Statement of Policy
The Department of Science and Technology- Science and Technology Information Institute (DOST-STII) guarantees privacy of personal information and is committed to protect personal data in accordance with R.A. 1073, also known as Data Privacy Act of 2012.
DOST-STII is committed to protecting personal information it may collect about its staff and clients. DOST-STII respects client’s rights to privacy under the Data Privacy Act and it complies with the requirements in the collection and management of personal information. To guarantee compliance with Data Privacy Act, DOST-STII has issued this Privacy Policy.
In this privacy policy, the terms, “personal data” and “information” are used interchangeably. The term “personal data” includes the concepts of personal information, sensitive personal information, and privileged information. The first two are typically used to distinctively identify client.
For purposes of this Data Privacy Policy and as defined by Data Privacy Act of 2012, please refer to the definitions below:
Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Sensitive personal information refers to personal information:
- About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
- About an individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
- Issued by government agencies peculiar to an individual which includes, but not limited to social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
- Specifically established by an executive order or an act of Congress to be kept
Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
Processing of Personal Data
A. Collection
DOST-STII collects personal information that is reasonably necessary for, or directly related to, its functions and activities. The agency will only use and disclose personal information for the purposes it was collected, or otherwise in accordance with the Privacy Act.
The type of personal information DOST-STII collects may include, but is not limited to the following:
- Name
- Address
- Mobile number
- Telephone number
- Email address
- Sex
- Educational Attainment
DOST-STII generally collects personal information directly from clients. The ways in which it collects personal information may include, but not limited to the following:
- access and use of DOST-STII forms (online and printed);
- conversations via telephone or in person;
- written correspondence including
B. USE
DOST-STII collects personal information so it can perform its functions and activities in order to provide the best possible quality customer service. It collects, holds, and uses personal information to:
- identify client;
- provide products and services and to send communications requested;
- answer inquiries, and provide information or advice about existing and new promotional materials or services;
- assess service performance to improve the operation;
- process and respond to any complaint;
- conduct research and analysis regarding our services
Data Protection
A. Storage, Retention, and Destruction
The Records Section of DOST-STII manages documented information in accordance with ISO 9001:2015 rules on documented procedures on control of documents and records and with the National Archives of the Philippines (NAP) Act of 2007 and its Implementing Rules and Regulations, from creation, protection, use, storage, and disposition of government records.
DOST-STII may store client’s personal information in documentary or electronic form. It will exercise physical security on those documents and electronic versions of the data contained therein. It will also take reasonable steps to permanently dispose of any personal information no longer needed for the purpose for which it was collected or for meeting legal requirements. Documents will be stored and protected in locked filing cabinets or in locked offices, while electronic versions of personal information will be secured through encryption and password-protected computer files.
B. Data Access
The purpose of this policy is to maintain an adequate level of security to protect data and information systems of DOST-STII from unauthorized access.
Client may request access to their personal information at any time, subject to any relevant legal requirements and exemptions, including identity verification procedures. As a prerequisite, DOST-STII will ask for proof of identity and other relevant information as a security precaution prior to locating and allowing data access.
In case that certain personal information possessed by DOST-STII is deemed incorrect, incomplete or inaccurate, client may request amendment/correction of information by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. or make a written letter request to DOST-STII (Attention: Data Protection Officer, DOST- Science and Technology Information Institute, Sibol Street, DOST Compound, Gen. Santos Avenue, Bicutan, Taguig City). Data updates or corrections to personal information will be free of charge.
Disclosure and Sharing
DOST-STII does not share personal information with other government agencies, companies, organizations and individuals outside of DOST-STII except in any of the circumstances below:
With consent. DOST-STII will share personal information with other government agencies, companies, organizations or individuals only upon written consent of the person/s involved. Written consent is required before DOST-STII can share any sensitive personal information.
In compliance with the law. DOST-STII may provide personal information to other DOST Agencies or government agencies in compliance with relevant laws or statutes
For legal reasons. DOST-STII may also share personal information with other government agencies, organizations or individuals outside DOST-STII if it believes that the information disclosure is necessary for legal purpose.
Security Measures
To prevent unauthorized access and disclosure and to ensure the appropriate use of personal information, DOST-STII implements organizational, technical, and physical security measures to safeguard the information it collects and processes.
Organizational Security Measures
- Appointment of Data Protection Officer who oversees the compliance of DOST-STII with the Data Privacy Act, its IRR, and other related policies;
- Conduct of Privacy Impact Assessment, implementation of security measures, security incident, data breach protocol, and customer feedback / complaints procedure;
- Periodic review of documented procedures on control of document and control of records, for adequacy and effectiveness
Physical Measures
- Secured storage of data and Digital/electronic files are password- protected.
- Restricted access to storage/data room for authorized personnel
Technical Security Measures
- Installation of a firewall in all its servers to prevent unauthorized access to the data
- Review and evaluation of software applications before its installation in computers and devices to ensure compatibility of security features with the overall
Rights of the Data Subject
Under the Data Privacy Act of 2012, people whose personal information is collected and processed are called data subjects. DOST-STII is duty-bound to observe and respect their privacy rights. Subject to the requirements, conditions, and exemptions under the Data Privacy Laws, they are entitled to the following rights:
- To be informed. DOST-STII shall inform data subjects when their personal data shall be, are being, or have been processed. This includes the purpose for which data is being processed and the method of
- To object. Incidental to consent, data subjects have the right to object to the processing of personal data to withdraw their consent. However, such refusal may disqualify them from availing of the services of the agency, where processing of the data is necessary.
- To access personal data. Upon written request, client may be given reasonable access to their personal
- To require the correction of erroneous data. Upon submission of legitimate documents proving errors, client may request for the correction of their information with the
- To data portability. Client may obtain a copy of their personal data in an electronic or structured format for further
- To suspend, withdraw, or order the blocking, removal, or destruction of personal data. Consequently, DOST-STII may terminate any services which necessarily involve the processing of personal data.
- To file a complaint with the National Privacy Commission
Changes in our Privacy Policy
This Privacy Policy is effective as of 19 October 2021 and will remain effective except with respect to any changes in its provision in the future, which will take effect immediately after being posted on this site.
DOST-STII regularly reviews its Privacy Policy. It reserves the right to update or change its Privacy Policy at any time. Client should check this Privacy Policy periodically. Continued use of the services after the posted amendments and/or revisions of the Privacy Policy on this site will constitute acknowledgement, acceptance, and adherence to the modifications thereto. Client also consents to abide and act as prescribed by the modified Privacy Policy.
Contact Us
For queries about this Privacy Policy, please email our Data Protection Officer:
MR. ALFON B. NARQUITA
Data Protection Officer
This email address is being protected from spambots. You need JavaScript enabled to view it.
Department of Science and Technology Science and Technology Information Institute