About Us


Sacred Heart College of Lucena City, Inc. is committed to transparency and to complying with its responsibilities under data privacy protection laws. The Data Protection Office (DPO) is a unit directly under the Office of the President that is responsible for ensuring the school’s compliance, as well its offices and personnel, with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and other relevant privacy and data protection laws and policies, including those issued by the National Privacy Commission (NPC), which is the government agency mandated to administer and implement the provisions of the Act.


The Data Privacy Act of 2012 is a recent piece of legislation signed on August 15, 2012. Subject to data privacy protection laws, Sacred Heart College of Lucena City, Inc., as an educational institution, is required to be transparent as to how it collects, processes and uses the personal information of its data subjects.  

Under data privacy protection legislation, Sacred Heart College of Lucena City, Inc. is a Personal Information Controller (PIC) that controls data it acquires from students, personnel and other stakeholders. This means that SHC is responsible for how it gathers, uses and processes personal data, as well as for complying with requests from its data subjects regarding their personal information, where appropriate, under the laws.

The Data Protection Office (DPO) develops and implements policies and procedures that are designed to protect all personal data (personal information, sensitive personal information and privileged information) that are under its control or custody after having gone through the school’s standard approval process. As such, the DPO has the following specific functions:

  1. Monitor and ensure the school’s compliance with all applicable data privacy protection laws and policies;
  2. Inform and promote awareness on data privacy and data protection within the school, including all relevant laws, rules and regulations and issuances by the NPC;
  3. Give advice to the school’s various units, offices and personnel regarding complaints and/or the exercise by data subjects of their rights under the DPA;
  4. Ensure the proper management of data breach and security incidents within the prescribed period;
  5. Serve as the focal person of the school in relation to data subjects, the NPC and other authorities in all matters concerning data privacy and security issues; and
  6. Cooperate, coordinate and consult with the NPC in relation to matters involving data privacy and security.