UP Press

UPP logo maroon v2
Menu
Menu

PRIVACY NOTICE FOR THE UNIVERSITY OF THE PHILIPPINES PRESS

INTRODUCTION
The University of the Philippines (UP) is committed to comply with the Data Privacy Act of 2012 (DPA) http://www.officialgazette.gov.ph/2012/08/15/republic-act-no-10173/ in order to protect the right to data privacy of all those who provide UP their personal data through the UP Press Website contact form.
This privacy notice explains:

(1) the nature, purpose/(s) and extent of the processing of your personal data;
(2) the legal basis/(es) for such processing;
(3) the risks associated with such processing and the measures that UP has put
in place to protect your data privacy; and
(4) your data privacy rights and how you may exercise the same.
The term UP/University/us refers to the University of the Philippines System and
Constituent University (CU) offices, any of its offices, or any of its officials or authorized
personnel.

PERSONAL DATA COLLECTED THROUGH CONTACT FORM SUBMISSIONS
We collect the following personal data when you submit a contact form:

  • First and last name
  • Email address
  • Mobile number

PURPOSES AND LEGAL BASIS FOR PROCESSING
The personal data collected is processed for the following purposes:

  1. To respond to your inquiries or requests submitted via the contact form.
  2. To communicate updates or provide information related to your inquiry.
  3. To comply with applicable laws, rules, and regulations.

The legal basis for processing this data includes:

  • Sec. 12(b) of the Data Privacy Act (DPA): Processing is necessary for the fulfillment of a contract or to take steps at the request of the data subject prior to entering into a contract.
  • Sec. 12(c) of the DPA: Compliance with a legal obligation to which the personal information controller is subject.
  • Sec. 12(f) of the DPA: Processing is necessary for legitimate interests pursued by the personal information controller.

RETENTION OF PERSONAL DATA
Your personal data will be retained only for as long as necessary to fulfill the purposes outlined above or as required by law.

DATA PROTECTION MEASURES
We implement appropriate physical, organizational, and technical measures to safeguard your personal data from unauthorized access, disclosure, alteration, or loss. These measures include:

  • Secure storage of data on third-party cloud service providers.
  • Access control measures ensuring only authorized personnel process personal data.
  • Regular assessments of privacy and security measures.

While we strive to protect your personal data, no security system can guarantee absolute protection. In the event of a data breach, we will address the issue in compliance with the DPA and related regulations.

RETENTION OF YOUR PERSONAL DATA

UP shall retain and provide measures for the secure storage of your personal data for as long as the above purposes for processing such data subsist, in order to establish or defend legal claims, or as otherwise allowed or required by the DPA and other applicable laws and issuances.

DATA PRIVACY RISKS AND MEASURES TO PROTECT YOUR PERSONAL DATA

The University of the Philippines (UP) is committed to protecting the personal data you provide through its contact forms. UP recognizes the risks associated with data processing, such as breaches of confidentiality, data integrity, and unauthorized access. To address these risks, UP has implemented the following measures:

  • Physical Measures: Restricted access to facilities where personal data is stored, including physical security mechanisms.
  • Organizational Measures: Ensuring only authorized personnel, who have signed non-disclosure agreements and require access to perform their duties, can process personal data. Regular privacy impact assessments are conducted to identify and address risks.
  • Technical Measures: Using secure technologies, such as encryption, multi-factor authentication (MFA), and content delivery networks (CDN). UP also conducts regular vulnerability and penetration testing to ensure system security.

While these measures are robust, no system is entirely immune to risks such as targeted cyberattacks or malware. UP has adopted a data breach response plan, aligned with the Data Privacy Act (DPA) and National Privacy Commission (NPC) guidelines, to handle any security incidents effectively.

SECURITY INCIDENT RESPONSE PROCEDURES
In the event of a security incident or data breach, UP follows strict protocols, including:

  1. Reporting and assessing the incident using standardized forms.
  2. Notifying the National Privacy Commission (NPC) and affected individuals when required.

These procedures ensure that both UP-affiliated users and non-UP customers are informed and protected in case of data breaches.

GUIDELINES FOR DATA SECURITY
To help protect your personal data, UP advises all users—both UP-affiliated and non-UP customers—to take the following steps:

  1. Use strong passwords for email accounts and online portals.
  2. Enable two-factor authentication (2FA) on your email accounts when possible.
  3. For UP-affiliated users, use your official UP email account for communications and transactions involving UP.
  4. Avoid submitting personal data over public or unsecured networks. If unavoidable, use a virtual private network (VPN) for added security.
  5. Keep all account credentials, such as email login details, confidential.

For more information, including step-by-step instructions on securing your accounts, please refer to UP’s official advisories (View Advisory).

NON-UP CUSTOMERS
If you are a non-UP customer submitting a contact form, your personal data is treated with the same level of protection and processed solely for responding to your inquiries or requests. Any data you provide will be stored securely and retained only for as long as necessary to fulfill its intended purpose or as required by law.

ADDITIONAL RESOURCES
For detailed information on UP’s data protection policies and response procedures, please refer to the UP Data Privacy Website.

REVISIONS TO THIS PRIVACY NOTICE AND DATA PRIVACY QUERIES

This privacy notice has been amended due to the change in UP’s third-party service provider (from the Development Bank of the Philippines to the Land Bank of the Philippines) and to ensure compliance with the provisions on privacy notices outlined in NPC MC 2023-4.

We encourage you to visit the UP Privacy Policies Homepage for updates on this and other privacy notices that may apply to you. Changes to UP’s privacy notices will be reflected on this site.

For queries, comments, or suggestions regarding this privacy notice or any data privacy concerns, please contact the University of the Philippines System Data Protection Officer through the following channels:

a. Via post:
Office of the President
2F North Wing, Quezon Hall (Admin Building)
University Avenue, UP Diliman, Quezon City 1101
Philippines

b. Via landline:
(632) 8928-0110; (632) 8981-8500 loc. 2521

c. Via email:
dpo@up.edu.ph