PRIVACY POLICY
PRIVACY NOTICE FOR GUESTS AND VISITORS
This Privacy Notice outlines and discusses how the University collects, uses, or otherwise processes your personal data in relation to your engagement with the University. The University protects your right to privacy. As we seek to balance the privacy of your data while ensuring the free flow of information, we also aim to comply with the requirements of the laws on data protection, its implementing rules and regulations and other applicable laws relating to data privacy.
1. Collection, Acquisition and Generation of Personal Data. The University may collect basic information about you by signing the official log book and requiring you to deposit a proof of identity (ID) for verification purposes. For those with vehicles, we take note of vehicle plate number and ask for a deposit of the driver’s license or any other valid ID. Video footage may also be recorded via CCTV system installed in all campus entry and exit points.
-
- 1.1 Your consent is required prior to the collection and processing of personal data, subject to exemptions provided by the Data Privacy Act and other applicable laws and regulations. When your consent is required, it must be time-bound in relation to the declared, specified and legitimate purpose. Your consent given may be withdrawn.
- 1.2 You are provided with specific information regarding the purpose and extent of processing, including, where applicable, the automated processing of your personal data for profiling, or processing for direct marketing, and data sharing.
- 1.3 Purpose should be determined and declared before, or as soon as reasonably practicable, after collection.
- 1.4 Only personal data that is necessary and compatible with declared, specified, and legitimate purposes shall be collected.
2. Purpose of Collection. While the University collect the data primarily as a security measure, we also help in investigating reported violations University policies and other applicable laws, and generate statistics useful for planning and service improvement purposes.
-
- 2.1 Considering that the University is a government institution, any and all data sharing agreements shall follow the provisions of the National Privacy Commission (NPC) Circular No. 2020-03, and any amendments or revisions thereto. Nonetheless, data sharing may be covered by a data sharing agreement (DSA) or a similar document containing the terms and conditions of the sharing arrangement, including obligations to protect the personal data shared, the responsibilities of the parties, mechanisms through which you may exercise your rights, among others.
3. Use, Storage and Retention of Personal Data. Your data are kept in a place inside the University where at least one security personnel is on-duty 24/7. Only authorized University and security personnel have access to them. For the disposal of logbooks, we follow the document retention policies as developed by the Records Management Office. In the absence thereof, we adhere with the retention periods as prescribed by the National Archives of the Philippines (NAP). CCTV footages, on the other hand, are stored for thirty (30) days before being automatically deleted. The University does not transfer or share personal data with other persons or organizations, unless required or permitted by law.
-
- 4.1. Retention of your personal data shall only be for as long as necessary: i. for the fulfillment of the declared, specified, and legitimate purpose, or when the processing relevant to the purpose has been terminated. ii. for the establishment, exercise or defense of legal claims; or iii. for legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by appropriate government agencies.
- 4.2. Retention of your personal data shall be allowed in cases provided by law;
- 4.3 In retaining personal information, we follow the document retention policies as developed by the Records Management Office. In the absence thereof, we follow the retention periods as prescribed by the National Archives of the Philippines (NAP).
5. Your rights as a guest/visitor. Under the Data Privacy Act of 2012, you are granted several fundamental rights to ensure that your personal information is handled appropriately and transparently:
-
- 5.1. Right to be Informed. You are entitled to know the purposes for which your personal data is being collected and processed. You also have the right to stay informed about the reasons and purpose of data processing and collection. The personnel responsible for such collecting and processing shall provide a clear and thorough explanation and notification with you before proceeding with the processing of personal data.
- 5.2. Right to Access. You have the right to access your personal information, including details about its origin, the entities it has been shared with, and the manner and reasons for its processing and disclosure.
- 5.3. Right to Object: You may contest any inaccuracies or errors in your personal data and request corrections from us, provided that your objections are reasonable and legally justified.
- 5.4. Right to Suspension/Blocking/Removal/Destruction: You can request the suspension, blocking, removal, or destruction of your personal data from records if it is used unlawfully or is no longer necessary for its original purpose, supported by substantial evidence.
- 5.5. Right to Rectification: You have the right to request the correction of any incorrect or incomplete data to ensure accuracy and completeness.
- 5.6. Right to Claim Damages: You may seek compensation for damages resulting from the misuse, inaccuracy, or unlawful handling of your personal data.
CHANGES IN PRIVACY NOTICE
The University, may from time to time, make changes to this Privacy Notice. As such, the University will let you know through our website and other means of communication, if permissible. Any modification is effective immediately upon the posting of the revised notice on the website. For inquiries and concerns, you may contact the Data Privacy Office through our email: dpo@g.batstate-u.edu.ph or Tel nos. (+63 43) 406-8800; 779-8400; local: 1171.
PRIVACY NOTICE FOR UNIVERSITY PERSONNEL
This Privacy Notice outlines and discusses how the University collects, uses, or otherwise processes your personal data in relation to your engagement with the University. The University protects your right to privacy. As we seek to balance the privacy of your data while ensuring the free flow of information, we also aim to comply with the requirements of the laws on data protection, its implementing rules and regulations and other applicable laws relating to data privacy.
1. Collection, Acquisition and Generation of Personal Data. The University may collect your personal data in many forms.
-
- 1.1 Your consent is required prior to the collection and processing of personal data, subject to exemptions provided by the Data Privacy Act and other applicable laws and regulations. When your consent is required, it must be time-bound in relation to the declared, specified and legitimate purpose. Your consent may be withdrawn.
- 1.2 You are provided with specific information regarding the purpose and extent of processing, including, where applicable, the automated processing of your personal data for profiling, or processing for direct marketing, and data sharing.
- 1.3 Purpose should be determined and declared before, or as soon as reasonably practicable, after collection.
- 1.4 Only personal data that is necessary and compatible with declared, specified, and legitimate purposes shall be collected.
- 1.5. For instance, we may collect the following information:
- a. It may consist of written records, photographic and video images, digital material, and even biometric records;
- b. Information collected and generated prior to engagement includes: (a) personal data sheet (PDS) work experience sheet (b) resume (c) transcript of records, (e) performance rating and (f) details about professional license and eligibility, if any. During the preliminary screening, we may collect additional information, including those generated from the interview and/or those obtained from indicated professional referees. If you are already engaged with the University, the information already in the University’s possession to process application may be utilized for the new or different position.
- c. We may also collect and generate information upon issuance of an employment offer or commencement of engagement. Once the appointment is issued or the contract is signed, we may collect another set of information including, but not limited to the following: (a) Certificate of Employment; (b) Medical/Fit-to-Work Clearance; (c) NBI or Police Clearance; (d) Philippine Statistics Authority (PSA) Birth Certificate (applicant/dependents); (e) PSA Marriage Contract; (f) GSIS ID; (g) Pag-IBIG Member’s Data Form and/or ID; (h) Pag-IBIG Member’s Change in Information Form (MCIF); (k) PhilHealth MDR or ID; (l) PhilHealth Member Registration Form; (m) tax-related documents, such as TIN ID or BIR Form 1902 (with stamp) and 2316; and (n) bank account details necessary to facilitate the processing of compensation.
- d. The University may also collect and generate information during the course of employment or engagement with the University. After joining the University, additional information may be collected, such as: (a) annual physical examination results, (b) union membership (if applicable), and (c)other data that may be used in the processing of loan applications and insurance claims, in performance evaluation and in administrative and disciplinary cases. There will also be times when the University will acquire other forms of data like pictures or videos of activities participated, via official documentation of such activities, or through recordings from closed-circuit security television cameras installed within the school premises.
- e. Unsolicited Information. There may be instances when your personal data is sent to or received by the University even without prior request. In such cases, the University will determine if it can legitimately keep such information. If it is not related to any of our legitimate interests, it will immediately dispose of the information in a way that will safeguard privacy. Otherwise, it will be treated in the same manner as information you provide us.
2. Use of Information. To the extent permitted or required by law, the University uses your personal data to pursue legitimate interests as an educational institution, employer, and/or contracting party, including a variety of administrative, research, historical, and statistical purposes.
-
- 2.1. Processing shall uphold your rights, including the right to refuse, withdraw consent, or object. It shall likewise be transparent, and allow you the sufficient information to know the nature and extent of processing; 2.2. Information provided to you must always be in clear and plain language to ensure that it is easy to understand and access;
- 2.3. Processing must be in a manner compatible with declared, specified, and legitimate purpose;
- 2.4. Processed personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed; 2.5. Processing shall be undertaken in a manner that ensures appropriate privacy and security safeguards; and
- 2.6. Processing should ensure data quality. Hence, your personal data should be accurate and where necessary for declared, specified and legitimate purpose, kept up to date. Likewise, inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted.
- 2.7 The University may use the information collected for purposes such as:
- a. identifying applicants and processing your respective applications;
- b. assessing the suitability of candidates for a particular role or position.
- c. verifying the provided or submitted information;
- d. checking background information
- e. evaluating academic qualifications;
- f. supporting personnel when implementing health-related adjustments that will allow him/her to carry out a particular role or task;
- g. administering remuneration, payroll, pension, and other standard employment functions.
- h. administering human resource-related processes, including those relating to performance management, and disciplinary issues;
- i. delivering or providing facilities, services, security, and staff benefits to employees
- j. facilitating claims and remittances for mandatory benefits;
- k. communicating effectively with personnel, including the distribution of relevant newsletters and circulars;
- l. supporting personnel training, health, safety, welfare and religious requirements;
- m. compiling statistics and conducting surveys and research for internal and statutory reporting purposes;
- n. enabling the Office of Human Resource Management and to contact others in the event of an emergency.
- o. other purposes in order to comply with its mandates under Republic Act No. 11694, and with the requirements of other monitoring and regulatory agencies of the national government.
- 2.8 The University considers the processing of your personal data for the purposes necessary for the performance of contractual obligations, compliance with a legal obligation, to protect vitally important interests, including life and health, for the performance of tasks the University carry out in the public interest (e.g., public order, public safety, etc.), or for the pursuit of the legitimate interests of the University, or a third party. The University understand that the DPA imposes stricter rules for the processing of sensitive personal information and privileged information, and the University shall be fully committed to abiding by those rules.
3. Sharing, Disclosing and Transferring of Personal Data. To the extent permitted or required by law, the University also shares, discloses, or transfers personal data to other persons or organizations in order to pursue legitimate interests as an educational institution, employer, and/or contracting party.
-
- 3.1 Considering that the University is a government institution, any and all data sharing agreements shall follow the provisions of the National Privacy Commission (NPC) Circular No. 2020-03, and any amendments or revisions thereto. Nonetheless, data sharing may be covered by a data sharing agreement (DSA) or a similar document containing the terms and conditions of the sharing arrangement, including obligations to protect the personal data shared, the responsibilities of the parties, mechanisms through which you may exercise your rights, among others.
- 3.2 For instance, the University may share, disclose, and transfer personal data for purposes such as:
- a. submission of information to government agencies such as the Commission on Higher Education and Department of Education, Civil Service Commission, Department of Budget and Management, Commission on Audit all for accreditation and/or reportorial requirements; for (a) the Government Service Insurance System, (b) Philippine Health Insurance Corporation, (c) Pag-IBIG, and (d) Bureau of Internal Revenue, for the provision of employment benefits and remittance of taxes as mandated by law;
- b. sharing of necessary information to contracted providers such as insurance companies, banks, and other similar organizations, in relation to any or all of loan applications and insurance claims;
- c. sharing information with entities or organizations (e.g. Accrediting Agency of Chartered Colleges and Universities in the Philippines, ASEAN University Network, Development Academy of the Philippines, International Organization for Standardization, Quacquarelli Symonds, Times Higher Education, UI Green Metric World University Rankings, The World University Rankings for Innovation [(WURI)] , Engineering Accreditation Commission [(ABET)] for accreditation and university ranking purposes;
- d. disclosure of information related to termination of employment, flexible fixed/variable work arrangements, personnel compensation report to the Civil Service Commission, as part of the University’s reportorial obligations;
- e. other purposes, when necessary and under circumstances permitted or required by law.
4. Storage and Retention of Personal Data. Your personal data is stored and transmitted securely in a variety of paper and electronic formats, including databases that are shared between the University and its different units or offices. Access to personal data is limited only to University personnel who have a legitimate interest for the purpose of carrying out contractual duties.
-
- 4.1. Retention of your personal data shall only be: i. for the fulfillment of the declared, specified, and legitimate purpose, or when the processing relevant to the purpose has been terminated. ii. for the establishment, exercise or defense of legal claims; or iii. for legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by appropriate government agencies.
- 4.2. Retention of personal data shall be allowed in cases provided by law;
- 4.3 In retaining personal information, the University follows the document retention policies as developed by the Records Management Office. In the absence thereof, the University adheres with the retention periods as prescribed by the National Archives of the Philippines (NAP).
5. Your rights as a personnel. Under the Data Privacy Act of 2012, you are granted several fundamental rights to ensure your personal information is handled appropriately and transparently:
-
- 5.1. Right to be Informed. You are entitled to know the purposes for which your personal data is being collected and processed. You also have the right to stay informed about the reasons and purpose of data processing and collection. The personnel responsible for such collecting and processing shall provide a clear and thorough explanation and notification with the data subject before proceeding with the processing of personal data.
- 5.2. Right to Access. You have the right to access your personal information, including details about its origin, the entities it has been shared with, and the manner and reasons for its processing and disclosure.
- 5.3. Right to Object: You may contest any inaccuracies or errors in your personal data and request corrections from the University, provided your objections are reasonable and legally justified.
- 5.4. Right to Suspension/Blocking/Removal/Destruction: You can request the suspension, blocking, removal, or destruction of your personal data from records if it is used unlawfully or is no longer necessary for its original purpose which must be supported by substantial evidence.
- 5.5. Right to Rectification: You have the right to request the correction of any incorrect or incomplete data to ensure accuracy and completeness.
- 5.6. Right to Claim Damages: You may seek compensation for damages resulting from the misuse, inaccuracy, or unlawful handling of your personal data.
CHANGES IN PRIVACY NOTICE
The University, may from time to time, make changes to this Privacy Notice. As such, the University will let you know through our website and other means of communication, if permissible. Any modification is effective immediately upon the posting of the revised notice on the website. For inquiries and concerns, you may contact the Data Privacy Office through our email: dpo@g.batstate-u.edu.ph or Tel nos. (+63 43) 406-8800; 779-8400; local: 1171.
PRIVACY NOTICE FOR BENEFACTORS, DONORS, AND SPONSORS
This Privacy Notice outlines and discusses how the University collects, uses, or otherwise processes your personal data in relation to your engagement with the University. The University protects your right to privacy. As we seek to balance the privacy of your data while ensuring the free flow of information, we also aim to comply with the requirements of the laws on data protection, its implementing rules and regulations and other applicable laws relating to data privacy.
1. Collection, Acquisition and Generation of Personal Data. Unless a benefactor, donor, or sponsor expressly indicate the desire to keep the donation confidential, whenever the University receives a donation or gift of any kind, it may collect personal data such as: (i) name, (ii) contact number, (iii) email address, (iv) mailing address (home, office and business) (e) Tax Identification Number, if applicable, (v) valid identification number, if applicable (e.g., when a Deed of Donation or a memorandum of agreement needs to be notarized) (vi) birthdate (vii) alumni details, if applicable, (viii) job title/position, (ix) company affiliated with and (x) contact information of representative, in the case of corporate donor.
-
- 1.1 Your consent is required prior to the collection and processing of personal data, subject to exemptions provided by the Data Privacy Act and other applicable laws and regulations. When your consent is required, it must be time-bound in relation to the declared, specified and legitimate purpose. Your consent may be withdrawn.
- 1.2 You are provided with the specific information regarding the purpose and extent of processing, including, where applicable, the automated processing of your personal data for profiling, or processing for direct marketing, and data sharing.
- 1.3 Purpose should be determined and declared before, or as soon as reasonably practicable, after collection.
- 1.4 Only personal data that is necessary and compatible with declared, specified, and legitimate purposes shall be collected. There will be instances when personal data is sent to or received by the University even without prior request. In such cases, the University shall determine if it can legitimately keep such information. If it is not related to any of our legitimate interests, it shall immediately dispose of the information in a way that will safeguard the data. Otherwise, it shall treat it as if the benefactor, donor or sponsor have provided it directly.
2. Use of Information. To the extent permitted or required by law, the University shall use your personal data to pursue its legitimate interests as an organization, including a variety of administrative, communication, research, historical, and statistical purposes.
-
- 2.1. Processing your rights, including the right to refuse, withdraw consent, or object. It shall likewise be transparent, and allow the data subject sufficient information to know the nature and extent of processing;
- 2.2. Information provided to a data subject must always be in clear and plain language to ensure that they are easy to understand and access;
- 2.3. Processing must be in a manner compatible with declared, specified, and legitimate purpose;
- 2.4. Processed personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- 2.5. Processing shall be undertaken in a manner that ensures appropriate privacy and security safeguards; and
- 2.6. Processing should ensure data quality. Hence, your personal data should be accurate and where necessary for declared, specified and legitimate purpose, kept up to date. Likewise, inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted.
- 2.7 For instance, the University may use the personal data for:
- a. issuance and delivery of official receipt
- b. issuance of Certificate of Donation
- c. execution of a Deed of Donation, Memorandum of Agreement or Understanding, and similar agreements or documents
- d. sending a letter of acknowledgment or appreciation, announcement or invitation, or special greeting on birthday or holidays
- e. communicating fundraising campaign opportunities
- f. announcement of and/or invitation to relevant University events, whether for acknowledgment, transparency, or promotion purposes
- g. feature write-up in the University website to inspire similar giving from potential donors h. updating of personal data in our University alumni database and donor database, if applicable.
- h. other purposes, in compliance with the University’s mandates.
3. Disclosing and Sharing of Personal Data. The University discloses, shares, or transfers your personal data to other persons or organizations pursuant to the legitimate interests of the University or the third party concerned or if required or permitted by law, and subject to the applicable access restriction. Recipients of your personal data may include: (a) service providers of the University, (b) relevant government agencies and/or public authorities and (c) University partners. It must be noted that in cases where the University believes that consent is needed after careful considerations, it shall secure such consent from you before disclosing, sharing, or transferring personal data. When so required by law or regulations, the University will also make sure to adopt contractual means to guarantee the protection of your personal data when these are shared with others.
4. Storage and Retention of Personal data. Your personal data is transmitted and stored securely in paper and electronic formats. Access to personal data is limited only to University personnel who have a legitimate interest in them for the purpose of carrying out their official functions or duties. Your data are kept for as long as necessary to achieve the declared purpose of their collection or generation.
5. Protection of Personal Data. The University ensures the protection of personal data by implementing appropriate standards for organizational, physical, and technical security measures. It includes requiring a Non-Disclosure Agreement (NDA) for University personnel and contracts entered into with third parties that is embedded with data protection clauses.
6. Your rights of Benefactors, Donors and Sponsors. Under the Data Privacy Act of 2012, you are granted with the following rights to ensure that your personal information is handled appropriately and transparently:
-
- 6.1 Right to be Informed. You are entitled to know the purposes for which your personal data is being collected and processed. You also have the right to stay informed about the reasons and purpose of data processing and collection. The personnel responsible for such collecting and processing shall provide a clear and thorough explanation and notification with you before proceeding with the processing of personal data.
- 6.2. Right to Access. You have the right to access their personal information, including details about its origin, the entities it has been shared with, and the manner and reasons for its processing and disclosure.
- 6.3. Right to Object: You may contest any inaccuracies or errors in their personal data and request corrections from the University, provided your objections are reasonable and legally justified.
- 6.4. Right to Suspension/Blocking/Removal/Destruction: You can request the suspension, blocking, removal, or destruction of their personal data from records if it is used unlawfully or is no longer necessary for its original purpose, supported by substantial evidence.
- 6.5. Right to Rectification: You have the right to request the correction of any incorrect or incomplete data to ensure accuracy and completeness.
- 5.6. Right to Claim Damages: You may seek compensation for damages resulting from the misuse, inaccuracy, or unlawful handling of their personal data.
CHANGES IN PRIVACY NOTICE
The University, may from time to time, make changes to this Privacy Notice. As such, the University will let you know through our website and other means of communication, if permissible. Any modification is effective immediately upon the posting of the revised notice on the website. For inquiries and concerns, you may contact the Data Privacy Office through our email: dpo@g.batstate-u.edu.ph or Tel nos. (+63 43) 406-8800; 779-8400; local: 1171.
PRIVACY NOTICE FOR STUDENTS, APPLICANTS, AND ALUMNI
This Privacy Notice outlines and discusses how the University collects, uses, or otherwise processes your personal data in relation to your engagement with the University. The University protects your right to privacy. As we seek to balance the privacy of your data while ensuring the free flow of information, we also aim to comply with the requirements of the laws on data protection, its implementing rules and regulations and other applicable laws relating to data privacy.
1. Collection, Acquisition, and Generation of Personal Data. -The University may collect, acquire, or generate personal data of applicants, students, and alumni in many forms.
-
- 1.1 Your consent is required prior to the collection and processing of personal data, subject to exemptions provided by the Data Privacy Act and other applicable laws and regulations. When consent is required, it must be time-bound in relation to the declared, specified and legitimate purpose. Consent given may be withdrawn.
- 1.2 You are provided with specific information regarding the purpose and extent of processing, including, where applicable, the automated processing of your personal data for profiling, or processing for direct marketing, and data sharing.
- 1.3 Purpose should be determined and declared before, or as soon as reasonably practicable, after collection.
- 1.4 Only personal data that is necessary and compatible with declared, specified, and legitimate purposes shall be collected.
- 1.5. For instance, we may collect the following information: a. It may consist of written records, photographic and video images, digital material, and even biometric records; b. Information collected during application for admission includes: (i) directory information, including your name, email address, telephone number, and other contact details; (ii) data about personal circumstances, such as family background, history, and other relevant circumstances, previous schools attended, academic performance, disciplinary record, employment record, and medical records; and (iii) and any or all information obtained through interviews and/or during entrance tests or admission examinations; and (iv) all information for the University to comply with its mandate under Republic Act No. 11694, and other requirements of different and monitoring and regulatory agencies of the national government. c. Information collected or generated after enrolment and during the course of the students’ stay with the University. After you join the University, we may also collect additional information about you, including: (i) your academic or curricular undertakings, such as the classes you enroll in, scholastic performance, attendance record, etc.; (ii) co-curricular matters you may engage in, such as service learning, outreach activities, internship or apprenticeship compliance; (iii) your extra-curricular activities, such as membership in student organizations, leadership positions, and participation and attendance in seminars, competitions, programs, outreach activities, and study tours; and (iv) any disciplinary incident that you may be involved in, including accompanying sanctions. There will also be times when the University will acquire other forms of data like pictures or videos of activities students participate in, via official documentation of such activities, or through recordings from closed-circuit security television cameras installed within school premises. d. Unsolicited Information. There may be instances when personal information is sent to or received by the University even without your prior request. In such cases, the University shall determine if it can legitimately keep such information. If it is not related to any of the University’s legitimate interests, the recipient shall immediately dispose of the information in a way that will safeguard your privacy. Otherwise, it will be treated in the same manner as information you provided to us.
2. Use of Information. To the extent permitted or required by law, the University may use your personal data to pursue our legitimate interests as an educational institution, including a variety of academic, administrative, research, historical, and statistical purposes.
-
- 2.1. Processing shall your rights, including the right to refuse, withdraw consent, or object. It shall likewise be transparent, and allow you to know the sufficient information about the nature and extent of processing; 2.2. Information provided to you must always be in clear and plain language to ensure that they are easy to understand and access;
- 2.3. Processing must be in a manner compatible with declared, specified, and legitimate purpose;
- 2.4. Processed personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- 2.5. Processing shall be undertaken in a manner that ensures appropriate privacy and security safeguards; and
- 2.6. Processing should ensure data quality. Hence, your personal data should be accurate and where necessary for declared, specified and legitimate purpose, kept up to date. Likewise, inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted.
- 2.7. The University may use the information it collected for purposes such as:
- a. evaluating applications for admission to the University;
- b. processing confirmation of incoming, transfer, cross-registering, or non-degree students in preparation for enrollment;
- c. recording, generating, and maintaining student records of academic, co-curricular, and extra-curricular progress;
- d. recording, storing, and evaluating student work, such as homework, seatwork, quizzes, long tests, exams, term papers, theses, dissertations, culminating or integrating projects, research papers, reflection papers, essays and presentations;
- e. recording, generating, and maintaining records, whether manually, electronically, or by other means, of grades, academic history, class schedules, class attendance and participation in curricular, co-curricular, and extra-curricular activities;
- f. establishing and maintaining student information systems;
- g. sharing of grades between and among faculty members, and others with legitimate official need, for academic deliberations and evaluation of student performance;
- h. processing scholarship applications, grants, allowances, reports to benefactors, and other forms of financial assistance;
- i. investigating incidents that relate to student behavior and implementing disciplinary measures;
- j. maintaining directories and alumni records;
- k. compiling and generating reports for statistical and research purposes;
- l. providing services such as health, insurance, counseling, information technology, library, sports/recreation, transportation, parking, campus mobility, safety and security;
- m. managing and controlling access to campus facilities and equipment;
- n. communicating official school announcements;
- o. sharing marketing and promotional materials regarding school-related functions, events, projects, and activities;
- p. soliciting participation in research and non-commercial surveys sanctioned by the University;
- q. soliciting support, financial or otherwise, for University programs, projects, and events, and:
- r. other purposes in order to comply with its mandates under R.A No. 11694, and with the requirements of other monitoring and regulatory agencies of the national government.
- 2.2. The University considers the processing of your personal data for these purposes to be necessary for the performance of its contractual obligations, for the University’s compliance with a legal obligation, to protect your vitally important interests, including your life and health, for the performance of tasks the University carries out in the public interest (e.g., public order, public safety, etc.), or for the pursuit of the legitimate interests of the University or a third party. However, considering that DPA imposes stricter rules for the processing of sensitive personal information and privileged information, the University shall fully commit to abiding by those rules;
- 2.3. If the University requires your consent for any specific use of your personal data, the University shall collect it at the appropriate time;
- 2.4. The University shall not subject your personal data to any automated decision-making process without your prior consent.
3. Sharing, Disclosing, and Transferring of Personal Data. To the extent permitted or required by law, the University shares, discloses, and transfers personal data to other persons or entities for the purpose of upholding the interests and pursue the University’s legitimate interests as an institution of higher learning.
-
- 3.1 Considering that the University is a government institution, any and all data sharing agreements shall follow the provisions of the National Privacy Commission (NPC) Circular No. 2020-03, and any amendments or revisions thereto. Nonetheless, data sharing may be covered by a data sharing agreement (DSA) or a similar document containing the terms and conditions of the sharing arrangement, including obligations to protect the personal data shared, the responsibilities of the parties, mechanisms through which you may exercise your rights, among others.
- 3.2 For instance, the University may share, disclose, and transfer personal data for purposes such as:
- a. posting of acceptance to the University, awarding of financial aid and merit scholarship grants, class lists, class schedules, online, in school bulletin boards, or other places within the University;
- b. sharing your personal data with parents, guardians, or next of kin, as required by law, or on a need-to-know basis, as determined by the University, in order to promote best interests, or to protect health, safety, and security, or that of others;
- c. sharing of some information to donors, funders, or benefactors for purposes of scholarship, grants, and other forms of assistance;
- d. publication of scholars’ graduation brochure for distribution to donors, funders, or benefactors;
- e. distribution of the list of graduates and awardees in preparation for and during commencement exercises;
- f. reporting and/or disclosure of information to the NPC and other government bodies or agencies (e.g., Commission on Higher Education, Department of Budget and Management, Commission on Audit, Department of Education, Bureau of Immigration, Department of Foreign Affairs, Civil Service Commission, Bureau of Internal Revenue, Professional Regulation Commission, Legal Education Board, Supreme Court, etc.), when required or allowed by existing laws, rules and regulations.
- g. sharing of information with entities or organizations (e.g. Accrediting Agency of Chartered Colleges and Universities in the Philippines, ASEAN University Network, Development Academy of the Philippines, International Organization for Standardization, Quacquarelli Symonds, Times Higher Education, UI Green Metric World University Rankings, The World University Rankings for Innovation (WURI), Engineering Accreditation Commission [ABET]) for accreditations and rankings;
- h. sharing of information with entities or organizations (e.g., Philippine Association of State Universities and Colleges, University Athletic Association of the Philippines and other sports bodies) for determining eligibility in sports or academic competitions, as well as other similar events;
- i. complying with court orders, subpoenas and/or other legal obligations;
- j. conducting internal research or surveys for purposes of institutional development;
- k. publishing academic, co-curricular, and extra-curricular achievements and success, including honors lists and names of awardees in school bulletin boards, website, social media sites, and publications;
- l. sharing academic accomplishments of honors and co-curricular or extracurricular achievements with schools a student graduated from or were previously enrolled in, upon your request and consent;
- m. use of photos, videos, and other information in order to promote the school, including its activities and events, through marketing or advertising materials, such as brochures, website posts, newspaper advertisements, physical and electronic bulletin boards, and other media;
- n. live-streaming of University events; and
- o. publication of communications with journalistic content, such as news information in University publications, and social media sites.
4. Storage and retention of personal data. Personal data shall be stored and transmitted securely in a variety of paper and electronic formats, including databases that are shared between the University’s different units or offices.
-
- 4.1. Retention of personal data shall only be: i. for the fulfillment of the declared, specified, and legitimate purpose, or when the processing relevant to the purpose has been terminated. ii. for the establishment, exercise or defense of legal claims; or iii. for legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by appropriate government agencies.
- 4.2. Retention of personal data shall be allowed in cases provided by law;
- 4.3 Your personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public, or prejudice the interests your interests; and
- 4.4 The provisions under this item should be read in conjunction with the retention policy of University documents, if any, and other applicable issuances of the National Archives of the Philippines (NAP).
- 4.5. Access to your personal data is limited to University personnel who have a legitimate interest in them for the purpose of carrying out their contractual duties. The use of personal data shall not be excessive.
- 4.6. Unless otherwise provided by law or by appropriate University policies, the University shall retain your relevant personal data indefinitely for historical and statistical purposes. Where a retention period is provided by law and/or a University policy, all affected records will be securely disposed of after such period.
5. Your rights as a student, applicant, and alumni. Under the Data Privacy Act of 2012, you are granted with the rights to ensure your personal information is handled appropriately and transparently:
-
- 5.1. Right to be Informed. You are entitled to know the purposes for which your personal data is being collected and processed. You also have the right to stay informed about the reasons and purpose of data processing and collection. The personnel responsible for such collecting and processing shall provide a clear and thorough explanation and notification with you before proceeding with the processing of personal data.
- 5.2. Right to Access. You have the right to access your personal information, including details about its origin, the entities it has been shared with, and the manner and reasons for its processing and disclosure.
- 5.3. Right to Object: You may contest any inaccuracies or errors in your personal data and request corrections from the University, provided your objections are reasonable and legally justified.
- 5.4. Right to Suspension/Blocking/Removal/Destruction: You can request the suspension, blocking, removal, or destruction of your personal data from records if it is used unlawfully or is no longer necessary for its original purpose, supported by substantial evidence.
- 5.5. Right to Rectification: You have the right to request the correction of any incorrect or incomplete data to ensure accuracy and completeness. 5.6. Right to Claim Damages: You may seek compensation for damages resulting from the misuse, inaccuracy, or unlawful handling of your personal data.
CHANGES IN PRIVACY NOTICE
The University, may from time to time, make changes to this Privacy Notice. As such, the University will let you know through our website and other means of communication, if permissible. Any modification is effective immediately upon the posting of the revised notice on the website. For inquiries and concerns, you may contact the Data Privacy Office through our email: dpo@g.batstate-u.edu.ph or Tel nos. (+63 43) 406-8800; 779-8400; local: 1171.