Within the framework of the Data Privacy Act of 2012 (R.A. 10173), THE CEBU CFI COMMUNITY COOPERATIVE (CFI) declares its commitment to the protection of the privacy of its stakeholders, such as members, their registered dependents, applicants , its staff, and service providers, from whom it collects personal information in the pursuit of its legitimate interests and responsibilities as an academic institution.
Thus, CFI has instituted policies and measures that will safeguard security and confidentiality of the personal information that it collects, retains and stores, and may possibly share under certain circumstances. These policies and measures subscribe to the provisions of R.A. 10173 and its implementing Rules and Regulations.
The Cebu CFI Community Cooperative affirms its commitment to the protection of the privacy of its stakeholders, such as students, faculty, non-teaching staff, and service providers, from whom it collects personal information in the pursuit of its legitimate interests and responsibilities as an academic institution, in a manner consistent with the Data Privacy Act of 2012 and its Implementing Rules and Regulations (DPA IRR).
A. Collection and Use of Personal Information
- The cooperative only collects personal information that is necessary and directly related to one or more of its legitimate functions and activities as an academic institution.
- The collection and processing of sensitive personal information that is necessary.
- The collection and processing of sensitive personal information and privileged information shall be done only in accordance with the conditions set by the Data Privacy Act of 2012, Implementing Rules and Regulations, Sec. 22.
- The Cooperative will seek consent, and collect personal information directly from the data subject, using both electronic and paper-based modes, for various purposes, including:
- As part of any admission/enrollment/registration process accomplished by members s and applicants for any transaction or services of CFI or for application for membership.
- Recording and storage of data generated by the employment, provided of contracted services of the CFI by third-party vendors and service providers.
- In the course of undertaking administrative investigation;
- Establishing membership directories and maintaining membership and personnel records;
- Investigation of incidents relating to membership or employee discipline.
- Providing medical services such as health, guidance and counselling, medical examinations and assessing medical claims under the CFI Health plan.
- In the course of implementation of Cooperation Agreements with with government agencies, authorities or other cooperative.
- Entry into the any CFI office requiring IDs and registration logs for walk-in guests;
- Maintaining office security through specified entry procedures and CCTV security cameras installed in the buildings
B. Sharing of Personal Information
CFI will share information to other parties in the pursuit of its legitimate interests and responsibilities as an a cooperative and a credit union and financial institution in accordance with regulations prescribed by law. Examples of such situations are:
- Fulfillment of reporting requirements by mandated government bodies , agencies or institutions;
- Implementation of a management and/or financial system using proprietary software, through a contracted external service provider
- Management of health, safety and security of its members and office personnel such as hospitals, and/or the police;
- Public acknowledgement and publication of photographs of members, participants and employees, taken in the course of their participation in a CFI event or as recipient of honors and awards, for informational, marketing and promotional purposes;
- Confirmation of the status of members or its employees in response to inquiries from other parties.
C. Retention of Personal Information
- The Cooperative will retain the personal information pertaining to the record of its members and employees for historical, statistical and research purposes.
- For other types of data, e.g., visitor log at the gates, or information of applicants who did not qualify for admission or employment, retention periods will be defined in the appropriate policy’s. At the end of the retention period, records will be securely disposed of.
D. Access to, Correction, Blocking, or Deletion of Personal Information
Upon request by a data subject, CFI will allow access to his/her own personal information, and/or have the personal information corrected, blocked or deleted unless there is a legitimate reason for refusal, as identified in the limitations to the rights of data subjects, Sec. 37 of the DPA IRR.
E. Handling of Complaints and Data Security Breaches
All CFI stakeholders who become aware of a suspected or actual breach in data security must immediately bring it to the attention of the Data Protection Officer, in writing or by email, for proper recording and reporting to the National Privacy Commission in accordance with Rule IX, Sections 38 to 42, of the DPA IRR.