Office of the Secretary-General

Data Privacy

Process, Pathway of Approval, and Requirements for Requested Personal Data for Data-gathering Purposes

 In compliance with the Data Privacy Act of 2012, the University, through its Data Protection Officer (DPO) and heads of academic, research, and administrative offices as Compliance Officer for Privacy (COP), reiterates the need to protect the personal data of our data subjects (i.e., applicants, students, academic staff, support staff, and alumni). 

In relation to a request for the use of personal data needed for the online deployment of data-gathering tools for research (i.e., thesis/dissertation/commissioned research) by internal or external proponents, the final approval of the DPO requires the following: 

a) The clearance from an accredited UST Ethics Review Committee; 

b) The review and endorsement of the Office of the Vice-Rector for Research and Innovation; and 

c) The approval of the concerned COPs. 

For your reference, Please see  the table below for the process, pathway, and requirements for the approval by the COPs.

Thank you. 

 PROCESS, PATHWAYS, AND REQUIREMENTS 

for the approval of a request for personal data needed for the online deployment of data-gathering tools for a thesis, dissertation, or commisioned research: 

 Legend: 

AU – Academic Unit 

COP – Compliance Officer for Privacy 

DPO – Data Privacy Officer 

ERC – Ethics Review Committee 

 MOA – Memorandum of Agreement 

NDA – Non-disclosure Agreement 

OVRRI – Office of the Vice-Rector 

for Research and Innovation 

UST – University of Santo Tomas 

  1.  The Compliance Officer for Privacy (COP) for Academic Unit level data is the head of the Academic Unit while the COP for University level data is the head of the concerned University unit. 
  2. The Memorandum of Agreement (MOA) must stipulate the responsibility of the researchers in terms of the different phases of the data life cycle.  

3. Whether the study requires sharing of personal data to an external party or not, the approval to the next step depends on the favorable review of the Ethics Review Committee. 

4. The Non-disclosure Agreement (NDA) must stipulate the extent of responsibility of the researchers and collaborators in terms of the data life cycle, particularly on disclosure/data sharing. 

5. The Memorandum of Agreement (MOA) must stipulate the responsibility of the researchers in terms of the different phases of the data life cycle.  

Contact Information

Office Address​

Telephone Numbers

Online

Office Address​

Telephone Numbers