This is in line with our commitment to upholding the highest standards of data privacy and protection for our students, faculty, staff, and other stakeholders. With this seal, we continue to ensure that all personal data within our care is handled with the utmost responsibility and integrity.
Stay tuned for more updates as we continue to prioritize and enhance data privacy measures across our campuses.
PRIVACY NOTICE
(STUDENTS OF SUNN)
The STATE UNIVERSITY OF NORTHERN NEGROS (SUNN) is committed to protect and respect your personal data privacy. All personal data collected are processed in adherence to the general principles of transparency, legitimate purpose, and proportionality as stated in the Data Privacy Act of 2012.
COLLECTION AND USE
We collect the following personal information physically and/or electronically from you when you register or enroll in this University:
• Full name
• Parents Occupation, Company, and Company Address
• Civil Status*
• Parents Educational Attainment*
• Birth date*
• Parents Address
• Birth place
• Parents Contact No.
• Nationality
• Parents Marital Status*
• Tribal Affiliation*
• Parents Annual Income
• Religion*
• Spouse Full Name (if married)
• Dialect
• Spouse Occupation, Company, and Company Address (if married)
• Address
• Spouse Education Attainment (if married)*
• Email Address
• Guardian’s Full Name (if applicable)
• Contact No.
• Guardian’s Educational Attainment (if applicable)*
• Academic Background*
• Guardian’s Occupation, Company, and Company Address (if applicable)
• Parents Full Name
Note: * – Sensitive Personal Information
Further, SUNN may obtain, hold and process information relating to physical and mental health of students, images of students from CCTV and from the documentation of events of the University.
SUNN holds the personal data and sensitive personal information of its students in order to implement and manage all services and processes relating to students, including student recruitment, admission, registration, teaching and learning, examination, graduation and other services such as accommodation, student support services and careers. Only information required for these purposes is obtained and processed, and without it the University may not be able to provide its services. Information is passed between various offices of the University for operational reasons as is necessary and proportionate for intended purposes.
Processing activities may also be carried out under a legal obligation (eg: disclosing personal information to external agencies under statutory powers), where it is necessary to protect the vital interests of the student or another party (eg: disclosure to external parties to ensure the safety and wellbeing of individuals), where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (eg: collecting or disclosing information in order to meet regulatory or statutory requirements), or where it is necessary for legitimate interests pursued by the University or a third party (the legitimate interests will relate to the efficient, lawful and proportionate delivery of services and will not be detriment to the interests or rights of individuals). Where any of these legal bases do not apply, the consent of an individual to process their personal data will be sought.
Graduate Tracer Surveys
After a student graduates, the University may contact the student to fill in the Graduate Tracers Form. Students may also be contacted as part of an audit to check that the University has undertaken the survey properly.
It is not a requirement for students to take part in any of these surveys, but participation on this assists the University, as well as government and regulatory bodies, in performing their statutory, official and public duties. For students who do not want to take part in any of these surveys, you may contact the University Data Protection Officer.
Monitoring of IT Systems and Accounts
The University may monitor usage of its IT systems and access user information on its systems and networks that is normally private. Any institutional monitoring or access will comply with the Data Privacy Act of 2012. Where necessary any access or monitoring will be justifiable, fair and proportionate, and will be in line with the University’s Data Privacy Policies.
Student use of Personal Data
Student members of the University are permitted to process personal data only for use in connection with their academic studies or research.
They may do this only with the express prior permission of their supervising member of staff, and only in accordance with any guidance or Code of Practice issued by the University and in force at that time. This applies whether or not those activities are carried out on equipment owned by the University and whether or not they are carried out on University premises. This means that the personal data must be: fairly and lawfully obtained and processed; used only for specified and legitimate purposes; accurate and up-to-date; held securely; kept to the minimum possible and anonymized or pseudonymized where possible; not published, put online or taken outside of the Country without the consent of the individual concerned; and be deleted or destroyed when it is no longer relevant to retain it. The individuals about whom data are held are entitled to inspect the data unless it is held only for research purposes and will not be released in such a way as to identify the individuals concerned.
Students needing to process personal data for academic or research purposes must make themselves aware of the general requirements of the Data Privacy Act of 2012, and in particular must abide by the data protection principles. Students can do this by obtaining a copy of the SUNN Data Privacy Manual, and further relevant information from their supervising member of staff.
Students who fail to comply with any guidance in force may be held personally liable for any resulting breaches of the Data Privacy Act of 2012.
THIRD PARTY TRANSFER
The University may disclose student’s personal information to external agencies to which it has obligations; eg: the Commission on Higher Education, the Department of Budget and Management (DBM), and potentially other such organization/agency for defined purposes. It may also disclose personal information to examining bodies, legal representatives, the Philippine National Police, service providers, survey and research organizations engaged by the University, and regulatory authorities.
SUNN may also disclose or transfer personal data such as:
- journalistic publication such as news information in University publications, and/or social media sites;
- internal research or surveys for institutional development;
- sharing of information with accrediting body (eg. Philippine Association of State Universities and Colleges or PASUC);
- compliance with court orders and/or other legal obligations;
- distribution of list of graduates and awardees in preparation for and during commencement exercises;
- live-streaming of University events;
- use of images and videos to promote the University, its activities and events, through marketing or advertising materials (including website posts);
- sharing of student’s academic and non-academic accomplishments to schools the student came from upon request;
- publishing names and photo of students with academic and non- academic achievements in website, school bulletin boards, social media sites, and other publications;
- sharing of student’s personal data with parents, guardians, or next of kin, as required by law, or on any basis determined by the University to promote the student’s best interests, or to protect the health, safety and security or the students or that of others;
posting of class schedules, class lists, scholarship grants, financial aid in school bulletin boards, or other places within the campus;
provide list of students to Supreme Student council to enable it to provide appropriate services to students.
PROTECTION MEASURES
Only authorized SUNN personnel will have access to your personal information. Student records that contain personal information is stored in a variety of paper and electronic formats (databases and/or secured file cabinets/records room). Records will be disposed based on the records disposition schedule of the University in accordance with the National Archives of the Philippines Act of 2007 (RA 9470) – General Records Disposition Schedule. On disposal, physical records shall be disposed of through shredding, while digital files will be deleted in a secure manner (using data destruction standards: British HMG IS5 (Infosec Standard 5)/ American DoD 5220.22-M/ or the Gutmann method which features a 35- pass overwrite).
ACCESS AND CORRECTION
Individual Rights
Individuals whose personal data and sensitive personal data is held by the University have the following rights regarding their data:
- Right to be informed
- Right to Access
- Right to Correct/Rectify
- Right to Erasure/Blocking
- Right to Object
- Right to Damages
- Right to Data Portability
- Right to File a Complaint
All requests to exercise any of these rights should be made to the Data Protection Officer of the University.
You have the right to ask for a copy of any personal information we hold about you, as well as to ask for it to be corrected if you think it is wrong. To do so, please contact:
Data Protection Officer
STATE UNIVERSITY OF NORTHERN NEGROS
Old Sagay, Sagay City, Negros Occidental E-mail us at [email protected]
