Twin Policies

UNIVERSITY OF THE PHILIPPINES DILIMAN

TWIN POLICIES ON DATA PRIVACY

A fundamental step toward upholding data privacy is recognizing the rights of each member of UP Diliman as well as identifying our responsibilities to one another. For UP Diliman to protect and balance the data privacy rights of its staff, faculty, students, alumni and other UP Diliman People, it is necessary that the University also defines its own rights and responsibilities. To these ends, the attached twin policies are promulgated:

UP Diliman Data Subject Rights and Responsibilities

This policy grants to all connected to UP Diliman all the rights of data subjects under the Data Privacy Act of 2012 and its implementing Rules and Regulations. To facilitate harmonious interplay of our rights, this policy also establishes responsibilities of data subjects to one another and the University.

UP Diliman Privacy Policy

This policy bring life to the transparency, legitimacy and proportionality requirements of privacy laws and regulations by defining and regulating the parameters how UP Diliman processes personal information of the following classes of data subjects:

Students, parents and guardians;
Faculty, including visiting faculty;
Staff, including REPS, UP contractual, Non-UP contractual personnel and retirees;
Applicant students, faculty and staff;
Researchers and research subjects;
Patients, clients and customers;
Alumni, donors and donees;
Contract counterparties, partners, subcontractors, licensors and licensees; and
Other persons with juridical link with UP Diliman.

DATA SUBJECT RIGHTS AND RESPONSIBILITIES

In recognition of the constitutional and inherent right of people to data privacy and the need to define the scope of concomitant responsibilities to respect the privacy of others, the University of the Philippines Diliman (“UP Diliman”) promulgates this policy on UP Diliman Data Subject Rights and Responsibilities.

This Policy is complementary with the UP Diliman Privacy Policy which can be found at https://privacy.upd.edu.ph/privacy-policies/.

PART I. DATA SUBJECT RIGHTS

In UP Diliman’s processing of their Personal Data, the following rights shall be afforded to students, parents, guardians, faculty, visiting faculty, staff, Research, Extension and Professional Staff (REPS), UP contractual personnel, Non-UP contractual personnel, retirees, applicant students, applicant faculty, applicant staff, researchers, research subjects, patients, clients, customers, alumni, donors, donees, contract counterparties, partners, subcontractors, outsourcees, licensors, licensees and other persons with a juridical link with UP Diliman (each a “Data Subject” or collectively, “Data Subjects”):

(A) Right to be Informed

1. The Data Subject has a right to be informed whether Personal Data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
2. The Data Subject shall be notified and furnished with information indicated hereunder before the entry of his or her Personal Data into the processing system of UP Diliman, or at the next practical opportunity:
a. Description of the Personal Data to be entered into the system;
b. Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose;
c. Basis of processing, when processing is not based on the consent of the Data Subject;
d. Scope and method of the Personal Data processing;
e. Third-party recipients or classes of recipients to whom the Personal Data are or may be disclosed. As the University of the Philippines (“UP”) is a single juridical entity and instrumentality of the government, all transmission and flow of information within the UP System, its constituent universities, and their respective units are neither sharing nor disclosure of information to third parties;
f. Methods utilized for automated access, if the same is allowed by the Data Subject, and the extent to which such access is authorized, including
meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject;
g. The identity and contact details of UP Diliman or its representative;
h. The period for which the information will be stored; and
i. The existence of their rights as Data Subjects, including the right to access, correction, and object to the processing, as well as the right to lodge a
complaint before the National Privacy Commission.

(B) Right to Object

The Data Subject shall have the right to object to the processing of his or her Personal Data, including processing for direct marketing, automated processing or profiling. The Data Subject shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the Data Subject in the preceding paragraph.

When a Data Subject objects or withholds consent, UP Diliman may not be able to conduct academic, administrative and other functions or services related to the Data Subject.

When a Data Subject objects or withholds consent, UP Diliman shall no longer process the Personal Data, unless:

1. The Personal Data is needed pursuant to a subpoena;
2. The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the Data Subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the Data Subject;
3. The information is being collected and processed as a result of a legal obligation; or
4. UP Diliman’s functions as the national university or as a instrumentality of the government will be impaired.

(C) Right to Access

The Data Subject has the right to reasonable access to, upon demand providing sufficient time for preparation, the following:
1. Contents of his or her Personal Data that were processed;
2. Sources from which Personal Data were obtained;
3. Names and addresses of recipients of the Personal Data;
4. Manner by which such data were processed;
5. Reasons for the disclosure of the Personal Data to recipients, if any;
6. Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the Data Subject;
7. Date when his or her Personal Data concerning the Data Subject were last accessed and modified; and
8. The description of UP Diliman under Act No. 1870 and Republic Act No. 9500 and address of UP Diliman.

(D) Right to Rectification

The Data Subject has the right to dispute the inaccuracy or error in the Personal Data and have UP Diliman correct it within a reasonable period and accordingly, unless the request is vexatious or otherwise unreasonable. If the Personal Data has been corrected, UP Diliman shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, That recipients or third parties who have previously received such processed Personal Data shall be informed of its inaccuracy and its rectification, upon reasonable request of the Data Subject.

(E) Right to Erasure or Blocking

These rights of erasure and blocking do not apply to Personal Data, documents, records and accounts which are part of UP Diliman’s public records as an instrumentality of the government or as the national university.

The Data Subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her Personal Data from UP Diliman’s filing system.

1. This right may be exercised upon discovery and substantial proof of any of the following:
a. The Personal Data is incomplete. outdated. false, or unlawfully obtained;
b. The Personal Data is being used for purpose not authorized by the Data Subject;
c. The Personal Data is no longer necessary for the purposes for which they were collected;
d. The Data Subject withdraws consent or objects to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
e. The Personal Data concerns private information that is prejudicial to Data Subject. unless justified by freedom of speech, of expression, or of the press
or otherwise authorized;
f. The processing is unlawful;
g. UP Diliman or UP Diliman’s Personal Data processor violated the rights of the Data Subject.
2. UP Diliman may notify third parties who have previously received such processed Personal Data.

(F) Right to Damages

This right to damages is subordinate to:

1. The presumption of UP Diliman’s regularity in the performance of government functions;
2. As applicable, the principle that the State may not be sued without its consent; and
3. The non-liability of UP Diliman arising from the incidental damages due to UP Diliman’s pursuance of its mandates or compliance with its legal obligations.

The Data Subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of his or her rights and freedoms as Data Subject.

PART II. RESPONSIBILITIES OF DATA SUBJECTS

Concomitant to the exercise of rights are responsibilities to respect the privacy of others and comply with UP Diliman’s regulations in its administration of data privacy. Data Subjects shall have the following responsibilities:

1. Respect the data privacy rights of others;
2. Report any suspected Security Incident or Personal Data Breach to UP Diliman to the UP Diliman Data Protection Officer by visiting https://privacy.upd.edu.ph;
3. Provide the UP true and accurate Personal Data and other information. Before submitting Personal Data of other people to UP, obtain the consent of such people;
4. Not disclose to any unauthorized party any non-public confidential, sensitive or personal information obtained or learned in confidence from UP; and
5. Abide by the policies, guidelines and rules of the UP System and UP Diliman on data privacy, information security, records management, research and ethical conduct. From time-to-time check for and comply with updates on these policies, guidelines and rules. UP Diliman’s policies on data privacy are at https://privacy.upd.edu.ph. For students, the UP System’s UP Privacy Notice for Students is at https://upd.edu.ph/studentnotice/.

PART III. ENFORCEMENT

The following parameters govern the enforcement of this Policy:

(A) Transmissibility of Rights of the Data Subject

The lawful heirs and assigns of the Data Subject may invoke the rights of the Data Subject to which he or she is an heir or an assignee, at any time after the death of the Data Subject, or when the Data Subject is incapacitated or incapable of exercising the rights as enumerated herein.

(B) Right to Data Portability

Where his or her Personal Data is processed by electronic means and in a structured and commonly used format, the Data Subject shall have the right to obtain from UP Diliman a copy of such data in an electronic or structured format that is commonly used and allows for further use by the Data Subject. The exercise of this right shall primarily take into account the right of Data Subject to have control over his or her Personal Data being processed
based on consent or contract, for commercial purpose, or through automated means. The National Privacy Commission may specify the electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.

(C) Limitation on Rights

The exercise of any right in this Policy is subject to UP Diliman’s legal, administrative, logistic, financial, technical and other limitations. As an instrumentality of the government operating on state-appropriated funds, UP Diliman’s acts and omissions arising from this Policy is limited on available public financial, infrastructure and manpower resources.

All rights in this Policy shall not be applicable if the processed Personal Data are used only for the needs of scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the Data Subject: Provided, that the Personal Data shall be held under strict confidentiality and shall be used only for the declared purpose. The above rights are also not applicable to the processing of Personal
Data gathered for the purpose of investigations in relation to any criminal, administrative or tax liabilities of a Data Subject. Any limitations on the rights of the Data Subject shall only be to the minimum extent necessary to achieve the purpose of said research or investigation.

(D) Non-Applicability of Rights

This rights under this Policy do not apply to the following:

1. Personal Data processed for journalistic, artistic, literary or research purposes;
2. Information necessary in order to carry out the functions of UP Diliman and other public authorities which include the processing of Personal Data for the performance by law enforcement and regulatory agencies of their constitutionally and statutorily mandated functions;
3. Information necessary to comply with Republic Act No. 9510, and Republic Act No. 9160, as amended, otherwise known as the Anti-Money Laundering Act and other applicable laws; and
4. Personal Data originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines.

(E) Definition of Terms

“Personal Data” refers to all types of personal information, sensitive personal information and privileged information under the Data Privacy Act of 2012 and its Implementing Rules and Regulations.

“Processing” in any of its verb tense refers to the collecting, recording, organizing, storing, retaining, using, analyzing, copying, transmitting, porting, sharing, exhibiting, deleting, or destroying of Personal Data regarding Data Subjects.

“Data Subject” or collectively, “Data Subjects” refer to students, parents, guardians, faculty, visiting faculty, staff, Research, Extension and Professional Staff (REPS), UP contractual personnel, Non-UP contractual personnel, retirees, applicant students, applicant faculty, applicant staff, researchers, research subjects, patients, clients, customers, alumni, donors, donees, contract counterparties, partners, subcontractors, outsourcees, licensors, licensees and other persons with a juridical link with UP Diliman.

(F) Effectivity

The UP Diliman Data Protection Officer may promulgate policies, guidelines and rules which are not inconsistent with this Policy.

If any law or regulation cited in this Policy is amended or superseded, then it shall be considered that this Policy is referring to such amending or superseding law or regulation, without prejudice to a person’s right against retroactive effect of laws.

If any part of this Policy is declared null and void, then the other unaffected parts shall remain in full force and effect.

A copy of this UP Diliman Data subject Rights and Responsibilities is at https://privacy.upd.edu.ph/data-subject-rights-and-responsibilities-2/.

UNIVERSITY OF THE PHILIPPINES DILIMAN
PRIVACY POLICY

To advance its commitment to protect and uphold the privacy of personal information, the University of the Philippines Diliman (“UP Diliman”) hereby establishes a framework for processing personal information through this UP Diliman Privacy Policy.

This Policy is complementary with the UP Diliman Data Subject Rights and Responsibilities at https://privacy.upd.edu.ph/data-subject-rights-and-responsibilities

I. Who are covered by this Policy?

This Policy governs refers to students, parents, guardians, faculty, visiting faculty, staff, Research, Extension and Professional Staff (REPS), UP contractual personnel, Non-UP contractual personnel, retirees, applicant students, applicant faculty, applicant staff, researchers, research subjects, patients, clients, customers, alumni, donors, donees, contract counterparties, partners, subcontractors, outsourcees, licensors, licensees and
other persons with a juridical link with UP Diliman (“UP People”) whose personal information, sensitive personal information or privileged information (“Personal Data”) are processed by UP Diliman.

II. Why are Personal Data processed?

UP Diliman processes Personal Data to –

(1) Perform its obligations, exercise its rights, and conduct its associated functions as:
a. an instrumentality of the government;
b. a higher education institution.
(2) Pursue its purposes and mandates:
a. under Act No. -1870 as “a university for the Philippine Islands”;
b. under Republic Act 9500 as “the national university”,
(3) For each particular unit of UP Diliman, conduct all acts reasonably foreseeable from and customarily performed by similar bodies;
(4) Decide and act for the holistic welfare of its students, their parents and guardians, faculty, staff, researchers, alumni, and UP Diliman community; and
(5) Manage and administer its internal and external affairs as an academic institution, as an instrumentality of the government, and as a juridical entity with its own rights and interests.

III. What Personal Data are processed?

UP Diliman processes Personal Data including but not limited to:
• Personal details such as name, birth, gender, civil status and affiliations;
• Contact information such as address, email, mobile and telephone numbers;
• Academic information such as grades, course and academic standing;
• Employment information such as government-issued numbers, position and functions;
• Applicant information such as academic background and previous employments;
• Medical information such as physical, psychiatric and psychological information.

UP Diliman processes other Personal Data necessary for the following purposes (the “Purposes”):

(1) Purposes applicable to all classes of UP People

(a) Purposes necessary for UP Diliman to perform its obligations, exercise its rights, and conduct its associated functions as an instrumentality of the government and as a higher education institution;
(b) Purposes to pursue UP Diliman’s mandates under existing laws and regulations;
(c) Purposes to perform acts and decisions necessary for UP Diliman to manage and administer its internal and external affairs as a juridical entity with its own rights and interests;
(d) Compliance with legal, regulatory, administrative or judicial requirements including audit, reporting and transparency requirements;
(e) Records and account purposes such as:
i. Creation and update of record entries and accounts;
ii. Creation and maintenance of student, faculty or staff records and accounts, electronic or otherwise;
(f) Security and community affairs purposes
i. Maintenance of safety, security, peace and order in and around UP Diliman campuses as we” as venues which UP Diliman has presence or activities;
ii. Prevention of crimes and damages to persons or property within or outside the premises of UP Diliman.

(2) Students, parents and guardians
(a) Academic purposes such as:
i. Processing of raw or final grades, including evaluation and use of grades to make and act on decisions about students;
ii. Formulation, study of, and implementation of UP Diliman’s policies, guidelines, procedures, processes, rules and regulations:
(b) Extra-curricular purposes such as:
i. Regulation of student organizations and bodies;
ii. Collaborations with public and private agencies and institutions;
(c) Medical purposes such as:
i. Rendering of medical, dental, psychiatric and psychological aid, whether in emergency situations or otherwise;
ii. Keeping of health records and medical histories to understand patient context and tendencies;
(d) Student assistance purposes such as:
i. Provision of legal, scholarship, financial, athletic, dormitory assistance;
ii. Provision of tutorial, mentorship or internship assistance;
(e) Student disciplinary purposes such as:
i. Conducting investigations, hearing of cases or evaluating matters related to UP Diliman policies, guidelines and rules;
ii. Implementation of laws or orders of government authorities.

(3) Faculty, including visiting faculty
(a) Administration, management and supervision of faculty as UP Diliman employees (see Purposes for Staff):
(b) Administration, management and supervision of faculty in academic and non- academic functions such as:
i. Assignment of teaching load and functions, evaluation of performance, and promotion or transfer;
ii. Research, ethics and intellectual property matters.

(4) Staff, including Research, Extension and Professional Staff (REPS), UP contractual, Non-UP contractual personnel and retirees
(a) Administration of human resources such as:
i. Processing and provision of employee rights;
ii. Provision of compensation and benefits;
(b) Management and supervision of employees and work conduct such as:
i. Employee administration, assignment, work supervision, evaluation, promotion, discipline, and transfer;
ii. Preservation of labor relations and industrial peace.

(5) Applicant students, faculty and staff
(a) Application purposes such as:
i. Processing of application and application requirements;
ii. Evaluation of eligibility to enroll, teach or work in the University of the Philippines;
(b) Verification purposes such as:
i. Determination of veracity of claims;
ii. Background investigation relevant to the position applied for.

(6) Researchers and research subjects
The Data Privacy Act is not applicable if the processed personal information are used only for the needs of scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject: Provided, That the personal information shall be held under strict confidentiality and shall be used only for the declared purpose.

As such, this Policy’s Section VI on “What are the rights of UP People?” is not be applicable if the processed personal data are used only for the needs of scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject. However, this inapplicability shall only be to the minimum extent necessary to achieve the purpose of said research or investigation.

The Data Privacy Act and it’s Implementing Rules and Regulations shall not apply to specified information, only to the minimum extent of collection, access, use, disclosure or other processing necessary to the purpose, function, or activity concerned when personal information will be processed for research purpose, intended for a public benefit, subject to the requirements of applicable laws, regulations, or ethical standards adopted by UP Diliman.

(7) Patients, clients and customers
(a) Processing of medical, physical, psychiatric and psychological information of patients is necessary for the purpose of medical treatment: Provided, that it is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal data is ensured;
(b) Processing of Personal Data of clients and customers compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy wherein there is transparency in obtaining consent and proportionality in processing data.

(8) Alumni, donors and donees
(a) Alumni linkage purposes such as:
i. Upkeep of alumni database for alumni linkage and job placement;
ii. Knowing career paths and performance of alumni.
(b) Donation processing such as:
i. Legal requirements such as filing of tax returns and anti-money laundering requirements;
ii. Recording sources and uses of donations for transparency in the University’s funds.

(9) Contract counterparties, partners, subcontractors, outsourcees, licensors, licensees, lessors, lessees, vendors, purchasers and customers
(a) Timely realization of UP Diliman’s legitimate rights, interests, obligations and responsibilities in law, contract, equity or public policy;
(b) Compliance with the spirit and intent of UP Diliman in engaging the counterparty involved.

(10) Other persons with a juridical link with UP Diliman
(a) Any of the purposes above as applicable to the circumstances;
(b) For each particular UP Diliman unit, the purposes used by analogous bodies performing similar functions.

IV. How does UP Diliman process Personal Data and how long are Personal Data retained?

UP Diliman processes and retains Personal Data as necessary for the Purposes in accordance with:
(1) The Data Privacy Act of 2012, its Implementing Rules, and relevant issuances of the National Privacy Commission;
(2) The National Archives of the Philippines Act of 2007 its Implementing Rules, and relevant issuances of the National Archives of the Philippines;
(3) Policies, guidelines, and rules of the UP System and UP Diliman;
(4) Research guidelines and ethical codes of conduct adopted by the University of the Philippines Diliman; and
(5) Executive Order No.2, series of 2016 on Freedom of Information and subsequent related executive orders.

In the absence of an applicable rule of retention, Personal Data shall be retained by a UP Diliman unit in accordance with the practices of government bodies with analogous functions.

V. Where are Personal Data stored and how are these transmitted?

Personal Data are stored in physical and electronic “Data Processing Systems” of UP Diliman as defined under National Privacy Commission Circular No. 17-01, Personal Data are transmitted in accordance with Chapter III of the Data Privacy Act of 2012 and Rule V of its Implementing Rules and Regulations.

VI. What are the rights of UP People?

Under the UP Diliman Data Subject Rights and Responsibilities, UP People have the following rights:
(1) Right to be informed;
(2) Right to object subject to UP Diliman’s possible consequent failure to conduct academic, administrative and other functions or services;
(3) Right to access;
(4) Right to rectification;
(5) Right to erasure or blocking of Personal Data which are not part of UP Diliman’s public records as an instrumentality of the government or as the national university; and
(6) Right to damages which is subordinate to the non-liability of UP Diliman arising from the incidental damages due to UP Diliman’s pursuance of its mandates or compliance with its legal obligations.

VII. What are the responsibilities of UP People?

Under the UP Diliman Data Subject Rights and Responsibilities, UP People have the following responsibilities:
(1) Respect the data privacy rights of others;
(2) Report any suspected Security Incident or Personal Data Breach to UP Diliman through the contact information in this Policy’s Section on “The UP Diliman Data Protection Officer”;
(3) Provide the University of the Philippines (“UP”) true and accurate Personal Data and other information. Before submitting Personal Data of other people to UP, obtain the consent of such people;
(4) Not disclose to any unauthorized party any non-public confidential, sensitive or personal information obtained or learned in confidence from UP; and
(5) Abide by the policies, guidelines and rules of the UP System and UP Diliman on data privacy, information security, records management, research and ethical conduct. From time-to-time check for and comply with updates on these policies, guidelines and rules. UP Diliman’s policies on data privacy are at https://privacy.upd.edu.ph. For students, the UP System’s UP Privacy Notice for Students is at https://upd.edu.ph/studentnotice/.

VIII. Effectivity of this Policy

The UP Diliman Data Protection Officer may promulgate policies, guidelines and rules which are not inconsistent with this Policy.

If any part of this Policy is declared null and void, then the other unaffected parts shall remain in full force and effect.

IX. Definition of terms

“Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

“Sensitive Personal Information” refers to personal information:
(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
(3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or ern-rent health records, licenses or its denials, suspension or revocation, and tax returns; and
(4) Specifically established by an executive order or an act of Congress to be kept classified.

“Privileged information” refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.

“Security incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of personal data. It shall include incidents that would result to a personal data breach, if not for safeguards that have been put in place.

“Personal Data Breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. A personal data breach may be in the nature of:
(1) An availability breach resulting from loss, accidental or unlawful destruction of personal data;
(2) Integrity breach resulting from alteration of personal data; and/or
(3) A confidentiality breach resulting from the unauthorized disclosure of or access to personal data.

“Purposes” are the purposes of UP Diliman in processing Personal Data of UP People outlined in this Policy’s Section lion “What Personal Data are processed?”

“UP People” refers to students, parents, guardians, faculty, visiting faculty, staff, Research, Extension and Professional Staff (REPS), UP contractual personnel, Non-UP contractual personnel, retirees, applicant students, applicant faculty, applicant staff, researchers, research subjects, patients, clients, customers, alumni, donors, donees, contract counterparties, partners, subcontractors, outsourcees, licensors, licensees and other persons with a juridical link with UP Diliman.

“University of the Philippines Diliman” means the Diliman Constituent University of the University of the Philippines (“UP”), a university system entity established by Act No. 1870 and strengthened by Republic Act No. 9500. As UP is a single juridical entity and instrumentality of the government, all transmission and flow of information within the UP System, its constituent universities, and their respective units are neither sharing nor disclosure of information to third parties.

Any new or revised definition of any of the above terms under relevant laws shall accordingly supersede the definitions herein.

X. The UP Diliman Data Protection Officer

The UP Diliman Data Protection Officer, reporting to the UP Diliman Chancellor, is tasked to protect the privacy of personal information to, in, and from UP Diliman with the following functions:
(1) Comply with data privacy laws and regulations including implementing data protection measures, submitting regulatory requirements, and managing privacy incidents.
(2) Provide units of the University support services including formulating policies, training people, and conducting audits with remediation solutions.
(3) Prevent legal, financial, and operational risks by improving current and future forms, contracts, processes, and I.T. systems to secure against leakage of information.
(4) Develop in the University a culture of respect for privacy by formulating policies and establishing practices at par with domestic and international standards.

The UP Diliman Data Privacy Portal is at https://privacy.upd.edu.ph.

For data protection concerns or to report privacy incidents, please contact the UP Diliman Data Protection Officer through any of the following channels:

Address:
UP Diliman Data Protection Office
L/GF, Phivolcs Bldg.
C.P. Garcia Avenue
Diliman, Quezon City 1101

Landline: 8255-3561

Email: dpo.updiliman(at)up.edu.ph

Copies of other data privacy policies of UP Diliman are at https://privacy.upd.edu.ph/privacy-policies/.