AAA Seal

Privacy Policy

Last updated: February 2026

1. Data Controller

The Assumption Alumnae Association (AAA) is the Personal Information Controller (PIC) as defined under Republic Act No. 10173, also known as the Data Privacy Act of 2012. The AAA is responsible for the collection, processing, and protection of your personal information through this portal.

2. Information We Collect

When you register as a member of the AAA, we collect the following information:

  • Full name (first name, middle name, last name), maiden name, and nickname
  • Contact number and email address
  • Assumption education history (elementary, high school, and/or college years attended and graduated)
  • Section and graduation year
  • Professional information (company, job title, industry) — optional
  • Location (city, province, country) — optional
  • Profile photo — optional
  • Communication preferences (newsletter opt-in, support interest)
  • Payment information processed through PayMongo or PayPal for membership dues and event fees (card/account details are handled entirely by these processors and are never stored on our servers)

3. Legal Basis and Purposes of Processing

We process your personal information based on the following legal grounds under RA 10173:

  • Consent — You provide explicit consent when you check the data privacy agreement during registration.
  • Legitimate Interest — Processing necessary for the legitimate operations of the Association, including membership management and community services.

Your information is used to:

  • Verify your alumni status and manage your membership account
  • Provide access to the member directory with privacy controls you set
  • Process membership dues and event registration payments
  • Send important updates about Association activities, events, and Assumpta Magazine (if you opted in)
  • Generate your digital ID card with QR verification
  • Enable fellow alumnae to reconnect with batchmates through the directory

4. Member Directory Privacy Controls

As a member, you have granular control over which information is visible to other members in the directory. Through your profile settings, you can choose to show or hide your:

  • Email address (hidden by default)
  • Contact number (hidden by default)
  • Company and professional information
  • Location

Your name, graduation year, and profile photo (if provided) are visible to other members to facilitate alumni connections. Administrators can view all profile information for membership management purposes.

5. Data Security

We implement industry-standard security measures to protect your personal information:

  • Passwords are hashed using bcrypt with 12 rounds
  • All data is transmitted over HTTPS/TLS
  • Database access is encrypted and restricted to authorized services
  • Payment data is processed by PCI-compliant processors (PayMongo, PayPal) — no card or bank details are stored on our servers
  • Administrative actions are logged for audit purposes
  • File uploads are validated for type, size, and content before storage

6. Data Sharing and Third Parties

We do not sell, trade, or otherwise transfer your personal information to outside parties. Your data may be shared with the following service providers solely for the purposes stated:

  • PayMongo — Payment processing for membership dues and event fees (Philippine payment methods)
  • PayPal — Payment processing for international members
  • Sendy / Amazon SES — Sending Association newsletters and transactional emails (receipts, event confirmations)
  • DigitalOcean — Cloud hosting and data storage
  • Cloudflare — Content delivery, DNS, and security services

7. Data Retention

Your personal data is retained for the duration of your active membership plus five (5) years after your last recorded activity, or as required by applicable law for legitimate record-keeping purposes.

If you request account deletion, we will remove or anonymize your personal information within thirty (30) days, except where retention is required by law, for the resolution of disputes, or for the Association's legitimate record-keeping needs (e.g., payment and audit records).

8. Your Rights Under RA 10173

As a data subject under the Data Privacy Act of 2012, you have the following rights:

  • Right to be Informed — You have the right to be informed of the collection and processing of your personal data, including the purposes, scope, and method of processing.
  • Right to Access — You have the right to access your personal data, including a copy of such data, and information about how it has been processed.
  • Right to Object — You have the right to object to the processing of your personal data, including for direct marketing purposes.
  • Right to Erasure or Blocking — You have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal data.
  • Right to Rectification — You have the right to correct any inaccurate or incomplete personal data.
  • Right to Data Portability — You have the right to obtain your personal data in a structured, commonly used, and machine-readable format.
  • Right to File a Complaint — You have the right to file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated. You may reach the NPC at https://privacy.gov.ph.
  • Right to Damages — You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

9. Consent

By registering for membership and checking the data privacy consent checkbox, you indicate your free, specific, and informed consent to the collection and processing of your personal information for the purposes described in this policy. You may withdraw your consent at any time by contacting us or updating your account settings, without affecting the lawfulness of processing based on consent before its withdrawal.

The timestamp of your consent is recorded and stored securely for compliance purposes.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify members of significant changes through the portal or via email. The "Last updated" date at the top of this page indicates when this policy was last revised.

11. Contact

For privacy-related inquiries, to exercise your rights, or to file a concern, please contact us through our contact form or email us at [email protected].

If you are not satisfied with our response, you may file a complaint with the National Privacy Commission.