Data Privacy Agreement
In Compliance with the Data Privacy Act of 2012
This agreement is issued in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and the provisions of the institution’s Data Privacy Manual. By affixing their signature to this document, the student acknowledges their rights under the law and consents to the collection, processing, storage, and sharing of personal and sensitive personal data by the institution for purposes directly related to their enrollment, academic administration, and institutional requirements.
1. Purpose
The institution is responsible for collecting and processing personal and sensitive personal data to provide educational services, facilitate academic administration, and comply with legal and regulatory obligations. This agreement seeks to inform the student of the purposes for data processing, establish the legal basis for such activities, and affirm the institution’s commitment to data protection in accordance with applicable laws.
2. Scope of Data Collection and Processing
The institution collects and processes personal data necessary for enrollment, academic monitoring, and administrative functions.
Personal data includes, but is not limited to, the student’s full name, student identification number, contact details, date of birth, nationality, and address, as obtained through enrollment forms, identification documents, and registration records.
Academic data, such as grades, attendance, performance evaluations, and enrollment status, is gathered to monitor and document the student’s academic progress.
Financial information, including payment history, scholarships, and financial aid data, is collected to manage tuition, fees, and other financial transactions.
Digital data, such as activity logs, session data, and cookies from institutional platforms, is collected to support online education and ensure proper use of institutional systems.
3. Legal Basis for Processing
The processing of personal and sensitive personal data by the institution is conducted in accordance with the following lawful grounds:
- Consent. The explicit consent of the student is obtained through this agreement, authorizing the collection, processing, and storage of their personal data.
- Compliance. Data processing is necessary for compliance with legal and regulatory obligations, such as reporting to government agencies or accrediting institutions.
- Legitimate Interests. Processing supports the institution’s legitimate objectives, such as academic administration, while ensuring that the rights and freedoms of the student are not overridden.
4. Retention and Disposal of Data
The institution retains personal data only for as long as necessary to fulfill the purposes for which it was collected. Academic records are retained indefinitely to facilitate verification, alumni services, and institutional reporting. Financial records are retained indefinitely, in compliance with financial and auditing regulations. Digital data is retained in accordance with institutional policies on IT systems usage and monitoring.
Upon the expiration of these retention periods, personal data is securely disposed of in accordance with institutional procedures. Physical records are shredded or incinerated, while digital records are permanently deleted using secure methods that prevent recovery.
5. Rights of the Data Subject
The data subject is entitled to exercise their rights under the Data Privacy Act of 2012. These include the right to be informed of the purposes and methods of data processing, the right to access their personal data, the right to request corrections to inaccurate or incomplete data, the right to object to data processing under certain circumstances, the right to request the deletion of data no longer necessary for the purposes for which it was collected, the right to obtain their data in a portable format, and the right to file complaints regarding potential violations of their data privacy. Any exercise of these rights must be communicated in writing to the Data Protection Officer or the Guidance Office.
6. Data Sharing and Disclosure
The institution ensures that personal and sensitive personal data is shared only in accordance with the law. Internal sharing of data occurs exclusively for legitimate purposes, such as academic administration, financial management, and IT system maintenance. External sharing is conducted only when required by law, such as compliance with regulatory reporting, or with the explicit consent of the student. Third-party service providers, such as IT vendors or auditors, are bound by confidentiality agreements and required to adhere to data protection standards.
7. Security Measures
The institution implements comprehensive security measures to protect the confidentiality, integrity, and availability of personal and sensitive personal data. Physical records are stored in secure, access-controlled facilities, while digital records are encrypted and safeguarded through firewalls, secure authentication systems, and regular monitoring. All personnel handling personal data receive regular training on data privacy and security, and periodic audits are conducted to ensure compliance with institutional policies and the Data Privacy Act.
8. Responsibilities of the Institution
The institution is committed to ensuring the ethical and lawful handling of personal and sensitive personal data. This includes maintaining accurate and secure records, implementing policies to protect data from unauthorized access, and reviewing data management practices regularly to comply with evolving legal requirements and institutional standards.
9. Consent and Agreement
By using the official STEP S Learning Management System (LMS) of Universidad de Dagupan, you acknowledge and agree to the institution’s Data Privacy Policy. Your use of the LMS signifies your consent to the lawful collection, processing, storage, and use of your personal and sensitive personal data for purposes related to your enrollment, academic activities, and institutional services. Access to the LMS is granted exclusively to enrolled students of Universidad de Dagupan, and your continued use constitutes acceptance of these terms.
For inquiries regarding data privacy, contact the Data Protection Officer:
Email: cabilesmf@cdd.edu.ph