Data Privacy Notice for Website Visitors

CEBU MARY IMMACULATE COLLEGE, INC.

Effective Date: November 1, 2025
Last Updated: December 9, 2025

I. Introduction

CEBU MARY IMMACULATE COLLEGE, INC. (“the School,” “CMIC,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC).

This Privacy Notice explains how personal data are collected, processed, stored, retained, and protected when you visit or interact with the School’s official website:
https://immaculate.education

II. Personal Data Collected

The School collects limited and minimal personal data through the website, specifically:

A. Data Voluntarily Provided by Users

  • Name or nickname provided when posting a comment
  • Content of the comment submitted

B. Automatically Collected Technical Data

  • Internet Protocol (IP) address
  • Browser type and device information
  • Date and time of access
  • Pages visited

The website does not require user registration, accounts, logins, or submission of forms.

III. Manner of Collection

  • Personal data are collected directly from users when they voluntarily submit comments on website posts.
  • Technical data are collected automatically through server logs and cookies for security and maintenance purposes.

IV. Purpose of Processing

Personal data collected through the website are processed for the following purposes:

Primary Purpose

  • To enable user engagement through comments on posts

Secondary Purposes

  • Website security and performance monitoring
  • Detection and prevention of malicious or unauthorized activities
  • Website analytics and improvement

V. Legal Basis for Processing

Personal data are processed based on the following legal grounds under the Data Privacy Act:

  • Consent – when users voluntarily submit comments
  • Legitimate Interest – to operate, secure, and maintain the School’s website

VI. Use of Personal Data

  • Submitted comments may be publicly visible on the website.
  • Technical data are used solely for operational, security, and analytical purposes.

VII. Disclosure of Personal Data

  • Personal data collected through the website are not disclosed to third parties, except when required by law.
  • Access is limited to authorized school personnel only.

VIII. Data Storage and Manner of Storage

  • Personal data are stored in a secured server hosted by GoDaddy.
  • Access to stored data is restricted through administrative and technical controls.
  • Data transmitted through the website are protected using SSL/TLS encryption (HTTPS).

IX. Data Retention Period

Data TypeRetention PeriodBasis
User commentsUntil removed, moderated, or deemed no longer necessaryContent management
Technical logs6 months to 1 yearSecurity and operational needs

X. Secure Disposal of Personal Data

Personal data are securely disposed of through:

  • Permanent deletion from databases
  • Anonymization
  • Secure overwriting of electronic records

Disposal is conducted once the purpose for processing has been fulfilled or the retention period has expired.

XI. Risks Involved in Processing

Potential risks include:

  • Unauthorized access
  • Accidental disclosure
  • Data interception during electronic transmission

XII. Protection Measures Implemented

To mitigate risks, the School implements the following safeguards:

Organizational Measures

  • Appointment of a Data Protection Officer (DPO)
  • Restricted access to personal data

Technical Measures

  • SSL/TLS encryption (HTTPS)
  • Secure hosting environment
  • Strong authentication and access controls

Physical Measures

  • Secured administrative devices
  • Hosting provider data-center security controls

XIII. Automated Processing

The website utilizes:

  • Automated logging of technical data
  • Website analytics tools

These are used solely for monitoring, maintenance, and security purposes.

XIV. Rights of Data Subjects

In accordance with the Data Privacy Act, you have the right to:

  • Be informed
  • Access your personal data
  • Rectify inaccuracies
  • Object to processing
  • Request erasure or blocking
  • Lodge a complaint with the National Privacy Commission

Requests may be exercised by contacting the Data Protection Officer.

XV. Identity of the Personal Information Controller (PIC)

CEBU MARY IMMACULATE COLLEGE, INC.
A. Borbajo St., Talamban, Cebu City

XVI. Data Protection Officer (DPO) Contact Details

Data Protection Officer:
Name: JACK LORD R. ARILA
Address: A. Borbajo St., Talamban, Cebu City
Contact Number: +63 936 713 9345
Email: jacklord.arila@cmic.ph.education

XVII. Updates to This Privacy Notice

The School may update this Privacy Notice periodically to reflect changes in law, regulations, or data processing practices. Updated versions will be posted on this website with the revised effective date.