(In accordance to REPUBLIC ACT NO. 10173 or DATA PRIVACY ACT OF 2012: An Act Protecting Individual Personal Information in information and communication systems in the Government and the private sector).
Sacred Heart Academy of Pasig Inc., (SHAP), adheres to protect the fundamental human right of privacy, of communication while ensuring protection and free flow of information to promote innovation and growth within the SHAP Academic Community and through the protection of the government of the Republic of the Philippines as may be mandated by law and this act.
To protect the freely given data collected from the parents/guardians/students necessary for the school’s effective operation. Consent shall be evidenced by written, electronic or recorded means.
SHAP abides by the parameters set by the Data Privacy Act as enacted as to the generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.
Personal Information on members of the SHAP Academic Community refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
I. Sacred Heart Academy of Pasig, Inc., in accordance with the Philippine Data Privacy Act (DPA) of 2012 which protects the right of individual to control information about themselves. It likewise subjects itself under the control of the National Privacy Commission (NPC). Thus, as mandated by law controls the collection, holding, processing or use of personal information, including the assigned personnel or agent who in its behalf instructs to collect, hold, process, use, transfer or disclose personal information may only do so as mandated by the Department of Education and as defined and expressed in the Data Privacy Law (R.A. 10173).
II. Goal
To adhere to the Data Privacy Law or R.A. 10173 and all the applicable stipulations contained therein.
III. Authorized School Personnel with the defined and limited access to the Data
A. School Registrar/Admin Personnel - Basic information of all students relevant to processing for registration and enrollment, as well as uploading to the Learner Information System of the Department of Education
B. Accounting Personnel - Information relating to updating and monitoring of payments of fees and the like
C. Office of the Principal - The use of collected data for academics that relates to instruction, grading system, reporting within and to reports submitted to the Department of Education
D. Medical/Clinic Personnel - Use of collated data for medical and dental check-up and monitoring of all students and personnel
E. Prefect of Discipline and the GCO - Specific information on the monitoring of students’ behavior and character development
F. IT Personnel - Management of Stored Data in the school’s servers and Edusuite school management system
G. HR Officer - Pertinent information on all the employees of the institution.
H. Data Security Personnel - Personnel appointed to oversee the implementation of the Data Privacy Act
IV. Procedure as to the securing or gathering of data (Chapter III Sec.11)
A. Upon enrollment of all new students thru the Registrar’s Office, the parents/guardians must:
1. Read and accomplish the Data Privacy Agreement Form.
2. Sign and submit the form to the Admin Office for filing.
B. Upon hiring of all new employees thru the HR Officer
1. Read and accomplish the Data Privacy Agreement Form for Employees.
2. Sign and submit the form to the HR Office.
V. Management of Data
A. Data shall be collected as per the requirement of the Department of Education as stipulated in Chapter III Sec. 12 and Sec. 13, Chapter IV Sec. 16 of R.A. 101273.
B. Gathered shall be filed or stored electronically thru the school’s computer servers and thru the Edusuite School Management System. Hard copies shall be stored as well in the Accounting and Finance Department. The same shall only be kept within the exclusive parameters of R.A. 10173.
C. Access to the data is only given to the personnel/offices mentioned above.
D. Access and use given to specific agents/offices are limited to the function of said agents/ offices.
E. Safeguard shall be given against the repeated gathering of information already in the database. There will be by no means that members of the community shall be asked again for data that were already been secured.
F. Scope (Chapter 1 Sec. 4 General Provisions: This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines subject to the immediately succeeding paragraph).
VI. Security and Protection of Personal Information
SHAP thru its authorized personnel shall secure and protect all collected data as mandated by law (Chapter V, Sec. 20) by implementing reasonable and appropriate organizational, physical and technical measures:
A. Against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.
B. Against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.
C. Against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability.
VII. Accountability
Sacred Heart Academy of Pasig Inc. and the above-mentioned personnel, take full accountability as required by law in handling or managing all data collected. The authorized personnel with access to the collected data are responsible for personal information under its control or custody. The personal information controller, as designated by the school director shall empower an individual or individuals who are accountable for the organization’s compliance with this Act.