This Notice details policies and procedures regarding a collection, use, store and disclose (“Processor”) of the personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). This Notice applies to general data subjects (“The Data subjects”). Please read the privacy notice (“Notice”) carefully to understand the University policies and procedures pertaining to the personal data.
“Personal Data” under this Notice refers to any information related to a person, which enables the identification of such person, whether directly or indirectly, including identifiable data such as number of national identification card, address, online information, any physical identity data, socio economical or cultural data.
The University shall collect, use, disclose the personal data as follows:
In addition, for the personal data collection process, the data subjects may be requested to provide the University with additional information as follows:
The University shall collect special category personal data in accordance with Section 26 of the Personal Data Protection Act B.E. 2562 (2019), pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, genetic data, biometric data or of any data. The University shall access, collect, use, disclose or control of the personal data with carefulness and in accordance with related laws/rules and regulations. In addition, the University shall notify the data subjects prior to or during the collection, use or disclosure of the special category personal data, for compliance with related laws.
The data subjects acknowledge that, in an event where criminal convictions and offences take place, be it civic or criminal offences or any other offences, the University reserves the right to collect or use information relating to criminal convictions and offences. The University shall carefully access, collect, use, disclose or control the Personal Data to the extent required by laws.
The University hereby wishes to inform the data subjects that, in order to protect and safeguard the security of the data subjects and to protect the interests of the University, the University has set up closed circuit television system (“CCTV”) to ensure and safeguard the safety on the premises of the University. In this regard, the University or Service Providers outsourced by the University shall collect, use or process information from your still pictures or motion pictures or personal data when being present on the premises of the University, for safety of the University and other data subjects.
The University shall collect, use, disclose and process the personal data of the data subjects collected directly from the data subjects or from the external sources as described in Item 2.
In some cases, the University may request additional information from the data subjects, in order for the University to carry out contractual obligations or any other requests. The University shall notify the data subjects when such needs arise. In this regard, failure to provide required information may result in a termination of contract or the University may unable to carry out related requests by the data subjects.
The University shall process the personal data for the purposes as follows:
The University has legal basis to process the collected personal data in order to offer services, as follows:
The University realizes a significance of an assurance of confidentiality of the personal data and assures a limit of access of the personal data to only those with related-duties, personnel and staff of the University and third-party service providers who are affiliated with the University. The University shall disclose and share only necessary information in order to process information related to service offering and to protect the interests of the University, and the University hereby agrees to protect the personal data from any unauthorized access . The data subjects may contact the DPO for further information pertaining to the 3rd party service providers to whom the personal data is disclosed. The University may disclose the data subjects' contact details as listed to other university personnel and the general public. However, the data subjects are entitled to request for a deletion of their personal data under the terms and conditions and within a period as specified by the University.
The University shall disclose the personal data to other universities or affiliated offices for related-university business and activity, travel arrangement, or activity coordination, professional affiliations and research. The University may also disclose the personal data to government agencies related to immigration, tax and revenue, national security and crime, or any other activities required by laws.
The data subjects agree the University to disclose or transfer the personal information to affiliates or alliances and business partners of the University in order for business operation, compliance of policies, and legitimate interest of the University, including any other cases announced by the University from time to time.
The University may transfer the personal data to the Third Country for research purpose, as deemed necessary. The data subjects agree to the transfer the personal data to countries outside of Thailand or to affiliated persons or offices or under the jurisdiction of other countries whether or not the personal data protection laws of those countries meet the legal standards of Thailand. The University shall proceed any appropriate procedures which have the same standards applicable in Thailand for personal data protection.
The University shall collect the personal data as required and as necessary during the period required by law. The data subjects may contact the DPO of the University to check the data retention period.
At any time, the data subjects have the rights to the personal data, as follows:
In order to exercise the rights to the personal data as prescribed above, the data subjects are required to submit a request in writing to the DPO of the University, as detailed in Item 9, as follows:
If the data subjects wish to make a request to any of the items listed in Item 8 or to request further information related to the collection, use or disclosure of the personal data collection, they may contact the DPO as detailed below.
The Data Protection Officer
The Committee for Personal Data Protection of Bangkok University
Address: 9/1 Phahonyothin Road, Klong Nueng Sub-district, Klong Luang District, Pathum Thani Province 12120
Tel: 02 407 3888
Email: pdpc@bu.ac.th
If the data subjects no longer allow the University to collect, use, process or disclose the personal data, they may withdraw their consent by submitting a request for a withdrawal of consent to the DPO of the University.
A withdrawal of consent must be carried out under the terms and conditions of related rules and regulations, announcements pertaining to the personal data protection policies and procedures as determined/specified by the University.