Data Privacy Agreement
In Compliance with the Data Privacy Act of 2012
This agreement is issued in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and the provisions of the institution’s Data Privacy Manual. By affixing their signature to this document, the student acknowledges their rights under the law and consents to the collection, processing, storage, and sharing of personal and sensitive personal data by the institution for purposes directly related to their enrollment, academic administration, and institutional requirements.
1 Purpose
The institution is responsible for collecting and processing personal and sensitive personal data to provide educational services, facilitate academic administration, and comply with legal and regulatory obligations. This agreement seeks to inform the student of the purposes for data processing, establish the legal basis for such activities, and affirm the institution’s commitment to data protection in accordance with applicable laws.
2 Scope of Data Collection and Processing
The institution collects and processes personal data necessary for enrollment, academic monitoring, and administrative functions.
- Personal data includes, but is not limited to, the student’s full name, student identification number, contact details, date of birth, nationality, and address, as obtained through enrollment forms, identification documents, and registration records.
- Academic data, such as grades, attendance, performance evaluations, and enrollment status, is gathered to monitor and document the student’s academic progress.
- Financial information, including payment history, scholarships, and financial aid data, is collected to manage tuition, fees, and other financial transactions.
- Digital data, such as activity logs, session data, and cookies from institutional platforms, is collected to support online education and ensure proper use of institutional systems.
3 Legal Basis for Processing
The processing of personal and sensitive personal data by the institution is conducted in accordance with the following lawful grounds:
Consent
Explicit consent obtained authorizing collection and processing.
Compliance
Necessary for legal and regulatory obligations.
Legitimate Interests
Supports academic administration while ensuring rights.
4 Retention and Disposal of Data
The institution retains personal data only for as long as necessary. Academic records are retained indefinitely. Financial records are retained as per regulations. Upon expiration, data is securely disposed of (shredded or permanently deleted).
5 Rights of the Data Subject
The data subject is entitled to rights including: to be informed, access data, request corrections, object to processing, request deletion, data portability, and file complaints. Requests must be communicated in writing to the Data Protection Officer.
6 Data Sharing and Disclosure
Data is shared only in accordance with the law. Internal sharing is for legitimate purposes. External sharing occurs only when required by law or with explicit consent. Third parties are bound by confidentiality.
7 Security Measures
The institution implements comprehensive security (physical and digital) to protect data legality. Measures include access controls, encryption, firewalls, and regular training/audits.
8 Responsibilities of the Institution
The institution commits to ethical handling, maintaining accurate records, protecting against unauthorized access, and reviewing practices.
9 Consent and Agreement
By using the official STEP S Learning Management System (LMS) of Universidad de Dagupan, you acknowledge and agree to the institution’s Data Privacy Policy. Your use of the LMS signifies your consent to the lawful collection, processing, storage, and use of your personal and sensitive personal data.
For inquiries regarding data privacy:
Contact the Data Protection Officer