Give to UP

OFFICE OF THE VICE PRESIDENT FOR PUBLIC AFFAIRS
UNIVERSITY OF THE PHILIPPINES

PRIVACY NOTICE FOR THE UNIVERSITY OF THE PHILIPPINES ONLINE DONATION FORM

INTRODUCTION

The University of the Philippines is committed to comply with the Data Privacy Act of 2012 (DPA) in order to protect the right to data privacy of all those who provide UP their personal data through the Give to UP online donation form.

This privacy notice explains:

  1. the nature, purpose/(s) and extent of the processing of your personal data;
  2. the legal basis/(es) for such processing;
  3. the risks associated with such processing and the measures that UP has put in place to protect your data privacy; and
  4. your data privacy rights and how you may exercise the same.

The term UP/University/we/us refers to the University of the Philippines System and Constituent University (CU) offices.

The term you/your refers to persons who pledge or make donations through the Give to UP online donation form at https://giveto.up.edu.ph/gate/donation.

 

PERSONAL DATA COLLECTED AND THE PURPOSE/S AND LEGAL BASIS FOR PROCESSING SUCH INFORMATION

When you make a pledge or donation to the University of the Philippines, we require you to provide the following information: a) first name, b) last name, c) email address, d) the amount of your pledge or gift to UP, and e) the UP campaign or fund for which you are making a donation.

If the donation is via deposit or bank transfer, we require you to email us a copy of the relevant bank deposit/transfer slip. For your protection, kindly redact all personal information found in the slips except for your name, amount, and date of transaction. For queries regarding the same, please contact the UP Padayon Public Service Office through email at [email protected] or landline at (02) 89818500 local 4256.

We use the above information in order to: process your pledge or donation; communicate with you regarding your pledge or donation; provide you with information about the tax deduction under Section 25 (b) of Republic Act No, 9500 dated 29 April 2008, Bureau of Internal Revenue (BIR) Ruling No. DA(DT-045)499-2009 dated 9-08-2009 (when applicable ) and comply with applicable laws, rules and regulations including the UP Charter, NIRC, COA and BIR issuances.

The University will provide you with an Official Receipt (OR) after collection of your donation as confirmed or reported by the proper UP office/(s). You must contact the UP Office of the Vice President for Public Affairs via email at [email protected] or call (02) 89818500 local 4256 for the issuance of your Certificate of Donation (COD).

The University of the Philippines is authorized to process personal information under Sec. 12 of the DPA, when (b) the processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Note that a donation is a contract); (c) for compliance with a legal obligation to which the personal information controller (UP) is subject.

The University of the Philippines may also process your personal data in order:

  1. To compile statistics and conduct research, subject to the provisions of the DPA, and applicable research ethics guidelines, in order to carry out its mandate as the National University;

Before any research is conducted by UP, so that we will be able to comply with our ethical obligations and uphold your right to privacy, duly authorized UP personnel will remove identifiers from the applicable dataset such that UP’s researcher or research teams who will perform operations on such dataset will not be able to associate your data with you. The research results will only include aggregate or statistical data and general demographic information that does not identify you and any other data subjects.

Kindly note that Sec. 16.C.2 of Memorandum Circular 2023-4 issued by the National Privacy Commission provides that:

The conduct of research where the end results will be anonymized and will only disclose the general demographic of the research subjects does not require the consent of the data subject.

On the other hand, if research will make use of identifiable personal data, when so required by applicable laws, rules and or ethical guidelines such as the guidelines issued by the Philippine Health Research Ethics Board pursuant to the Philippine National Health Research System Act, we will first obtain the proper ethics clearance as well as your informed consent prior to the conduct of such research.

  1. To comply with other applicable statutory and regulatory requirements, including directives, issuances by, or obligations of UP to any competent authority, regulator, enforcement agency, court, or quasi-judicial body;
  2. To establish, exercise, or defend legal claims;
  3. To fulfill other purposes directly related to the above-stated purposes; and
  4. For such other purposes as allowed by the DPA and other applicable laws.

 

INSTANCES WHEN YOUR RELEVANT PERSONAL DATA IS PROCESSED BY OR MAY BE DISCLOSED TO THIRD PARTIES AND THE PURPOSE/S AND LEGAL BASIS FOR SUCH DISCLOSURES

NOTE: We sincerely apologize that at this time it is not possible to make a donation via VISA credit as the DPB Payment gateway is no longer available.

The University of the Philippines, as its way of showing its gratitude to its benefactors, occasionally publishes the list of its donors. You may opt to tick the box that states you wish to make an anonymous donation; in which case, your name will not be included in the donor’s list that UP may publish in its website and social media networks. UP will publish or not publish your name based on the option you select pursuant to Section 12 (b) of the DPA in order for us to fulfill our contractual obligation to you. Nonetheless, as stated above, should you decide to give an anonymous donation, UP will require the processing of your personal information in order to comply with applicable laws and issuances such as the UP Charter, read in relation to the NIRC, the DPA, and applicable issuances of the COA and BIR.

Disclosures may also be made by UP in order to comply with lawful orders of public authorities, to establish, exercise, or defend legal claims; and to make disclosures that are otherwise permitted by applicable laws, rules and regulations.

 

RETENTION OF YOUR PERSONAL DATA

UP shall retain and provide measures for the secure storage of your personal data for as long as the above purposes for processing such data subsist, in order to establish or defend legal claims, or as otherwise allowed or required by the DPA and other applicable laws and issuances.

 

DATA PRIVACY RISKS AND HOW UP PROTECTS YOUR PERSONAL DATA

The processing by UP of your personal data in order to process your donation carries risks that may involve the confidentiality, integrity, and availability of personal data or the risk that processing will violate the privacy principles and rights of data subjects. UP has put in place reasonable physical (e.g. access control measures such as locks, security personnel, etc.) organizational (e.g. only authorised personnel who have signed the required non-disclosure undertaking and need such personal data to perform their functions are allowed to process such personal data, periodic privacy impact assessments etc.) and technical measures (e.g. use of CDN, encryption, multi factor authentication for UP mail and portals, the conduct of vulnerability and penetration testing and other similar measures) to prevent or mitigate such risks. Kindly note that these measures do not guarantee absolute protection against such risks as when systems are subject to targeted cyberattacks, malware, ransomware, computer viruses, etc. However, UP has also adopted measures in order to deal with security incidents or personal data breaches in compliance with the DPA and National Privacy Commission (NPC) issuances. See the Board of Regents approved UP Data Privacy Manual (https://privacy.up.edu.ph/instructions-and-guides/CERTIFIED%20TRUE%20COPY_DATA%20PRIVACY%20MANUAL%202023%20EDITION.pdf) which includes security incident and breach response procedures (Part 7, pages 35 - 44) and the following forms:

Form 1 Security Incident or Data Breach Report Form:
https://privacy.up.edu.ph/downloadable-forms/UNIVERSITY%20OF%20THE%20PHILIPPINES%20SYSTEM%20ADMINISTRATION%20INCIDENT%20OR%20BREACH%20REPORT%20FORM.docx.pdf

Form 2 Preliminary Assessment Form
https://privacy.up.edu.ph/downloadable-forms/PRELIMINARY%20ASSESSMENT%20FORM%20FOR%20SECURITY%20INCIDENTS%20OR%20PERSONAL%20DATA%20BREACHES.pdf

Form 3 Mandatory Personal Data Breach Notification to the National Privacy Commission:
https://privacy.up.edu.ph/downloadable-forms/Mandatory%20Notification%20to%20NPC.pdf

Form 4 Mandatory Personal Data Breach Notification for Data Subjects:
https://privacy.up.edu.ph/downloadable-forms/Mandatory%20Personal%20Data%20Breach%20Notification%20for%20Data%20Subjects.docx.pdf

Form 5 Security Incident or Personal Data Breach Report Form:
https://privacy.up.edu.ph/downloadable-forms/SECURITY%20INCIDENT%20OR%20PERSONAL%20DATA%20BREACH%20REPORT.pdf

Please keep your personal data secure by double checking that the email account you will be using in order to send a copy of your deposit slip or to communicate with use has not been compromised by using Have I Been Pwned, using a strong password for such account, when possible activating two factor authentication for your email account and not using public, unsecured networks for submitting personal data or at least using VPN if use of such unsecured networks is unavoidable and keeping your email account credentials confidential.

 

ACCESS TO AND CORRECTION OF YOUR PERSONAL DATA AND YOUR RIGHTS UNDER THE DPA

You have the right to access and correct personal data being processed by UP about you. You may access and/or correct your personal data submitted through the online form through the UP Office of the Vice President for Public Affairs – UP Padayon Public Service Office via email at [email protected] or landline at (02) 89818500 local 4256.

In order for UP to ensure that your personal data are disclosed only to you, these offices will require the presentation of your UP ID or other valid government issued ID (GIID) or other IDs or documents that will enable UP to verify your identity. In case you process or request documents through a representative, in order to protect your privacy, UP requires you to provide a letter of authorization specifying the purpose for the request of documents or the processing of information, and your UP ID or other valid GIID, along with the valid GIID of your representative.

Aside from the right to access and correct your personal data, you have the following rights, subject to the conditions and limitations provided under the DPA and other applicable laws and regulations:

  1. The right to be informed about the processing of your personal data through this and other applicable privacy notices.
  2. The rights to object to the processing of your personal data, to suspend, withdraw or order the blocking, removal or destruction thereof from our filing system. Please note however that, as mentioned above, there are various instances when the processing of personal data you have provided is necessary for us to comply with UP's mandate, statutory and regulatory requirements, or is for a lawful basis other than consent.
  3. The right to receive, pursuant to a valid decision, damages due to the inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, taking into account any violation of your rights and freedoms as a data subject.
  4. The right to lodge a complaint before the National Privacy Commission (NPC), provided that you first exhaust administrative remedies by filing a request with the proper office regarding the processing of your information, or the handling of your requests for access, correction, blocking of the processing of your personal data and the like.

 

REVISIONS TO THIS PRIVACY NOTICE AND QUERIES REGARDING DATA PRIVACY

This notice was revised on November 05, 2024 in view of the non availability of the Development Bank Payment gateway.

We encourage you to visit the site where this notice is posted from time to time to see revisions to this privacy notice. We will alert you regarding changes to this notice through this site.

For queries, comments, or suggestions regarding this privacy notice or data privacy concerns, please contact the University of the Philippines System Data Protection Officer through the following channels:

  1. Via post
  2. Office of the UP President,
    2F North Wing Quezon Hall (Admin Building),
    University Avenue, UP Diliman,
    Quezon City 1101, Philippines

  3. Through the following landlines
  4. Phone | (632) 89280110; (632) 89818500 loc. 2521

  5. Through email
  6. [email protected]


GIVE TO UP
University of the Philippines