top of page
UniversalU - FINAL - 240729.png

Privacy Policy

Policy and Brief and Purpose

This policy outlines Universal-U’s commitment to protecting personal data in accordance with applicable privacy laws in Australia and the Philippines. It ensures that all personal information is collected, stored, used, and disclosed responsibly and securely. It further highlights employees of Universal-U’s responsibility to comply with relevant legislation including policies and procedures mandated by clients. We further acknowledge that there may be additional requirements for some of our clients for example to maintain their NDIS Provider status.

Scope

This policy applies to:

  • All employees, contractors, and third-party service providers

  • All personal data processed by Universal-U in Australia and the Philippines

  • All systems and platforms used to store or manage personal data

Legal Framework

  • Australia: Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs)

  • Philippines: Data Privacy Act of 2012 (Republic Act No. 10173), including Implementing Rules and Regulations (IRR) and National Privacy Commission (NPC) guidelines.

Definitions

  • Personal Information: Any information that identifies or could reasonably identify an individual.

  • Sensitive Information: Includes health data, financial data, government-issued IDs, and biometric data.

  • Processing: Any operation performed on personal data, including collection, storage, use, and disclosure.

Data Collection

We collect personal data only when:

  • It is necessary for business operations or legal compliance

  • The individual has provided consent, or collection is otherwise lawful

Data collected may include:

  • Contact details

  • Employment records

  • Financial and payroll information

  • System access logs

 

We acknowledge that employees may be privy to personal data while they are working for a client and further acknowledge that employees privy to personal data shall comply fully with the clients’ policies and procedure and failure to do so may result in disciplinary action.

Use and Disclosure

Personal data will only be used for:

 

  • Employment and HR administration

  • Client service delivery

  • Legal and regulatory compliance

Disclosure to third parties will occur only:

  • With consent, or

  • When required by law, or

  • Under contractual obligations with data protection clauses

Data Storage and Security

We implement appropriate technical and organisational measures to:

  • Protect data from unauthorised access, alteration, or destruction via the use of Microsoft Intune.

Cross-Border Data Transfer

We utilise a virtual desktop between Australia and the Philippines to ensure compliance with both jurisdictions’ privacy laws.


And further ensure that our clients use a virtual desktop between Australia and the Philippines to ensure compliance with both jurisdictions’ privacy laws

Rights of Data Subjects

Individuals have the right to:

  • Access their personal data

  • Request correction or deletion

  • Withdraw consent (where applicable)

  • Lodge complaints with the OAIC (Australia) or NPC (Philippines)

Data Breach Notification

In the event of a data breach:

  • We will assess the impact and notify affected individuals

  • We will report to the OAIC or NPC as required

  • We will take corrective actions to prevent recurrence

Effectivity

This Policy shall take effect immediately. All practices, instructions, memoranda previously in
effect and/ or inconsistent are hereby amended.

bottom of page