Data Protection and Treatment Policy

Data Protection and Treatment Policy

of the Pontifical Catholic University of Chile

 

1.- Introduction

The Pontifical Catholic University of Chile recognizes without restriction the dignity of the human person and, therefore, ratifies its importance by protecting your personal data and safeguarding your privacy.

This policy for the treatment and data protection is established by the University in compliance with the current legislation in Chile on the matter and with the international regulatory requirements that have been adopted by higher education institutions with which the University maintains relations of collaboration and are essential for our internationalization project.

At the same time, the value of data processing for institutional development and the continual improvement of its processes is essential for the University. All data that the University obtains, produces or maintains will be considered material property and a strategic asset for the University and, as such, all individuals with access are responsible for the proper use and protection of those assets.

 

2.- Purpose

The purpose of this policy is to recognise the rights of owners of personal data and to set the principles of data processing at the University. To reach these two objectives, roles and responsibilities are defined to ensure compliance with legal and regulatory obligations. The policy has three core pillars: "Rights of Owners", "Data Processing" and "Roles and Responsibilities".

a) Rights of Owners

Each person has control over their personal data manifested through five rights: Access, Rectification, Cancellation, Opposition and Portability, known as ARCOP. These rights may be exercised by students, faculty, professionals and administrative staff, alumni and any other person external to the University who has or has had a relationship with the Institution.

The right of Access is the owner's right to request information about how his data was collected or received, how it is processed, stored and for what purpose.

Rectification consists of the owner's right to have their incorrect or incomplete data corrected.

Cancellation is the possibility of permanent deletion of their data.

The Opposition corresponds to the right to request the temporary cessation until a circumstance relating to the owner's personal data has been corrected or to object to a specific processing.

Portability, is the owner's right to receive a copy of its data (According to current regulations).

 

b) Data Treatment

Data processing must be limited to principles that ensure the security of information and the protection of personal data. For this reason, the data processing performed by the University will always comply with the highest standards and which guarantee adequate protection of the rights of individuals. These principles are:

1.- Lawfulness, faithfulness and transparency of personal data: principle that allows the processing of personal data, which must be fair and transparent with the owner of the data.

2.- Purpose of personal data: Data may only be processed for the purpose and for the period for which it was collected, not for other purposes.

3.- Minimization of personal data: it is an obligation that is placed on the person in charge that requires that the amount of personal data be those strictly necessary for the declared purpose.

4.- Accuracy (or quality): Data must be accurate and kept current according to unique definition established by the University.

5.- Confidentiality: The University will take all possible measures to protect the data from unauthorised or illegal processing.All individuals are subject to a confidentiality and non-disclosure obligation, which is achieved through a confidentiality agreement.

6.- Security: Data must be protected and controlled to ensure confidentiality, integrity and availability in order to prevent unauthorized disclosure, access and modification, or damage or deletion.

7.- Liability (Responsability): We all have the responsibility to protect the data.

 

c) Roles and Responsibilities

Everyone who processes data at the University has a role to play within this policy, therefore, we all have responsibilities, duties and, in some cases, processes to ensure that these principles and rights are upheld.

The Data Steering Committee is the leader of the implementation of this policy. It is composed of and chaired by the Senior Vice-President (Provost), and the Directors of Data and Information Governance, Legal Affairs, IT and Digital Transformation. In addition, three university professors, appointed by the President, will serve on this committee.

The University will also have a Data Protection Officer, whose main duty will be to certify the institution's compliance with this policy. The Officer will have the support of the Data Protection Desk, a multidisciplinary team from different administrative units, who together will collaborate with the University's community to implement the necessary processes to comply with the data protection principles.

In the operational aspect are the Data Controllers who are responsible for entering or generating data that is stored within the University. In general, they occupy senior positions in academic units, administrative units or centres. One of their duties is to improve the standard of their own data processing processes at the University and for this they will have the support of the Data Protection Officer and Data Protection Desk.

Finally, data users, who are individuals who access institutional data, will be responsible for protecting their access privilege and preserving data privacy.

To ensure the proper implementation of the Data Processing and Privacy Policy, a manual will be released that will define the processes and establish the different roles and responsibilities for the members of the university community.

A manual will be released that will define the processes and establish the different roles and responsibilities for the members of the university community in order to ensure proper implementation of the Data Processing and Privacy Policy.

 

 

Rectory Decree Nº 349/2021

 November 15, 2021