I. Personal Data
CIIT processes personal data of students, applicants, and personnel, which may include information such as name, age, birthdate, place of birth, marital status, gender, nationality, religion, address, contact information, emergency contact information, family background, educational history, grades, academic performance or standing, attendance, health or medical records, disciplinary records, and any other personal information within the scope of the DPA that is under the control or possession of CIIT.
CIIT likewise processes personal data of guests, visitors, and other users of the CIIT website, services, and premises, which may include information such as name, address, contact information, educational history, CCTV recordings, credit card details used for online transactions, and any other personal information within the scope of the DPA that is under the control or possession of CIIT.
II. Processing and Location of Data
CIIT’s processing includes manual, automatic or electronic collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction, and other operations performed on personal data. Processing may be done through manual, physical, automatic, virtual or electronic means or methods. We process and store Personal Data only within the Philippines.
III. Collection of data
CIIT may collect personnel data upon request at appropriate times, including, without limitation, upon:
the accomplishment of forms required for the delivery of CIIT’s services;
the submission of documentary requirements to CIIT, including cover letters, resumes, transcripts of records, birth certificates and other documents containing personnel data;
visiting and/or using the CIIT website and/or premises;
online transactions and payments for CIIT services.
IV. Storage of data
The personal data and records collected are stored in physical and/or electronic mediums:
Personal data and records written in physical documents are stored in lock-and-key containers housed in secure locations and accessed only by authorized personnel. Archival data is stored in secure locations and accessed only by authorized personnel.
Personal data and records encoded in electronic systems either encoded or digitized, are stored in official school systems and other third party systems/services utilized by CIIT. School systems are stored and secured in servers hosted within and outside CIIT.
Formal agreements between CIIT and all third-party systems/services that store data are established for the proper storage and processing of data.
V. Use and sharing of data
Personal data and records collected are shared by CIIT with authorized persons only when appropriate or necessary, including, without limitation, the use of data in connection with:
application for or admission to, enrollment in, or education, training, or internship, and other legitimate purposes of CIIT;
processing of personal data for background check or verification; and
internship, on-the-job training, employment, or any other similar engagement.
Authorized persons may include, as appropriate, CIIT personnel, service providers and their personnel, partner organizations or companies, government agencies, and regulatory authorities, and parent/s, legal guardian/s, or any person/s giving financial support for students’ education, for purposes of verification and in acknowledgement of the exercise of their authority and responsibilities under the law.
VI. Retention and disposal of data
CIIT will retain personal data only for as long as necessary for the fulfillment of the purposes for which the data was obtained, for the establishment, exercise or defense of legal claims, for legitimate business purposes, or as provided by applicable laws or regulations. Personal data that is no longer necessary to be retained will be disposed of or de-identified in a secure manner.
Certain types of data may be stored in perpetuity by the Office of the Registrar upon enrollment with CIIT, in compliance with the general practices of Registrars and Higher Education Institutions, such as students’ diplomas and transcripts of records.
VII. Requests for objections, corrections, erasures, blocking, access or complaint
The following concerns may be raised through the submission of a formal letter to the School Registrar for consideration:
objections to the sharing of personal data outside CIIT;
requests for correction and/or change of personal data;
requests for erasure, blocking, destruction, or removal of personal data; and
any other complaints or concerns related to data privacy.
VIII. Rights of data subjects
Persons providing personal data are solely responsible for the correctness and accuracy of such data or any information provided to CIIT, for which CIIT reserves the right to rely on the same. In case of any changes, updates, or corrections, CIIT should be notified immediately.
The following are rights of data subjects under data privacy laws:
Right to be informed about data collection and processing
Right to object to data processing, except where:
the data is needed pursuant to a subpoena or court order;
the collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable; or
the information is being collected and processed as a result of a legal obligation.
Right to access upon reasonable demand and with respect to certain information
Right to data portability
Right to rectify or correct, except when the request for correction is vexatious or otherwise unreasonable
Right to file a complaint and provide necessary evidence in support of such
Right to suspend, withdraw, or order the blocking, removal, or destruction of personal data, in the event of termination of a relationship with CIIT, provided that there is no other legal ground or overriding legitimate interest for CIIT to retain the personal data
Right to transfer administration of one’s personal information to another due to incapacity or death, subject to proof that the latter is an heir or assignee of the data subject
CIIT recognizes the existence of limitations or exceptions to the rights of data subjects, as well as conditions and procedures to be complied with to invoke such rights.
IX. Contact information
CIIT College of Arts and Technology
Interweave Building, 94 Kamuning Rd., Quezon City, Philippines
(02) 411 11 96
Guide document on personal data and purposes of collection and storage
The following table sets out a non-exhaustive list of personal information and documents that CIIT may collect and process in the regular course of its business as an educational institution and/or as stated below. This document is only intended to serve as a reference for students, applicants, parents/guardians, personnel and other relevant persons, and may be subject to modification from time to time in the discretion of CIIT.