Student Data Processing Statement


Adamson University collects, maintains and processes personal data relating to its students. It is essential to do so in order for the University to carry out its functions and manage its operations and to provide services to you. These activities are carried out in accordance with the Data Privacy Act of 2012.

The University as defined in the Data Privacy Act of 2012 is the Personal Information Controller (PIC) for processing of personal data which you will provide. To comply with the said law, the University is notifying the students of its implementation.

During enrolment and re-enrolment, you give your consent for the University to process your personal data. The University provides this Statement, which explains how and why we typically process and share your personal data. It also explains how you can opt out of some aspects of the processing, where applicable.

  1. Why the University collects and processes your personal data.

    To meet certain legal requirements, the University will process and maintain your personal data which are mainly obtained from the details you provide through University application forms and the University registration/enrolment process. Additional personal data is collected during and after your studies including re-enrolment and graduation. This may include sensitive personal data and could include photographs and moving images.

    Types of personal data may include name, address, date of birth, program studied, fee payments, information about examinations, assessments and results. Examples of the purposes for which the University uses your personal data include:

    1. processing your enrollment application;
    2. enrolling you as a student and maintaining your student record;
    3. administering your course and academic progress;
    4. administering the financial aspects of your studies, including tuition and accommodation fees;
    5. providing or offering facilities and services to you during your time as a student and thereafter as part of the University’s legitimate business (e.g. library access, computing, sports facilities, accommodation, recognized student organization membership, alumni membership and activities);
    6. submitting reports and statistics, which the University is required to comply with.

    The University also needs to collect and process some sensitive personal data as defined by the Data Protection Act (‘DPA’) of 2012 including:

    1. your health and disabilities, to provide support and access to University services;
    2. your ethnic origin and sexual orientation, for equal opportunities monitoring;
    3. previous criminal convictions, before a place can be offered on certain programs.

  2. How the University processes and shares your personal data.

    2.1 Within the University

    Your personal data may be shared between University departments as necessary for the following purposes:

    Monitoring: Your personal data is used to administer the University’s services and facilities, such as the IT facilities and the Library and Information Service. Access controls may be applied to particular services, such as computing facilities and some entrances. This personal data is processed for security purposes and may be used as evidence of breach of University regulations or breach of law in the prevention, detection and prosecution of crime.

    The University also monitors your engagement with your course including attendance to assist the University in the compliance and meeting statutory and regulatory body requirements. The University uses CCTV systems throughout the campus to assist in safeguarding your personal security and to aid in the prevention, deterrence and detection of crime. Such processing is carried out in accordance with its CCTV Policy and Procedure.

    In some circumstances, the University may use a third party to process your personal data on our behalf. It will maintain a contract or data sharing agreement with the third party that ensures that your data is processed only for specific purposes under our instruction and is handled securely and in line with the Data Protection principles.

    2.2 Outside the University

    The University will only share your personal data with external third parties where:

    1. we have your consent, or
    2. we are required to do so under a statutory or legal obligation, or
    3. we are permitted to do so in accordance with the Data Privacy Act 2012.

    Said external parties may include the following organizations:

    1. Commission of Higher Education (CHED), Higher Education (HE) funding councils or organizations and other government bodies: The University will share some of your personal data with CHED, HE funding councils, other government bodies and/or third party organisations working on their behalf.
    2. Police agencies: The DPA 2012 allows the University to disclose your personal data to police authorities without your consent relating to the prevention/detection of crime, the apprehension and prosecution of offenders, the protection of an individual’s vital interests/welfare or safeguarding national security.
    3. Financial sponsors: If your tuition fees are paid under a sponsorship, scholarship or loan arrangement by an external organisation (e.g. local government offices), the University may share personal data relating to your attendance and academic progress.
    4. Education institutions and placement providers: If you are involved in study arrangements with other organisations, e.g. exchanges, placements, the University may disclose some of your personal data to the relevant provider.
    5. Turnitin®: The University uses the Turnitin® system as a plagiarism detection source. The Turnitin® system compares the student’s work against a variety of sources. You will be required to provide basic personal data (e.g. name, e-mail address, course details) to use the Turnitin® service. Turnitin’s Privacy Statement provides further information regarding the collection and processing of your personal data.
    6. Debt recovery/credit control: Your personal data may be shared with collection agency attempting to recover debt on behalf of the University where internal debt recovery procedures have been unsuccessful. The University may also include details of an outstanding debt in any reference or verification of results supplied to a third party.
    7. Insurance: The University may share your personal data with its insurers for the purpose of providing insurance cover or in the event of a claim.
    8. Parent’s Portal: Your grades will be posted in the parent’s portal. Voluntarily and willfully, you agree to give consent or authority to your parents or named guardian access to view or check my Grades and Certificate of Enrolment through the Student and Parent Portal provided by Adamson University through its official website.
    9. Graduation: Graduand names, programmes and classifications are published within the University, printed in the graduation brochure and released to the local media. Graduation ceremonies are regarded as public events and may be recorded and/or live streamed by the University.

    2.3 After you graduate

    The University will need to maintain some records relating to you after you graduate. This includes: verifying your award, providing transcripts of your grades, opportunities for further study, academic references, careers support, alumni and networking services.

    1. Tracer Study and Surveys: The University participates in the conduct of tracer study and surveys about the destinations of its graduates. Approximately 6 months after you graduate, we will contact you to ask you to participate in the said tracer study and survey. You may also be included in a sample of alumni who are surveyed again a few years after they graduate.
    2. Alumni: When you graduate/complete your course, you will automatically be included as a member of the University’s Alumni Association. You will receive e-mails from alumni about the benefits of staying in touch.
    3. Award verification: University awards are a matter of public record. The University may therefore disclose to third parties whether or not you have received an award and if so, the date and classification, without notifying you. Such a disclosure would be subject to a check regarding the origin of the request.

  3. Your Rights

    Your rights relating to your personal data include:

    1. To be informed what personal data the University maintains about you and what it is used for.
    2. To access your personal data.
    3. To update the personal data the University maintains or rectify inaccurate data.
    4. To be informed how the University is complying with its obligations under the DPA 2012
    5. To complain if you do not believe that the University’s Data Protection Policy has been followed.
    6. To obtain from the University a copy of data of your personal information undergoing processing in an electronic or structured format.
    7. Upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected, to suspend, withdraw or order the blocking, removal or destruction of your personal information from the University’s records system.
    8. To be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

    Object/Opt Out: To object to or opt out of any data processing or data sharing by the University, please e-mail dpo@adamson.edu.ph. The University will consider your request however, it may not be possible to facilitate such. The University is required by law to collect and process some personal data and it may not be possible for you to continue as a student of the University, if the University ceased processing your personal data, as we would not be able to carry out our educational purpose.

  4. Your Responsibilities

    1. Updating your details: The DPA 2012 requires that personal data is accurate. It is essential that you let the University know if your contact details change. If the University does not have the correct contact details, we cannot take responsibility if any information you require is sent to the wrong address. This could have serious consequences.
    2. Processing Personal Data of Others: You must comply with the University’s Data Protection Policy and the Data Protection Act 2012 if as a student you have access to the personal data of others; or if you wish to collect or process any personal data as part of your studies or research. If you are processing personal data other than as part of your studies, you should contact the Data Protection Officer (DPO) as you will not be covered under the University’s registration.

  5. Retention

    Adamson University will only retain your personal information for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. When the personal information that we collect is no longer required, we destroy or delete it in a secure manner.

  6. Changes to Our Privacy Statement

    The University may modify or amend this Student Data Processing Statement from time to time to keep up with any changes in relevant laws and regulations applicable to us or how we collect, use, protect, store, share or dispose of your personal information. Any relevant updates will be posted on the University website.