The University of the Philippines (UP) is committed to comply with the Data Privacy Act of 2012 (DPA) http://www.officialgazette.gov.ph/2012/08/15/republic-act-no-10173/ in order to protect the right to data privacy of all those who provide UP their personal data through the UP Press Online store purchase form.
This notice explains in general terms the purposes, and legal bases, for the processing of personal and sensitive personal information (personal data) that UP collects from you, the measures in place to protect your right to data privacy and your rights under the DPA.
The term UP/University/us refers to the University of the Philippines System and Constituent University (CU) offices.
The term you/your refers to persons who make online purchases from the UP Press at https://press.up.edu.ph/store/cart/checkout
We require you to provide your first and last name, email address, mobile number and billing address in the Philippines, recipient’s name and delivery address in the Philippines, the book/(s) you wish to buy, in order to process your purchase, calculate delivery costs via post, provide you with a receipt and deliver the book(s) ordered after UP has received your payment as confirmed or reported by the proper UP office/(s) in coordination with our third party service provider, communicate with you regarding your purchase, official receipt, and other related information and in order to comply with applicable laws, rules and regulations including the UP Charter, National Internal Revenue Code, Commission on Audit and BIR issuances.
We are authorized to process such information under Sec. 12 of the DPA which allows the processing of personal information that is necessary: (b) ...and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract; (c) for compliance with a legal obligation to which the personal information controller (UP) is subject; (e) ...to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; and (f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller.
UP may also process your personal data in order to:
a. compile statistics and conduct research, subject to the provisions of the DPA, and applicable research ethics guidelines, in order to carry out its mandate as the National University;
b. comply with other applicable statutory and regulatory requirements, including directives, issuances by, or obligations of UP to any competent authority, regulator, enforcement agency, court, or quasi-judicial body;
c. To establish, exercise, or defend legal claims;
d. To fulfill other purposes directly related to the above-stated purposes; and
e. For such other purposes as allowed by the DPA and other applicable laws.
When you pay UP using your Visa credit card, your credit card information is processed by a third-party government depositary bank, the Development Bank of the Philippines for the benefit of UP through its payment gateway. Such is done pursuant to 12 (b) of the DPA which allows the processing of personal information when such “is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract”.
Disclosures may also be made by UP in order to comply with lawful orders of public authorities, to establish, exercise, or defend legal claims; and to make disclosures that are otherwise permitted by applicable laws, rules and regulations. Rest assured that the information you provide us through UP’s online form (excluding the credit card information that you may provide to and is processed by the DBP as stated above) is securely stored by UP’s third party cloud service provider.
UP shall retain and provide measures for the secure storage of your personal data for as long as the above purposes for processing such data subsist, in order to establish or defend legal claims, or as otherwise allowed or required by the DPA and other applicable laws and issuances.
UP has put in place reasonable and appropriate security measures to protect your right to privacy and is committed to reviewing and improving the same. Rest assured that only duly authorized personnel are allowed to process your personal data.
UP takes reasonable and appropriate steps to require its third party service providers who process your personal data to uphold your right to data privacy.
You have the right to access and correct personal data being processed by UP about you. You may access and/or correct your personal data submitted through the online store form by contacting the UP Press through the following:
a. Via post
U.P. Press Building,
E. delos Santos St.
U.P. Diliman, Quezon City
b. Through the following landlines
(632) 89266642 & (632) 89284391 local 111
c. Through email
In order for UP to see to it that your personal data are disclosed only to you, we will require the presentation of your UP ID or other valid government issued ID (GIID) or other IDs or documents that will enable UP to verify your identity. In case you process or request documents or information through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information, and your UP ID or other valid government-issued ID (GIID), as well as the valid GIID of your representative.
Aside from the right to access and correct your personal data, you have the following rights subject to the conditions and limitations provided under the DPA and other applicable laws and regulations:
a. The right to be informed about the processing of your personal data through this and other applicable privacy notices.
b. The right to object to the processing of your personal data, to suspend, withdraw or order the blocking, removal or destruction thereof from our filing system. Kindly note however that, as mentioned above, there are various instances when the processing of personal data you have provided is necessary for us to comply with UP’s mandate, statutory and regulatory requirements, or is processed using a lawful basis other than consent.
c. The right to receive, pursuant to a valid decision, damages due to the inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, taking into account any violation of your rights and freedoms as a data subject and
d. The right to lodge a complaint before the National Privacy Commission provided that you first exhaust administrative remedies by filing a request with the proper office regarding the processing of your information, or the handling of your requests for access, correction, blocking of the processing of your personal data and the like.
We encourage you to visit the site where this notice is posted from time to time to see revisions to this privacy notice. We will alert you regarding changes to this notice through this site.
For queries, comments or suggestions regarding this privacy notice or data privacy concerns please contact the University of the Philippines System Data Protection Officer through the following:
a. Via post
c/o the Office of the President
2F North Wing Quezon Hall
(Admin Building) University Avenue,
UP Diliman, Quezon City 1101
b. Through the following landlines
(632) 89280110; (632) 89818500 loc. 2521
c. Through email