Data Privacy

 

 

 

PROCEDURE ON PERSONAL DATA SHARING

 

  1. ON DISCLOSURE AND SHARING OF PERSONAL INFORMATION FOR RESEARCH PURPOSES:
    1. institutional research (e.g. performance of the SHS for the past two years, as commissioned by OVRAA to the RCSSEd)
      1. letter of request must be addressed to the DPO, stating the purpose of the institutional research, duly signed by the concerned Office(s) (e.g. Research Cluster Head and OVRAA)
      2. the DPO approves the request and forwards the approved request to the concerned PICs
      3. the PICs, in coordination with STePs, must only share the depersonalized information of those who agreed in the Privacy Information for Data Subjects, which states “ I agree to share my depersonalized information to academic researchers who may request for such, instituting measures that will not allow me to be individually identified”
    2. academic requirement of undergraduate / graduates courses (e.g. system that updates students about current activities of the Campus Ministry, research on the academic performance of SHS as requirement in Graduate Research)
      1. letter of request must be addressed to the PIC (e.g. Office of the Registrar) explaining the purpose of research, personal data to be requested, etc., duly signed by the researcher and his/her research adviser, endorsed by Dean of the Faculty/College the offers the research course.
      2. attachment must include a Memorandum of Agreement (MOA) or Non-Disclosure Agreement (NDA) signed between a) researchers and their adviser and b) concerned Offices of the Deans.
        Note: The MOA or NDA stipulates the responsibility of the requesting party in ensuring the confidentiality of the depersonalized information, which includes, storage, usage, retention, disclosure/sharing, and disposal
      3. Should the PIC find the request valid, based on its operational guidelines, he/she endorses the request to the DPO.
      4. DPO further reviews the request before final approval.

 

B. ON DISCLOSURE AND SHARING OF PERSONAL DATA FOR MARKETING PURPOSES / USE OF A SOFTWARE PREPARED BY A THIRD-PARTY:

      1. Letter of request for approval addressed to the DPO explaining the purpose of sharing data to a third party, duly signed by the concerned PICs and the third-party recipient of Personal Information;
      2. Attachment must include a MOA/NDA signed between a) PICs and PIPs and b) third party that uses the personal information
        Note: The MOA/NDA stipulates the responsibility of the requesting party in ensuring the confidentiality of the depersonalized information, which includes, storage, usage, retention, disclosure/sharing, and disposal
      3. DPO further reviews the request before final approval.

2/F Main Building, UST España Boulevard, Sampaloc, Manila, Philippines 1015  |  +63-2-731-3119 , +63-2-406-1611 loc. 8219 • Telefax +63-2-781-1823  |  secgen@ust.edu.ph