The University of the Philippines is committed to comply with the Data Privacy Act of 2012 (DPA) in order to protect the right to data privacy of all those who provide UP their personal data through the Give to UP online donation form.
This privacy notice explains:
The term UP/University/we/us refers to the University of the Philippines System and Constituent University (CU) offices.
The term you/your refers to persons who pledge or make donations through the Give to UP online donation form at https://giveto.up.edu.ph/gate/donation.
When you make a pledge or donation to the University of the Philippines, we require you to provide the following information: a) first name, b) last name, c) email address, d) the amount of your pledge or gift to UP, and e) the UP campaign or fund for which you are making a donation.
If the donation is via deposit or bank transfer, we require you to email us a copy of the relevant bank deposit/transfer slip. For your protection, kindly redact all personal information found in the slips except for your name, amount, and date of transaction. For queries regarding the same, please contact the UP Padayon Public Service Office through email at [email protected] or landline at (02) 89818500 local 4256.
We use the above information in order to: process your pledge or donation; communicate with you regarding your pledge or donation; provide you with information about the tax deduction under Section 25 (b) of Republic Act No, 9500 dated 29 April 2008, Bureau of Internal Revenue (BIR) Ruling No. DA(DT-045)499-2009 dated 9-08-2009 (when applicable ) and comply with applicable laws, rules and regulations including the UP Charter, NIRC, COA and BIR issuances.
The University will provide you with an Official Receipt (OR) after collection of your donation as confirmed or reported by the proper UP office/(s). You must contact the UP Office of the Vice President for Public Affairs via email at [email protected] or call (02) 89818500 local 4256 for the issuance of your Certificate of Donation (COD).
The University of the Philippines is authorized to process personal information under Sec. 12 of the DPA, when (b) the processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Note that a donation is a contract); (c) for compliance with a legal obligation to which the personal information controller (UP) is subject.
The University of the Philippines may also process your personal data in order:
Before any research is conducted by UP, so that we will be able to comply with our ethical obligations and uphold your right to privacy, duly authorized UP personnel will remove identifiers from the applicable dataset such that UP’s researcher or research teams who will perform operations on such dataset will not be able to associate your data with you. The research results will only include aggregate or statistical data and general demographic information that does not identify you and any other data subjects.
Kindly note that Sec. 16.C.2 of Memorandum Circular 2023-4 issued by the National Privacy Commission provides that:
The conduct of research where the end results will be anonymized and will only disclose the general demographic of the research subjects does not require the consent of the data subject.
On the other hand, if research will make use of identifiable personal data, when so required by applicable laws, rules and or ethical guidelines such as the guidelines issued by the Philippine Health Research Ethics Board pursuant to the Philippine National Health Research System Act, we will first obtain the proper ethics clearance as well as your informed consent prior to the conduct of such research.
NOTE: We sincerely apologize that at this time it is not possible to make a donation via VISA credit as the DPB Payment gateway is no longer available.
The University of the Philippines, as its way of showing its gratitude to its benefactors, occasionally publishes the list of its donors. You may opt to tick the box that states you wish to make an anonymous donation; in which case, your name will not be included in the donor’s list that UP may publish in its website and social media networks. UP will publish or not publish your name based on the option you select pursuant to Section 12 (b) of the DPA in order for us to fulfill our contractual obligation to you. Nonetheless, as stated above, should you decide to give an anonymous donation, UP will require the processing of your personal information in order to comply with applicable laws and issuances such as the UP Charter, read in relation to the NIRC, the DPA, and applicable issuances of the COA and BIR.
Disclosures may also be made by UP in order to comply with lawful orders of public authorities, to establish, exercise, or defend legal claims; and to make disclosures that are otherwise permitted by applicable laws, rules and regulations.
UP shall retain and provide measures for the secure storage of your personal data for as long as the above purposes for processing such data subsist, in order to establish or defend legal claims, or as otherwise allowed or required by the DPA and other applicable laws and issuances.
The processing by UP of your personal data in order to process your donation carries risks that may involve the confidentiality, integrity, and availability of personal data or the risk that processing will violate the privacy principles and rights of data subjects. UP has put in place reasonable physical (e.g. access control measures such as locks, security personnel, etc.) organizational (e.g. only authorised personnel who have signed the required non-disclosure undertaking and need such personal data to perform their functions are allowed to process such personal data, periodic privacy impact assessments etc.) and technical measures (e.g. use of CDN, encryption, multi factor authentication for UP mail and portals, the conduct of vulnerability and penetration testing and other similar measures) to prevent or mitigate such risks. Kindly note that these measures do not guarantee absolute protection against such risks as when systems are subject to targeted cyberattacks, malware, ransomware, computer viruses, etc. However, UP has also adopted measures in order to deal with security incidents or personal data breaches in compliance with the DPA and National Privacy Commission (NPC) issuances. See the Board of Regents approved UP Data Privacy Manual (https://privacy.up.edu.ph/instructions-and-guides/CERTIFIED%20TRUE%20COPY_DATA%20PRIVACY%20MANUAL%202023%20EDITION.pdf) which includes security incident and breach response procedures (Part 7, pages 35 - 44) and the following forms:
Form 1 Security Incident or Data Breach Report Form:
https://privacy.up.edu.ph/downloadable-forms/UNIVERSITY%20OF%20THE%20PHILIPPINES%20SYSTEM%20ADMINISTRATION%20INCIDENT%20OR%20BREACH%20REPORT%20FORM.docx.pdf
Form 2 Preliminary Assessment Form
https://privacy.up.edu.ph/downloadable-forms/PRELIMINARY%20ASSESSMENT%20FORM%20FOR%20SECURITY%20INCIDENTS%20OR%20PERSONAL%20DATA%20BREACHES.pdf
Form 3 Mandatory Personal Data Breach Notification to the National Privacy Commission:
https://privacy.up.edu.ph/downloadable-forms/Mandatory%20Notification%20to%20NPC.pdf
Form 4 Mandatory Personal Data Breach Notification for Data Subjects:
https://privacy.up.edu.ph/downloadable-forms/Mandatory%20Personal%20Data%20Breach%20Notification%20for%20Data%20Subjects.docx.pdf
Form 5 Security Incident or Personal Data Breach Report Form:
https://privacy.up.edu.ph/downloadable-forms/SECURITY%20INCIDENT%20OR%20PERSONAL%20DATA%20BREACH%20REPORT.pdf
Please keep your personal data secure by double checking that the email account you will be using in order to send a copy of your deposit slip or to communicate with use has not been compromised by using Have I Been Pwned, using a strong password for such account, when possible activating two factor authentication for your email account and not using public, unsecured networks for submitting personal data or at least using VPN if use of such unsecured networks is unavoidable and keeping your email account credentials confidential.
You have the right to access and correct personal data being processed by UP about you. You may access and/or correct your personal data submitted through the online form through the UP Office of the Vice President for Public Affairs – UP Padayon Public Service Office via email at [email protected] or landline at (02) 89818500 local 4256.
In order for UP to ensure that your personal data are disclosed only to you, these offices will require the presentation of your UP ID or other valid government issued ID (GIID) or other IDs or documents that will enable UP to verify your identity. In case you process or request documents through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information, and your UP ID or other valid GIID, along with the valid GIID of your representative.
Aside from the right to access and correct your personal data, you have the following rights, subject to the conditions and limitations provided under the DPA and other applicable laws and regulations:
This notice was revised on November 05, 2024 in view of the non availability of the Development Bank Payment gateway.
We encourage you to visit the site where this notice is posted from time to time to see revisions to this privacy notice. We will alert you regarding changes to this notice through this site.
For queries, comments, or suggestions regarding this privacy notice or data privacy concerns, please contact the University of the Philippines System Data Protection Officer through the following channels:
Office of the UP President,
2F North Wing Quezon Hall (Admin Building),
University Avenue, UP Diliman,
Quezon City 1101, Philippines
Phone | (632) 89280110; (632) 89818500 loc. 2521