

VIII. Inquiries, Feedback & Complaints

The General Counsel of the university is the assigned Data Privacy Officer of ۲Ƶ University. The Office of the General Counsel is the primary unit the university to whom inquiries, complaints, comments, or any feedback may be addressed. Any concern or question may be submitted to the Office of the General Counsel by e-mail ([email protected]), phone (422-6002 loc. 307), or mail to or personal appearance at its office location at Ground Floor, Oriental Hall, ۲Ƶ University, Dumaguete City 6200.

IX. Effectivity

These guidelines are made effective by virtue of Board of Trustees Action No. 2018-50, dated March 24, 2018, and upon publication and dissemination thereof by the Office of Information and Publication.

These guidelines shall be included in the terms and conditions that new enrolees and continuing students must agree to before enrolling for AY 2018-2019.

The Data Privacy Consent Form below shall be incorporated in the online enrolment system of ۲Ƶ University. Otherwise, a duly-accomplished hard copy of said form shall be submitted.