MARSU Logo
MARSU Logo

MARINDUQUE STATE UNIVERSITY

MISSION

MarSU provides excellence in instruction, research, extension and production, responsive to the needs of the 21st century education in pursuit of global transformation.

VISION

By 2030, MarSU is a globally recognized university, fostering academic excellence through research and innovation.

MarSU-HRMIS Login

Email:

Password:

Forgot Your Password?
Privacy Notice

Privacy Notice

Human Resource Management Information System (HRMIS) Data Privacy Policy



  1. Purpose
    This policy establishes the guidelines for the collection, processing, storage, and protection of personal data within the Human Resource Management Information System (HRMIS). It ensures compliance with applicable data privacy laws and safeguards the rights of employees and stakeholders.

  2. Scope
    This policy applies to all regular employees, contractual personnel, system users, and authorized third parties who access or manage HRMIS data.

  3. Data Collection and Use
    HRMIS collects and processes personal data strictly for legitimate and official purposes related to human resource management.
    • Employee records management and profiling
    • Performance management (e.g., OPCR/IPCR)
    • Payroll and benefits administration
    • Health and welfare services
    • Workforce analytics
    • Compliance with government and regulatory requirements

  4. Data Storage
    All HRMIS data are securely stored within the University’s data center and designated disaster recovery environments. Appropriate safeguards are implemented to protect data from unauthorized access, loss, or disclosure.
    • Data is stored in secured on-premise servers within the University data center
    • Backup and disaster recovery copies may be stored in authorized cloud services
    • Access to storage systems is restricted to authorized personnel only
    • Physical and environmental controls are enforced in the data center

  5. Data Processing Principles
    Marinduque State University (MarSU) adheres to the following core principles in compliance with Republic Act No. 10173 (Data Privacy Act of 2012):
    • Transparency - Personal data shall be collected with the consent of the data subject. Individuals shall be informed of the purpose for which their information is being collected and processed.
    • Legitimate Purpose - Personal data shall be processed only for lawful and legitimate purposes.
    • Proportionality - Processing shall be adequate, relevant, and limited to what is necessary.

  6. Data Access and Security
    Access to HRMIS data is restricted and controlled. The following measures shall be implemented:
    • Role-based access control (RBAC)
    • Secure authentication mechanisms (e.g., passwords, MFA where applicable)
    • Encryption of sensitive data where feasible
    • Logging and monitoring of system access and activities
    • Regular security audits and updates

  7. Data Retention and Disposal
    Personal data shall be retained only for as long as necessary to fulfill legal, administrative, and operational purposes, in accordance with Republic Act No. 9470 (National Archives of the Philippines Act of 2007), Civil Service Commission (CSC) guidelines, and other applicable laws and regulations.
    • Retention periods shall be based on applicable and approved Records Retention and Disposition Schedules (RRDS) of MarSU and other issuances prescribed by the National Archives of the Philippines (NAP)
    • Electronic records shall be disposed of using secure and irreversible methods, ensuring that data cannot be reconstructed or retrieved
    • All disposal activities shall be properly documented, witnessed when necessary, and subject to audit

  8. Data Sharing
    Personal data shall not be shared with unauthorized parties. Sharing with third parties shall only occur when:
    • Authorized by law or regulatory requirement
    • Covered by a data sharing agreement
    • Necessary for official institutional functions

  9. Data Subject Rights
    Data subjects have the right to:
    • Be informed of data processing
    • Access their personal data
    • Request correction of inaccurate data
    • Request deletion or blocking when appropriate
    • Lodge complaints with appropriate authorities

  10. Responsibilities
    All HRMIS users are responsible for safeguarding data. The ICT Unit and HR Office shall ensure compliance with this policy and implement necessary safeguards.

  11. Breach Management
    Any data breach or suspected breach must be reported immediately to the designated Data Protection Officer (DPO). Appropriate actions shall be taken in accordance with institutional protocols.

  12. Policy Review
    This policy shall be reviewed periodically to ensure alignment with legal requirements and institutional needs

  13. Contact Information
    This policy shall be reviewed periodically to ensure alignment with legal requirements and institutional needs

    Dr. Menandro M. Merlin

    Data Privacy Officer

    Marinduque State University

    dpo@marsu.edu.ph