DATA PRIVACY POLICY FOR UNIVERSITY EMPLOYEES

C:\Users\mmoreno\Pictures\smulogo_new copy_big2.png

Saint Mary’s University

DATA PROTECTION OFFICE
DATA PRIVACY POLICY FOR UNIVERSITY EMPLOYEES

Introduction

Welcome to Saint Mary’s University. This Privacy Policy (also known as Privacy Notice) tells you about our policy when we collect, use, or otherwise process your personal data, in relation to your engagement/ work with the University.

We respect your right to privacy and aim to comply with the requirements of all relevant privacy and data protection laws, particularly the Data Privacy Act of 2012 (DPA). As in the case of the National Privacy Commission (NPC), we also seek to strike a balance between your personal privacy, and the free flow of information, especially when pursuing our legitimate interests and when necessary to carry out our responsibilities as an educational institution, employer, and/or as a contracting party.

In this Policy, the terms, “data” and “information” are used interchangeably. When we speak of “personal data”, the term includes the concepts of personal information, sensitive personal information, and privileged information. The first two are typically used to distinctively identify you (ex. Name, sex, birthday, etc) For their exact definitions, you may refer to the text of the DPA or you can visit the website of the University Data Protection Office. You should also note that while we give examples here to explain this Policy in simple and clear language, they do not make up an exhaustive list of all the data that we process.

Information We Collect, Acquire and Generate

We collect your personal data in many forms. They may consist of written records, photographic and video images, digital material, and even biometric records. Examples include:

  1. Information you provide or we generate prior to your engagement. When you apply for a certain job or position within the University, or if we seek to engage you for a particular service or work, we ask for your personal data through a Personal Data Sheet (PDS). We also request you to provide your resume, Transcript of Records, Baptismal Certificate, and details about your professional license, if any. During the preliminary screening, we may collect additional information, including psychological tests, those generated from your interviews, demo or skills testing and/or those obtained from your indicated professional referees. If you are already engaged by the University, we may use the information already in our possession to process your application for the new or different position.
  2. Information we collect or generate upon issuance of an employment offer or the commencement of your engagement. Once you accept our job offer or agree to the terms of a proposed engagement, we will collect another set of information including, but not limited to, the following: (1) Certificate of Employment; (2) Medical/Fit-to-Work Clearance; (3) NBI or Police Clearance; (4) Philippine Statistics Authority (PSA) Birth Certificate (applicant/dependents); (5) PSA Marriage Contract; (6) SSS ID or E1 or E4; (7) Pag-IBIG Member’s Data Form and/or ID; (8) Pag-IBIG Member’s Change in Information Form (MCIF); (9) PhilHealth MDR or ID; (10) PhilHealth Member Registration Form; (11) tax-related documents, such as your TIN ID or BIR Form 1902 (with stamp) and 2316; and (12) bank account details necessary to facilitate the processing of your compensation.
  3. Information we collect or generate during the course of your employment or engagement with the University. After you join the University, we may also collect additional information about you, including: your annual physical examination results, union membership (if applicable), email, phone number, and other data that may be used in the processing of loan applications and insurance claims, in performance evaluation, in administrative and disciplinary cases, and in the collective bargaining agreement (for union members). There will also be times when we will acquire other forms of data like pictures or videos of activities you participate in, via official documentation of such activities, or through recordings from closed-circuit security television cameras installed within school premises.
  4. Unsolicited Information. There may be instances when your personal information is sent to or received by us even without our prior request. In such cases, we will determine if we can legitimately keep such information. If it is not related to any of our legitimate interests, we will immediately dispose of the information in a way that will safeguard your privacy. Otherwise, it will be treated in the same manner as information you provide us.

If you supply us with personal data of other individuals (e.g., person to contact in the event of an emergency, professional referees), we will request you to certify that you have obtained the consent of such individuals before providing us with their personal data.

How We Use Your Information

To the extent permitted or required by law, we use your personal data to pursue our legitimate interests as an educational institution, employer, and/or contracting party, including a variety of administrative, research, historical, and statistical purposes. For example, we may use the information we collect for purposes such as:

  1. identifying applicants and processing their respective applications;
  2. assessing the suitability of candidates for a particular role or position;
  3. verifying the provided or submitted information;
  4. checking background information;
  5. evaluating academic qualifications;
  6. supporting personnel when implementing health-related adjustments that will allow him/her to carry out a particular role or task;
  7. administering remuneration, payroll, retirement, and other standard employment functions;
  8. administering human resource-related processes, including those relating to performance management, and disciplinary issues;
  9. delivering or providing facilities, services, security, and staff benefits to employees;
  10. facilitating claims and remittances for mandatory benefits;
  11. communicating effectively with personnel, including the distribution of relevant newsletters and circulars;
  12. supporting personnel training, health, safety, welfare and religious requirements;
  13. compiling statistics and conducting surveys and research for internal and statutory reporting purposes;
  14. enabling the Office of Human Resource Management and Organization Development (OHRMOD) to contact others in the event of an emergency.
  15. other similar or related tasks

We consider the processing of your personal data for these purposes necessary for the performance of our contractual obligations to you, for our compliance with a legal obligation, to protect your vitally important interests, including your life and health, for the performance of tasks we carry out in the public interest (e.g., public order, public safety, etc.), or for the pursuit of the legitimate interests of the University, or a third party. We understand that the DPA imposes stricter rules for the processing of sensitive personal information and privileged information, and we are fully committed to abiding by those rules.

If we require your consent for any specific use of your personal data, we will collect it at the appropriate time.

Please note further that we will not subject your personal data to any automated decision-making process without your prior consent.

How We Share, Disclose, or Transfer Your Information

To the extent permitted or required by law, we may also share, disclose, or transfer your personal data to other persons or organizations in order to pursue our legitimate interests as an educational institution, employer, and/or contracting party. For example, we may share, disclose, or transfer your personal data for purposes such as:

  1. submission of information to government agencies such as the Commission on Higher Education and Department of Education, for accreditation and reportorial requirements; the Social Security System, Philippine Health Insurance Corporation, Pag-IBIG, and Bureau of Internal Revenue, for the provision of employment benefits mandated by law;
  2. sharing of necessary information to contracted providers such as insurance companies, insurance brokers, banks, and other similar organizations, in relation to any or all of your loan applications and insurance claims;
  3. sharing information with entities or organizations (e.g., Philippine Accrediting Association of Schools, Colleges and Universities ) for accreditation and university ranking purposes;
  4. disclosure of your information related to Termination of Employment, Flexible Fixed/Variable Work Arrangements, Employees Compensation Report to the Department of Labor and Employment, as part of the University’s reportorial obligations;
  5. other purposes, when necessary and under circumstances permitted or required by law.

How We Store and Retain Your Information

Your personal data is stored and transmitted securely in a variety of paper and electronic formats, including databases that are shared between the University and its different units or offices. Access to your personal data is limited to University personnel who have a legitimate interest in them for the purpose of carrying out their contractual duties. Rest assured that our use of your personal data will not be excessive, and shall be limited to that which is necessary to achieve the purpose of their collection, and/or only when permitted by law.

In retaining your personal information, we generally subscribe to the following schedule:

  1. Employees. One year (1) from the day of your separation from the University or the termination of your employment, after which your employment records (e.g., 201 file) in HRMO are transferred to the Archives File of the HRMO.
  2. Job applicants. Two (2) years for pooling purposes, after which they are disposed of in a secure and safe manner, if not used within said period.

For other types of personal data, we only retain them for historical and statistical purposes, unless otherwise provided by law or by applicable University policies.

Your Rights with Respect to Your Personal Data

We recognize your rights with respect to your personal data, as provided under the DPA. If you wish to exercise any of your rights, or should you have any concern or question regarding them, this Notice, or any matter involving the University and data privacy, you may contact the Data Protection Office (DPO) at:

email: dpo@smu.edu.ph

Landline: +63 2 426-6001, loc. 4801

Website: smu.edu.ph/dpo

Address: Rm 203, Lambrecht Hall, Saint Mary’s University

Changing This Privacy Policy

We may, from time to time, make changes to this Policy. On such occasions, we will let you know through circulars and our website. Any modification is effective immediately upon posting on the university bulletin boards or website

Other University Policies

Other policies of the University, which are not inconsistent with this one, will continue to apply. If any provision of this Policy is found to be unenforceable or invalid by any court having competent jurisdiction, the invalidity of such provision will not affect the validity of the other provisions, which shall remain in full force and effect.

Consolidated by:

SGD

DR. JOHN G. TAYABAN, PhD

VP for Administration and

Data Protection Officer

Approved on October 18, 2019

SGD

DR. JOHN OCTAVIOUS S. PALINA, PhD

University President

C:\Users\mmoreno\Pictures\smulogo_new copy_big2.pngSaint Mary’s University

DATA PROTECTION OFFICE

DATA PRIVACY CONSENT FORM

I have read the SMU DATA PRIVACY POLICY FOR UNIVERSITY EMPLOYEES , understood its contents and consent to the processing of my personal data. I understand that my consent does not preclude the existence of other criteria for lawful processing of personal data, and does not waive any of my rights under the Data Privacy Act of 2012 and other applicable laws.

Complete Name of Employee: _________________________________ Signature : ________________Date:___________________

Scroll Up