1.1 Our Commitment to Privacy

Bacolod Trinity Christian School, Inc. (BTCSI) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Institutional Research Repository.

1.2 Legal Compliance

This Privacy Policy complies with:

• Republic Act No. 10173 - Data Privacy Act of 2012
• National Privacy Commission (NPC) regulations and circulars
• Republic Act No. 10175 - Cybercrime Prevention Act of 2012

1.3 Scope of This Policy

This Privacy Policy applies to all users of the BTCSI Research Repository, including students, faculty, staff, alumni, and external researchers. By using the Repository, you consent to the data practices described in this policy.

1.4 Data Controller Information

• Organization: Bacolod Trinity Christian School, Inc.
• Address: Villa Angela Subd., Phase 3, Bacolod City
• Email: btcsirepository@gmail.com
• Phone: (034) 434-3924 / (034) 434-3925

2.1 Personal Information Collected During Registration

• Full Name: For identification and authentication
• Email Address: For account verification and communication
• Birthdate: For age verification and consent requirements
• Role: Student, Teacher, Administrator, or Alumni
• Academic Information: Grade level, strand, batch year (for students)

2.2 Research Authorship Data

• Author names and affiliations
• Research paper metadata (title, abstract, keywords)
• Publication year and academic program
• Co-author relationships

2.3 Consent and Permission Data

• Consent status for public display of full names
• Parental/guardian consent forms (for minors)
• Permission records for research publication

2.4 Information We Do NOT Collect

We do not collect:

• Financial information or payment details
• Social Security or government ID numbers
• Medical or health information
• Biometric data
• Sensitive personal information beyond what is necessary

3.1 Primary Purposes

We use your personal information for the following purposes:

• Account Management: Creating, maintaining, and authenticating user accounts
• Access Control: Determining appropriate access levels based on user roles
• Research Archival: Preserving and cataloging student research outputs
• Author Attribution: Properly crediting research authors and contributors
• Communication: Sending important notifications about the Repository

3.2 Educational and Institutional Purposes

• Facilitating academic research and reference
• Supporting educational instruction and mentoring
• Maintaining institutional records and archives
• Generating statistical reports and analytics (anonymized)
• Improving Repository functionality and user experience

3.3 Legal and Compliance Purposes

• Complying with legal obligations and regulatory requirements
• Protecting intellectual property rights
• Investigating and preventing security incidents
• Enforcing Terms of Service and Repository policies

3.4 Purpose Limitation Principle

We adhere to the principle of purpose limitation: your personal information is used only for the purposes stated in this policy. We will not use your information for unrelated purposes without obtaining your explicit consent.

Under the Data Privacy Act of 2012, we process your personal information based on the following lawful grounds:

4.1 Consent

• You provide explicit consent during account registration
• Consent for public display of full names in research outputs
• Parental/guardian consent for users under 18 years old

4.2 Legitimate Interest

• Institutional archival and knowledge preservation
• Maintaining academic records and research outputs
• Ensuring system security and preventing fraud

4.3 Compliance with Legal Obligations

• Compliance with educational regulations
• Intellectual property protection requirements
• Record-keeping obligations under Philippine law

4.4 Performance of Contract

• Providing Repository services as outlined in Terms of Service
• Fulfilling obligations related to research archival

5.1 Information Shared Publicly

• Research Metadata: Title, abstract, keywords, publication year
• Author Names: Displayed based on consent status (full name or initials)
• Academic Affiliation: School name and program
• Research PDF: Accessible to approved users only

5.2 Internal Sharing Within BTCSI

• Administrators: Full access to manage the Repository
• Research Teachers: Access to upload and manage student research
• Subject Teachers: Limited access to relevant student data

5.3 We Do NOT Share Your Information With:

• Third-party marketing companies
• Data brokers or aggregators
• Social media platforms
• External organizations without your consent

5.4 Legal Disclosure Requirements

We may disclose your information if required by law, including:

• Response to valid legal processes (subpoenas, court orders)
• Compliance with government investigations
• Protection of legal rights and safety
• Prevention of fraud or security threats

5.5 No Cross-Border Data Transfer

Your personal information is stored within the Philippines and is not transferred internationally. If future changes require international data transfer, we will notify you and obtain appropriate consent.

6.1 Technical Security Measures

• Encryption: SSL/TLS encryption for all data transmission
• Authentication: Email verification for account access
• Access Control: Role-based permissions (RBAC)
• Password Security: Hashed and salted password storage
• Session Management: Secure session tokens and timeout mechanisms

6.2 Organizational Security Measures

• Limited access to personal data on a need-to-know basis
• Regular security training for staff and administrators
• Security incident response procedures
• Regular backups and disaster recovery plans
• Activity logging and audit trails for administrative actions

6.3 Physical Security

• Secure server hosting environment
• Restricted physical access to infrastructure
• Environmental controls and monitoring

6.4 Security Breach Notification

In the event of a data breach that may affect your rights and freedoms, we will:

• Notify the National Privacy Commission (NPC) within 72 hours
• Inform affected individuals without undue delay
• Provide details about the nature and extent of the breach
• Outline measures taken to address the breach
• Recommend actions you can take to protect yourself

7.1 Retention Periods

• Active User Accounts: Retained while account remains active
• Inactive Accounts: Reviewed annually; may be deleted after 3 years of inactivity
• Research Outputs: Retained indefinitely for archival purposes
• Author Attribution: Permanently retained with research outputs
• Consent Records: Retained for the duration of research display plus 5 years

7.2 Archival Retention

Research outputs and associated metadata are retained as part of BTCSI's institutional archive. This serves important educational and historical purposes and is exempt from standard deletion timelines.

7.3 Account Deletion

When you request account deletion:

• Your personal account information will be deleted
• Login credentials will be permanently removed
• Research outputs you authored will remain in the archive
• Author attribution will be preserved for archival integrity
• Statistical data (anonymized) may be retained

7.4 Legal Retention Requirements

Some information must be retained to comply with:

• Educational record-keeping requirements
• Intellectual property documentation
• Legal proceedings or investigations

Under the Data Privacy Act of 2012, you have the following rights:

8.1 Right to Be Informed

• You have the right to know what personal information we collect
• You can request information about how we use your data
• This Privacy Policy serves as our primary disclosure

8.2 Right to Access

• You can request a copy of your personal information
• We will provide this within 15 business days
• Access may be limited if it affects others' privacy or security

8.3 Right to Rectification

• You can request correction of inaccurate or incomplete data
• Submit correction requests through your account settings or contact us
• We will verify and update information promptly

8.4 Right to Erasure (Right to be Forgotten)

• You can request deletion of your personal information
• Subject to legal retention requirements and archival purposes
• Research authorship data must be retained for academic integrity

8.5 Right to Object

• You can object to processing of your personal data
• We will assess your objection and respond accordingly
• Some processing may be required for institutional obligations

8.6 Right to Data Portability

• You can request your data in a structured, machine-readable format
• We will provide data in CSV, JSON, or PDF format as appropriate

8.7 Right to Withdraw Consent

• You can withdraw consent for name display at any time
• Withdrawal does not affect prior lawful processing
• Your name will revert to initials upon consent withdrawal

8.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: btcsirepository@gmail.com
• Subject Line: "Privacy Rights Request"
• Include: Your name, email, and specific request

9.2 Enhanced Privacy Protections for Minors

• Stricter access controls for minor student data
• Limited sharing with authorized personnel only
• Additional safeguards for sensitive information
• Regular monitoring of minor data handling practices

9.3 Rights of Parents/Guardians

Parents or guardians of students under 18 have the right to:

• Access their child's personal information
• Request correction or deletion of inaccurate data
• Withdraw consent for name display
• Object to certain processing activities
• Receive notifications about privacy practices

9.4 Age Verification

• Birthdate is used to determine if parental consent is required
• Students who turn 18 can provide their own consent
• System automatically tracks consent requirements based on age

10.1 Types of Cookies We Use

• Essential Cookies: Required for login and session management
• Functional Cookies: Remember your preferences and settings
• Security Cookies: Detect and prevent security threats

10.2 Session Management

• Session tokens maintain your logged-in state
• Sessions expire after a period of inactivity
• Secure cookies protect against unauthorized access

10.3 We Do NOT Use

• Third-party advertising cookies
• Social media tracking pixels
• Cross-site tracking technologies
• Behavioral profiling tools

10.4 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain Repository features.

11.1 Hosting and Infrastructure

• The Repository is hosted on secure servers within the Philippines
• Hosting providers are bound by data protection agreements
• Regular security audits are conducted

11.2 External Links

• Research papers may contain citations to external sources
• We are not responsible for third-party privacy practices
• External sites are governed by their own privacy policies
• Use caution when clicking external links

11.3 Email Services

• Email verification and notifications are sent via secure email services
• Email providers comply with data protection standards
• Email communications are encrypted in transit

11.4 No Third-Party Analytics

We do not use third-party analytics services (e.g., Google Analytics) that track user behavior across websites. All usage data is collected and processed internally.

12.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in legal or regulatory requirements
• Updates to our data processing practices
• New features or services in the Repository
• Feedback from users and stakeholders

12.2 Notification of Changes

• Material changes will be announced via email
• Notice will be posted on the Repository homepage
• Users will have 30 days to review changes before they take effect
• Continued use after changes constitutes acceptance

12.3 Version History

• Previous versions of this policy are archived
• Available upon request for reference
• Effective dates clearly indicated

13.1 Privacy Questions and Concerns

For questions about this Privacy Policy or our data practices, contact:

• Email: btcsirepository@gmail.com
• Subject Line: "Privacy Inquiry"
• Address: Bacolod Trinity Christian School, Inc., Villa Angela Subd., Phase 3, Bacolod City
• Phone: (034) 434-3924 / (034) 434-3925

13.2 Response Time

• We will acknowledge receipt within 3 business days
• Full response provided within 15 business days
• Complex requests may require additional time

13.3 Filing a Complaint

If you believe your privacy rights have been violated:

• Internal: File a complaint with BTCSI administration
• External: Contact the National Privacy Commission
• NPC Website: www.privacy.gov.ph
• NPC Email: info@privacy.gov.ph
• NPC Hotline: (02) 8234-2228

13.4 No Retaliation

BTCSI will not retaliate against anyone who files a privacy complaint or exercises their data protection rights in good faith.