Menu
GOVPH

Philippine Standard Time:

ETHICS REVIEW COMMITEE

Latest Updates

About the CNU Ethics Review Committee

The CNU Ethics Review Committee (CNU ERC) was approved by the Board of Regents on December 7, 2017 through Resolution No. 117 series of 2017. Subsequently, the approval of the CNU ERC Standard Operating Procedures, Special Guidelines and Ethical considerations (Resolution No. 14 series of 2018) was given on March 8, 2018. The CNU ERC is designated to approve, monitor, and review biomedical and behavioral research involving humans and all forms of life with the aim of protecting the rights and welfare of the research subjects.

The Board shall have the following functions:

  1. Require all faculty members and students who will conduct research that involves human participants to submit a complete description of the proposed research using the CNU ERC Protocol Submission Overview;
  2. Review all researches submitted by faculty members and students that involve human participants to assure, both in advance and by periodic review, that appropriate steps are taken to protect the rights and welfare of humans
    participating as subjects in a research study:
  3. Assess the ethics of the research and its methods, to promote fully informed and
    voluntary participation by prospective subjects who are themselves capable of making such choices (or, if that is not possible, informed permission given by a suitable proxy) and to maximize the safety of subjects once they are enrolled in the project; and
  4. Approve or disapprove the implementation of the research project or withhold approval of the implementation of the study pending modifications or changes to protocol or the consent procedures.

Ethical Considerations

The CNU Ethics Review Committee (ERC) is dedicated to assisting student and faculty researchers in ensuring the ethical integrity of their research protocols. By adhering to its ethical guidelines, the ERC ensures that research conducted under its purview is ethically sound, respects the rights and dignity of participants, and maintains the highest standards of academic integrity. To uphold high ethical standards, the ERC requires all submitted research protocols to include provisions addressing the following ethical considerations:

  1. Voluntary Participation:
    Participants should not be coerced through bribery, pressure, or blackmail into participating in research. Every participant must have the autonomy to choose to be involved in the study and must retain the right to withdraw at any time without any repercussions.
  2. Anonymity and Confidentiality:
    Anonymity involves ensuring that participants remain unidentifiable and untraceable, while confidentiality pertains to the non-disclosure of collected data to unauthorized individuals or entities. Research protocols must clearly outline the methods for collecting, storing, processing, and disposing of data to safeguard participants’ identities and privacy.
  3. Conflict of Interest:
    A conflict of interest arises when personal interests could compromise an individual’s judgment or decision-making during the research process. Researchers must explicitly declare any potential conflicts of interest to maintain transparency and integrity in their work.
  4. Informed Consent or Assent:
    Participants of legal age (18 years and older) must provide informed consent, whereas minor participants (under 18 years) must provide assent, accompanied by a child information sheet and a consent form from their parents or legal guardians. The informed consent form should include a brief description of the study, its objectives, the extent of participant involvement, potential risks and benefits, and contact information for the primary investigator.
  5. Risks:
    Researchers must outline the potential harms that participants may face if they choose to participate in the study. These risks can be physical, social, psychological, or legal. Identifying potential risks allows researchers to minimize their impact and to develop solutions and support mechanisms should these risks materialize.
  6. Benefits:
    Participants may incur personal expenses or face inconveniences during data collection. Therefore, they should be justly compensated when applicable. For instance, traveling to and from an interview location may require reimbursement for transportation and food expenses. Additionally, if the data collection impedes on the productive economic hours of the participants, the researchers must give compensation to the participants equivalent to the number of hours they have allotted for the study.

List of documentary requirements for Ethics Review Application

All of the following documents must be submitted to the ERC office for protocol ethics review. Make sure that your submission is complete. All forms (except for the cover letter, approved manuscript, and completed compliance form) are provided by the ERC office.

  1. Cover letter (addressed to the ERC Chair)
  2. Approved Manuscript (w/ CV, Gantt Chart, Research Instrument)
  3. Completed Compliance form
  4. Form 1: Protocol review application form
  5. Form 2: Protocol review assessment form
  6. Form 3: Informed consent form checklist
  7. Form 4: Participant information sheet and informed consent
  8. Form 5: Child information sheet and assent form
  9. Form 6: Detailed budget sheet
  10. Form 7: Document receipt form

Downloadable Forms

Organizational Chart

Ethics Review Process

PART 1

PART 2

Contact Information

Rhoniel Ryan J. Ymbong, M.Sc.

Chair, Ethics Review Committee
ymbong@cnu.edu.ph

For more inquiries and online submissions, contact us via:
Email: cnuerc@cnu.edu.ph; Telephone: (+32) 254 1452 local 142

For physical submissions, you may visit us at:

Address: Rm 7, 3rd floor, Teaching Arts Centrum (TAC) building, CNU-Main campus, Osmeña Blvd., Cebu city
Visit our website at www.cnu.edu.ph to access the downloadable forms for ethics review application and the citizen’s charter.

X
Cebu Normal University
PRIVACY POLICY

Policy Statement

This Privacy Policy is adopted in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations (IRR), and other relevant issuances of the National Privacy Commission (NPC). The University is committed to protecting and respecting your personal data privacy. We process personal information in accordance with the principles of transparency, legitimate purpose, and proportionality. This Policy informs how we collect, use, disclose, store, protect, and dispose personal information of our data subjects.

Definitions

Personal information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information or when put together with other information that would directly and certainly identify an individual.

Sensitive information is a type of personal information with the risk of discrimination against the Data Subject. These are about an identifiable person’s racial or ethnic origin, marital status, color, and religious, philosophical, or political affiliations. It is also, about an individual’s health, education, the genetic or sexual life of person, or any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and specifically established by an executive order or an act of Congress to be kept classified.

Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.

Information We Collect

The University may collect personal information in the context of its regular functions — including but not limited to the following categories:

  1. Students: contact and enrollment details, academic records, health or medical records, accommodation records, student-activity participation, and related data.
  2. Staff and job applicants: contact details, employment history, qualifications, employee-related data.
  3. Alumni profiling: contact and demographic details.
  4. Visitors, volunteers, and other stakeholders: information collected through sign-in forms, CCTV or security monitoring, photos or recordings during official events, surveys, and feedback forms.

Collection may occur by any medium, including: paper forms, electronic forms, email, website or online platforms, CCTV or video/photographic capture, surveys/questionnaires, and other lawful means.

Purposes and Uses of the Data Collected and Processed

Personal information collected may be used for:

  1. Administration of admission, enrollment, employment, alumni relations, and other official functions.
  2. Maintenance of student and employee records, including academic, health, and administrative data.
  3. Provision of University services such as counseling, scholarship administration, placement, library access, facilities use, laboratory access, security, parking, and accommodation.
  4. Internal research, quality assurance, performance monitoring, and institutional planning.
  5. Compliance with statutory obligations (e.g. reporting to government agencies when required).
  6. Security, safety, and campus management, including CCTV monitoring.

Legal Basis / Lawful Criteria for Processing

All processing of personal data is carried out in accordance with the legality, fairness, and lawfulness requirements under the Data Privacy Act and IRR.
Where applicable, processing is grounded on consent, contract, legal obligation, legitimate interest, or other lawful bases recognized under the law. The choice of lawful basis depends on the nature of data, the purpose of processing, and legal or contractual requirements.

Manner of Collection and Processing

Personal data may be collected through physical forms (paper-based), electronic forms, online or web-based platforms (e.g., registration portals, email, institutional website), CCTV or video/photo capture (for security or surveillance), event sign-in sheets or registration forms, surveys or questionnaires, or other legitimate and lawful means.

Processing may include collection, recording, sorting, storing, retrieval, use, updating, modification, blocking, destruction or other operations as allowed under the law, consistent with declared purposes.

Disclosure of Information

The University does not disclose personal information except under the following circumstances:

  1. Internal disclosure within authorized University personnel, only when necessary and appropriate for legitimate institutional purposes.
  2. External disclosure only when required or permitted by law (e.g. statutory obligations), or when the data subject has provided valid consent.
  3. Sensitive personal information or privileged information is processed and disclosed only in accordance with relevant legal provisions.

Risks, Safeguards and Security Measures

The University recognizes that processing of personal data entails certain privacy and security risks. Accordingly, we implement appropriate organizational, technical, and physical security safeguards to protect the confidentiality, integrity, and availability of personal data — whether in electronic or physical form. Such measures include (but are not limited to):

  1. Access controls (both digital and physical) to restrict access only to authorized personnel
  2. Use of secure storage: locked filing cabinets or secure rooms for physical records; password-protected systems, encryption, secure servers, firewalls for electronic data
  3. Secure transmission of data (when shared or transferred), secure printing and disposal protocols, and safe deletion or destruction of data when no longer needed
  4. Classification of data and periodic review of security protocols, to ensure adequacy in light of the risks presented and sensitivity of the data processed

Rights of Data Subjects

Under the Data Privacy Act and its IRR, data subjects have the following rights:

  1. Right to be informed — you have the right to know whether personal information about you will be, is being, or has been processed; the purposes of processing; the personal data to be entered; and the scope and method of processing.
  2. Right to access, correct, or update your data — you may request access to your personal information, ask for rectification of inaccuracies, or request updates.
  3. Right to object or withdraw consent — when processing is based on consent or legitimate interest, you may withdraw consent or object, subject to legal limits.
  4. Right to data portability — where applicable, you may obtain a copy of your personal data in a secure and portable format for transfer to another controller.
  5. Right to erasure or blocking — if personal data is incomplete, outdated, unlawfully obtained or processed, no longer necessary, or processing is unauthorized, you may request erasure or blocking, subject to legitimate grounds for retention (e.g. legal obligations or defense of legal claims).
  6. Right to damages — you may seek indemnification for damages resulting from inaccurate, incomplete, outdated, unlawfully obtained or unauthorized use of your personal data.
  7. Right to lodge a complaint with the NPC if you believe your data privacy rights have been violated.

Requests for access, rectification, objection, portability, erasure or complaints may be submitted in writing to the University’s designated Data Protection Officer (DPO) or Data Privacy Office.

Security, Retention, and Disposal

The University implements appropriate organizational, technical, and physical security measures to safeguard personal data — whether in paper or electronic form — against unauthorized access, disclosure, alteration, or destruction. Such measures include: secure storage (locked filing cabinets or rooms), restricted access to authorized personnel only, use of locked screens/screensavers, secure transmission (sealed envelopes or secure electronic transmission), secure printing and disposal of documents, and safe deletion or destruction of data when no longer needed.

Personal data will be retained only for as long as necessary to fulfill the declared and legitimate purposes, or as required for legal obligations or defense of legal claims. When no longer needed, personal data will be disposed of securely in accordance with University policy and relevant data-protection guidelines.

Consent, Notice, and Legitimate Processing

Where required by law, consent will be obtained from data subjects prior to collection or processing of their personal or sensitive data. In other cases (e.g. CCTV monitoring, legitimate interest), the University will inform data subjects through appropriate notice mechanisms before or at the time of data collection. Privacy notice(s) will accompany data-collection forms or be posted in conspicuous campus areas, and on the University website. At all times, data processing is based on legitimate purpose and proportional to the need.

Data Subject Access and Contact

To exercise your rights or if you have any inquiry, concern, or request regarding your personal data, please contact:

Omar B. Roma

Data Protection Officer
Email: dpo@cnu.edu.ph
Phone: 09422041421

Changes to This Policy

The University reserves the right to update or amend this Privacy Policy as necessary to reflect changes in applicable laws, regulations, regulatory guidance, or its internal data-processing practices. Updated versions will be posted on the University’s official website and, where appropriate, communicated to data subjects.