STATEMENT OF POLICY
The Department of Science and Technology-National Research Council of the Philippines (DOST-NRCP) guarantees the privacy of personal information and is committed to protecting personal data in accordance with R.A. 1073, also known as Data Privacy Act of 2012.
DOST-NRCP produced mobile games under the project “Leveraging Basic Research Information Translation for Empowerment in the Regions” program (BRITER).
Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Sensitive personal information refers to personal information:
- About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations;
- About an individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
- Issued by government agencies peculiar to an individual which includes, but is not limited to social security numbers, previous or current health records, licenses or their denials, suspension or revocation, and tax returns; and
- Specifically established by an executive order or an act of Congress to be kept
Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
PROCESSING OF PERSONAL DATA
DOST-NRCP collects personal information that is reasonably necessary for, or directly related to, its functions and activities. The agency will only use and disclose personal information for the purposes it was collected, or otherwise in accordance with the Privacy Act.
DOST-NRCP mobile games do not collect any personal information.
DOST-NRCP does not use any personal information as the mobile games it produced do not have the means to collect personal information.
- Storage, Retention, and Destruction
The Records Section of DOST-NRCP manages documented information in accordance with ISO 9001:2015 rules on documented procedures on control of documents and records and with the National Archives of the Philippines (NAP) Act of 2007 and it’s Implementing Rules and Regulations, from creation, protection, use, storage, and disposition of government records.
DOST-NRCP may store other personal information in documentary or electronic form. It will exercise physical security on those documents and electronic versions of the data contained therein. It will also take reasonable steps to permanently dispose of any personal information no longer needed for the purpose for which it was collected or for meeting legal requirements. Documents will be stored and protected in locked filing cabinets or in locked offices, while electronic versions of personal information will be secured through encryption and password-protected computer files.
2. Data Access
The purpose of this policy is to maintain an adequate level of security to protect the data and information systems of DOST-NRCP from unauthorized access.
Players may request access to their personal information at any time, subject to any relevant legal requirements and exemptions, including identity verification procedures. As a prerequisite, DOST-NRCP will ask for proof of identity and other relevant information as a security precaution prior to locating and allowing data access.
In case certain personal information possessed by DOST-NRCP is deemed incorrect, incomplete, or inaccurate, the player may request amendment/correction of information by sending an email to email@example.com. Data updates or corrections to personal information will be free of charge.
DISCLOSURE AND SHARING
DOST-NRCP does not share any information collected from the game with other government agencies, companies, organizations, and individuals outside of DOST-NRCP.
To prevent unauthorized access and disclosure and to ensure the appropriate use of personal information, DOST-NRCP implements organizational, technical, and physical security measures to safeguard the information it collects and processes.
Organizational Security Measures
- Appointment of a Data Protection Officer who oversees the compliance of DOST-NRCP with the Data Privacy Act, its IRR, and other related policies;
- Conduct Privacy Impact Assessment, implementation of security measures, security incident, data breach protocol, and customer feedback/complaints procedure;
- Periodic review of documented procedures on control of documents and control of records, for adequacy and effectiveness
- Secured storage of data and Digital/electronic files are password-protected.
- Restricted access to storage/data room for authorized personnel
Technical Security Measures
- Installation of a firewall in all its servers to prevent unauthorized access to the data
- Review and evaluation of software applications before its installation in computers and devices to ensure compatibility of security features with the overall
RIGHTS OF THE DATA SUBJECT
Under the Data Privacy Act of 2012, people whose personal information is collected and processed are called data subjects. DOST-NRCP is duty-bound to observe and respect their privacy rights. Subject to the requirements, conditions, and exemptions under the Data Privacy Laws, they are entitled to the following rights:
- To be informed. DOST-NRCP shall inform data subjects when their personal data shall be, are being, or have been processed. This includes the purpose for which data is being processed and the method of
- To object. Incidental to consent, data subjects have the right to object to the processing of personal data to withdraw their consent. However, such refusal may disqualify them from availing of the services of the agency, where the processing of the data is necessary.
- To require the correction of erroneous data. Upon submission of legitimate documents proving errors, Player may request for the correction of their information with the
- To data portability. Player may obtain a copy of their personal data in an electronic or structured format for further
- To suspend, withdraw, or order the blocking, removal, or destruction of personal data. Consequently, DOST-NRCP may terminate any services which necessarily involve the processing of personal data.
- To file a complaint with the National Privacy Commission