Privacy Policy for Employees (2026)

Introduction
The Rizal Technological University, a State University located in Boni Avenue, City of Mandaluyong and Pasig respects and values the data privacy rights of its employees. As such, the university is duty-bound to guarantee that employees’ data is processed, and secured under the general principles of the National Privacy Commission: Transparency, Legitimate Purpose, and Proportionality and in adherence to relevant rules and procedures.

In line with to Data Privacy Act of 2012 (R.A. No. 10173), its Implementing Rules and Regulations (IRR), and National Privacy Commission (NPC) promulgated issuances and policies, the university hereby adopts this Privacy Policy for Employees.

In this Privacy Policy for Employees, we used the term “data” and “information” conversely. Personal data contains the employee’s personal information and sensitive information. These two apply to knowing and assessing or evaluating the employee. Additionally, we inform you that while we use examples to describe the Policy in straightforward terms, it does not include all the data that we record.

Gathering of Employee’s Data
RTU will gather the employee’s data including documents, digital files: photographs or videos, and biometric records. Below are examples of data that RTU will collect in the processing of the applications.

During Job Application – When seeking employment with RTU for a definite position or role, the assigned staff will request your details via Personal Data Sheet (PDS). As an applicant, you furnish some of the requirements such as Resume, Transcript of Records, and Professional License (if any). We collect additional information during preliminary screening, including those generated during your interview. RTU gathers (1) full name, email, and contact details; (2) information about your family framework, learning institution attended, academic marks, and your health; and (3) information gathered in an interview, evaluation, and/or written assessment.

Upon Starting Your Employment Offer – When you accept our employment offer, RTU needs to gather more information, such as the requirements listed in the RTU-VPFA-HRD-F-011 form, which is available on the RTU website. There may also be occasions when we collect additional types of
information, such as photographs or films of the events in which you take part, official records of those events, or recordings made by closed-circuit security cameras installed inside a school.

Unsolicited Information. There may be situations when we receive or send personal information without asking for it first. We shall evaluate whether we may lawfully retain such information in such circumstances. We will promptly get rid of the data if it has nothing to do with any of our legitimate
objectives, that safeguards your privacy. Otherwise, it will be handled the same way we treat the information you give us.

Ways of Utilizing the Information
To further the legitimate objectives of RTU as a university by what the law requires, the employees’ data will be utilized for learning, management, data gathering, and factual and demographic purposes. For instance, RTU might use the information we gather to:

1. Determine whether job candidates are suitable for a certain role or position by analyzing their applications.
2. Process the verification of submitted information including Background Investigation Report (PEER), Background Investigation Waiver (PEER), and Pre-employment Checklist (STAR).
3. Produce and keep track of personnel records.
4. Record, archive, and review procedures connected to human resources, such as administering performance.
5. Enable the University Center for Human Resource Development and Management (UCHRDM) to get in touch with others when needed.
6. Create and maintain systems for tracking employee information.
7. Have access to private and sensitive information with those who have a valid official need for it to assess employee performance and make decisions about promotions.

8. Establish disciplinary procedures and conduct investigations into events involving employee behavior.
9. Compile and generate reports for statistical and research purposes.
10. Manage and control access to RTU Boni and Pasig campus facilities and equipment.
11. Communicate official university announcements.
12. Encourage you to take part in studies and non-profit polls that the RTU has endorsed.
13. Seek your financial and other support for RTU projects, programs, and events.
14. Communicate your relevant data with individuals or organizations, as well as other necessary legal and regulatory requirements, such as                                 orders, statements, or commitments made by RTU to any appropriate administration, agency, regulatory organization, or judiciary.

To fulfill the commitment of RTU to you, to comply with the requirement by law, to safeguard the official concerns such as employee’s life and safety, to accomplish the public needs (such as maintaining public peace and safety, etc.), and to further the legitimate interests of the RTU or another party, we deem the gathering procedure for the objectives essential. We are fully dedicated to adhering to the tougher regulations set forth by the DPA for the handling of privileged and sensitive personal information.

We will gather your data at the proper time if we need it for any specific uses for which we intend to utilize it.

Please be aware that without your permission, RTU will never utilize the employee’s data in an automatic agreement process.

Share, Disclose, or Transfer Information

RTU generally doesn’t disclose employee information to third parties without their consent except for the law and our rules permit it. RTU is required by law to share the personal information of its employees with governmental organizations, such as DepEd and CHED.

According to the law, RTU is required to release, produce, and/or process employee data in the following situations:
1. Submitting with a legal obligation.
2. Securing the significant interest of employees.
3. Dealing with a national emergency, upholding public safety and order needs, or carrying out public authority tasks that inevitably involve processing personal data to carry out their mandate
4. Furthering the legitimate educational concerns of RTU or the person to whom the information has been transmitted. 

About sensitive information, RTU is required to release, produce, and/or process employee data in the following situations:
1. As mandated by issued laws, policies, and regulations.
2. To safeguard the life and health of the employee or another person, and the employee is not legally or physically able to express his/her consent before disclosure/processing.
3. For purposes of medical treatment or emergency.
4. When necessary for the protection of lawful rights of persons in court proceedings, or the establishment, exercise, or defense of legal claims, or when provided to government or public authority.

How We Store and Retain Your Information
Your data is stored and transmitted securely in a variety of paper and electronic formats, including databases that are shared between RTU's different units or offices. Access to your data is limited to RTU personnel who has a legitimate interest in them to carry out their contractual duties. You may be confident that we won't use your data unreasonably.

RTU retains your personal information for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. Your consent to such purpose(s) remains valid after any termination of our relationship with you or after graduation.

Only authorized RTU personnel has access to this personal and sensitive information, the exchange of which shall be facilitated through email and hard copy.

Unless specified otherwise by law or by the relevant University rules, we shall keep your pertinent personal data for as long as necessary for archival and statistical purposes. All records affected by a retention period that is mandated by law or a university policy will be safely disposed of after that period.

Your Rights Concerning Your Personal Data

We recognize your rights concerning your data, as provided by the DPA. All requests for access or correction to Personal Information will be responded to in writing within a reasonable time. As part of this process, we will verify the identity of the individual requesting the information before providing access or making any changes. RTU may impose a reasonable fee for any copies.

If you wish to exercise any of your rights, or should you have any concern or question regarding them, this Notice, or any matter involving the RTU and data privacy, you may contact the University Data Protection Center (UDPC) at:
    a. Via post: University Data Protection Center
    b. 3 rd Floor, Profeta Bldg., RTU Boni Ave., Mandaluyong City
    c. Through the following landline: 8534-8267 local 1608
    d. Through email: dpo@rtu.edu.ph

Changing This Policy
We will notify you via our website and, if allowed, through other channels of communication. We may occasionally alter this Policy. Upon uploading on the website, any alteration takes effect right away.

RTU is required to maintain the accuracy of your personal information and you have a shared responsibility in ensuring your personal information is correct, accurate, and complete. Please notify the concerned office of any changes to your personal information.

Other University Policies
Other policies of the RTU, which are consistent with this one, will continue to apply. The validity of the other terms, which shall continue to be in full force and effect, will not be impacted if any provision of the Policy is deemed to be unlawful by any court with appropriate jurisdiction.

References/ Matches Sources:
1. Privacy Policy for Applicants, Students, and Alumni: How We Use Your Information https://www.ateneo.edu/privacy/applicants-students-alumni
2. Brokenshire College Data Privacy Policy http://www.brokenshire.edu.ph/index.php/privacy-policy
3. JRU.edu https://jru.edu/faculty-employees/#faculty-priva

Introduction

Rizal Technological University, a premier state university with campuses in Mandaluyong and Pasig, recognizes and respects the data privacy rights of its employees, faculty members, administrative personnel, contractual staff, consultants, and job applicants. RTU is committed to protecting personal data and ensuring that all processing activities comply with the principles of transparency, legitimate purpose, and proportionality pursuant to the Data Privacy Act of 2012, its Implementing Rules and Regulations (IRR), issuances of the National Privacy Commission (NPC), and other applicable laws, regulations, and university policies.

This Privacy Policy explains how RTU collects, uses, stores, shares, retains, and protects employee personal data in the course of employment, administration, human resource management, security operations, academic support, and institutional governance.

For purposes of this Policy, “personal data” includes personal information, sensitive personal information, and privileged information as defined under applicable privacy laws and regulations. RTU recognizes that employee data may exist in physical, electronic, audio-visual, biometric, or digital formats.

Gathering and Collection of Employee Data

RTU collects and processes employee information necessary for recruitment, employment administration, compliance with government regulations, institutional operations, and delivery of university services.

The University may collect the following categories of data:

  • Personal identification information such as full name, date of birth, sex, nationality, civil status, government-issued identification numbers, and photographs;
  • Contact information such as home address, email address, and mobile or telephone numbers;
  • Employment and educational records including curriculum vitae, Personal Data Sheet (PDS), transcript of records, certificates, licenses, eligibility documents, training records, and work experience;
  • Financial and payroll-related information including bank account details, tax information, GSIS, Pag-IBIG, PhilHealth, and other mandatory contributions;
  • Sensitive personal information including health declarations, medical certificates, emergency contact details, and information required by law or public health regulations;
  • Attendance and access records such as biometrics, RFID logs, CCTV footage, system logs, and network access records;
  • Digital information generated through official university systems including emails, learning management systems, and official communication platforms.

During Job Application

When applying for employment with RTU, applicants are required to submit documents and information necessary to evaluate qualifications for a specific role or position. These may include:

  • Personal Data Sheet (PDS);
  • Resume or Curriculum Vitae;
  • Transcript of Records and Diploma;
  • PRC License or Civil Service Eligibility documents;
  • Certificates of training and seminars;
  • Interview records and examination results;
  • Background verification documents and reference checks.

RTU may also collect additional information generated during interviews, examinations, panel evaluations, and recruitment screening processes.

Upon Employment

Once an applicant accepts an employment offer, RTU may require additional information and supporting documents in compliance with Civil Service Commission (CSC), Commission on Higher Education (CHED), Commission on Audit (COA), and other government requirements.

The University may likewise collect and process employee information through:

  • Human Resource Information Systems (HRIS);
  • Attendance monitoring systems;
  • Official University communication platforms;
  • Security and CCTV systems;
  • Research, extension, and institutional documentation activities;
  • Official university events and activities.

Unsolicited Information

There may be instances where RTU receives personal information that was not intentionally requested. In such cases, RTU shall determine whether the information may be lawfully retained. If the information is unrelated to legitimate institutional purposes, it shall be securely disposed of or deleted in accordance with applicable data retention and disposal policies.

Use of Employee Information

RTU processes employee data only for lawful purposes connected with university operations, public service, academic administration, and compliance with legal obligations.

Employee information may be used for the following purposes:

  1. Recruitment, selection, and evaluation of applicants;
  2. Verification of submitted credentials, qualifications, and employment history;
  3. Preparation and maintenance of employee records and 201 files;
  4. Payroll processing, compensation, benefits administration, and government remittances;
  5. Performance management, ranking, promotion, and evaluation processes;
  6. Faculty loading, scheduling, designation, and workforce management;
  7. Administration of training, seminars, scholarships, and faculty development programs;
  8. Security monitoring, campus safety, and access control management;
  9. Communication of official university announcements, advisories, and memoranda;
  10. Management of institutional systems including, LMS, and university portals;
  11. Conduct of investigations, disciplinary proceedings, grievance handling, and administrative cases;
  12. Statistical analysis, institutional research, accreditation, quality assurance, and government reporting;
  13. Compliance with legal, regulatory, auditing, and reporting obligations;
  14. Emergency response, disaster risk reduction, occupational safety, and health management;
  15. Preservation of institutional records and university history.

RTU shall ensure that processing activities involving sensitive personal information are conducted with appropriate safeguards and in accordance with stricter standards prescribed by law.

The University shall not subject employees to automated decision-making processes without lawful basis and appropriate safeguards.

Sharing, Disclosure, and Transfer of Information

RTU generally does not disclose employee information to third parties without lawful basis or the employee’s consent, except when permitted or required by law.

Employee information may be shared with:

  • Government agencies such as the CSC, GSIS, Pag-IBIG Fund, PhilHealth, BIR, CHED, COA, and other regulatory bodies;
  • Authorized banks and payroll processing partners;
  • Service providers engaged by RTU under appropriate data-sharing agreements;
  • Law enforcement agencies or courts pursuant to lawful orders;
  • Accreditation bodies, auditors, and oversight agencies;
  • Other entities when necessary to protect lawful rights, safety, and institutional interests.

Sensitive personal information may be processed or disclosed under the following circumstances:

  1. When authorized or required by law;
  2. To protect the life, health, or safety of an employee or another person;
  3. For medical treatment, occupational health, or emergency response purposes;
  4. For the establishment, exercise, or defense of legal claims;
  5. When necessary for public order, public safety, or fulfillment of public authority functions.

RTU shall implement appropriate contractual, organizational, physical, and technical safeguards to ensure the protection of employee information during sharing or transfer activities.

Data Storage, Security, and Retention

RTU stores employee information in secure physical and electronic repositories protected through administrative, organizational, technical, and physical security measures.

These measures may include:

  • Role-based access controls;
  • Multi-factor authentication;
  • Data encryption and secure backups;
  • Network and cybersecurity monitoring;
  • Restricted access to records and databases;
  • Confidentiality agreements for authorized personnel;
  • Secure disposal and destruction procedures.

Access to employee information shall be limited only to authorized personnel with legitimate and official purposes related to their duties.

RTU retains employee information only for as long as necessary to fulfill the purposes for which the data was collected, comply with legal obligations, resolve disputes, enforce agreements, and satisfy archival and institutional requirements.

Upon expiration of the applicable retention period, records shall be securely disposed of, anonymized, or archived in accordance with University Records Management policies and applicable laws.

Employee Rights Under the Data Privacy Act

Employees are entitled to exercise their rights under the Data Privacy Act, including the right to:

  • Be informed regarding the processing of personal data;
  • Access personal information held by RTU;
  • Object to unlawful processing;
  • Correct inaccurate or incomplete information;
  • Suspend, withdraw, or order the blocking or deletion of personal data where appropriate;
  • Request data portability where applicable;
  • File complaints before the National Privacy Commission for violations of data privacy rights.

RTU shall respond to requests within a reasonable period and may require identity verification before granting access or making corrections.

Contact Information

For concerns, inquiries, or requests relating to privacy and data protection, employees may contact the:

Data Protection Office (DPO)

OfficeAddress:
2nd Floor, Estolas Building, RTU Boni Campus, Mandaluyong City, Philippines

TelephoneNumber:
(02) 8534-8267 local 1608

EmailAddress:
dpo@rtu.edu.ph

Changes to this Privacy Policy

RTU reserves the right to amend or update this Privacy Policy from time to time to ensure compliance with applicable laws, regulations, university policies, and operational requirements.

Updated versions of this Policy shall take effect upon posting on the official RTU website or through other official communication channels.

Employees are encouraged to regularly review this Policy and update their personal information with the concerned offices to ensure that records remain accurate, complete, and current.

Other University Policies

This Privacy Policy shall be read together with other applicable RTU policies, including but not limited to:

  • Information Security Policies;
  • Records Management Policies;
  • Acceptable Use Policies;
  • Cybersecurity and ICT Policies;
  • Human Resource and Administrative Manuals;
  • Data Sharing and Data Retention Policies.

Should any provision of this Policy be declared invalid or unenforceable, the remaining provisions shall continue to remain in full force and effect.

References

  1. Ateneo de Manila University Privacy Policies
  2. Brokenshire College Data Privacy Policy
  3. Jose Rizal University Faculty and Employees Privacy Notice
  4. National Privacy Commission
  5. Rizal Technological University Official Website