Within the framework of the Data Privacy Act of 2012 (R.A. 10173), the University of the East declares its commitment to the protection of the privacy of its stakeholders, such as students, faculty, non-teaching staff, and service providers, from whom it collects personal information in the pursuit of its legitimate interests and responsibilities as an academic institution.

Thus, the University has instituted policies and measures that will safeguard security and confidentiality of the personal information that it collects, retains and stores, and may possibly share under certain circumstances. These policies and measures subscribe to the provisions of R.A. 10173 and its implementing Rules and Regulations.

 

The Data Protection Officer
Office of the Chancellor
University of the East, Manila Campus
2219 C.M. Recto Avenue, Manila 1008
Telephone No: Trunkline 8735-5471 to 82, Local 433; Direct Line 8735-8559
Email Address:  dpo@ue.edu.ph

Statement of Commitment

The University of the East affirms its commitment to the protection of the privacy of its stakeholders, such as students, faculty, non-teaching staff, and service providers, from whom it collects personal information in the pursuit of its legitimate interests and responsibilities as an academic institution, in a manner consistent with the Data Privacy Act of 2012 and its Implementing Rules and Regulations (DPA IRR).

Scope

The Privacy Policy applies to all areas of operation of the University, and all University activities dealing with the collection of personal information from University stakeholders, and extends across the life cycle of information, from collection, creation, storage, use, distribution, and disposal.  Failure to comply with this Privacy Policy as well as the detailed procedures compiled in the UE Data Privacy Manual may constitute misconduct and may result in appropriate disciplinary action.

Principles

A. Collection and Use of Personal Information

    1. The University only collects personal information that is necessary and directly related to one or more of its legitimate functions and activities as an academic institution.
    2. The collection and processing of sensitive personal information and privileged information shall be done only in accordance with the conditions set by the Data Privacy Act of 2012, Implementing Rules and Regulations, Sec. 22.
    3. The University will seek consent, and collect personal information directly from the data subject, using both electronic and paper-based modes, for various purposes, including
      • As part of any admission/enrolment/registration process accomplished by students;
      •  Recording and storage of data generated by employment as faculty or non-teaching personnel, provision of contracted services to the University by third-party vendors and service providers, or by students undertaking academic, co-curricular and extra-curricular activities;
      • In the course of undertaking research;
      • Establishing alumni directories and maintaining alumni records;
      • Investigation of incidents relating to student, faculty, or employee discipline;
      • Providing services such as health, guidance and counselling, access to and use of library resources and IT facilities;
      • In the course of implementation of Cooperation Agreements with various types of organizations;
      • Entry into the campus via turnstile by students, faculty and employees using their UE IDs and registration logs for walk-in guests;
      • Maintaining campus security through specified entry procedures and CCTV security cameras installed in the campus.

B. Sharing of Personal Information

The University will share information to other parties in the pursuit of its legitimate interests and responsibilities as an educational institution, in accordance with regulations prescribed by law.  Examples of such situations are:

  1. Fulfillment of reporting requirements by mandated government bodies such as CHED, DepEd, BIR, SEC, SSS, PhilHealth, BI;
  2. Communicating with other parties in fulfilment of curricular requirements relevant to a student’s course of study, such as OJT host companies/facilitating agencies, or partner organizations for community outreach work or academic collaboration;
  3. Implementation of a learning management system using proprietary software, through a contracted external service provider;
  4. Management of health, safety and security of students, faculty and employees, such as UERM or other hospitals, and/or the police;
  5. Public acknowledgement and publication of photographs of university students, alumni, faculty and employees, taken in the course of their participation in a university event or as recipient of honors and awards, for informational, marketing and promotional purposes;
  6. Confirmation of the status as student or alumni of the University in response to inquiries from other parties.

 C. Retention of Personal Information

    1. The University will retain the personal information pertaining to the academic record of students and alumni indefinitely for historical, statistical and research purposes.
    2. For other types of data, e.g., visitor log at the gates, or information of applicants who did not qualify for University admission or employment, retention periods will be defined in the appropriate University circulars.  At the end of the retention period, records will be securely disposed of.

D. Access to, Correction, Blocking, or Deletion of Personal Information

Upon request by a data subject, the University will allow access to his/her own personal information, and/or have the personal information corrected, blocked or deleted unless there is a legitimate reason for refusal, as identified in the limitations to the rights of data subjects, Sec. 37 of the DPA IRR.

E. Handling of Complaints and Data Security Breaches

All University stakeholders who become aware of a suspected or actual breach in data security must immediately bring it to the attention of the Data Protection Officer, in writing or by email, for proper recording and reporting to the National Privacy Commission in accordance with Rule IX, Sections 38 to 42, of the DPA IRR.   The University, through a Data Breach Response Team, will address such suspected or actual breach in accordance with its Data Privacy Manual.

Note: All requests or complaints must be submitted in writing using the downloadable form entitled Request_Report Form.pdf