Give to UP

INTRODUCTION

The University of the Philippines and the University of the Philippines Foundation, Inc. are committed to comply with the Data Privacy Act of 2012 (DPA) in order to protect the right to data privacy of all those who provide UP their personal data through the Give to UP online donation form.

This privacy notice explains:

1. the nature, purpose/(s) and extent of the processing of your personal data;
2. the legal basis/(es) for such processing;
3. the risks associated with such processing and the measures that UP has put in place to protect your data privacy; and
4. your data privacy rights and how you may exercise the same.

The terms UP/University/us refer to the University of the Philippines System and its Constituent Universities (CU), any of its offices, or any of its officials or authorized personnel.

The term UPFI refers to the University of the Philippines Foundation Inc or any of its officials or authorized personnel.

The terms you/your refer to persons who pledge or make donations through the Kaibigan ng Pahinungod online donation form at Give to UP that will be received by the UPFI and Give to UP online donation form at Give to UP for donations that will be received by the University.

 

PERSONAL DATA COLLECTED AND THE PURPOSE/S AND LEGAL BASIS/ES FOR PROCESSING SUCH INFORMATION

When you make a pledge or donation to the UP general donation fund or to the Kaibigan ng Pahinungod, we require you to provide the following information: a) first name, b) last name, c) email address, d) the amount of your pledge or gift to UP or the Pahinungod that will be received by the UP Foundation Inc. , and e) the specific UP campaign or fund for which you are making a donation.

If the donation is via deposit or bank transfer, we require you to email us a copy of the relevant bank deposit/transfer slip. For your protection, kindly redact all personal information found in the slips except for your name, amount, and date of transaction. For queries regarding the same, please contact the Padayon UP Public Service Office via email at [email protected] or landline at (02) 89818500 local 4256.

We use the above information in order to: process your pledge or donation; communicate with you regarding your pledge or donation; provide you with information about the tax deduction under the National Internal Revenue Code read in relation to the UP Charter and comply with applicable laws, rules and regulations including the UP Charter, NIRC, COA and BIR issuances as well as UP policies.

The University will provide you with an Official Receipt (OR) after collection of your donation as confirmed or reported by the proper UP office/(s) and after you have signed and submitted the requisite certification and data privacy consent form.

We are constrained to require you to sign such forms as taxpayers identification number and government issued identification numbers and other sensitive personal information that we are required to process in compliance with applicable laws rules and regulations and consent is the only lawful basis that we can invoke under Sec 13 of the PDPA in order to process such information given the NPC Advisory 2024-02 NPC-Advisory-No.-2024-02-Personal-Data-Processing-Based-on-Section-13-f.pdf and Sec. 46 of the Ease of Paying Taxes Act that amended the NIRC. RMC No. 3-2024 Annex A.pdf

You must contact the Padayon UP Public Service Office via email at [email protected] or call (02) 89818500 local 4256 for the issuance of your Certificate of Donation (COD).

UP in the case of donations to be directly received by the University or the UPFI in the case of donations to the Pahinungod is authorized to process personal information under Sec. 12 of the DPA, when (b) the processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Note that a donation is a contract); and (c) for compliance with a legal obligation to which the personal information controller/(s) UP and UPFI (where applicable ie for donations to Pahinungod) is/are subject.

The University of the Philippines may also process your personal data in order:

1. To compile statistics and conduct research, subject to the provisions of the DPA, and applicable research ethics guidelines, in order to carry out its mandate as the National University;

Before any research is conducted by UP and UPFI, so that we will be able to comply with our ethical obligations and uphold your right to privacy, duly authorized UP and UPFI personnel will remove identifiers from the applicable dataset such that UP’s and UPFI’s researcher or research teams who will perform operations on such dataset will not be able to associate your data with you. The research results will only include aggregate or statistical data and general demographic information that does not identify you and any other data subjects.

Kindly note that Sec. 16.C.2 of Memorandum Circular 2023-4 issued by the National Privacy Commission provides that:

The conduct of research where the end results will be anonymized and will only disclose the general demographic of the research subjects does not require the consent of the data subject.

On the other hand, if research will make use of identifiable personal data, when so required by applicable laws, rules and or ethical guidelines such as the guidelines issued by the Philippine Health Research Ethics Board pursuant to the Philippine National Health Research System Act, UP and UPFI (where applicable) will first obtain the proper ethics clearance as well as your informed consent prior to the conduct of such research.

2. To comply with other applicable statutory and regulatory requirements, including directives, issuances by, or obligations of UP to any competent authority, regulator, enforcement agency, court, or quasi-judicial body;
3. To establish, exercise, or defend legal claims;
4. To fulfill other purposes directly related to the above-stated purposes; and
5. For such other purposes as allowed by the DPA and other applicable laws.

 

INSTANCES WHEN YOUR RELEVANT PERSONAL DATA IS PROCESSED BY OR MAY BE DISCLOSED TO THIRD PARTIES AND THE PURPOSE/S AND LEGAL BASIS FOR SUCH DISCLOSURES

UP and where applicable UPFI, as its way of showing its gratitude to its benefactors, occasionally publishes the list of its donors. You may opt to tick the box that states you wish to make an anonymous donation; in which case, your name will not be included in the donor’s list that UP and UPFI may publish in its website and social media networks. UP and UPFI will publish or not publish your name based on the option you select pursuant to Section 12 (b) of the DPA in order for us to fulfill our contractual obligation to you. Nonetheless, as stated above, should you decide to give an anonymous donation, UP and UPFI will require the processing of your personal information in order to comply with applicable laws and issuances such as the UP Charter, read in relation to the NIRC, the DPA, and applicable issuances of the COA and BIR.

Disclosures may also be made by UP and UPFI in order to comply with lawful orders of public authorities, to establish, exercise, or defend legal claims; and to make disclosures that are otherwise permitted by applicable laws, rules and regulations.

 

RETENTION OF YOUR PERSONAL DATA

UP and UPFI shall retain and provide measures for the secure storage of your personal data for as long as the above purposes for processing such data subsist, in order to establish or defend legal claims, or as otherwise allowed or required by the DPA and other applicable laws and issuances.

UP and UPFI likewise stores your personal data pursuant to Sec. 11 (f) of the DPA which states Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing.

UP and UPFI conducts research on stored, previously processed, de-identified data in order to comply with its legal obligations and in the case of UP the University’s right and responsibility to exercise academic freedom under the 1987 Constitution and the UP Charter as stated above.

 

DATA PRIVACY RISKS AND HOW UP and UPFI PROTECTS YOUR PERSONAL DATA

The processing by UP and UPFI (where applicable) of your personal data in order to process your donation or a donation you pledge for and in behalf of a third party for which you are the duly authorised representative carries risks that may involve the confidentiality, integrity, and availability of personal data or the risk that processing will violate the privacy principles and rights of data subjects. UP has put in place reasonable physical (e.g. access control measures such as locks, security personnel, etc.) organizational (e.g. only authorised personnel who have signed the required non-disclosure undertaking and need such personal data to perform their functions are allowed to process such personal data, periodic privacy impact assessments etc.) and technical measures (e.g. use of CDN, encryption, multi factor authentication for UP mail and portals, the conduct of vulnerability and penetration testing and other similar measures) to prevent or mitigate such risks. Kindly note that these measures do not guarantee absolute protection against such risks as when systems are subject to targeted cyberattacks, malware, ransomware, computer viruses, etc. However, UP has also adopted measures in order to deal with security incidents or personal data breaches in compliance with the DPA and National Privacy Commission (NPC) issuances. See the Board of Regents approved UP Data Privacy Manual (https://privacy.up.edu.ph/instructions-and-guides/CERTIFIED%20TRUE%20COPY_DATA%20PRIVACY%20MANUAL%202023%20EDITION.pdf) which includes security incident and breach response procedures (Part 7, pages 35 - 44) and the following forms:

Form 1 Security Incident or Data Breach Report Form:
https://privacy.up.edu.ph/downloadable-forms/UNIVERSITY%20OF%20THE%20PHILIPPINES%20SYSTEM%20ADMINISTRATION%20INCIDENT%20OR%20BREACH%20REPORT%20FORM.docx.pdf

Form 2 Preliminary Assessment Form
https://privacy.up.edu.ph/downloadable-forms/PRELIMINARY%20ASSESSMENT%20FORM%20FOR%20SECURITY%20INCIDENTS%20OR%20PERSONAL%20DATA%20BREACHES.pdf

Form 3 Mandatory Personal Data Breach Notification to the National Privacy Commission:
https://privacy.up.edu.ph/downloadable-forms/Mandatory%20Notification%20to%20NPC.pdf

Form 4 Mandatory Personal Data Breach Notification for Data Subjects:
https://privacy.up.edu.ph/downloadable-forms/Mandatory%20Personal%20Data%20Breach%20Notification%20for%20Data%20Subjects.docx.pdf

Form 5 Security Incident or Personal Data Breach Report Form:
https://privacy.up.edu.ph/downloadable-forms/SECURITY%20INCIDENT%20OR%20PERSONAL%20DATA%20BREACH%20REPORT.pdf

Please keep your personal data secure by double checking that the email account you will be using in order to send a copy of your deposit slip or to communicate with use has not been compromised by using Have I Been Pwned, using a strong password for such account, when possible activating two factor authentication for your email account and not using public, unsecured networks for submitting personal data or at least using VPN if use of such unsecured networks is unavoidable and keeping your email account credentials confidential.

 

ACCESS TO AND CORRECTION OF YOUR PERSONAL DATA AND YOUR RIGHTS UNDER THE DPA

You have the right to access and correct personal data being processed by UP and UPFI (where applicable) about you. You may access and/or correct your personal data submitted through the online form through the UP Office of the Vice President for Public Affairs – Padayon UP Public Service Office via email at [email protected] or landline at (02) 89818500 local 4256.

In order for UP to ensure that your personal data are disclosed only to you, these offices will require the presentation of your UP ID or other valid government issued ID (GIID) or other IDs or documents that will enable UP to verify your identity. In case you process or request documents through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information, and your UP ID or other valid GIID, along with the valid GIID of your representative.

Aside from the right to access and correct your personal data, you have the following rights, subject to the conditions and limitations provided under the DPA and other applicable laws and regulations:

1. The right to be informed about the processing of your personal data through this and other applicable privacy notices.
2. The rights to object to the processing of your personal data, to suspend, withdraw or order the blocking, removal or destruction thereof from our filing system. Please note however that, as mentioned above, there are various instances when the processing of personal data you have provided is necessary for us to comply with UP's mandate, statutory and regulatory requirements, or is for a lawful basis other than consent.
3. The right to receive, pursuant to a valid decision, damages due to the inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, taking into account any violation of your rights and freedoms as a data subject.
4. The right to lodge a complaint before the National Privacy Commission (NPC), provided that you first exhaust administrative remedies by filing a request with the proper office regarding the processing of your information, or the handling of your requests for access, correction, blocking of the processing of your personal data and the like.

 

REVISIONS TO THIS PRIVACY NOTICE AND QUERIES REGARDING DATA PRIVACY

This notice was revised on 8 January 2026 pursuant to the amendments to the National Internal Revenue Code as well as NPC-Circular-No.-2023-04_Guidelines-on-Consent_07Nov2023.pdf and NPC-Advisory-No.-2024-02-Personal-Data-Processing-Based-on-Section-13-f.pdf.

We encourage you to visit the site where this notice is posted from time to time to see revisions to this privacy notice. We will alert you regarding changes to this notice through this site.

For queries, comments, or suggestions regarding this privacy notice or data privacy concerns, please contact the University of the Philippines System Data Protection Officer through the following channels:

1. Via post

Office of the UP President,
2F North Wing Quezon Hall (Admin Building),
University Avenue, UP Diliman,
Quezon City 1101, Philippines

2. Through the following landlines

Phone | (632) 89280110; (632) 89818500 loc. 2521

3. Through email

[email protected]