Give to UP

I certify that:

I understand and agree that the terms UP/University refer to the University of the Philippines System, any of its offices, or any of its officials or authorized personnel.

UP as the personal information controller that will process my personal and sensitive personal information (personal data) as defined in the Philippine Data Privacy Act (PDPA) Republic Act No. 10173 | Official Gazette of the Republic of the Philippines as a donor, has asked me to carefully read and review this certification and data privacy consent form before signing the same so that I will be informed of the following:

(1) the nature, purpose/(s) and extent of the processing of my personal data;
(2) the legal basis/(es) for such processing;
(3) the risks associated with such processing and the measures that UP has put in place to protect my data privacy rights; and
(4) my data privacy rights and how I may exercise the same.

All personal data and information as well as documents that I have provided or will provide to UP as a donor or as the duly authorised representative of a donor are true, complete and correct and such documents are genuine.

I understand and agree that UP will process my personal information such as my name, address and contact information, citizenship, signature, as well as other personal information required by the National Internal Revenue Code as amended as well as other applicable laws, rules and regulations including Bureau of Internal Revenue and Commission on Audit issuances and UP policies implementing the same pursuant to contract (Sec. 12b of the PDPA).

I grant consent for UP to process my sensitive personal information as applicable and as required by the NIRC, BIR and COA issuances and UP policies implementing the same such as the fact that I am of legal age and capacitated to enter into a contract, government issued identification number, tax identification number, etc.

I understand and agree that UP will process my abovementioned personal data for the purpose of complying with the abovementioned and all other applicable laws, rules and regulations and UP policies implementing the same and for the following and other similar related purposes:

(a) verifying my identity;

(b) preventing fraud;

(c) documenting consent for the processing of my sensitive personal information; and

(d) communicating with me or the entity of which I am the duly authorized representative.

In the event that I provide the personal data of a third person(s) in connection with my donation or a donation made by a third person for whom I am acting as a duly authorised representative, I attest that I am authorized to grant consent for and on his/her/their behalf for the University to process his/her/their personal data. I therefore agree to hold UP free and harmless from any liability for the processing of the personal data of such third person/s.

I likewise understand and agree that I will provide all other necessary personal data and voluntarily grant the University consent for the processing of such personal data in my own right or as a duly authorized representative, as applicable, for the execution of the proper contract of donation and its implementation in order to enable UP to comply with all its legal and contractual obligations relating to such contract such as the issuance of an official receipt, documents that I or the entity that I represent will use in order to claim a tax deduction and such other similar lawful purposes, exercising its right to academic freedom, etc. I further understand and agree that UP is asking that I already grant consent for this processing to reduce “red tape” as time is of the essence and in order to prevent “consent fatigue”.

I understand that if I do not grant my consent for the processing of my personal data or consent for and on behalf of a person/s who I am authorized to represent, or if I subsequently withdraw consent, UP will will not be able to process the donation for which I made a pledge in my own right or as duly authorised representative of a third party and other related acts ie issuance of an official receipt, documents for tax deduction and the like. I also understand and agree that withdrawal of consent can only have a prospective application and is subject to such limitations provided by applicable laws, rules and regulations as well as applicable contractual obligations.

I understand that UP is authorized to process my personal data for other lawful purposes as provided under the PDPA and other applicable laws, compliance with legal obligations and issuances of public authorities which may include disclosure of my and third party personal data I provide to UP to public authorities, for the purpose of establishing or defending legal claims and defenses, etc. and that therefore UP will continue to securely store my and any third party personal data I provide and grant consent for UP to process for as long as necessary in order for the abovementioned purposes and to fulfill such other legitimate purposes as allowed by the PDPA and other applicable laws.

I also understand that UP conducts research on stored, previously processed, de-identified data in order to comply with its legal obligations including its right and responsibility to exercise academic freedom under the 1987 Constitution and the UP Charter. Such research results will only include statistical data and general demographic information that does not identify me and any other data subjects. I note that Sec. 16.C.2 of Memorandum Circular 2023-4 issued by the National Privacy Commission provides that:

“The conduct of research where the end results will be anonymized and will only disclose the general demographic of the research subjects does not require the consent of the data subject”.

I have also been informed that in the event research to be done will require the use of personal data, UP will comply with all applicable laws, rules and regulations as well as the ethical guidelines issued by the Philippine Health Research Ethics Board pursuant to the Philippine National Health Research System Act and if so required, UP will obtain informed consent pursuant to such ethical guidelines for the processing of personal data for such research.

In case I withdraw the donation I pledged or such pledge I made as the duly authorised representative of a third party or a juridical entity and UP has no other lawful purpose for retaining my personal data, UP shall provide for the secure deletion of my personal data, information and documents that I have provided in connection with such application pursuant to the requirements of the National Archives Act and other applicable laws, rules and regulations.

I am aware that the processing of personal data and that of any relevant third person for the processing of the contract of donation carries risks that may involve the confidentiality, integrity and availability of personal data or the risk that processing will violate the privacy principles and rights of data subjects. I understand that UP has put in place reasonable physical (e.g. access control measures such as locks, security personnel etc) organizational (e.g. only authorised personnel who have signed the required non disclosure undertaking and need such personal data to perform their functions are allowed to process such personal data, privacy impact assessments etc) and technical measures ( use of CDN, encryption, multifactor authentication, the conduct of vulnerability assessment and penetration testing and other similar measures) to prevent or mitigate such risks. I understand that such measures do not guarantee absolute protection against such risks as when systems are subject to targeted cyberattacks, malware, ransomware, computer viruses, etc. However, UP has also adopted measures in order to deal with security incidents or personal data breaches in compliance with the PDPA and NPC issuances (Part 7 Security Incident or Breach Response Procedures of the UP System Data Privacy Manual approved by the Board of Regents CERTIFIED TRUE COPY_DATA PRIVACY MANUAL 2023 EDITION.pdf (up.edu.ph) and the corresponding forms for security incident or data breach management UNIVERSITY OF THE PHILIPPINES SYSTEM ADMINISTRATION INCIDENT OR BREACH REPORT FORM.docx (up.edu.ph); PRELIMINARY ASSESSMENT FORM FOR SECURITY INCIDENTS OR PERSONAL DATA BREACHES (up.edu.ph); Mandatory Notification to NPC.pdf (up.edu.ph); Mandatory Personal Data Breach Notification for Data Subjects.docx (up.edu.ph) and SECURITY INCIDENT OR PERSONAL DATA BREACH REPORT (up.edu.ph)).

I agree that I will help keep my personal data secure by, double checking that any email account I will be using in order to communicate with the University or to submit documents etc. has not been compromised by using Have I Been Pwned, using a strong password for such account https://itdc.up.edu.ph/about/advisories/2023%2012%2004%20REMINDER%20-%20Use%20Strong%20Passwords%20for%20UP%20Mail%20Accounts.pdf, when possible activating two factor authentication for the same, not using public, unsecured networks for submitting my personal data or at least using VPN if I use such unsecured networks and keeping my email credentials confidential.

I have been made aware through this certification and data privacy consent form about my rights as a data subject to information, access, the right to object to the processing of my personal data, deletion, to lodge a complaint with the National Privacy Commission for the violation of my data privacy rights and the right to receive damages for such violations pursuant to a valid order of the proper public authority.

I also recognize that while I have the right to correct my personal data, it is my duty to keep my personal data as well as that of relevant third parties updated, to follow the instructions provided by the UP office to which I submitted my personal data for correcting or updating my or third party personal data within the deadline set by UP.

I understand and agree that if I wish to withdraw consent for the processing of my personal data in order to withdraw my application to be a supplier of the University, I may do so by sending a letter or email to the Padayon UP Office. I will attach a copy of a valid government issued ID card to such letter or email, so that the UP office will be able to verify my identity.

I also understand that such withdrawal of consent will not affect any other processing which UP has to perform in order to comply with its legal obligations or any such other processing allowed by the PDPA and other applicable laws. Furthermore, any processing done by UP prior to my withdrawal remains lawful and valid as withdrawal of consent can only have a prospective effect.

I am aware that for any data privacy queries or suggestions regarding this form I may contact the UP System Data Protection Officer through:

Via post
c/o Office of the President
2F North Wing Quezon Hall
(Admin Building) University Avenue,
UP Diliman, Quezon City 1101
Philippines

Through the following landlines
Phone | (632) 89280110; (632) 89818500 loc. 2521

Through email
[email protected]