Privacy Policy

We collect the minimum information needed to run a student government website. We use your Google account to verify you are a student of Ateneo de Naga University. We do not sell your data, we do not run advertising on the Site, and we keep records only for as long as the organization needs them.

The sections below describe each piece in plain language. If anything is unclear, contact the Data Privacy point of contact listed at the bottom of this page.

We collect information in two ways: information you give us directly, and information collected automatically when you use the Site.

From you, when you sign in: your Google email address and your full name as it appears on your Google account. We use Google Sign-In to confirm you are a real person and an enrolled student of Ateneo de Naga University. We never see or store your Google password.

From you, when you submit a concern by name: the content of your concern, your home college, any optional attachments, the branch or department you addressed it to, and your email address so officers can follow up.

From you, when you submit a concern anonymously: only the content of your concern, your home college, any optional attachments, and the branch or department you addressed it to. Your name, email address, and other account identifiers are deliberately omitted from the submission.

From you, as an officer: the content you publish or edit (announcements, documents, projects, financial entries), and an audit record linking each change to your account, the time, and the affected record.

Collected automatically:standard server logs that include your IP address, the pages you request, the time of the request, your browser’s user-agent string, and basic error diagnostics. These help us keep the Site running and investigate abuse.

We use the information above to:

• Confirm through Google Sign-In that you are a real person and an enrolled student of Ateneo de Naga University, and grant the appropriate level of access.
• Route concerns to the right officers and, for non-anonymous submissions, let you track the status of a submission you have made.
• Maintain audit trails for finance, document, and content changes so the organization remains accountable.
• Operate, monitor, and improve the Site, including diagnosing errors and preventing abuse.
• Communicate with you about the concern you submitted, the role you hold, or material updates to the Site.

We do not use your information for advertising and we do not profile you to predict behavior unrelated to running the organization.

The Site uses your browser’s local storage to hold the session token issued after you sign in. This token tells the backend who you are during your session. It is not a tracking cookie and is not shared with third parties.

Clearing your browser’s site data, or signing out, removes the token from your device. You will be asked to sign in again the next time you use a feature that requires it.

Third-party services we depend on (such as Google for sign-in) may set their own cookies. Their use is governed by their own policies, linked in section 6.

Information you submit is visible to the Lideratos officers whose role requires it. Concern submissions are visible to the CSRW officers and to the officers of the branch or department they concern. Audit records are visible to the officers authorized to review them.

We will disclose information outside this circle only when:

• You ask us to, or you publish the information yourself on a public part of the Site;
• A University office with proper authority requests it as part of a College Student Handbook process;
• We are required to do so by Philippine law or a lawful order from a competent authority.

We do not sell, rent, or trade personal information to any third party.

We use the following service providers to operate the Site. Each processes only the information necessary for the function described.

• Google Workspace— authentication through Gbox and the directory of enrolled students.
• Cloudinary— storage and delivery of images, documents, and other uploaded media.
• Application hosting and database providers — the infrastructure that runs the website and stores its records.

These providers operate under their own privacy policies, which you can review on their respective websites. We choose providers with reasonable security and data protection practices.

We keep information only as long as the organization needs it for the purposes described above. As general guidelines:

• Account records are kept while you are an enrolled Atenista and for a reasonable period after, so audit trails remain interpretable.
• Concern submissions are retained for the academic year in which they are filed and for one additional year for follow-up and reporting, then archived or deleted.
• Financial records follow the organization’s and the University’s record-keeping requirements, which may extend beyond a single academic year.
• Server logs are kept for a short operational window, typically no more than ninety days, unless retained longer for incident investigation.

Under the Philippine Data Privacy Act of 2012 (RA 10173) you have the right to be informed about, access, correct, object to, and request the erasure of personal information we hold about you. You also have the right to data portability and to file a complaint with the National Privacy Commission.

To exercise any of these rights, contact us using the address at the bottom of this page. We will respond within a reasonable time and may need to verify your identity before acting.

Some requests may be limited by other obligations — for example, audit records that the organization is required to keep, or content that has been published in line with our transparency mandate.

The Site is intended for enrolled students of Ateneo de Naga University. Some Atenistas are minors. We collect from minors only what is collected from any other student and process it for the same student-government purposes.

Parents or legal guardians who have questions about a minor student’s information may contact us through the address below.

We use reasonable administrative and technical safeguards to protect the information the Site collects, including encrypted connections (HTTPS), role-based access controls inside the admin, audit trails for sensitive changes, and infrastructure hardening at the provider level.

No system is perfectly secure. You can help by using a strong Google password, enabling two-step verification on your Google account, and signing out on shared devices.

If we become aware of a security incident that compromises personal information in a way that requires notification under the Data Privacy Act, we will inform affected users and the National Privacy Commission within the timeframes set by the law and its implementing regulations.

We will share what is known about the incident, the categories of information involved, and the steps we are taking to contain it and prevent recurrence.

We may update this policy as the Site evolves or as our data practices change. When we do, we will update the “Last updated” date at the top of this page and, for material changes, post a notice on the Site or in an announcement.

If you continue to use the Site after a change takes effect, you accept the revised policy. If you do not agree with a change, you may stop using the Site and request the deletion of information that is not subject to a retention obligation.

For privacy questions, requests to exercise your rights, or to report a concern about how the Site handles your information, write to ssg_org@gbox.adnu.edu.ph. Please include “Data Privacy” in the subject line so it reaches the right officer quickly.

See also our Terms of Use for the rules that govern your use of the Site.