Statement of Policy
The Department of Science and Technology- Science and Technology Information Institute (DOST-STII) guarantees privacy of personal information and is committed to protect personal data in accordance with R.A. 1073, also known as Data Privacy Act of 2012.
Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Sensitive personal information refers to personal information:
- About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
- About an individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
- Issued by government agencies peculiar to an individual which includes, but not limited to social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
- Specifically established by an executive order or an act of Congress to be kept
Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
Processing of Personal Data
DOST-STII collects personal information that is reasonably necessary for, or directly related to, its functions and activities. The agency will only use and disclose personal information for the purposes it was collected, or otherwise in accordance with the Privacy Act.
The type of personal information DOST-STII collects may include, but is not limited to the following:
- Mobile number
- Telephone number
- Email address
- Educational Attainment
DOST-STII generally collects personal information directly from clients. The ways in which it collects personal information may include, but not limited to the following:
- access and use of DOST-STII forms (online and printed);
- conversations via telephone or in person;
- written correspondence including
DOST-STII collects personal information so it can perform its functions and activities in order to provide the best possible quality customer service. It collects, holds, and uses personal information to:
- identify client;
- provide products and services and to send communications requested;
- answer inquiries, and provide information or advice about existing and new promotional materials or services;
- assess service performance to improve the operation;
- process and respond to any complaint;
- conduct research and analysis regarding our services
A. Storage, Retention, and Destruction
The Records Section of DOST-STII manages documented information in accordance with ISO 9001:2015 rules on documented procedures on control of documents and records and with the National Archives of the Philippines (NAP) Act of 2007 and its Implementing Rules and Regulations, from creation, protection, use, storage, and disposition of government records.
DOST-STII may store client’s personal information in documentary or electronic form. It will exercise physical security on those documents and electronic versions of the data contained therein. It will also take reasonable steps to permanently dispose of any personal information no longer needed for the purpose for which it was collected or for meeting legal requirements. Documents will be stored and protected in locked filing cabinets or in locked offices, while electronic versions of personal information will be secured through encryption and password-protected computer files.
B. Data Access
The purpose of this policy is to maintain an adequate level of security to protect data and information systems of DOST-STII from unauthorized access.
Client may request access to their personal information at any time, subject to any relevant legal requirements and exemptions, including identity verification procedures. As a prerequisite, DOST-STII will ask for proof of identity and other relevant information as a security precaution prior to locating and allowing data access.
Disclosure and Sharing
DOST-STII does not share personal information with other government agencies, companies, organizations and individuals outside of DOST-STII except in any of the circumstances below:
With consent. DOST-STII will share personal information with other government agencies, companies, organizations or individuals only upon written consent of the person/s involved. Written consent is required before DOST-STII can share any sensitive personal information.
In compliance with the law. DOST-STII may provide personal information to other DOST Agencies or government agencies in compliance with relevant laws or statutes
For legal reasons. DOST-STII may also share personal information with other government agencies, organizations or individuals outside DOST-STII if it believes that the information disclosure is necessary for legal purpose.
To prevent unauthorized access and disclosure and to ensure the appropriate use of personal information, DOST-STII implements organizational, technical, and physical security measures to safeguard the information it collects and processes.
Organizational Security Measures
- Appointment of Data Protection Officer who oversees the compliance of DOST-STII with the Data Privacy Act, its IRR, and other related policies;
- Conduct of Privacy Impact Assessment, implementation of security measures, security incident, data breach protocol, and customer feedback / complaints procedure;
- Periodic review of documented procedures on control of document and control of records, for adequacy and effectiveness
- Secured storage of data and Digital/electronic files are password- protected.
- Restricted access to storage/data room for authorized personnel
Technical Security Measures
- Installation of a firewall in all its servers to prevent unauthorized access to the data
- Review and evaluation of software applications before its installation in computers and devices to ensure compatibility of security features with the overall
Rights of the Data Subject
Under the Data Privacy Act of 2012, people whose personal information is collected and processed are called data subjects. DOST-STII is duty-bound to observe and respect their privacy rights. Subject to the requirements, conditions, and exemptions under the Data Privacy Laws, they are entitled to the following rights:
- To be informed. DOST-STII shall inform data subjects when their personal data shall be, are being, or have been processed. This includes the purpose for which data is being processed and the method of
- To object. Incidental to consent, data subjects have the right to object to the processing of personal data to withdraw their consent. However, such refusal may disqualify them from availing of the services of the agency, where processing of the data is necessary.
- To access personal data. Upon written request, client may be given reasonable access to their personal
- To require the correction of erroneous data. Upon submission of legitimate documents proving errors, client may request for the correction of their information with the
- To data portability. Client may obtain a copy of their personal data in an electronic or structured format for further
- To suspend, withdraw, or order the blocking, removal, or destruction of personal data. Consequently, DOST-STII may terminate any services which necessarily involve the processing of personal data.
- To file a complaint with the National Privacy Commission
MS. MA. TERESA M. ROSQUETA
Data Protection Officer
Department of Science and Technology Science and Technology Information Institute