1. Purpose and Scope

This Agreement outlines the compliance measures undertaken by MoodSync to ensure that the collection, processing, and storage of personal data align with the principles and requirements of the Data Privacy Act of 2012 (RA 10173) of the Philippines. This document applies to all users, administrators, and stakeholders of MoodSync.

2. Definitions

Personal Data: Any information that identifies or can identify an individual, such as name, facial expressions, or emotion-related data.

Sensitive Personal Data: Specific data such as emotional states, which may be derived from facial recognition technology.

Data Subject: Any student, teacher, or staff whose personal data is collected and processed by MoodSync.

3. Responsibilities

Data Controller: The school or institution implementing MoodSync, responsible for determining the purpose and means of processing personal data.

Data Processor: MoodSync, responsible for processing data on behalf of the controller while ensuring compliance with RA 10173.

End Users: Guidance associates or administrators who access the MoodSync system for student emotional stability management.

4. Compliance Measures

4.1. Transparency: MoodSync ensures that all data subjects and their guardians are informed of:

• The purpose of data collection.
• The extent and duration of data storage.
• Their rights to access, correct, or request deletion of their data.

4.2. Consent: Consent is obtained from data subjects and/or their legal guardians before collecting or processing personal data. This consent must be:

• Freely given.
• Specific and informed.
• Recorded in a secure and retrievable format.

4.3. Data Minimization: MoodSync will collect only the data necessary for detecting and managing emotional states.

4.4. Data Protection:

• Use of encryption protocols for all stored and transmitted data.
• Implementation of access control measures, ensuring that only authorized personnel access sensitive data.
• Regular system audits to identify and mitigate vulnerabilities.

4.5. Data Retention and Disposal: Data is retained only for the period necessary for the intended purpose.

4.6. Incident Response: A protocol for addressing data breaches, including notifying the National Privacy Commission (NPC) and affected individuals within the prescribed timeline.

5. Rights of Data Subjects

• Access: Subjects have the right to access their data and understand how it is used.
• Correction: Errors in data will be rectified upon request.
• Erasure: Subjects can request data deletion, provided it does not conflict with legal obligations.
• Withdrawal of Consent: Consent can be withdrawn at any time, halting further data processing.

6. User Responsibilities

Users must:

• Handle data in compliance with the provisions of this Agreement.
• Report any security breaches or unauthorized data access to the administrator.

7. Penalties for Non-Compliance

• Violations of this Agreement may result in revocation of MoodSync access.
• Legal action under the Data Privacy Act of 2012.
• Reporting to the National Privacy Commission (NPC) for investigation and further action.

8. Governing Law

This Agreement is governed by the laws of the Republic of the Philippines, specifically the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations (IRR).