Vivita Philippines Charities Non-Stock Corp.
Last Updated: Mar 28, 2025
1. INTRODUCTION
Vivita Philippines Charities Non-Stock Corp. (hereinafter referred to as "Vivita," "we," "us," or "our") is committed to protecting the privacy and security of personal data we collect from our program participants, parents/guardians, donors, volunteers, and staff. This Data Privacy Policy outlines our practices concerning the collection, use, storage, and disclosure of personal information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and other relevant issuances of the National Privacy Commission (NPC).
We recognize the importance of safeguarding personal information, particularly that of children and young people who participate in our programs. Our policy demonstrates our commitment to respecting your privacy rights while enabling us to deliver our mission of helping young Filipinos develop the mindset, skillset, and toolset for innovation, creative thinking, and entrepreneurship.
2. SCOPE
This policy applies to all personal information collected and processed by Vivita in connection with our programs, activities, operations, and services, including but not limited to:
Vivistop Baguio operations
Make It Market! program
Mobile Makerspace activities
Other educational programs and events
Donor management
Volunteer engagement
Employment and staff management
3. DEFINITION OF TERMS
For the purposes of this Data Privacy Policy, the following terms shall have the meanings set forth below:
Personal Data/Information: Any information from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual.
Data Subject: An individual whose personal information is processed.
Data Processing: Any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Data Protection Officer (DPO): The individual responsible for ensuring the organization's compliance with data privacy regulations.
Consent: Any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her.
4. COLLECTION OF PERSONAL DATA
4.1 Types of Personal Data We Collect
From Program Participants
Full name
Contact details
Email address
Age and date of birth
Sex/gender (for impact measurement purposes)
School information
Parent/guardian information
Photographs and videos (with consent)
Program participation records
Creative outputs and project information
From Parents/Guardians
Full name
Contact details
Email address
Relationship to participant
From Donors
Full name
Contact details
Email address
Donation information (amount, date, purpose)
Payment information
From Employees and Staff
Full name
Contact details
Email address
Employment information required for contracts
Government-mandated information (SSS, PhilHealth, etc.)
Professional qualifications
4.2 Methods of Collection
We collect personal information through:
Program registration and application forms
Membership applications
Consent forms
Donation forms
Employment application forms
Website and online inquiries
Direct communications
4.3 Lawful Basis for Processing
We process personal data based on the following lawful grounds:
Consent of the data subject
Compliance with legal obligations
Legitimate interests of Vivita as a non-profit organization
Performance of contractual obligations
5. PURPOSE OF DATA PROCESSING
We collect and process personal information for the following purposes:
5.1 Program Administration
Registration and enrollment in our programs
Communication regarding program schedules, activities, and updates
Management of program participation
Provision of appropriate support and resources
Documentation of participation and achievements
5.2 Impact Measurement and Program Improvement
Assessment of program effectiveness
Collection of feedback and suggestions
Research and development of new programs
Compliance with reporting requirements
Generation of anonymized statistics
5.3 Communications and Marketing
Sharing of news, updates, and information about Vivita programs
Invitation to events and activities
Promotion of Vivita services and programs
5.4 Donation Management
Processing of donations
Issuance of receipts and acknowledgments
Donor relationship management
Regulatory reporting requirements
5.5 Employment and Volunteer Management
Processing of applications
Administration of contracts and agreements
Payroll and benefits management
Performance assessment
6. CONSENT
6.1 Obtaining Consent
We obtain consent from data subjects or their authorized representatives (for minors) before collecting and processing personal information. Consent is obtained through:
Registration and application forms
Specific consent forms for photography and video recording
Website privacy notices and cookie consent
Specific consent forms for special activities
6.2 Children's Data and Parental Consent
For participants under 18 years of age, we require consent from parents or legal guardians before collecting and processing personal information. We have implemented age-appropriate mechanisms to ensure that consent is properly obtained and verified.
6.3 Withdrawal of Consent
Data subjects have the right to withdraw their consent at any time by contacting our Data Protection Officer at privacy@vivita.ph or finance@vivita.ph. Upon withdrawal of consent, we will cease processing the relevant personal information except to the extent that processing is required by law or necessary for the establishment, exercise, or defense of legal claims.
7. DATA STORAGE AND SECURITY
7.1 Storage
Personal information is stored in:
Secure cloud storage systems with appropriate access controls
Protected digital databases
Secure physical files (when necessary)
7.2 Retention Period
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:
Active participant data is maintained for the duration of program participation
Inactive participant data is retained for up to 5 years after the last interaction
Employee data is retained as required by labor laws and regulations
Donor information is retained as required for regulatory compliance
Financial records are retained in accordance with taxation and accounting requirements
7.3 Security Measures
We implement appropriate technical, organizational, and physical security measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:
Limiting access to personal data to authorized personnel only
Implementation of access controls and authentication procedures
Regular security assessments and updates
Staff training on data privacy and security
Secure disposal of records when no longer needed
Minimizing printed personal information
8. DISCLOSURE AND SHARING OF INFORMATION
8.1 Third-Party Sharing
Vivita does not share personal data with third parties except:
When the data originates from the partner organization
When required by law or legal process
With service providers who help us operate our programs (under strict confidentiality agreements)
With the explicit consent of the data subject
8.2 Data Sharing Practices
When data sharing is necessary, we ensure that:
Only the minimum necessary information is shared
Appropriate data sharing agreements are in place
The recipient has adequate data protection measures
8.3 International Data Transfers
Vivita may store data in cloud services that may involve international data transfers. When personal information is transferred outside the Philippines, we ensure compliance with the requirements of the Data Privacy Act of 2012 regarding cross-border transfers, including:
Ensuring the recipient country has adequate data protection laws
Implementing appropriate safeguards through contractual means
Obtaining consent for such transfers when required
9. PHOTOGRAPHY AND MEDIA
9.1 Consent for Photography and Video
Vivita regularly documents its programs and activities through photography and video recording. Before capturing and using such media:
We obtain explicit consent from participants or their parents/guardians
We clearly inform participants about how the images or videos will be used
Only participants who have provided consent are included in photos/videos
Participation in our programs is not contingent upon providing consent for photography/video
9.2 Use of Media
Photographs and videos may be used for:
Program documentation
Impact reporting
Promotional materials
Website and social media content
Presentations to stakeholders
10. DATA SUBJECT RIGHTS
Under the Data Privacy Act of 2012, data subjects have the following rights:
10.1 Right to Information
The right to be informed about the collection and processing of personal data, including the purpose, scope, method, recipients, and other details.
10.2 Right to Access
The right to access personal data that has been collected and stored, as well as how such data has been processed.
10.3 Right to Object
The right to object to the processing of personal data, including direct marketing, automated processing, or profiling.
10.4 Right to Erasure or Blocking
The right to suspend, withdraw, or order the blocking, removal, or destruction of personal data from our filing system.
10.5 Right to Rectification
The right to dispute and have corrected any inaccuracy or error in the personal data we hold.
10.6 Right to Data Portability
The right to obtain and electronically transfer personal data to another entity, where applicable.
10.7 Right to Damages
The right to be indemnified for damages sustained due to violation of data privacy rights.
10.8 Right to File a Complaint
The right to file a complaint with the National Privacy Commission for violations of data privacy rights.
11. EXERCISING YOUR RIGHTS
To exercise any of these rights, data subjects or their authorized representatives may contact our Data Protection Officer at privacy@vivita.ph or finance@vivita.ph. We will respond to such requests within 15 business days.
12. DATA BREACH NOTIFICATION
In case of a data breach that presents a real risk of serious harm to affected data subjects, Vivita will:
Notify affected data subjects promptly
Report to the National Privacy Commission as required by law
Conduct an investigation to determine the cause of the breach
Implement remedial measures to prevent similar incidents
13. TRAINING AND AWARENESS
All Vivita staff members receive training on data privacy and protection as part of their onboarding and regular professional development. Volunteers do not handle personal data unless specifically authorized and trained to do so.
14. COOKIES AND ONLINE PRIVACY
Our website may use cookies and similar technologies to enhance user experience and collect usage information. Information collected through our website and online forms is handled with the same level of protection as other personal information we process.
15. UPDATES TO THIS POLICY
We may update this Data Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. We will notify data subjects of significant changes through appropriate channels. The latest version of this policy will always be available on our website.
16. CONTACT INFORMATION
For questions, concerns, or requests regarding this Data Privacy Policy or our data privacy practices, please contact:
Data Protection Officer
Vivita Philippines Charities Non-Stock Corp.
Berkeley School Baguio, CM Recto St.,
Baguio City, Philippines 2600
Email: privacy@vivita.ph or finance@vivita.ph
17. EFFECTIVITY
This Data Privacy Policy is effective as of [Current Date] and supersedes all previous versions.