PRIVACY Policy

2. Definition of Terms

3. What Type of Information We Collect

As an educational institution, DLSL operates in an environment where we collect information from multiple stakeholders.  We do this relatively in a variety of ways that best serve our legitimate interests and purposes for processing and managing personal information.  We want you to understand the types of information we collect as you engage with us.   If you choose to withhold personal data that we need to process, we may be unable, in some circumstances, to comply with our obligations and we will tell you about the implications of that decision.

There may be times when we receive unsolicited information about you even without our prior request or without us having taken active steps to collect that information, especially in a digital age where information may be transmitted easily and quickly.  In such cases, we will determine if it is our legitimate interest to collect that information and treat it in the same manner as information you personally provided to us.  Otherwise, we will immediately dispose of the information in a way that will safeguard your privacy.

3.1. Information Collected from Students (Prospective Applicants, Enrolled, Alumni)

We collect, acquire, obtain or generate personal information about students, their family and their personal circumstances in many ways.  These may come from filled-out forms, required supporting documents or written records, photographic images, video images, interviews, background check, digital or electronic media.

Non-Filipino citizens and students are also covered by the Act.  The law provides protection to the personal data of individuals being processed by the government and private institutions, inside and outside the Philippines.

For the case of minors, a student’s personal information may be obtained from the parent or legal guardian.

3.1.1.   Information Collected from Prospective Applicants

When you apply for admission with us, we collect, acquire, obtain or generate personal information and sensitive personal information about you.  Among others, these may include:

• Directory information such as name, email address, residential address, telephone number, mobile number and other contact details to help us reach you when necessary
• Personal characteristics like your photograph, date of birth, gender, civil status, nationality or ethnicity, language or dialect and even video images from our security surveillance cameras
• Social and financial circumstances like your family background, history and contact information, family income
• Academic information like previous schools attended, your academic performance, disciplinary record and conduct
• Health condition like medical records, medical certificates, current medications
• Safeguarding and special education needs, if and when applicable
• Employment information, if and when applicable
• Any or all information obtained through interviews and/or during admission or entrance tests/examinations

3.1.2.     Information Collected from Enrolled Students

When you are admitted and officially enrolled, and during the course of your stay with us, we may collect, acquire, or obtain additional information about you.  These include:

• Personal identification requirements for issuance and validation of your ID which includes your photograph, name, student number, emergency contact number
• Academic and/or curricular undertakings, classes you enroll in, academic/scholastic performance, attendance records and the like
• Co-curricular engagements such as service learning, volunteer and outreach and community involvement activities, internship/apprenticeship compliance
• Extra-curricular activities like membership in student organizations, leadership positions, participation/attendance in seminars, competitions, programs, outreach and community involvement activities, study tours/field trips/excursions
• Pastoral activities like participation in retreats and recollections, guidance and counselling activities
• Travel document information like passport details, visa issuances
• Disciplinary incidents that you may be involved in together with its sanctions
• Documentation of institutional activities through photographs and video recordings including those from installed security surveillance cameras
• Posterity and archive related activities like photographs used in the yearbook, file video recordings and other documentationNote: For cases when you supply us with personal data of other persons for the aforementioned circumstances and activities (e.g. emergency contact person), we will ask you to certify that you have obtained the consent of such persons before you provide us with their personal data. 

3.1.3.     Information Collected from Alumni

Upon graduation, students automatically become members of the DLSL Alumni Association (DLSLAA).  We may obtain or generate information about you to help us keep in contact with you and keep you abreast with DLSL news, events, products, services and opportunities to support the school.  These include:

• Contact information like residential address, telephone or mobile numbers
• Attendance and contact log sheets during homecoming related activities
• Visitor logs, identification cards whenever you enter the campus or if driving a vehicle, your driver’s license prior to issuance of an entry pass

You may opt-out or choose to be removed from the contact list if you want to stop receiving communication from the Alumni Office.  You may request for delisting your personal information at any time only after you graduate.

3.2.  Information Collected from Lasallian Partners (Job Applicants, Employed) 

DLSL treats its teaching and non-teaching employees as partners in the Lasallian Mission and are referred to as Lasallian Partners (LPs).  We collect, acquire, obtain or generate personal information about our LPs, their background, their family and their personal circumstances in many ways.  These may come from filled-out forms, required supporting documents or written records, photographic images, video images, interviews, background check, digital or electronic media. 

3.2.1.     Information Collected from Job Applicants

When you apply for a certain job or position with us, or if we seek to engage you for a particular service or work, we ask for your personal data through our Employment Application Form (EAP).  This form asks for the following, among others:

• Directory information such as name, email address, residential address, telephone number, mobile number and other contact details to help us reach you when necessary, including emergency contact details
• Personal characteristics like your photograph, date of birth, gender, civil status, nationality or ethnicity, language or dialect
• Social and financial circumstances like your family background, history and contact information, family income
• Academic information like previous schools attended, your academic performance
• Health condition like current medications taken
• Brief employment history
• Administrative or criminal record, if any

We also ask that you provide your resume or curriculum vitae (CV) together with other identification requirements and credentials like:

• Evidence of competency including Transcript of Records (TOR) and certified true copies of your diplomas, copies of training certificates, copies of examinations passed
• Evidence of skills and eligibility including professional licenses and certifications, if any
• Any or all information obtained or otherwise generated through interviews and/or during pre-employment screening, including those obtained from your indicated professional referees.

Upon the commencement of your engagement, or issuance of an employment offer, we may use information already in our possession to process your application for the new or different position.  Once you accept the job offer or agree to the terms of the proposed engagement, we will collect another set of information.  Among others, these may include:

• Certificate of Employment from previous employers, if any
• Barangay Clearance, Police Clearance, National Bureau of Investigation (NBI) Clearance
• Philippine Statistics Authority (PSA) Birth Certificate of the Lasallian Partner and dependents
• PSA Marriage Contract, if applicable
• Social Security System (SSS) ID or E1 or E4
• Pag-IBIG Member’s Data Form (MDF) and/or ID
• Pag-IBIG Member’s Change in Information Form (MCIF), if applicable
• PhilHealth Member’s Data Record (MDR) or ID
• PhilHealth Member Registration Form
• Tax-related supporting documents like Tax Identification Number (TIN) ID or Bureau of Internal Revenue (BIR) Form 1902 with stamp and BIR Form 2316
• Medical Clearance or Fit-To-Work Clearance
• Bank Account details necessary to facilitate the processing of your compensation
• Records relating to career history, such as recommendations from previous employers, training records, appraisals or other performance measures and, when appropriate, disciplinary and grievance records 

Most of the information collected and generated from the above listing shall be part of your 201 File.  

3.2.2.     Information Collected from Lasallian Partners While Employed 

After joining DLSL and during the course of your employment or engagement with us, we may also collect, acquire, obtain or generate additional information about you, including the following:

• Results of your Annual Physical Examination (APE), including confirmatory test results should there be significant medical findings and subsequent medical certificates or doctor’s clearance
• Membership to faculty and staff associations
• Membership to the DLSL Cooperative, including your account standing
• Information and other data that may be used in processing loan applications
• Information and other data that may be used in insurance claims
• Information about your performance evaluation
• Information about administrative and disciplinary cases, including sanctions
• Other data like images or video recording of activities that you participate in, via official documentation of such activities
• Video recording or footage from security surveillance cameras within the campus premises
• Information about membership and attendance to professional organizations and their programs, activities, conferences and trainings
• Travel document information like passport details, visa issuances and other immigration information
• Biometric information and other pertinent information relative to access control and security

We may collect additional information from you through other reasonable means as the need arises and for as long as it is within the bounds of the Act, lawful, fair and proportional to the purpose for which it will be used.  Should there be circumstances that require specific or specialized processing of your information, other than those listed here, we shall seek your consent upon collection 

3.2.2.1.      Academic Freedom and Privacy for Faculty

As DLSL is an academic institution, there is a unique concept of academic freedom that sets faculty apart from other Lasallian Partners and requires the realization of such academic freedom including privacy.  Faculty have an expectation of privacy on their academic work that is reasonable in the conduct of their professional activities as educators.  As an educational institution, DLSL has a responsibility to affirm and support academic freedom for its faculty in order for faculty to act as educators and as scholarly, scientific and academic researchers.  However, there are limitations to such privacy that may be breached for extraordinary and unavoidable circumstances, including, among others:

• Force majeure or acts of nature, fire, water leaks that threaten to destroy property and information that would necessitate invasion of privacy of office space
• Computer system or network problem that would require technicians to examine files and bits of data to either analyze or effectuate repair of a problem that might involve an invasion of the digital files and digital footprints
• Court order or judicially sanctioned search warrant that might compel school authorities to grant access to or examine offices and laboratories including information technology and digital devices
• Complaint or report of behavior that would be illegal that could lead to an investigative body being granted access by a legitimate authority to what otherwise would be considered as private 

3.3.  Information Collected from Parents 

Apart from collecting and processing data from students, we also collect, acquire, obtain or generate personal information about parents/carers (check this) or legal guardians, including special aides for students with physical disabilities or persons with disability (PWDs). through a variety of methods.  These may come from This may be done through a variety of methods like filled-out forms, written records, photographic images, video images, interviews, surveys, return slips, digital or electronic media, and letters or emails sent to DLSL, minutes of meetings, parent-teacher conferences.

There are several categories of information that we collect from parents which may, among others, include the following:

• Information about your dependent student or pupil if you are acting on their behalf including the student’s personal information, characteristics, medical, social, physical and mental circumstances.
• Contact information like address, telephone number, mobile number, email address
• Information about your family’s financial circumstances
• Information about your attendance to school sponsored activities
• Information about your personal preferences in surveys
• Court orders or Barangay Protection Orders for parental custody issues
• Information about your account with the school, including outstanding balances, promissory notes, both in manual and electronic form
• Security logs when you visit or enter the campus premises while requiring you to deposit a proof of identity for verification purposes. If entering the campus with a vehicle, we take note of the vehicle details, plate number and require a deposit of the driver’s license or any valid ID
• Video footage recorded on our security surveillance cameras installed inside the campus

While majority of the student information you provide to us is mandatory, some of it is provided to us on a voluntary basis.  We will inform you whether you are required to further provide us with student information and seek your consent and if you have a choice in this.

3.4.  Information Collected from Visitors and Guests 

DLSL welcomes its visitors and guests and at the same time, respect privacy rights of visiting individuals which is equally important and paramount as our aim of keeping the campus safe and secure for everyone. When you visit DLSL, we collect basic information about you, asking you to sign our security logbook and requiring you to deposit a proof of identity (ID) for verification purposes.  For those with vehicles, we take note of the vehicle details, plate number and require you to deposit your driver’s license or any other valid ID.  Video footage is also being recorded by our security surveillance cameras installed inside the campus.

3.5.  Information Collected from Vendors, Suppliers and Service Providers

When doing business or engaging with DLSL, we treat the individual privacy of our vendors, suppliers, service providers or representatives from such entities as we treat our visitors. We collect basic information about you, asking you to sign our security logbook and requiring you to deposit a proof of identity (ID) for verification purposes.  For those with vehicles, we take note of the vehicle details, plate number and require you to deposit your driver’s license or any other valid ID.  Video footage is also being recorded by our security surveillance cameras installed inside the campus.

More so, there may be additional information that the school needs prior to engaging or during our engagement with you.  Such information may contain personal information of personnel and staff within your organization.  Additional information may include the following:

• Company organizational chart including a list of board of directors and management team
• Certification coming from clients including contact person and telephone numbers
• Incorporation documents and business permits including registration documents from the Securities and Exchange Commission (SEC), or the Department of Trade and Industry (DTI), Articles of Incorporation, Bureau of Internal Revenue (BIR) Registration, Value Added Tax Registration (BIR Form 2303), Authority to Print Official Receipt from BIR, SEC/DTI Business Name Registration, Philippine Contractors Accreditation Board (PCAB) license, Certifications of Technical Staff and Authorized Signatories
• Proof of remittance of mandatory government agency dues, like SSS, PagIBIG, PhilHealth

Short of an exhaustive list, additional information may also be collected on a case to case basis depending on the level of engagement or service level agreement.

3.6.  Information Collected from Donors, Benefactors and Sponsors 

We collect basic information about our donors, benefactors and sponsors, which is limited to relevant contact information including name, address, email address, facsimile number, telephone number and mobile numbers to help us get in touch with you or the organization you represent.  Should you or your organization’s representative visit the campus, we will be asking you to sign our security logbook and requiring you to deposit a proof of identity (ID) for verification purposes.  For those with vehicles, we take note of the vehicle details, plate number and require you to deposit your driver’s license or any other valid ID.  Video footage is also being recorded by our security surveillance cameras installed inside the campus. 

3.7.  Information Collected during Sanctioned Institutional, Academic and Non-academic Activities

There are multiple activities and events that happen inside and outside the campus which are academic, non-academic and institutional in nature.  As such, there are basic personal information that we collect to facilitate documentation and the actual conduct of the activity, program or event.

During such events, programs or activities, the information may be collected by our faculty and staff, members of accredited student organizations, third-party partners and/or sponsors using a variety of methods including written records of attendance, filled-out forms, photographic images, video images, interviews, surveys, raffle coupons, digital or electronic media.

The information that we collect may include the following:

• Names and relevant contact information including addresses, email address, telephone or mobile numbers
• Personal preferences
• Event, activity or program evaluation including evaluation of facilitators and organizers
• Minutes of meetings and other related documentation in both manual and electronic format
• Documentation done by school staff or student organizations via interviews, photographic images and video recordings

3.8. Information Collected from School Service Operators

Most families prefer to commission a school service operator or other modes of public conveyance to ferry students to and from the campus.   We like to make it clear that such arrangement or agreement excludes DLSL in such engagements and is between the family and the school service operator.  However, we may require those school service operators or operators of public conveyance to provide us with a manifest or a list of passengers.

3.9. Information Collected From Other Sources

We may collect and hold personal information about our stakeholders from other sources including:

• Previous schools attended
• Local authorities or from social services
• Health professionals
• Donors, sponsors and benefactors
• Department of Education (DepEd) or the Commission on Higher Education (CHED)
• Technical Education and Skills Development Authority (TESDA)
• Civil Service Commission (CSC)
• Professional Regulations Commission (PRC)
• Legal Education Board (LEB)
• Integrated Bar of the Philippines (IBP)
• Previous employers
• Local parish

Also, there may be times when we receive unsolicited information about you even without our prior request or without us having taken active steps to collect that information, especially in a digital age where information may be transmitted easily and quickly.  There are also instances when your personal correspondence, mails, parcels and packages is received by a representative or authorized agent of the school on your behalf. In such cases, if permitted or required by law, we will determine if it is our legitimate interest to collect that information and treat it in the same manner as information you personally provided us.  Otherwise, we will immediately destroy, dispose or de-identify the information when practicable, lawful and reasonable to do so in a way that will safeguard your privacy. (RIGHT TO BE INFORMED OF THE DATA SUBJECT; CLARIFY, in practice data subject is informed of the unsolicited information received)

3. What Type of Information We Collect

4.1. Purpose 

In order to carry out our public task and mandate as an educational institution, together with our ordinary duties to staff, students, parents and other stakeholders, DLSL needs to process a wide range of personal data about individuals (including current, past and prospective staff, students or parents) as part of its daily operation.

Some of these activities we need to carry out in order to fulfil our legal rights, duties and/or obligations – including those under a contract with our staff, the parents of our students.  We will make sure that we carry out our legitimate interests without overriding the fundamental rights and freedoms of our stakeholders and that this is proportionate to the delivery of services.

Other uses of personal data will be made in accordance with DLSL’s legitimate interests, or the legitimate interests of an affiliate provided that the benefits of such engagement outweighs the impact on individuals and their privacy.

We expect that the following uses will fall within the category of our institution’s “legitimate interests”:

4.1.1.   For the delivery of education 

• To support student learning
• To provide online training and other educational technology programs
• For purposes of student selection (and to confirm the identity of prospective students and their parents
• To provide education services, including music education, physical training, career services, and extra-curricular activities to students
• To monitor students’ academic or scholastic progress and other educational needs
• To determine academic progress and compliance with the school’s retention rules
• To enable students to take part in national or other assessments
• To process entries to public examinations, schools, colleges or universities
• To maintain and administer industry relations services for on-the-job training, apprenticeship or internship
• To process interested individuals in scientific and academic research opportunities

4.1.2.  For provision of educational support and related services

For the administration and management of the school and its resources we need to:

• To assess the quality of our services
• To evaluate, maintain and administer scholarship and other financial aid services
• To manage student, faculty and staff accounts with the school
• To process website account and other digital account registration
• For the purpose of donor due diligence, and to confirm the identity of prospective donors and their background and relevant interest
• For processing academic awards, scholarship applications, grants and other forms of assistance
• To enable relevant authorities, including accreditation agencies, to monitor the school’s performance and to intervene or assist as appropriate
• To maintain and administer school services like counseling, information technology help desk / help line, library, sports/recreation
• To maintain and administer school health services for student, faculty and staff
• To obtain insurance for the school, for its students and its faculty and staff
• To monitor (as appropriate) use of DLSL’s information technology and communications (ITC) systems in accordance with the school’s Acceptable Use Policy for both student and staff

4.1.3.   For the exercise of the school’s pastoral responsibilities

• To safeguard students’ welfare and provide appropriate pastoral care including guidance, counselling and health care
• To promote the Lasallian ministry and develop accompaniment programs in the form of retreats and recollections for students, faculty and staff
• To maintain discipline

4.1.4.   For communication and documentation

• To enable, process and maintain relationships with stakeholders and the school community, including direct communication, marketing or fundraising activity, tracer studies for alumni
• To publicly recognize achievements, accomplishments and celebrations. In this case, any individual may opt-out by informing the concerned department within the school
• To publish the results of public examinations or other achievements of students of the school
• To process registration for sports, cultural, educational and other school sanctioned events
• To send information about DLSL offerings which may be of interest to you
• To make use of photographic images of students, faculty, staff, parents and other stakeholders in official school publications, on DLSL’s website and (where appropriate) on the school’s official social media channels for marketing and promotional purposes

4.1.5.   For statistical research, other research studies and archival purposes

• For the purpose of management planning and forecasting, research and statistical analysis including that imposed or provided for by law and research ethics
• For plagiarism detection through online plagiarism detection services
• To undertake market research, obtain appropriate professional advice
• To maintain an archive of documents and events for future use

(Please see Privacy Notice Annex 1 – Use of Personal Data in Research)

4.1.6.   For ensuring the safety and security of our stakeholders

• For issuance of ID cards, car pass stickers or gate passes and other necessary modes of access control through Radio Frequency Identification (RFID), biometrics and possibly facial recognition
• For prevention and investigation of malicious acts using closed-circuit television (CCTV) or security surveillance systems, in accordance with DLSL’s CCTV policy
• For the overall management of parking, transportation, and mobility

4.1.7.   For complying with our legal and contractual obligations

• To comply with the law regarding data sharing
• To exercise and carry out our legal and contractual obligations with third-parties, service providers and vendors
• To carry out or cooperate with any school or external complaints, disciplinary or investigation process

4.1.8.   For the administration of human resources

• To perform employment related tasks including background investigations, confirmation of academic credentials and professional certifications
• To administer performance evaluation, compensation and benefits to the Lasallian Partner and their respective dependents
• To provide services in times of emergencies
• To determine the fitness of a Lasallian Partner to work, information about the health or sick leave status from health care providers where permitted by applicable law

In addition, DLSL will on occasion need to process sensitive and privileged personal data (concerning health, ethnicity, religion, biometrics or sexual life) or criminal and civil records information in accordance with rights or duties impose on it by law, such as safeguarding and employment, or from time to time by explicit consent where required.  These reasons include:

• To safeguard students’ welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s best interests to do so. Such case may include medical advice, for social protection, safeguarding, and cooperation with police or social services, for insurance purposes or to caterers or organizers of school trips who need to be made aware of dietary or medical needs
• To monitor the physical (including dental), mental and emotional health of students, faculty and staff and for purposes of establishing fitness to work and study at DLSL and administer interventions whenever necessary
• To provide educational services in the context of any special educational needs of a student
• To run any of its systems that operate on biometric data, such as for security and other forms of identification, including those that are activated by smart IDs (library, concessionaires, lockers, etc.)
• As part of any school or external complaints, disciplinary or investigation process that involve such sensitive personal information, health or safeguarding elements
• For legal and regulatory purposes like child protection, diversity monitoring, health and safety, and to comply with our legal obligations and duties of care

As an employer or potential employer, DLSL needs to keep and process information about you for recruitment and employment purposes.  The information we hold and process will be used for our management and administrative use only.  We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully, fairly and appropriately.  We process your information during the recruitment and selection process, while you are working with and for us, and at the time your employment ends and after you have left.  This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the school and protect our legal position in the event of legal proceedings.

4.2. Lawful Basis

We are guided, among others, by the following lawful basis on which we collect and process personal information:

• The Education Act of 1982 (Republic Act No. 232)
• The Higher Education Act of 1994 (Republic Act No. 7722)
• The Data Privacy Act of 2012 (Republic Act No. 10173)
• The Cybercrime Prevention Act of 2012 (Republic Act No. 10175)
• The Anti-Bullying Act of 2013 (Republic Act No. 10627)
• The Family Code of the Philippines (Executive Order No. 209)
• The Department of Education’s (DepEd) 2010 Revised Manual of Regulations for Private Schools in Basic Education
• The Commission on Higher Education’s (CHED) Manual of Regulations for Private Higher Education

We also consider the following as a basis for authorized processing:

4.2.1.  Consent

We make sure that for purposes other than those listed in this Policy, in such cases where we will process sensitive personal data, we shall seek your consent prior to the collection and processing of data, or as soon as practicable and reasonable and that it shall be undertaken according to a declared, specified and legitimate purpose.  This consent may be withdrawn.

The consent may also be given or withdrawn by lawful representatives, authorized agents, heirs and assigns of the stakeholder.

Let us remind you, however, that most of the school’s processing is mandated by law and may be done without consent especially if the processing is essential for us to perform our public task of education and for data in a learner’s educational/academic/scholastic record.

(Please see Privacy Policy Annex 3 – Obtaining Consent)

4.2.2.   Contractual obligations

In most engagements that we undertake, we need to fulfill obligations under a contract or agreement that may require disclosure of personal data of those executing the contract on behalf of DLSL, including the provisions stated in the contract when it is necessary to collect and process personal information relative to the execution of the contract or service level agreement.

4.2.3.   Legal obligations

We will collect and process data as provided for by statutory mandates, existing laws and regulations where consent is unnecessary and that guarantees the protection of personal data.

4.2.4.   Protection of Vital Interests

We will collect and process data if it is important to the vital interests of our stakeholders, including the life and health of an individual or another person, and in such cases when the stakeholder involved is incapable to express consent due to prevailing vital conditions.

4.2.5.   Medical Treatment

We will process personal data when it is necessary for medical treatment, provided that processing is carried out by a medical practitioner or institution, and an adequate level of protection of personal data is in place and ensured.

4.2.6.   Other Lawful and Non-commercial Objectives

We will process personal data for as long as processing is confined to the members of a public organization, an association, an affiliate, without disclosure of the data to other third parties, and consent was obtained prior to processing

4.2.7.   Public Order and Safety

We will process personal data in order to respond to a national emergency or to comply with the requirements of public order and safety, as prescribed by law

4.2.8.   By Virtue of Public Authority

We will process personal data if it is for the protection of lawful rights and interests of persons in court proceedings or legal claims, or when provided to public authority for the fulfillment of the constitutional or statutory mandate of a public authority to carry out a task that’s in the  public interest.

Note, however, that data privacy rights have exemptions especially if it is related to criminal, administrative or tax liabilities or for purposes of investigations in relation to any extent necessary to achieve the purposes of said investigation.

 

4. Why We Collect Information And Why We Need To Process Personal Data

5. How We Collect Personal Information

DLSL collects information in a number of ways, including:

• In person and over the phone, from students and their family, from staff, from volunteers, from visitors, from job applicants, from vendors or service providers and other paper-based and online processing systems
• From electronic and paper documentation, including job application forms, emails, invoices, enrollment forms, letters to our school, consent forms, survey forms, return slips, membership forms
• From our school’s website and its attached online service facilities, including the Learning Management System (LMS), student and partner’s portals like the Student Management System (SMS) and the Advanced Human Resources Information System (AHRIS)
• From free online cloud services like Google, Google Education, YouTube and the like
• From our school-controlled and moderated social media channels
• From apps and other software used by the school
• From submitted and evaluated work and performance in fulfillment of academic or scholastic requirements
• Through image, audio and video recording equipment during institutional activities and events, including live streams
• Through interviews, closed-door conferences, parent-teacher conferences, minutes of meetings
• Through statement of accounts from third-party affiliates like the DLSL Cooperative, canteen concessionaires and the like
• Through enrollment with affiliated third-party service providers and the use of their services
• Through any closed-circuit television (CCTV) or security surveillance cameras located inside the campus
• Generated through submitted supporting documents like photocopies of identification cards (government-issued or otherwise), copies of documents from government agencies

At times, when we collect information about you, we will take reasonable steps to advise you of certain matters.   This includes the purpose of the collection, how to access, update and correct information held about you.  For information about students and their families, a collection notice and consent form will be sent to parents acting on behalf of a minor or to mature minor students as needed.

 

6. How We Disclose, Transfer or Share Personal Information

As part of our legitimate interests as an educational institution, we need to transfer and/or share personal information within and across school departments and offices relevant to the processes involved.

To the extent permitted or required by law, there are also occasions where DLSL may disclose, share or transfer personal information outside of DLSL such as third parties, affiliates and trusted businesses in order to carry out its primary mandate as an academic institution, employer, and contracting party. This is done to comply with legal obligations, perform its contractual obligations to you and protect your interests in order to pursue its legitimate interests and/or that of a third party engaged by DLSL to provide services on our behalf.  We disclose such information when required by law or with your consent.  We also take reasonable steps to require third parties who receive your information to uphold your right to data privacy and to provide an adequate level of data protection or any other appropriate confidentiality and security measures, whenever necessary.  In doing so, we make sure that we adhere to the following guidelines:

• The transfer or sharing has your consent, when needed
• The transfer or sharing is governed by approved contractual clauses or an arrangement providing an adequate standard of data protection and third parties performing functions for us are informed regarding appropriate handling of your personal information
• The transfer or sharing is necessary for the performance of a contract with another person or company/service provider, which is in your interests
• The transfer or sharing is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract

DLSL abstains from renting, selling or sharing personal information about you with other non-affiliated people, entities or third parties.   In general, we will disclose or share your information to non-affiliates only with your consent or under the following circumstances:

6.1.  Legal obligations as educational institution and reportorial obligations as employer

We submit reports to and receive or generate information from government agencies as part of our statutory mandates.  Among the government institutions and regulatory bodies whom we share information with are the following:

• Department of Education (DepEd)
• Commission on Higher Education (CHED)
• Technical Education and Skills Development Authority (TESDA)
• Legal Education Board (LEB)
• Philippine Board of Nursing (PBN)
• Professional Regulations Commission (PRC)
• Department of Labor and Employment (DOLE)
• Social Security System (SSS)
• Home Development Mutual Fund (HDMF/PagIBIG)
• Philippine Health Insurance Corporation (PhilHealth)

6.2.  Contractual obligations

We provide the information to trusted partners who work on behalf of or with DLSL under confidentiality agreements.  However, such partners are devoid of any independent right to share this information.  Among those under this category are the following:

6.2.1.  Industry Partners

We share personal information in relation to executing our contractual obligations with our industry partners especially for health and wellness monitoring, on-the-job training, internship, apprenticeship and the like.  This includes sharing it with partner hospitals, academe-industry linkage members and other similar organizations

6.2.2.   Benefactors, donors and sponsors

The school shares personal information to its partners in making education accessible to the less fortunate.  This includes current and prospective individuals and/or organizations who are willing to support our scholarship programs.

6.2.3.   Essential service providers

We also share personal information with some of our essential service providers including:

• Learning Management System (LMS – currently Canvas)
• Email account platform (Currently Google)
• Smart identification (Smart ID) enablers
• Technical infrastructure integrators and other cloud service providers
• Banks and payment centers
• Insurance companies and insurance brokers
• Safety and security agencies

6.3.  Accreditation and ranking agencies

We share information with entities or organizations for accreditation and ranking purposes.  This may include the Philippine Accrediting Association of Schools, Colleges and Universities (PAASCU), the Commission on Higher Education (CHED), the Department of Education (DepEd) and QS World University Rankings.

6.4.  Legitimate interests of the school in sports activities

We may provide academic records of students to sports organizations where DLSL is a member or where the school actively participates such as the National Collegiate Athletic Association (NCAA), Southern Tagalog Regional Athletic Association (STRAA) and other organizers of inter-school athletic activities

6.5.  Parents and guardians

We may share personal data with parents, guardians, or next of kin provided that it is within the bounds of the Act and with respect to the provisions of the Education Act of 1982 and the Family Code of the Philippines, or as may be required by law, or on a need-to-know basis as determined by the school in order to promote and protect your best interests, to protect your health, to ensure safety and security of yourself and of others

(Please see Privacy Notice Annex 2 – Parental Access to Personal Data and Records of Students)

6.6. Public consumption

We may use file photographs, video images and other information in order to promote the school including its activities and events through marketing or advertising collaterals/materials such as brochures, website postings, newspaper advertisements, physical and electronic bulletin boards, radio and other media.   This also includes live streaming of major institutional events using the school’s official social media and technology platform.  However, in such cases, the school reserves the right to limit the availability of our facilities to the public for live streaming. Should there be instances where a school sanctioned activity is streamed live using an individual’s personal data subscription and posted on a personal social media page, the school shall disavow such streaming and the responsibility lies solely on the live streamer.

We may also post public announcements, distribute lists or rosters of our students to recognize their achievements.  This includes posting of honor rolls, dean’s lists, roster of graduating students, board and bar passers, entrance exam passers and the like

6.7. Law enforcement and local authorities

We will share personal information outside of DLSL if we have a good-faith belief that the access, use, preservation or disclosure of the information is reasonably necessary to:

• Meet applicable law, regulation, legal processes, or enforceable governmental requests, judicially sanctioned search warrants, court orders, subpoenas, or to exercise our legal rights or defend against legal claims
• Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law
• Protect against harm to the rights, property or safety of DLSL and its stakeholders, or the public as required or permitted by law

6.8.  International Transfer and Sharing of Personal Information

DLSL may transfer information outside of the Philippines for travel administration to facilitate travel arrangements and coordination for students and affiliated travelers such as the case of internships abroad under the Hospitality Management Program, participation in international contests, conferences, trainings and cultural exposures.

Personal information may also be collected from non-Filipino students and individuals subject to contracts or agreements that governs such travels or programs of student exchange.  As such, non-Filipino nationals are governed by the provisions of the Data Privacy Act of 2012.

Although data protection laws differ between countries, all reasonable steps will be taken to protect your privacy in accordance with applicable data protection laws.

 

7.    How We Store and Retain Personal Information

We make it a practice to store and transmit data securely in a number of ways, including manual paper and electronic formats, including databases that are shared between and among the different units or offices of the school    Access to personal data is limited to the respective school staff who have legitimate interest in the for the purpose of carrying out their contractual duties.  We shall only collect and store personal information that is necessary to achieve our legitimate purposes and/or when permitted by law.

Unless otherwise provided by law or by appropriate school policies, the basic academic records for individual students are kept permanently and in perpetuity by the school, with more detailed records kept for defined retention periods.  Each unit or office processing personal data have their respective retention policies, after which, all affected records will be securely disposed of.

There are also some categories of data that we retain for historical, archival and statistical purposes, unless otherwise provided by law or by applicable school policies.

8.    How We Keep Your Information Secure

DLSL shall exercise every practicable and reasonable means to protect personal information and ensure the security of personal data about individuals through appropriate organizational, physical and technological measures.  This includes policies around the use of technology and devices and the access to school systems.  All faculty and staff will be made aware of these policies and their duties under the Data Privacy Act of 2012 and receive relevant training.

Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidelines and in accordance with the duty of confidentiality.

9.    What Rights You Have As A Data Subject

You are entitled to the following rights with regard to your personal data:

9.1. Right to be informed

As a data subject, you have the right to be informed whether your personal information shall be, are being or have been processed.

9.2. Right to object

You can object to the processing of your personal data by the school in certain circumstances, including the sending and receipt of direct marketing material

9.3. Right to access

You have the right to gain reasonable access to your personal data

9.4. Right to data portability

You have the right to manage your personal data and to transmit your date from one personal information controller to another

9.5. Right to correct or the right to rectification

You have the right to dispute any inaccuracy or error in your personal data and have the personal information controller correct it immediately, unless the request is vexatious or unreasonable

9.6. Right to block / remove / erasure / be forgotten

You have the right to suspend, withdraw, or order the blocking, removal or destruction of you personal data.  This only applies when there is no legitimate reason for DLSL to continue processing the personal data in question.  The school reserves the right to keep basic a basic record of a student in perpetuity in accordance with law.

9.7. Right to file a complaint

You have the right to lodge a complaint if you are the subject of a data privacy violation

9.8. Right to be indemnified

You have the right to claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights as a data subject

Note: There may be circumstances where data subject rights may be limited.  For example, if fulfilling the data subject request may expose personal data about another person, or if the request involves deletion of data which we are required to keep by law.

10.    How To Contact Us

Should you wish to exercise any of your rights, or should you have any concern or question regarding them, this Privacy Policy, or any matter involving the school and data privacy, you may contact the Data Protection Office at:

Questions: dpo@dlsl.edu.ph
Complaints: alert.dpo@dlsl.edu.ph
Online: https://www.dlsl.edu.ph/privacy
Address: 4^th Floor Mabini Building, De La Salle Lipa

ANNEX 1

USE OF PERSONAL DATA IN RESEARCH

Students, faculty and staff are permitted to process personal data only for use in connection with their academic studies or research.  They may do this only with the express prior permission of their supervising faculty and staff and with the permission of the Research and Publications Office in accordance with their guidelines and Code of Practice in force at that time.  This applies regardless of whether those activities are carried out on officially owned school equipment or otherwise and regardless whether the research is carried out within or outside the campus premises.

This means that personal data must be:

• Fairly and lawfully obtained and processed in a clear and transparent way
• Kept to the minimum possible, proportional to the purpose for which it will be used
• Used only for the specified and legitimate purpose
• Accurate and up-to-date
• Held securely
• Anonymized or pseudo-nymized where possible
• Never published, put online or taken outside of the country without explicit consent of the individual concerned
• Deleted or destroyed securely once tabulated and processed and once it is irrelevant to retain it

The individuals who own such personal data have the right and are entitled to inspect the data and should be released in such a way that the personal data of other individuals concerned are uncompromised.

Students, faculty and staff needing to process personal data for academic or research purposes must make themselves aware of the general requirements of the Data Privacy Act of 2012 and its Implementing Rules and Regulations, and in particular, must abide by the data protection principles.

Students, faculty and staff who fail to comply with the above may be held personally liable for any resulting breaches of the Data Privacy Act of 2012.

ANNEX 2

PARENTAL ACCESS TO PERSONAL DATA AND SCHOOL RECORDS OF STUDENTS
(MINORS AND THE AGE OF MAJORITY)

The rights under the Data Privacy Act of 2012 belongs to the individual to whom the data relates.  However, there are cases when the school often relies on parental consent to process personal data relating to minors (if consent is required) unless, given the nature of the processing in question, and the age, maturity and understanding of the minor, it is more appropriate to rely on the minor’s consent.

Parents should be aware that in such situations, consultation may be unnecessary, depending on the interests of the minor student, the parents’ right at law or under their contract, and all the circumstances.

In general, consent is unnecessary for ordinary disclosure of the student’s personal data to their parents, like for the purposes of keeping parents informed about the minor student’s activities, progress and behavior, and in the interests of the student’s welfare, unless, in the school’s opinion, there is good reason to do otherwise.

However, should a minor student seek to raise confidentiality concerns with a member of the faculty and staff and expressly withholds their agreement to their personal data being disclosed to their parents, the school may be under an obligation to maintain confidentiality, unless there is a good reason to do otherwise, for example where the school believes disclosure will be in the best interests of the minor student and other minor students, or is required by law.

Minors may make a request to access their own personal data or school records, provided that they have sufficient maturity to understand the request they are making.   A person with parental responsibility we be generally entitled to request on behalf of the minor, but the information in question is always considered to be the student’s at law.   A minor of any age may ask a parent or other representative to request for access on their behalf.  More so, (if of sufficient maturity) the student’s consent (mature minor consent) or authority may need to be sought by the parent making such a request.

It should be clearly understood that the rules on access to personal data and school records of minors may just be one of the bases on which information requests are handled.  Parents may be devoid of a statutory right to information, but they and others, will often have a legitimate interest or expectation in receiving certain information about their students without the student’s consent.   The school may consider there are lawful grounds for sharing with or without reference to the student.

Parents will in general receive educational and pastoral updates about their children.  Where parents are separated, the school will in most cases aim to provide the same information to each person with parental responsibility, but may need to factor in all the circumstances including the express wishes of the child.

All information requests from, on behalf of, or concerning minor students, – whether made under such requests as provided for in the Education Act of 1982 and the Family Code of the Philippines, will therefore be considered on a case-to-case basis.

In cases where the student reaches the age of majority, under the Education Act of 1982 (Batas Pambansa Blg. 232), the student, subject to the limitations under law and regulations, the “right of access to his own school records, the confidentiality of which the school shall maintain and preserve.” Likewise, the same law gives the parents whose children are enrolled in the school, the “right to access to any official record directly relating to the children who are under their parental responsibility.” On the other hand, the Family Code provides that parental authority and responsibility is exercised over unemancipated children, and under existing jurisprudence, unemancipated children are those less than the legal age of 18 years old.

Thus, strictly speaking, the consent of the student who is 18 years old and above, is required for the continued access of the student’s school records, which includes grades in exams and subjects. (Source: NPC Privacy Wall)

ANNEX 3

OBTAINING CONSENT

Consent promotes trusted relationships when collecting or using personal information, especially if it involves using sensitive personal information.  It informs individuals about the purpose and use of personal data so they can decide if they want to provide the personal data or participate in a particular activity.

Obtaining consent should be guided by the following:

• The purpose is described and displayed clearly and prominently
• Asks individuals to positively opt-in, in line with good practice
• Give individuals sufficient information to make a choice. If your consent mechanism consists solely of an “I agree” box with no supporting information, then users are unlikely to be fully informed and the consent is considered invalid
• Describe how individuals can revoke their consent
• Outline consequences, if any, of opting out
• Communicate what DLSL will do to ensure the security of personal information

1. When is obtaining consent required?

Obtaining consent when collecting personal data is considered a “best practice” if there is pertinent information or there are rights, risks, or benefits that need to be clearly communicated to individuals in order for them to decide if they want to provide the personal information or participate in an activity.  Certain laws may also require DLSL to obtain consent before collecting personal data or asking individuals to participate in an activity.

Consent is obtained specially if there is a need to process Sensitive Personal Information (SPI) like:

• About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations
• About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings
• Issued by government agencies peculiar to an individual which includes, among others, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns, and
• Specifically established by an executive order or an act of Congress to be kept classified

2. What are the legitimate uses of SPI without consent?

There are certain exemptions when processing of SPI where consent is non-obligatory.  Among them are:

• To carry out specific obligations or rights of DLSL or the data subject in employment
• To protect the vital interests of the individual or another person when the individual is physically or legally incapable of providing consent
• For legal defense
• For various healthcare-related reasons, including assessing fitness to work of an employee, when the individuals involved in processing have duties of confidentiality
• For various specified public health reasons
• For archiving, scientific or historical research or statistical purposes
• If processing relates to personal data which the individual manifestly makes public

3. What are the basic elements of consent? 

Basic consent should include the following elements in understandable language:

• Name and contact information of the individual overseeing data collection
• The primary and supplemental purpose and use of personal data
• A clear and simple way for individuals to indicate they agree to the collection and processing of their personal information

Bundling or grouping it with other items where consent is non-obligatory must be avoided.  Never compel or force individuals to agree to several different purposes and uses of personal data or activities.  There should be at least one lawful basis and purpose for collecting and processing personal information:

• Necessary for the performance of a contract to which the individual is part of or to take steps at the data subject’s request prior to entering into a contract
• For compliance with a legal obligation
• To protect the vital interests of the individual or another person
• Carried out in the public interest or as required by a public authority
• Necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party as long as the purpose protects the interests and fundamental rights and freedoms related to the protection of personal data
• The individual has given consent for the specific purpose

ANNEX 4

STANDARD CONSENT LANGUAGE

This language is for the collection of personal data that REQUIRES consent.

De La Salle Lipa
[insert DLSL Unit Name]
Consent for Collection and Processing of Personal Information

By continuing through this process, you are consenting to De La Salle Lipa’s use of data about you for the purpose of [brief description of the lawful basis and purpose of processing]

Data records will be maintained for at least their minimum required retention according to applicable DLSL retention policies.

DLSL may share your data with other units around DLSL that have a business and legitimate reason to use or access the data.  DLSL may also share your data with [names of third-party sub-processor, and a brief description of the reason]

Even after you give your consent, you may ask to see your data or request to have your data corrected or erased. You may also object to or request restrictions on how your data will be processed. You may ask that your data be forwarded or transferred to another organization. Finally, you may withdraw your consent without penalty. If you do decide to withdraw consent at a later date, your withdrawal will not change the fact that your data has been processed legally up to that point.

For more information, please contact [name of DLSL unit head processing the data].

ANNEX 5

NOTIFICATION OR CONSENT WORKFLOW