DOST VI Data Privacy Policy

Introduction

The Department of Science and Technology VI respects the privacy of its clients and implements suitable protocols to ensure the protection and security of their personal data. This Data Privacy Policy adheres to the provisions outlined in the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), additional directives from the National Privacy Commission (NPC), and other pertinent Philippine legislation.

Personal information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual. 


This Privacy Notice provides a comprehensive account of how DOST VI collects, utilizes, shares, retains, eliminates, and protects the personal information of its customers. It also specifies, in accordance with applicable laws and regulations, the steps that clients may take to rectify their personal data, modify the manner in which their data is utilized, or have their personal data blocked or deleted from the DOST VI record.

Purpose

In carrying out its responsibilities as a government agency, DOST VI is obligated to comply with all legal and regulatory obligations. Therefore, it is essential that the processing of DOST VI’s clients’ personal information occurs only when necessary and for a clearly defined purpose.

DOST VI generally processes client information for one of the subsequent purposes:

  • to deliver the requested S&T services;
  • to communicate updates about the requests;
  • to review the client’s qualifications for such services;
  • to generate statistical insights;
  • to conduct research and analysis in order to improve customer satisfaction;
  • to respond to specific complaints, inquiries, requests, or to provide requested information;
  • to notify and update clients about DOST VI programs and projects that are related to the service inquired about before, with which the client can opt-out anytime should they prefer not to receive these notifications;
  • to conduct appropriate due diligence checks;
  • to evaluate program or project proposals, including their educational background, seminars and training attended, scientific works and engagements, technical expertise, manpower, and technical and operational capacity in relation to the service or program they are interested in availing of;
  • to communicate any decision on a program or project proposal and issue a letter of award together with the contract or memorandum of agreement; perform any other action as may be necessary to implement the terms and conditions of the contract or agreement;
  • to assess the viability of project or program proposals;
  • to process applications for OneExpert accreditation,
  • to evaluate the qualifications and suitability of the applicants based on the set criteria and guidelines;
  • to comply with DOST VI’s obligations under law and as required by government organizations and/or agencies such as, but not limited to, the following: Local Government Unit, National Privacy Commission, Beauru of Internal Revenue, Pag-IBIG, PhilHealth, and so on;
  • to comply with legal and regulatory requirements or obligations; and
  • to perform such other processing or disclosure that may be required under law or regulations.

Data Collected

The kinds of personal data that DOST VI collects from its clients depend on the particular purpose or service for which they are interested. The common type of data collected by DOST VI from its clients generally includes the following:

  • basic personal information, such as full name, home addresses, billing addresses, shipping addresses, e-mail addresses, employment information, telephone numbers, other personal contact numbers, and usernames;
  • sensitive personal information, such as age, nationality, marital status, gender, health, education, and government issued identification documents, which include, but are not limited to, identity (ID) cards and licenses; and
  • employment records, such as educational background, employment history, certifications, training attended, resumes, and income information for previous jobs.

Clients are personally responsible for ensuring that all such personal data submitted is accurate, complete, and up-to-date.

Method of Collection

DOST VI employs a variety of procedures to gather essential and personal information from its clientele. In general, the subsequent approaches are being utilized:

  • by filling out DOST VI forms or submitting documents to comply with the requirements to deliver S&T services such as Technology Training Services, Consultancy Services, Regional Testing and Standards Laboratory Services, services related to Research and Development, Setup iFUND, DOST-SEI S&T Scholarship Services, among others;
  • submission of documents for One Expert Accreditation;
  • submission of project or program proposals to the Research, Development, and Innovation Management Section, Technology Transfer and Commercialization Section, or Grants-in-Aid Management Office, or for similar purposes;
  • submissions for a job application;
  • submission of information through digital platforms or by contacting DOST VI through any of its social media accounts
  • transactions related to procurement purposes;
  • responding to its surveys, promotions, and other initiatives;
  • by providing personal information in relation to inquiries, requests, and complaints; and
  • through web analytics on DOST VI’s websites.

Data Collected by DOST VI’s Websites

DOST VI’s websites also engaged Google Analytics, a third-party service, to analyze the web traffic data. The data generated is not shared with any other party. Only non-identifiable web traffic data may be collected and analyzed, including:

  • IP address;
  • search terms used;
  • pages and internal links accessed on its site;
  • date and time the client visited the site;
  • geolocation;
  • referring site or platform (if any) through which the client clicked through to access DOST VI’s website;
  • client’s operating system; and
  • web browser type.

Sharing of Client’s Data

As a general rule, DOST VI will never share client’s data with third parties except in circumstances allowed by law. However, if the client gave their consent for such purposes, DOST VI may disclose personal information to other government organizations that may have inquiries, but such sharing shall be in accordance with the Data Privacy Act and its Implementing Rules and Regulations. As necessary for the proper execution of processes related to the declared purposes in this Privacy Policy, the use or disclosure is reasonably necessary, required, or authorized by or under law, or for other legal and legitimate purposes. For this purpose only, DOST VI may share its client’s personal data.

Protection of Data

DOST VI takes reasonable steps to make sure that the personal data it collects, uses, or discloses is accurate, complete, and up-to-date. It strictly enforces its Privacy Policy and has implemented technological, organizational, and physical security measures to protect personal data from loss, misuse, modification, unauthorized or accidental access, disclosure, alteration, or destruction. 

DOST VI keeps and protects personal data using a secured server behind a firewall, deploying encryption on computing devices, and physical security controls. It also restricts access to personal data only to qualified and authorized personnel who hold these personal data with strict confidentiality.

Any personal data that was processed is stored only within the DOST VI premises or secured cloud services. Using a secured connection, only authorized DOST  VI personnel can  access and download personal data from its websites. 

Data Retention

DOST VI reserves the right to retain collected personal data, such as when personal data may be necessary to resolve disputes or if DOST VI is required to do so by law or in good faith, provided that such action is necessary to comply with a legal obligation. If DOST VI is required to retain any portion of its client’s personal data for such purposes, it shall use reasonable efforts to limit such data to what is necessary to accomplish the particular purpose.

Changes in Privacy Policy

From time to time, DOST VI may necessarily update and, for reasonable purposes, amend this Privacy Policy, such as to effect changes in the Data Privacy Act and in the services delivered by DOST  VI. Should there be any changes to this Privacy Policy, such an updated version will be posted on its websites and will take effect immediately. Any changes will not have any retroactive effect and will not alter the handling of previously collected personal data without the consent of the data subject, unless required by law.

Access, Correction, and Updating of Personal Data

Clients may exercise their rights, which include the right to access, modify, erase, and object to the processing of their personal data within a reasonable time after such a request, or should they have any inquiries, feedback on this Privacy Policy, and/or complaints to DOST VI, by reaching out through a written letter or email to DOST VI’s Data Protection Officer (DPO) as provided below:

Data Protection Officer 

Department of Science and Technology VI

Magsaysay Village, La Paz, and Iloilo City

Email address: dpo@dost6.ph

Additionally, customers have the option to file a complaint with the National Privacy Commission (NPC). 

For further details, please refer to NPC’s website: https://privacy.gov.ph/mechanics-for-complaints/

Any decision by DOST VI to grant access to or investigate a request to change, delete, or object to processing personal data as it appears in its records shall always be subjected to any exceptions that are permissible by law and/or the DPA, its IRR, and other NPC circulars.

This Privacy Policy was updated on February 12, 2024.