Lyceum of the Philippines University
The Data Privacy Act of 2012 (DPA) regulates the processing of personal data in any format by the Lyceum of the Philippines University, including both digital and hard copy personal data and all other formats. ‘Personal data’ is any information relating to a living individual, and 'processing' is any activity carried out involving personal data, including holding and storing it.
This statement establishes the University’s procedures governing the collection and release of student data and is provided to students at the application and registration stages. It includes information about how student data is used, and where it is supplied by the University to the Commission on Higher Education (CHEd), Technical Education and Skills Development Authority (TESDA), Department of Education (DepEd), Supreme Court, Legal Education Board (LEB), Civil Service Commission (CSC), Professional Regulations Commission (PRC) and other external parties.
The Lyceum of the Philippines University is the data controller for all personal data that it holds and processes, except where it is done in the capacity of a data processor on behalf of another data controller. The University’s contact details are:
Lyceum of the Philippines University
Manila Campus : Muralla cor Real Sts., Intramuros, 1002 Manila
Makati Campus : 109 L.P. Leviste St., Salcedo Village, 1277 Makati City
Cavite Campus : Governor's Dr, General Trias, Cavite
The University’s Protection Officers are:
Manila Campus : Rejan L. Tadeo
Data Protection Officer
Makati Campus : Atty. Janice Ramos
Compliance Officer for Privacy
Cavite Campus : Roy Ferolino
Data Protection Officer
NOTIFICATION TO APPLICANTS AND REGISTERED STUDENTS
The Lyceum of the Philippines University may obtain, hold and process the personal data of students including personal details, family and social circumstances, education and training records, employment information, financial details, and services provided. It may obtain, hold and process the sensitive personal data (the term used by the DPA) of students including racial or ethnic origin, religious or philosophical beliefs, biometric data, and physical or mental health.
Personal data and sensitive personal data held by the University relating to students is obtained directly from the student or applicant and parents for those below 18 years in age.
The Lyceum of the Philippines University holds the personal data and sensitive personal data of its students in order to implement and manage all services and processes relating to students, including student recruitment, admission, registration, teaching and learning, examination, graduation and other services such as accommodation, student support and careers. Only information required for these purposes is obtained and processed, and without it the University may not be able to provide its services. Information is passed between various sections of the University for operational reasons as is necessary and proportionate for intended purposes.
Student personal data is collected and processed by the University as it is necessary for the performance of the contract under which the University provides services to students. Some processing activities may also be carried out under a legal obligation (for example, disclosing personal data to external parties under statutory powers), where it is necessary to protect the vital interests of the student or another party (for example, disclosures to external parties to ensure the safety and wellbeing of individuals), where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (for example, collecting or disclosing information in order to meet regulatory or statutory requirements), or where it is necessary for legitimate interests pursued by the University or a third party (the legitimate interests will relate to the efficient, lawful and proportionate delivery of services and will not be to the detriment of the interests or rights of individuals). Where any of these legal bases do not apply, the consent of an individual to process their personal data will be sought.
Where students’ sensitive personal data is collected and processed by the University this will be on the legal basis of explicit consent of the student, employment or social security/protection requirements, protecting the vital interests of the student or another party, the exercise or defense of a legal claim, reasons of substantial public interest, purposes of medical or health care, or where the information has been made public by the student. Any processing will be proportionate and relate to the provision of services by the University. When this data is used for monitoring and reporting purposes it will be anonymized if possible.
The University may disclose student’s personal data and sensitive personal data to external agencies to which it has obligations; for example, for visa and immigration purposes, and to other arms of national or local government, to the Commission on Higher Education (CHEd), Technical Education and Skills Development Authority (TESDA), Department of Education (DepEd), Supreme Court, Legal Education Board (LEB), Civil Service Commission (CSC), Professional Regulations Commission (PRC) and potentially other such organizations for defined purposes. It may also disclose information to examining bodies, legal representatives, police or security agencies, suppliers or service providers, survey and research organizations engaged by the University, and regulatory authorities. With the consent of the student, personal and sensitive personal data may be released to other institutions/agencies or companies for purposes of employment, scholarship, further studies, licensure examinations abroad, immigration application and other purposes for the benefit of the student.
If students have unpaid debts to the University at the end of their course the University may, at its discretion, pass this information to debt collecting agencies in order to pursue the debt.
The University also uses student’s personal data as follows:
- evaluating applications for admission to LPU;
- processing confirmation of incoming students and transfer students in preparation for enrollment;
- Produce diplomas, transcripts of records (TOR) and true copy of grade (TCG) for students.
- recording, generating and maintaining records, whether manually, electronically, through Radio Frequency Identification (RFID) or other means, of class attendance and participation in curricular, co-curricular and extra-curricular activities;
- establishing and maintaining student information systems
- sharing of grades between and among faculty members, and others with legitimate official need, for academic deliberations;
- processing academic awards, scholarship applications, grants and other forms of assistance
- investigating incidents that relate to student behavior and implementing disciplinary measures;
- providing services such as health, counseling, information technology,
library, sports/recreation, transportation, parking, campus mobility, safety and security;
- managing and controlling access to campus facilities and equipment;
- Provide contact details to the LPU Central Student Government to enable it to offer appropriate services to students. Please contact Student Affairs Office if you do not want your contact details shared with the Lycesgo.
- Provide progress reports to sponsors of students (except relatives).
- Provide references to education institutions and employers, usually with the consent of the student or graduate.
- Publication of the names of graduating students in the degree ceremony graduation programme and yearbook.
- Disclose information about students and graduates for the purpose of promoting the University, and to their former schools for the purposes of school’s liaison, but only with the consent of the student or graduate if they are personally identified.
- For the purposes of plagiarism detection, utilizing the on-line Turnitin plagiarism detection service.
- Supply personal and financial details to providers of financial services engaged by the University, for example for the payment of fees, refunds, loans and similar services.
- Disclosing information to external parties for safeguarding and duty of care purposes, for example to medical practitioners, insurance agencies and law enforcement agencies.
- Graduates of the University are still able to access Center of Career Servicers and Industry Relations Service support and resources, and may be contacted after graduation by the unit to offer ongoing support with career plans, including coaching and job opportunities.
- Subject to review on a case-by-case basis, providing contact details to third party companies and organizations formally engaged by the University to provide enhanced levels of service to support core activities.
- Proving academic records of student athletes to sports organizations where LPU is a member or is participating such as the National Collegiate Athletic Association (NCAA).
On graduating, all students automatically become members of LPU Alumni Association. They receive the opportunity to remain in touch with fellow graduates and to be kept up to date on University news, events, products, services and opportunities to support the University. If you do not wish to receive these communications, you must notify the Alumni Affairs Office – this can be done at any time after you graduate.
In some instances, the University may transfer students’ personal data to third parties located in other countries. Any such transfers will be strictly in relation to the delivery of the University’s core services, including to partner institutions abroad. Personal data may be shared with international agents that the University uses for the delivery of services to overseas students. All instances of overseas transfers of personal data are subject to appropriate technical safeguards and contractual provisions incorporating appropriate assurances to ensure the security of the data and full compliance with legislative and regulatory requirements. In cases that a student needs to be referred to a psychologist and/or psychiatrist for the evaluation/assessment of his/her mental health condition, the Guidance and Testing Center will provide a description of the symptoms being manifested in a referral letter. The referral letter will be sent to a hospital or mental health institution with the full consent of the student involved. The student preferably with his/her guardian shall personally hand over the referral letter to the psychologist and/or psychiatrist.
Some sections of the University undertake processes involving applicant or student personal data that include elements of profiling. Examples are some support units, including the Communications and Public Affair Office and Registrar’s Office, where these processes are employed to determine the nature of communications sent to individuals and to facilitate student recruitment and admissions procedures.
A basic academic record for individual students will be kept permanently by the University, with more detailed records kept for defined retention periods. Details of the retention periods attributed to different elements of student records are defined in the University Integrated Management System (IMS) retention policies.
If you have any queries about the use of student personal data outlined above, then please contact your campus Data Protection Officer / Compliance Officer for Privacy.
SUBMISSION OF YOUR INFORMATION TO GOVERNMENT AGENCIES
It is a statutory requirement for the University to send some of the information we hold about you to these government agencies every year: CHED as the official source of data about higher educational institutions, TESDA for technical-vocational institutions, DepEd for basic education institutions, Professional Regulation Commission (PRC) for those who intend to take licensure examinations, Supreme Court for those intending to take the Bar Examinations, Legal Education Board for graduating law students as a requirement for graduation, the Civil Service Commission (CSC) for honor graduates for civil service eligibility. These agencies collect, and is responsible for, the database in which your information is stored. These agencies also share your information with third parties for specified and lawful purposes. It may charge other organizations to whom it provides services and data. These agencies use of your information may include linking information from it to other data. All uses of information must comply with the Data Privacy Act of 2012 and Its Implementing Rules and Regulation.
If you give us information about your / your child disability status, ethnicity, sexual orientation, gender reassignment or religion these may be included in your CHED information and used to assist with monitoring equality of opportunity and eliminating unlawful discrimination in accordance with the Gender Sensitivity. Some other sensitive information is used to enable research into the provision of fair access to higher education. Your sensitive personal data will not be used to make decisions about you.
Approximately six months after you graduate, the University thru Alumni Affairs Office may contact you to ask you to fill in the Graduate Tracer Form. You may also be contacted as part of an audit to check that we have undertaken this process properly. We will not give your contact details to any third parties.
The University also conducts Customer Satisfaction Survey (CSS), Student Satisfaction Survey (SSS) and Best Innovation Suggestion Award (BISA) for the improvement of its programs and services.
There is no requirement for you to take part in any of process but participation assists the University, as well as government and regulatory bodies, in performing their statutory, official and public duties. If you do not want to take part in any of these survey, please contact the Data Protection Officer.
MONITORING OF IT SYSTEMS AND ACCOUNTS
Students should also be aware that, in certain circumstances, the University may monitor usage of its IT systems and access user information on its systems and networks that is normally private. Any institutional monitoring or access will comply with legislation including the Data Privacy Act of 2012 and its Implementing Rules and Regulation. Where necessary any access or monitoring will be justifiable, fair and proportionate, and will be in line with the LPU IT Usage Monitoring and Access policy.
USE OF PERSONAL DATA IN RESEARCH
Student members of the University are permitted to process personal data only for use in connection with their academic studies or research. They may do this only with the express prior permission of their supervising member of staff, and only in accordance with any guidance or Code of Practice issued by the University and in force at that time. This applies whether or not those activities are carried out on equipment owned by the University and whether or not they are carried out on University premises. This means that the personal data must be: fairly and lawfully obtained and processed; used only for specified and legitimate purposes; accurate and up-to-date; held securely; kept to the minimum possible and anonymized or pseudo-nymized where possible; not published, put online or taken outside of the country without the consent of the individual concerned; and be deleted or destroyed when it is no longer relevant to retain it. The individuals about whom data are held are entitled to inspect the data unless it is held only for research purposes and will not be released in such a way as to identify the individuals concerned.
Students needing to process personal data for academic or research purposes must make themselves aware of the general requirements of the Data Privacy Act of 2012 and its Implementing Rules and Regulation, and in particular must abide by the data protection principles. Students can do this by obtaining a copy of the University’s current guidance on data protection, and further relevant information from their supervising member of staff.
Students who fail to comply with any guidance or Code of Practice in force may be held personally liable for any resulting breaches of the Data Privacy Act of 2012.
Individuals whose personal data and sensitive personal data is held by the University have the following rights regarding their data:
- The right to be informed – As a data subject you have the right to be informed that your personal data shall be, are being or have been processed.
- The right to access – concomitant to your right to be informed, you also have the right to gain reasonable access to your personal data.
- The right to object - Students can object to the processing of their personal data by the University in certain circumstances, including the sending and receipt of direct marketing material
- The right to erasure and blocking – Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data. This will only apply where there is no legitimate reason for the University to continue to process the personal data. There will usually be a requirement for the University to keep a basic student record indefinitely.
- The right to damages – you may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights as a data subject.
- The right to file a complaint – If you are the subject of a privacy violation or personal data breach, or who are otherwise personally affected by a violation of the DPA may file a complaint.
- The right to rectification – You have the right to dispute any inaccuracy or error in your personal data and have the personal information controller correct it immediately, unless the request is vexatious or unreasonable.
- The right to data portability – allows you to manage your personal data, and to transmit your data from one personal information controller to another.
All requests to exercise any of these rights should be made to the Data Protection Officer.
Where the processing of personal data or sensitive personal data is based on the consent of the student, they have the right to withdraw their consent at any time by contacting the department or service who obtained that consent or the Data Protection Officer.
If a student is unhappy with the University’s handling of their personal data, or believes that the requirements of the DPA may not be fully complied with, they should contact the Data Protection Officer in the first instance.
Date Published : March 26, 2018