ACE RX REVIEW

DATA PRIVACY CLAUSE

            In observance of Data Privacy Act 2012, ACE RX Learning Specialists, Inc. uses your personal data to pursue its legitimate interests as an educational or learning institution for purposes within the bounds permitted or required by law.

            It is understood that the Data Privacy Act imposes stricter rules for the processing of sensitive personal information and privileged information.  ACE RX Learning Specialists, Inc. is fully committed to abiding by those rules.

           Please tick the agreement box as an expression of your consent to the processing of your personal data.

Policies on Data Privacy Protection

Statement of Privacy Policy

ACE RX Learning Specialists, Inc. is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and charge. This policy is intended to provide information on what personal data is gathered by the institution about its current, past, and prospective faculty, staff, personnel, students and participants; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in accordance with the Philippine Republic Act No. 10173 or the Data Privacy Act of 2012(DPA) and its Implementing Rules and Regulations (DPA-IRR). The institution sets out its data protection practices and put in place to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

This Data Privacy Notice and Consent Form may be amended at any time without prior notice, and such amendments will be notified to you via official channels.

Privacy Notice

Information Collected

The institution collects, stores, and processes personal data from its current, past and prospective data subjects -faculty, staff, personnel, participants and students, from the application stage to the whole course of stay in the institution.

STUDENTS/PARTICIPANTS/FACULTY/STAFF/PERSONNEL

• Contact information, such as, name, addresses, telephone numbers, email addresses and other contact details.
• Personal information, such as date and place of birth, nationality, immigration status, religion, student ID, etc.
• Family background, including information on parents, guardians, siblings, etc.
• Photographic and biometric data, such as, photos, CCTV videos, handwriting and signature specimens
• Student's institution works, such as but not limited to exam papers and results, including data gathered using third party online learning tools.
• Health records, psychological evaluation results, disciplinary records, and physical fitness information
• Financial and billing information
• Professional Information such as academic degrees, professional affiliation, skills, seminars and trainings attended, etc.

Use of Information

The purpose/s of the processing of personal data shall be disclosed to the data subjects such that they can freely express their consent each time they are requested to share their personal information.

Processing of data is conducted for different purposes which include the following:

STUDENTS/PARTICIPANTS

• Processing of admission or registration and  to confirm the identity of prospective students or participants.
• Verifying authenticity of student records and documents
• Processing of enrollment and registration
• Monitoring and reporting on student progress; processing of evaluations and exam results
• Monitoring and ensuring the safety of all students within the institution 
• Processing and generating statements of accounts
• Documentation of students’ or participants' data

FACULTY/STAFF/PERSONNEL/APPLICANTS

• Processing of application and selection of faculty, staff, personnel (and to confirm their identity and background)
• Verifying authenticity of records and documents
• For accreditation, professional development of teachers and staff, and research.

Information Sharing

Personal data under the custody of the institution shall be disclosed only to authorized recipients of such data. Otherwise, we will share your personal data with third parties only with your consent, or when required or permitted by our policies and applicable law, such as with:

Regulatory authorities, courts, and government agencies, e.g., Professional Regulation Commission. ,

Service providers who perform services for us and help us support your learning, monitor and report on your progress, manage the operations of our institution.

Data Transfer

Where the institution considers it necessary or appropriate, for the purposes of data storage, processing, providing any service or product on our behalf to you, or implementing an academic linkage program or any related partnership, we may transfer your personal data to third parties within or outside of the Philippines, under conditions of confidentiality and similar levels of security safeguards.

Security

We are putting in place organizational, administrative, technical, and physical security measures to safeguard your personal data. Only authorized personnel have access to your personal data, the exchange of which (mainly within the institution) is facilitated through email and paper files. Should third parties need access to your personal data, we require a non-disclosure agreement and/or a data sharing agreement with them, in compliance with the DPA and the DPA-IRR. Documents and digital files are securely stored: employing physical security to safeguard the paper files and technical security to protect the digital files.

Retention of Information

We keep your paper and digital files only for as long as necessary.

a) Student Record and/or Enrollment Form

b) all datas and information collected are kept by the ACE RX Manager for 5 years.

c) Student exam papers and results or other institution materials are kept for two years, but, in a few cases, selected student works may be retained as exemplars.

d) Financial and billing information are kept by the Finance Office for 5 years, but, in few cases, shall kept file of those who have outstanding balance.

f) CCTV cameras are the responsibility of IT in-charge; some cameras have memory for two weeks of CCTV videos, and older ones for less. The cameras run continuously on a rolling basis, where older videos are overwritten as the memory fills up.  This shall also apply to recordings of live videos in online classes.

When your personal data is no longer needed, we take reasonable steps to securely destroy such information or permanently de-identify it. Paper files are securely shredded; and electronic information is deleted. Secure and Erase settings are applied so that this is no longer recoverable nor reproducible.

Data Protection Officer

The institution appoints a Data Protection Officer (DPO) in compliance with the Data Privacy Act (DPA) of 2012. The DPO shall have autonomy in the exercise of the following responsibilities:

• monitor the institution as Personal Information Processor (PIP) or Personal Information Controller (PIC) in its compliance with the DPA, its implementing rules and regulations, issuances by the National Privacy Commission (NPC) and other applicable laws and policies.
• collect information to identify the processing operations, activities, measures, projects, programs, or systems of the institution, and maintain a record thereof;
• analyze and check the compliance of processing activities, including the issuance of security clearances to and compliance by third-party service providers;
• inform, advise, and issue recommendations to the PIC or PIP as regards renewal of accreditation or certifications necessary to maintain the required standards in personal data processing;
• advice the PIP or PIP as regards the necessity of executing a Data Sharing Agreement with third parties, and ensure its compliance with the law;
• ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP;
• advise the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data);
• ensure proper data breach and security incident management by the PIC or PIP, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period;
• inform and cultivate awareness on privacy and data protection within the school, including all relevant laws, rules and regulations and issuances of the NPC;
• advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the PIC or PIP relating to privacy and data protection, by adopting a privacy by design approach;
• serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns and the PIC or PIP;
• cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security; and
• perform other duties and tasks that may be assigned by the institution (PIC or PIP) that will further the interest of data privacy and security and uphold the rights of the data subjects.

Rights of the Data Subjects

      You have the right to be informed, object to processing, access and rectify, suspend or withdraw your personal data, including, any such information held by third parties, with whom the school has a data sharing agreement; and be indemnified in case of damages pursuant to the provisions of the DPA and the DPA-IRR. If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact or write to the school through the following channels:

Email to :  [email protected]

Call: 032-2543415

Write to:

The Data Protection Officer

ACE RX, 140 Sanciangko St. Cebu City, Philippines 6000

     If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.