Note: This DPA clause shall be reflected in all digital/electronic, or printed communication, documents and forms that require the processing of personal data.
In observance of Data Privacy Act 2012, Sacred Heart School – Hijas de Jesus uses your personal data to pursue its legitimate interests as an educational institution for purposes within the bounds permitted or required by law.
It is understood that the Data Privacy Act imposes stricter rules for the processing of sensitive personal information and privileged information. Sacred Heart School - Hijas de Jesus is fully committed to abiding by those rules.
SACRED HEART SCHOOL-HIJAS DE JESUS is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and charge. This policy is intended to provide information on what personal data is gathered by the school about its current, past, and prospective faculty, staff, personnel, students and parents; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in accordance with the Philippine Republic Act No. 10173 or the Data Privacy Act of 2012(DPA) and its Implementing Rules and Regulations (DPA-IRR). The school sets out its data protection practices and put in place to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act. This Data Privacy Notice and Consent Form may be amended at any time without prior notice, and such amendments will be notified to you via official channels.
The school collects, stores, and processes personal data from its current, past and prospective data subjects -faculty, staff, personnel and students, from the application stage to the whole course of stay in the school.
- Contact information, such as, name, addresses, telephone numbers, email addresses and other contact details.
- Personal information, such as date and place of birth, nationality, immigration status, religion, student ID, etc.
- Family background, including information on parents, guardians, siblings, etc.
- Photographic and biometric data, such as, photos, CCTV videos, handwriting and signature specimens
- Student's school works, including data gathered using third party online learning tools.
- Health records, psychological evaluation results, disciplinary records, and physical fitness information
- Student Cumulative Guidance Folder, which includes interviews, entrance exam results, guidance assessments, special needs, exclusions/behavioral information, etc.
- Permanent Student Academic Records, including transcripts and the academic history of the student.
- Student extra-curricular activities
- Financial and billing information
- Contact information, such as, name, addresses, telephone numbers, email addresses and other contact details.
- Personal information, such as date and place of birth, nationality, immigration status, religion, student ID, etc.
- Family background, including information on parents, guardians, siblings, etc.
- Photographic and biometric data, such as, photos, CCTV videos, handwriting and signature specimens
- Professional Information such as academic degrees, professional affiliation, skills, seminars and trainings attended, etc.
The purpose/s of the processing of personal data shall be disclosed to the data subjects such that they can freely express their consent each time they are requested to share their personal information.
Processing of data is conducted for different purposes which include the following:
- Processing of admission, application and student selection (and to confirm the identity of prospective students and their parents)
- Verifying authenticity of student records and documents
- Processing of enrollment and registration
- Research supporting student learning, and validating students’ program of study based on curriculum requirements, and other activities and experiences forming part of the students formation and education
- Supporting the students’ well-being and providing medical services and guidance counselling
- Monitoring and reporting on student progress; processing of evaluations, exam results, and grades
- Monitoring and ensuring the safety of all students within the school campus
- Processing and generating statements of accounts
- Documentation of students’ data
- Providing Library services, running an outreach program, etc.
- Processing of application and selection of faculty, staff, personnel (and to confirm their identity and background)
- Verifying authenticity of records and documents
- For accreditation, professional development of teachers and staff, and research, e.g., evaluation studies by the research desk, action research by teachers, etc.
Personal data under the custody of the school shall be disclosed only to authorized recipients of such data. Otherwise, we will share your personal data with third parties other than parents and/or guardian on record, only with your consent, or when required or permitted by our policies and applicable law, such as with:
- Regulatory authorities, courts, and government agencies, e.g., Department of Education, the Philippine Accrediting Association of Schools, Colleges and Universities (PAASCU), a service organization which accredits academic programs that meet commonly accepted standards of quality education,
- Service providers who perform services for us and help us support your learning, monitor and report on your progress, manage the operations of our school.
Where the school considers it necessary or appropriate, for the purposes of data storage, processing, providing any service or product on our behalf to you, or implementing an academic linkage program, we may transfer your personal data to third parties within or outside of the Philippines, under conditions of confidentiality and similar levels of security safeguards.
We are putting in place organizational, administrative, technical, and physical security measures to safeguard your personal data. Only authorized personnel have access to your personal data, the exchange of which (mainly within campus) is facilitated through email and paper files. Should third parties need access to your personal data, we require a non-disclosure agreement and/or a data sharing agreement with them, in compliance with the DPA and the DPA-IRR. Documents and digital files are securely stored: employing physical security to safeguard the paper files and technical security to protect the digital files.
We keep your paper and digital files only for as long as necessary.
- The Permanent Student Academic Records are kept by the Basic Education (BED) Records Office or the Registrar’s Office.
- The BED Admissions documents are kept for five years.
- Application forms and documents of unsuccessful applicants are kept by the Registrar's Office for five years.
- The Student Cumulative Guidance Folders are kept by the Student Development Center for five years after completion/graduation.
- Student school works are kept for two years, but, in a few cases, selected student works may be retained for 5 school years as exemplars.
- Student disciplinary records are stored by the Decorum Office for five school years after completion/graduation.
- The class records are kept for one year after graduation.
- Non-academic records, e.g. extra-curricular activities, contact forms, etc. are kept for five school years.
- Financial and billing information are kept by the Finance Office for 10 school years.
- The Clinic retains health records for five years after completion/graduation.
- CCTV cameras are the responsibility of IT in-charge; some cameras have memory for two weeks of CCTV videos, and older ones for less. The cameras run continuously on a rolling basis, where older videos are overwritten as the memory fills up.
When your personal data is no longer needed, we take reasonable steps to securely destroy such information or permanently de-identify it. Paper files are securely shredded; and electronic information is deleted. Secure and Erase settings are applied so that this is no longer recoverable nor reproducible.
The school appoints a Data Protection Officer (DPO) in compliance with the Data Privacy Act (DPA) of 2012. The DPO shall have autonomy in the exercise of the following responsibilities:
- monitor the school as Personal Information Processor (PIP) or Personal Information Controller (PIC) in its compliance with the DPA, its implementing rules and regulations, issuances by the National Privacy Commission (NPC) and other applicable laws and policies.
- collect information to identify the processing operations, activities, measures, projects, programs, or systems of the school, and maintain a record thereof;
- analyze and check the compliance of processing activities, including the issuance of security clearances to and compliance by third-party service providers;
- inform, advise, and issue recommendations to the PIC or PIP as regards renewal of accreditations or certifications necessary to maintain the required standards in personal data processing;
- advice the PIP or PIP as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;
- ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP;
- advise the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data);
- ensure proper data breach and security incident management by the PIC or PIP, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period;
- inform and cultivate awareness on privacy and data protection within the school, including all relevant laws, rules and regulations and issuances of the NPC;
- advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the PIC or PIP relating to privacy and data protection, by adopting a privacy by design approach;
- serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns and the PIC or PIP;
- cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security; and
- perform other duties and tasks that may be assigned by the school (PIC or PIP) that will further the interest of data privacy and security and uphold the rights of the data subjects.
You have the right to be informed, object to processing, access and rectify, suspend or withdraw your personal data, including, any such information held by third parties, with whom the school has a data sharing agreement; and be indemnified in case of damages pursuant to the provisions of the DPA and the DPA-IRR. If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact or write to the school through the following channels:
Email to : _________________ (school’s DPO official email) Call: 032-253-6347
Write to:
The Data Protection Officer
Sacred Heart School-Hijas de Jesus, Don Jose Avila St., Cebu City, 6000 Philippines
If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.
