Personal Information

We collect the following personal information from you when you manually or electronically answer questions from our online application and feedback forms:

1. I. Online Application

1. • 1. Personal Data
        • Full Name
        • Gender
        • Civil Status
        • Date of Birth
        • Religion
        • Photo
     2. Place of Birth
        • City/Town
        • Province/Region/State
        • Country
        • Country of Citizenship
     3. Contact Details
        • Address
        • Home Phone Number
        • Email Address
     4. Intended Course at APC
     5. Educational Background
     6. Family Background
     7. Statement of Integrity
        • Illnesses or diseases
        • Willingness to submit to random drug-testing

II. Feedback from Parents

• • • Parent’s Name
    • Email
    • Concern
    • Message

III. General Inquiries

• • • Name
    • Email
    • Subject
    • Message

Use 
The personal information that you provide will solely be used for documentation purposes within Asia Pacific College (APC). It will not be disclosed to any third party. The information will be used by the school to properly assist the students in their application. Moreover, feedback, questions, and concerns will be redirected to the concerned APC representative so that these can be properly addressed.

Website Analytics 
APC’s website analyzes web traffic data. Data is not shared to any third party. Only non-identifiable web traffic data are analyzed, namely your IP address, the search terms you used, the pages and internal links accessed on our site, the date and time you visited the site, geolocation, the referring site or platform (if any) through which you clicked through to this site, your operating system, and your web browser type. The website currently has an “implied consent” option which automatically enables website cookies to access small pieces of data which would improve your browsing experience.

Protection Measures 
Only authorized APC personnel are given access to the personal information that you have voluntarily shared. These will be stored in the school’s database.

Access and Correction 
You may request for a copy of any personal information that we have about you. If you notice anything that needs correction, you may freely inform us about this, and we will apply the necessary changes. In order to do so, please contact our Data Privacy Officer at lorenar@apc.edu.ph.

You can also contact us at:

Tel No: (632)8852.9232 local 505

SCOPE

This document is composed of Asia Pacific College’s (APC) policies and procedures on proper collection, processing, and management of employee and student personal information in accordance with Republic Act 10173, or the Data Privacy Act (DPA) of 2012.

INTRODUCTION

The Data Privacy Act (DPA) of 2012, or Republic Act 10173, is an act that aims to protect an individual’s personal information in information and communications systems of the government and private sector.

“It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected” (DPA of 2012, Chapter I. Sec. 2. Declaration of Policy).

Personal information collection, processing, and disclosure are allowed, provided that an institution complies with the requirements of the DPA and other laws in adherence to the principles of transparency, legitimate purpose and proportionality [Based on the “Implementing Rules and Regulations (IRR) of the DPA of 2012”]:

1. Transparency. Processing of personal data shall be known to the data subject, who must be informed about the nature, purpose, method, and extent of processing, his or her rights as data subject and how these can be exercised, and the identity and contact details of the personal information controller.
2. Legitimate purpose. The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.
3. Proportionality. The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose.

Rights of the Data Subject (IRR of the DPA of 2012, Rule VIII.)

TYPES OF INFORMATION COLLECTED

APC collects and maintains student and employee “personal data” as part of its records management process. “Personal data” is “the term used when referring to personal information, sensitive information, and privileged information,” (IRR DPA of 2012).

The following are types of “personal data” collected in APC:

1.  Complete Name
2.  Current and/or Previous Address
3.  Contact details (e.g. mobile and/or landline number, personal e-mail address)
4.  Date and Place of Birth
5.  Age
6.  Civil status
7.  Citizenship
8.  Religion
9.  Identification Numbers and Information:

10.  Educational Background
11.  Diploma/certificate of Completion
12.  Certificate of Good moral character
13.  Birth certificate
14.  Picture
15.  Form 137 and 138
16.  Transcript of Records or certified true copy of grades for transferees and 2nd degree students
17.  Course description for transferees and 2nd degree students
18.  DepED voucher
19.  NCAE result
20.  Family background and information
21.  Skills and Achievement
22.  Student Medical History

    a. Consultation details
    b. vital signs
    c. diagnosis
    d. laboratory test results [as applicable]

23. alumni employment history
24. internship history
25. tracer study details
26. disciplinary records
27. Government examinations passed
28. Employment Records for both teaching and non-teaching experiences
29. Character References
30. Medical Exam Results (after given explicit consent from employee to view)
31. Other types of personal information collected over the course of stay in APC

Page 3 APC Data Privacy Policy Version 1

PROCESSING OF PERSONAL DATA

APC adheres to the general principles of transparency, legitimate purpose, and proportionality in the processing of employee personal data and information (Rule IV. Sec. 18, IRR, DPA of 2012).

COLLECTION OF PERSONAL DATA

The College has the right to collect pertinent data and information of members of the APC community as it deems necessary and important, provided that the DPA of 2012 is not violated, following the general principles in collection, processing, and retention.

1. IRR of the DPA of 2012, Rule IV. Data Privacy Principles, Sec. 19: “Collection must be for a specified and legitimate purpose
2. Only authorized personnel of the college shall be allowed to collect personal data.
3. Purpose of Personal Data Collection (Employee):

a. APC uses employee data for personnel administration, work, and general management purposes. For example, APC needs this information to administer compensation and benefits, performance evaluation and reviews, learning and development, promotion and succession planning, and to maintain efficient and effective records management.

b. APC may also use employee information in confidential references in connection with applications for employment or further education or financial references; where an employee is undertaking further study which the College has paid for, or made a financial contribution toward an employee’s professional growth, development, and achievement.

c. APC may also use employee information in order to publicly recognize one’s achievements, accomplishments and celebrations.

d. APC may also share employee information with third party contractors, who perform services on our behalf, such as health-related services, technology-related services, reviewing and developing our business systems, procedures, and infrastructure (including testing or upgrading of our computer systems), the provision and administration of legal and accounting advice, insurance, retirement funds, and employee benefits. Finally, for human resources purposes, APC may also share employee information with the client(s) to whom you are assigned to provide services.

e. APC may also share employee information with other higher education institutions, government agencies, and other regulatory bodies such as, but not limited to, accrediting agencies for the verification of employee personal data held by the college.

4. Purpose of Personal Data Collection (Student):

a. Process application for admission, scholarship, financial assistance, student and alumni identification card, and student organization, etc.
b. Provide access to learning resources [ LMS – Moodle, Office365, etc.]
c. Academic and non-academic related activities [enrollment, grades encoding, etc.]
d. Notifications on academic and non-academic concerns [financial related matters, scholarships, career opportunities, etc.]
e. Student profiling, including psychological results
f. Alumni tracking and tracer study
g. Internship to employment tracking
h. Graduate directory
i. Presentation and publication of exemplary output and achievements
j. Printing of student permanent record of courses and subjects taken, leading to certificate, diploma, or degree
Page 4 APC Data Privacy Policy Version 1
k. Submission to law enforcement and government policies as required by enrollment and graduate reports to agencies
l. APC will require you to sign a random drug testing and non-fraternity/sorority waivers as applicable.
m. APC may also use your information in:

• confidential references in connection with your applications for scholarships, contests, coordination with parents, accreditation reports, etc.
• order to publicly recognize your achievements, accomplishments, and celebrations.

n. APC may also share your information:

• with a third party, like our industry partners for internship and employment opportunities, and other agencies who perform services on our behalf, such as health-related services, technology-related services, community extension services, activities implementation, reviewing and developing our business systems, procedures and infrastructure (including testing or upgrading our computer systems).
• with other higher education institutions, government agencies, and other regulatory bodies such as, but not limited to, accrediting agencies for the verification of your personal data held by the college;
• with our partners in empowerment and development for the implementation and documentation of our NSTP and outreach programs [e.g. bloodletting activities, coastal cleanups, community immersion, etc).
• with your parents and guardians for monitoring the performance of the students and other related activities.

5. APC will also validate the “captured/recorded” images from the CCTV camera as needed.

6. APC may also share information to individuals or institutions conducting research on members of the college’s community subject to the ff:

• Compliance to the existing policies of the college
• Research ethics review and approval [as applicable]; and
• Approval of the President

RECORDS KEEPING and RETENTION

1. IRR of the DPA of 2012, Rule IV. Data Privacy Principles, Sec. 19: “Personal Data shall not be retained longer than necessary.

2. The personnel records and data shall be stored inside the HR office or an approved secure storage facility off-site.

3. Official personnel and other records shall only be retained and stored in the HR Office for a maximum of five (5) years. All documents, which have collected and stored in the HR Office beyond the prescribed period, shall be disposed immediately

4. The student records shall be stored at the Registrar’s office. Physical and digital permanent student records shall be retained/secured perpetually while other supporting documents shall be discarded a year after they graduate. Likewise, physical and digital supporting documents of AWOL students will only be retained within 10 years.

5. All documents, which have collected and stored beyond the prescribed period shall be disposed immediately.

6. The disposal of records and data shall be performed by the concerned office with the use of approved disposal methods.

Page 5 APC Data Privacy Policy Version 1

DISCLOSURE OF DATA AND INFORMATION

1. IRR of the DPA of 2012, Rule IV. Data Privacy Principles, Sec. 20: “General principles for Data Sharing. Further Processing of Personal Data collected from a party other than the Data Subject shall be allowed under any of the conditions stipulated in DPA of 2012.

2. Only authorized personnel of each unit, who was assigned by the Executive Director, are allowed to collect, handle, and view personal records and other pertinent data, information, or documents, which are in any way related to any previously or currently employed faculty or staff of the College. Proper handling of data and records should always be practiced by authorized personnel.

3. Each unit of APC has the right to use data and information collected for whatever it deems necessary and vital to its official business and development only as approved by the President.

4. Disclosure of data and information shall only be done through proper and official means with approval of the Executive Director.

12. QUESTIONS OR CONCERNS

12.1 For questions or concerns on the policies and procedures stipulated in this privacy policy, students and other parties can contact the APC Privacy Officer @lorenar@apc.edu.ph