1. Data Controller
STAR-LINK is operated in support of the DOST-SEI STEM Teachers Action Research (STAR) program. The platform administrator acts as the Personal Information Controller (PIC) under Republic Act No. 10173, the Data Privacy Act of 2012 (DPA).
All personal data collected through this platform is processed in accordance with the DPA and its Implementing Rules and Regulations (IRR), as well as National Privacy Commission (NPC) issuances.
2. Personal Data We Collect
We collect the following categories of personal information during registration and platform use:
Account Information
- Full name, email address, and password (hashed)
- STAR ID (system-generated unique identifier)
Professional Profile
- Occupation, school/institution, region, and division
- Highest qualification level, subjects taught, years of experience
- STAR participation status, training history, and structured training records
Demographic Information (Optional)
- Gender and age bracket (used for planning analytics only)
Platform Activity
- Forum posts, comments, and uploaded resource metadata
- Program feedback and participation records
3. Purpose and Legal Basis
Your data is processed for the following purposes, each grounded in a lawful basis under RA 10173:
- Account management — Consent (required at registration)
- Community facilitation — Legitimate interest of the STAR programme
- Regional planning & analytics — Processing consent (required)
- Anonymized research reports — Research consent (voluntary, opt-in)
- Platform security & audit — Legitimate interest and legal obligation
4. Data Retention Policy
We apply the following retention rules to your personal data:
| Data Category | Retention Period | After Expiry |
|---|
| Profile & account data | 5 years from registration | Anonymized automatically |
| Forum posts & comments | Duration of account + 90 days | Content replaced with redacted placeholder |
| Uploaded resources | Duration of account + 90 days | File data deleted; metadata retained anonymously |
| Audit & consent logs | 7 years (compliance) | Permanently deleted |
| Session tokens | 30 days | Automatically purged |
5. Account Deletion & Anonymization
You may request deletion of your account at any time from your profile page. Upon request:
- A 30-day grace period begins, during which you may cancel the request
- After the grace period, your profile is permanently anonymized
- Personal identifiers (name, email, school, gender, age) are replaced with redacted values
- Forum and comment content is replaced with a redaction notice
- Aggregate, non-identifying statistical data may be retained for research purposes (unless you have opted out)
6. Data Sharing & Disclosure
Your personal data is shared only with:
- Platform administrators — for moderation, programme delivery, and regional planning
- Anonymized research consumers — only if you have granted research consent and have not opted out of anonymization
We do not sell, rent, or share your personal data with third-party commercial entities. Data is not transferred outside of the Philippines unless required by the STAR programme with appropriate safeguards in place.
7. How Anonymization Works
When data is anonymized (either upon retention expiry or deletion request):
- Your name is replaced with a system-generated anonymous identifier (e.g.,
ANON-A1B2C3D4) - Your email is replaced with a non-functional redacted address
- School name, gender, age bracket, and subject lists are cleared
- Your region and division are retained to preserve aggregate statistical integrity
- Password hash is wiped, making the account permanently non-recoverable
Anonymized data cannot be re-identified and remains in the system solely for statistical continuity in regional analytics dashboards.
8. Your Data Rights
Under the Data Privacy Act of 2012, you have the right to:
- Access — View all data we hold about you (available on your profile page)
- Rectification — Correct inaccurate data by editing your profile
- Erasure/Deletion — Request full account deletion with a 30-day grace period
- Data Portability — Export all your data as a machine-readable JSON file
- Consent Withdrawal — Withdraw research consent at any time from your profile; note that withdrawing data processing consent requires account closure
- Opt-Out of Anonymized Research — Exclude your data from anonymized research datasets
- Lodge a Complaint — File a complaint with the National Privacy Commission if you believe your rights have been violated
9. Security Measures
We implement the following security controls to protect your personal data:
- Passwords are hashed using bcrypt with a work factor of 10
- Sessions use cryptographically secure tokens with 30-day expiry
- Database connections are encrypted in transit (TLS)
- All data access is logged in an immutable audit trail
- Rate limiting protects against brute-force attacks
- Content moderation prevents unauthorized public disclosure
10. Consent Management
STAR-LINK uses a granular consent model. During registration, you are asked to provide:
- Data Processing Consent (required) — Permits the platform to process your data for operational and regional planning purposes
- Research Consent (optional) — Permits inclusion of your anonymized data in aggregate research reports
- Anonymization Opt-Out (optional) — Excludes your data entirely from anonymized research datasets, even if you have granted research consent
All consent changes are recorded in a tamper-evident audit log with timestamps. You may view and change your consent settings from your profile page at any time.
11. Contact & Data Protection Officer
For questions, data access requests, complaints, or concerns regarding this Privacy Policy, please contact:
Please use the contact information provided by your regional STAR programme coordinator.
This Privacy Policy is complementary to our Terms and Conditions. By using STAR-LINK, you acknowledge that you have read and understood this policy.
STAR-LINK