DATA PRIVACY POLICY

Vivita Philippines Charities Non-Stock Corp.

Last Updated: Mar 28, 2025

1. INTRODUCTION

Vivita Philippines Charities Non-Stock Corp. (hereinafter referred to as "Vivita," "we," "us," or "our") is committed to protecting the privacy and security of personal data we collect from our program participants, parents/guardians, donors, volunteers, and staff. This Data Privacy Policy outlines our practices concerning the collection, use, storage, and disclosure of personal information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and other relevant issuances of the National Privacy Commission (NPC).

We recognize the importance of safeguarding personal information, particularly that of children and young people who participate in our programs. Our policy demonstrates our commitment to respecting your privacy rights while enabling us to deliver our mission of helping young Filipinos develop the mindset, skillset, and toolset for innovation, creative thinking, and entrepreneurship.

2. SCOPE

This policy applies to all personal information collected and processed by Vivita in connection with our programs, activities, operations, and services, including but not limited to:

Vivistop Baguio operations
Make It Market! program
Mobile Makerspace activities
Other educational programs and events
Donor management
Volunteer engagement
Employment and staff management

3. DEFINITION OF TERMS

For the purposes of this Data Privacy Policy, the following terms shall have the meanings set forth below:

Personal Data/Information: Any information from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual.
Data Subject: An individual whose personal information is processed.
Data Processing: Any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Data Protection Officer (DPO): The individual responsible for ensuring the organization's compliance with data privacy regulations.
Consent: Any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her.

4. COLLECTION OF PERSONAL DATA

4.1 Types of Personal Data We Collect

From Program Participants

Full name
Contact details
Email address
Age and date of birth
Sex/gender (for impact measurement purposes)
School information
Parent/guardian information
Photographs and videos (with consent)
Program participation records
Creative outputs and project information

From Parents/Guardians

Full name
Contact details
Email address
Relationship to participant

From Donors

Full name
Contact details
Email address
Donation information (amount, date, purpose)
Payment information

From Employees and Staff

Full name
Contact details
Email address
Employment information required for contracts
Government-mandated information (SSS, PhilHealth, etc.)
Professional qualifications

4.2 Methods of Collection

We collect personal information through:

Program registration and application forms
Membership applications
Consent forms
Donation forms
Employment application forms
Website and online inquiries
Direct communications

4.3 Lawful Basis for Processing

We process personal data based on the following lawful grounds:

Consent of the data subject
Compliance with legal obligations
Legitimate interests of Vivita as a non-profit organization
Performance of contractual obligations

5. PURPOSE OF DATA PROCESSING

We collect and process personal information for the following purposes:

5.1 Program Administration

Registration and enrollment in our programs
Communication regarding program schedules, activities, and updates
Management of program participation
Provision of appropriate support and resources
Documentation of participation and achievements

5.2 Impact Measurement and Program Improvement

Assessment of program effectiveness
Collection of feedback and suggestions
Research and development of new programs
Compliance with reporting requirements
Generation of anonymized statistics

5.3 Communications and Marketing

Sharing of news, updates, and information about Vivita programs
Invitation to events and activities
Promotion of Vivita services and programs

5.4 Donation Management

Processing of donations
Issuance of receipts and acknowledgments
Donor relationship management
Regulatory reporting requirements

5.5 Employment and Volunteer Management

Processing of applications
Administration of contracts and agreements
Payroll and benefits management
Performance assessment

6. CONSENT

6.1 Obtaining Consent

We obtain consent from data subjects or their authorized representatives (for minors) before collecting and processing personal information. Consent is obtained through:

Registration and application forms
Specific consent forms for photography and video recording
Website privacy notices and cookie consent
Specific consent forms for special activities

6.2 Children's Data and Parental Consent

For participants under 18 years of age, we require consent from parents or legal guardians before collecting and processing personal information. We have implemented age-appropriate mechanisms to ensure that consent is properly obtained and verified.

6.3 Withdrawal of Consent

Data subjects have the right to withdraw their consent at any time by contacting our Data Protection Officer at privacy@vivita.ph or finance@vivita.ph. Upon withdrawal of consent, we will cease processing the relevant personal information except to the extent that processing is required by law or necessary for the establishment, exercise, or defense of legal claims.

7. DATA STORAGE AND SECURITY

7.1 Storage

Personal information is stored in:

Secure cloud storage systems with appropriate access controls
Protected digital databases
Secure physical files (when necessary)

7.2 Retention Period

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:

Active participant data is maintained for the duration of program participation
Inactive participant data is retained for up to 5 years after the last interaction
Employee data is retained as required by labor laws and regulations
Donor information is retained as required for regulatory compliance
Financial records are retained in accordance with taxation and accounting requirements

7.3 Security Measures

We implement appropriate technical, organizational, and physical security measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Limiting access to personal data to authorized personnel only
Implementation of access controls and authentication procedures
Regular security assessments and updates
Staff training on data privacy and security
Secure disposal of records when no longer needed
Minimizing printed personal information

8. DISCLOSURE AND SHARING OF INFORMATION

8.1 Third-Party Sharing

Vivita does not share personal data with third parties except:

When the data originates from the partner organization
When required by law or legal process
With service providers who help us operate our programs (under strict confidentiality agreements)
With the explicit consent of the data subject

8.2 Data Sharing Practices

When data sharing is necessary, we ensure that:

Only the minimum necessary information is shared
Appropriate data sharing agreements are in place
The recipient has adequate data protection measures

8.3 International Data Transfers

Vivita may store data in cloud services that may involve international data transfers. When personal information is transferred outside the Philippines, we ensure compliance with the requirements of the Data Privacy Act of 2012 regarding cross-border transfers, including:

Ensuring the recipient country has adequate data protection laws
Implementing appropriate safeguards through contractual means
Obtaining consent for such transfers when required

9. PHOTOGRAPHY AND MEDIA

9.1 Consent for Photography and Video

Vivita regularly documents its programs and activities through photography and video recording. Before capturing and using such media:

We obtain explicit consent from participants or their parents/guardians
We clearly inform participants about how the images or videos will be used
Only participants who have provided consent are included in photos/videos
Participation in our programs is not contingent upon providing consent for photography/video

9.2 Use of Media

Photographs and videos may be used for:

Program documentation
Impact reporting
Promotional materials
Website and social media content
Presentations to stakeholders

10. DATA SUBJECT RIGHTS

Under the Data Privacy Act of 2012, data subjects have the following rights:

10.1 Right to Information

The right to be informed about the collection and processing of personal data, including the purpose, scope, method, recipients, and other details.

10.2 Right to Access

The right to access personal data that has been collected and stored, as well as how such data has been processed.

10.3 Right to Object

The right to object to the processing of personal data, including direct marketing, automated processing, or profiling.

10.4 Right to Erasure or Blocking

The right to suspend, withdraw, or order the blocking, removal, or destruction of personal data from our filing system.

10.5 Right to Rectification

The right to dispute and have corrected any inaccuracy or error in the personal data we hold.

10.6 Right to Data Portability

The right to obtain and electronically transfer personal data to another entity, where applicable.

10.7 Right to Damages

The right to be indemnified for damages sustained due to violation of data privacy rights.

10.8 Right to File a Complaint

The right to file a complaint with the National Privacy Commission for violations of data privacy rights.

11. EXERCISING YOUR RIGHTS

To exercise any of these rights, data subjects or their authorized representatives may contact our Data Protection Officer at privacy@vivita.ph or finance@vivita.ph. We will respond to such requests within 15 business days.

12. DATA BREACH NOTIFICATION

In case of a data breach that presents a real risk of serious harm to affected data subjects, Vivita will:

Notify affected data subjects promptly
Report to the National Privacy Commission as required by law
Conduct an investigation to determine the cause of the breach
Implement remedial measures to prevent similar incidents

13. TRAINING AND AWARENESS

All Vivita staff members receive training on data privacy and protection as part of their onboarding and regular professional development. Volunteers do not handle personal data unless specifically authorized and trained to do so.

14. COOKIES AND ONLINE PRIVACY

Our website may use cookies and similar technologies to enhance user experience and collect usage information. Information collected through our website and online forms is handled with the same level of protection as other personal information we process.

15. UPDATES TO THIS POLICY

We may update this Data Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. We will notify data subjects of significant changes through appropriate channels. The latest version of this policy will always be available on our website.