We value your privacy and are committed to protecting your personal information.
This policy explains how we collect, use, and safeguard your data within our system.
By continuing, you acknowledge that your information will be handled responsibly
and in accordance with applicable data protection regulations.
This Privacy Notice explains how National University ("NU") processes personal data of students, student applicants, employees, faculty,
staff, and job applicants ("you"), particularly when you use NU's digital services including the National University Information System (NUIS).
It describes what we collect, why we process it, how we protect it, who we share it with, and your rights under the
Data Privacy Act of 2012 (RA 10173)
.
Personal Data We Collect
- Identity and contact details: name, NU ID/student or employee number, date of birth (as applicable), address, email, phone number, and other identifiers required for university processes.
- Academic and student records (students/applicants): application and enrollment details, schedules, grades, evaluations, credentials, scholarship/financial assistance information, and student conduct/welfare records (as applicable).
- Employment records (employees/applicants): recruitment documents, employment history, role/department, compensation, payroll and statutory details, benefits administration, attendance/timekeeping (as applicable), training and performance records.
- Health and safety-related information (limited cases): information required by law, for clinic services, or for safety/benefits administration, with stricter access controls.
- NUIS and digital platform data: account credentials, access/authentication logs, transactions and requests, device/browser data, and support tickets/audit trails where needed to operate and secure services.
Why We Process Your Personal Data
NU processes personal data for legitimate and specific purposes, relying on applicable legal bases such as consent (when required),
performance of a contract (e.g., enrollment/employment), compliance with legal obligations, protection of vital interests, and NU's
legitimate interests (balanced with your rights).
- Academic and student services: admissions, enrollment, instruction delivery, learning support, scholarships/discounts, student welfare/discipline, and records/alumni services.
- Employment administration: hiring, onboarding, payroll and benefits, timekeeping/attendance (as applicable), training/performance, internal communications, and separation/clearance.
- Operations, compliance, and security: identity/access management, audits, fraud prevention, cybersecurity, and compliance with education, labor, tax, and other lawful requirements.
- Communications: service-related announcements and notices relevant to your role as student/employee.
NUIS and Digital Platforms
NU uses NUIS and related platforms (e.g., student/employee portals and learning platforms) to deliver academic and administrative services.
Data may be collected directly from you through forms and portal entries, and automatically through system logs needed to operate, secure, and improve these services.
- Accounts and access: account creation, login/authentication, and role-based permissions.
- Transactions: enrollment and academic/HR workflows, requests, and status updates available in NUIS.
- Logs and device data: access logs (e.g., timestamp, IP address, device/browser) for reliability, security monitoring, and investigation of issues/incidents.
- Support and audit: helpdesk tickets, troubleshooting, and audit trails to maintain service quality and compliance.
Sharing and Disclosure
NU does not sell your personal data. We share it only on a need-to-know basis, for legitimate purposes,
and with appropriate safeguards and agreements where required.
- Within NU: relevant offices/units to provide services and perform official functions.
- Third-party service providers/partners: providers supporting NU operations (e.g., IT and learning systems, payroll/benefits administration), under safeguards.
- Government and lawful requests: regulators/authorities as required by law or lawful process.
Cross-Border Transfers
NU may use cloud or software providers that process/store data outside the Philippines.
Where applicable, NU implements safeguards to protect personal data in accordance with law and NU policies.
Retention and Disposal
NU retains personal data only as long as needed for the stated purposes and for legal/regulatory requirements,
then disposes of it securely. Certain academic records (e.g., Transcript of Records and credentials) may be
retained longer or permanently as required for records management and applicable regulations.
Security Measures
- Role-based access controls and confidentiality obligations
- System security monitoring/logging and incident response procedures
- Technical and organizational safeguards (e.g., secure configurations and, where appropriate, encryption)
- Training and awareness for personnel handling personal data
Your Rights and How to Contact Us
You may have rights under the Data Privacy Act, including the right to be informed, access, object, correct, erase/block, and file a complaint (subject to law and NU policies).
For questions or requests, contact the NU Data Privacy Office at: