
Privacy Statement
The University of St. La Salle (USLS) is committed to fully protect your personal data privacy in compliance
with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).
We shall detail the manner in which we process your personal data and provide a separate privacy notice in an
appropriate format and manner whenever we collect personal data through other channels (e.g., publicly
facing data processing systems implemented, notice attached to application or registration forms when
personal data is collected by USLS).
In all instances, we assure you that processing your personal data will strictly follow the provisions of
DPA, especially the general data privacy principles of Transparency, Legitimate Purpose, and
Proportionality.
USLS Website Privacy Notice
Our official website is www.usls.edu.ph
This Privacy Notice is for the USLS website. These functionalities enable the USLS to collect and process
your personal information.
Personal Data Collected and Manner of Collection
We collect the following personal data from you when you electronically submit to us your inquiries or
requests:
- Name
- Email Address
- Contact number
USLS Online Appointment System (OAS)
This form is used by the data subject to request appointment with various USLS offices.
Basis, Use, and Purpose for Processing of Personal Data
While your consent may be solicited to process your personal data, we may also process personal data without
your consent, such as when processing is allowed under Section 12 or Section 13 of the DPA.
In these instances, your personal data is utilized for the following purposes:
- For documentation and processing of inquiries and requests within the USLS, enable the USLS to properly
address them and forward them to the appropriate internal units for action and response.
- To solicit feedback for the services we provide.
- To provide you with the appropriate updates and advisories in an appropriate format and orderly and
timely manner.
- To comply with a legal obligation to which the USLS is subject.
- To comply with the requirements of public order and safety.
- To be able to provide the appropriate action that a data subject may require concerning their data
privacy rights.
Methods utilized for automated access
The USLS uses Google Analytics, a third-party service, to analyze our web traffic data, help us determine our
website's engagement, and improve our website services and features. This service uses cookies. Data
generated is not shared with any other party.
The following web traffic data are processed for this purpose:
- Your IP address
- The pages and internal links accessed on our site
- The date and time you visited the site
- Geolocation
- The referring site or platform (if any) through which you accessed this site
- Your operating system
- Web browser type
Disclosure of Personal Data
Personal data processed by the USLS is not shared with any other party unless such disclosure is allowed
under Section 12 or 13 of the DPA.
Risks Involved
Risk refers to the potential of an incident to result in harm or danger to a data subject or organization.
Risks may lead to the unauthorized collection, use, disclosure, or access to personal data. It includes
risks involving the confidentiality, integrity, and availability of personal data or the risk that
processing will violate the general data privacy principles and the rights of data subjects.
USLS ensures that adequate physical, technical, and organizational security measures are in place to protect
personal information's confidentiality, integrity, and availability. However, this does not guarantee
absolute protection against certain risks involving the processing of personal data, such as when systems
are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are
accessed without authority.
However, adequate policies are in place to ensure appropriate security incident management in line with
existing NPC policies, circulars, and other issuances.
Data Protection and Security Measures
We safeguard the confidentiality, integrity, and availability of your personal information by maintaining a
combination of organizational, physical, and technical security measures based on generally accepted data
privacy and information security standards. Among the measures we implement are the following:
- Policies on access control in both digital and physical infrastructures to prevent unauthorized access
to personal information.
- Security measures against natural disasters, power disturbances, external access, and similar threats.
- Technical measures to protect our computers and databases against accidental, unlawful, or unauthorized
usage, interference, or access.
Storage and Retention
We store files containing personal information in our computers and servers, which are kept in a secure
environment. We may also store your personal information with cloud-based third-party data storage
providers. We shall ensure that proper measures are adopted to protect your information.
Personal data shall be stored in a database for two (2) years after inquiries and requests are acted upon.
After which, records shall be disposed of securely.
Other categories of data may be kept longer than two (2) years when its retention period is determined by
other relevant laws and regulations.
Disposal
Physical records shall be disposed of through shredding, while digital files shall be anonymized. In all
instances, our manner of disposal shall ensure that the personal information shall no longer be retrieved,
processed, or accessed by unauthorized persons.
Rights of a Data Subject
Under the DPA, you have the right to be informed regarding processing the personal information we hold about
you.
Further, you may be entitled to request:
- Access to personal data we process about you. It is your right to obtain confirmation on whether or not
data relating to you are being processed;
- Rectification of your personal data. This is your right to have your personal data corrected if it is
inaccurate or incomplete;
- Erasure or order blocking of your personal data whenever warranted;
- The right to object if the personal data processing involved is based on consent or on legitimate
interest;
- The right to data portability through which you may obtain and electronically move, copy, or transfer
your data securely for further use.
You may claim compensation if you believe you suffered damages due to inaccurate, incomplete, outdated,
false, unlawfully obtained, or unauthorized use of personal data or for violating your rights and freedoms
as a data subject.
Suppose you think that your personal information has been misused, maliciously disclosed, or improperly
disposed of or that your data privacy rights have been violated. In that case, you have a right to file a
complaint with the NPC.
Changes to the Privacy Notice
USLS reserves the right to update or revise this privacy notice at any time and will provide a new privacy
notice whenever there are substantial changes.
Feedback on our Privacy Notice
If you have suggestions or comments regarding our privacy statement and notice or for any issues concerning
our data privacy practices, you may reach us through our Data Privacy Officer, Ms. Anna Luz Maturan, via
landline (034) 434 6100 local 101 or email at dpo@usls.edu.ph.
Registration Compliance
Here is our Certificate of Registration issued by the National Privacy Commission valid until 04 October
2025. (Link here)