Font size
Change theme
  • Operation Report
  • Institutional operations
About us
Institute of Professional Qualifications
Service
Institute of Professional Qualifications
Professional Qualification and Occupational Standards
Institute of Professional Qualifications
Procurement
Newsroom
Institute of Professional Qualifications
Contact us

Privacy policy

  1. Home
  2. Third Party Privacy Policy
Third Party Privacy Policy
Privacy Policy for Applicants trainee
Human Resources Privacy Policy
Cookie policy
Exercise of Data Subject Rights

Thailand Professional Qualification Institute (Public Organization) (“The Institute”) respects and recognizes the importance of the privacy rights and the protection of Personal Data of Third Parties which are the fundamental rights in privacy for individuals. Naturally, Third Parties would prefer their Personal Data to be secured. Coupled with the rules and measures laid by Privacy law governing security measure in processing Personal Data and data subject’s rights. The Institute hereby implements this Privacy Policy to notify the principle for Personal Data protection with the following context:

1.        Definitions 

In this Privacy Policy, words or messages have meanings as described in the following definitions:

Privacy law

means Personal Data Protection Act B.E. 2562, as amended, including relevant rules, regulations, and orders.

Personal Data

means any Personal Data which can be identified a natural person directly or indirectly according to the Personal Data Protection Act B.E. 2562.

Data Protection Officer

means officer(s) appointed by the Data Controller to perform and act as the Data Protection Officer in accordance with the Personal Data Protection Act B.E. 2562.

The Institute

means Thailand Professional Qualification Institute (Public Organization)

Data Controller

means the natural or juristic person that has the authority to make decisions about the Personal Data and to obtain the Personal Data from the Customer to provide services or to perform contract obligations with such persons.

Data Processer

means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller.

Allies

Means business or trade partners which are the Institute’s allies or operating jointly with the Institute [please provide the list of the Institute’s allies or refer to such list via QR code or url link]

Website

means any website owned or provided by Thailand Professional Qualification Institute (Public Organization) as the case may be.

 

2.        General Provision

     This Privacy Policy aims to explain how the Institute collects, uses, and/or discloses and protects Personal Data of Third Partys. Whereby the Institute may improve or amend any material changes in this Privacy Policy whether in whole or in part to comply with the amending laws and regulations. Therefore, Third Party should regularly access this Privacy Policy and follow up about the current version.

3.        Collection of Personal Data

            The Institute will collect your Personal Data for the Institute’s purposes and shall collects only to what necessary to fulfil the purposes of Personal Data processing and to comply with PDPA in the following ways

  1. The Institute will legitimately collect, use, and/or disclose Third Party’s personal data. The institute would only collect Third Party’s Personal Data that is necessary to fulfill the purposes of processing of Personal Data and in accordance with the law.
    1. General Personal Data such as
  1. personal information such as name and surname, date of birth, age, gender, photo, signature, workplace, job position, education background, employment information, training experiences, work experiences or personal information based on copies of documents issued by authority agencies such as copy of national identification card number, copy of passport, copy of house registration, etc.
  2. Contact information such as address, telephone number, email, contact point in the event of an emergency, or other related information which the Institute can contact.
  3. Financial information such as bank account information or tax pay identification number.
  4. Information for references such as Personal Data as shown in the copy of identification card, copy of passport, copy of name change document, copy of house registration, copy of driving license, copy of vehicle registration, vehicle registration number, copy of land deed, copy of power of attorney, copy of Company certificates, invoices, receipts, payment vouchers or copy of professional licenses, etc.
  5. IT Information such as log, IP address, location, browser, referring website, login log, transaction log, Access time, social media, cookies, or other technologies in the same manner.
  6. CCTV footage which records your stills and moving footages, voice records or other Personal Data which can be identified natural person.
    1. Sensitive Data is defined in Section 26 of PDPA as Personal Data pertaining to biometric data, finger scan, face recognition, religious, health data, racial, criminal records, etc. However, the Institute do not collect, use and/or disclose for Sensitive Data from Third Party unless the Institute obtained Third Party’s consent for processing of such sensitive data or it falls under any exception as prescribed by this privacy policy or the law.
  7. Third Party’s refusal to provide Third Party’s personal data, or Third Party’s giving of inaccurate or outdated Personal Data to the Institute, may result in Third Party’s inability to conduct any transactions with the Institute or to demand certain performance of a contract with the Institute. All of these restrictions may potentially cause damages and lost of opportunities for Third Party and may potentially affect any legal obligation in which Third Party or the Institute, as the case may be, is required to comply. The Institute collects, uses, and/or discloses as follows
  8. Sources of Personal Data

The following are multiple sources which the Institute collect your Personal Data from:

  1. Personal Data obtained from you directly, for example, you fill in your Personal Data through Institute’s applications in Institute’s Websites or though other available channels, or when you enter into a contract with the Institute, or when you submitted or make copy of any document pertaining Personal Data to the Institute, or when you submit your questions, concerns, complaint, appraisal to the Institute via telephone, e-mail, postal, your cookies in visiting Institute’s Websites or applications, your cookies in IP address, etc.

(2) Personal Data obtained from Third Parties or other reliable sources such as government agencies, Department of Business Development website, Revenue Department website, etc.

4.        Purposes of Processing of Personal Data       

The Institute shall collect your Personal Data only to what necessary to fulfil the purpose. Nonetheless, the Institute may have different purposes for Processing of Personal Data as follows:                 

  1. The collection, use, disclosure of Personal Data for the following purposes: 
  1. For the purposes of drafting and managing contracts made between the Institute and other contractual parties including for performance of a contract.
  2. For the purposes of procurement or registration of new contracting parties or any other persons with the same manner as well as processing of requests of the contracting party or any other person with the same manner.
  3. For recording the Institute’s creditor, for issuing invoices and tax invoices, for the Institute’s credit bureau, for disbursement including related financial transactions and accounting operations.
  4. For identification or verification of the data subject in cases of accessing services, entering into a contract, performing contractual obligations, to ensure that the services provided and all Institute’s communication that take places are kept in secure and confidential manner.
  5. For communicating or coordinating Institute business operations or tasks with third parties, contractors, and contract parties.
  6. For legal obligations purposes which related to the Institute’s business operation and to comply with the government’s official orders such as registration of business at the Department of Business Development, notification of registration personnel or related persons, conducting tax reports to submit to the Revenue Department, accounting audits by the auditors, etc.
  7. For Institute’s public announcements such as the Institute’s news and events, trainings, conferences, seminars, the Institute’s projects, relation events, social events, etc.
  8. For Institute’s database of events participants, project participants, attendees’ participants, training participants, or seminar participants including the analysis and observation of such individual’s behavior.
  9. For health management, occupational health, and safety management of the contractors. To organize an annual health checkup for both general health check-up and occupational health check-up (Health check according to risk factors), to administer health insurance and assess health readiness, to use health data for reporting, investigation, causal analysis or for development of preventive health management and to formulate measures to prevent incidents occurring.
  10. For the preventing from any dangerous communicable disease that may spreading in the Institute which will screening people entering and leaving premises including tracking travel and conduct report on travel which may result in potential risk of spreading disease.
  11. For examine and enhance facility security performance in building or in premises of the Institute. For security risk assessment including entering and exiting the premises. For identification purposes and keeping record of entering and exiting the premises. For video footages in buildings, offices, or surrounding areas under CCTV surveillance.
  12. For the establishment, compliance, exercise, or defense of legal claims. For initiating litigation, as well as proceeding for legal enforcement such as investigation and/or examination by government officials, for case preparation, and/or defense of legal claims in court, etc.
  13. For audits or internal audits of the Institute to ensure compliance with the standards and to comply with applicable laws and regulations.
  14. For internal data managements of the Institute and monitoring security of the Institute’s internal data systems.
  15. For obtaining and verifying licenses or permits that are mandatory for business operation.

5.             Disclosure of Personal Data

  1. The Institute shall disclose your Personal Data in compliance with PDPA and in compliance with the notified purposes to the following persons:
  1.  Service Provider(s) and the Data Processor which the Institute appoints to manage/ process Personal Data for the Institute in providing services. For example, human resources management, to provide services in security, to provide services in information technology, accounting audits, or other services related to business operations or benefits you.
  2. Consultants, legal consultants, attorneys, auditors, external auditors, speakers, or both internal and external experts, etc.
  3. Government agencies, authorized official authorities under the law such as Ministry of Labor, Social Security Office, Department of Skill Development, Legal Execution Department, Student Loan Fund, Department of Empowerment of Persons with Disabilities, Revenue Department, Department of Land Transportation,  Social Security Office,  Department of Business Development, Department of Industrial Works, Industrial Estate Authority of Thailand, Immigration Bureau,  Office of  the Personal Data Protection Committee, Courts Official, Police Officers, or other related official authorities as prescribed by the law.
  4. Vendor(s), contractors, Contract parties of the Institute in which you coordinate or related to your job position or responsible person or designated person(s).
  5. Commercial banks, financial institution, Bank of Thailand.
  6. Insurance companies or hospitals related to operations of the Institute.
  7. Other related person(s) or agencies that you had given consent to.
    1. The Institute may transfer or disclose your Personal Data to foreign countries. The Institute shall obtain your consent prior to transferring or disclosing of your Personal Data to a foreign country in case consent is required. The Institute shall conduct verification process to ensure that the designation country or international organization that receives such Personal Data shall have adequate data protection standards and carried out in accordance with the rules for the protection of Personal Data as prescribed by PDPA.

6.                Retention Period of Personal Data

The Institute shall collect and retain Personal Data of Data Subject for as long as necessary for the purposes of collecting, use, and disclosure of Personal Data in this Policy. In cases where the Data Subject terminate relation or agreement with the Institute, or no longer using the services or the business transaction. The Institute shall store Personal Data for specified period or as specified by the law, or by prescription period or for exercise or defense of legal claims. After the expiration of the storage period of each type of Personal Data, the Institute shall proceed to erase or destroy or make anonymize of Personal Data. However, the retention period of Personal Data shall be in accordance with the Institute’s Data Retention Policy. The Institute may retain the Personal Data of the Data Subject for longer than has been specified if permitted by law.

 

7.        Third Party rights as the Data Subject.

  1. Third Party may file a request form in accordance with the Institute’s conditions and procedures in cases the Data Subject requests for a copy of the Personal Data being processed by the Institute or requests the Institute to inform what sources the Personal Data originated.
  2. In the event that Third Party sees that his or her Personal Data is inaccurate, not up to date, or incomplete which may cause misunderstanding. Third Parties have the rights to request the Institute to correct and complete Personal Data based on information Third Party may provide by filing Data Subject rights request application to the Institute in accordance with the Institute’s conditions and procedures. In case where the Institute do not respond or comply with the rights request, the Institute shall keep record of the request with reasons of refusal as evidence for future inspection.
  3. Third Parties have the rights to withdraw consent once given to the Institute for Processing Third Party’s Personal Data at any reasonable time unless there is a restriction of the withdrawal of consent by law, or there is contractual obligation that benefits Third Party. For example, Third Party may still bound by a contract with the Institute, or Third Party has contractual obligations or legal obligation with the Institute. Nevertheless, if Third Party chooses to withdraw consent, Third Party may not be able to receive services from or conduct transaction with the Institute, or the Institute’s ability to provide services to Third Party may be limited.
  4. Third Party have the rights to receive the Personal Data concerning himself or herself from the Institute. In which the Institute shall arrange such Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means. Third Parties are also entitled to request the Institute to send or transfer the Personal Data in such formats to other Data Controllers if it can be done by the automatic means or entitled to request to directly obtain the Personal Data in such formats that the Institute sends or transfers to other Data Controllers unless it is impossible to do because of the technical circumstances.
  5. Third Party have the rights to object the collection use or disclosure of his or her Personal Data at any reasonable time in one of the following circumstances:
  1. Where collection, use, and disclosure of Personal Data is necessary for the performance of a task carried out in the public interest by the Institute or necessary for the legitimate interest of the Institute. Unless the Institute can prove that:
    1. There is a compelling legitimate ground; or
    2. It is necessary for the establishment, compliance, or exercise of legal claims, or defense of legal claims.

 

  1. Where collection, use, and disclosure of Personal Data is for the purpose of direct marketing; or
  2. Where Processing of Personal Data is for the purpose relating to scientific or historical research or statistics, unless it is necessary for the performance of a task carried out in the public interest by the Institute.
    1. Third Party have the rights to request the Institute to erase or destroy or anonymize Personal Data to become anonymous data where legitimate ground applies:

(1)       Personal Data is no longer necessary in relation to the purposes for which it was collected, used, or disclosed.

(2)       When Third Party withdraw the consent on which the collection, use, or disclosure is based on, and where there is no other legal ground for such collection, use, or disclosure.

(3)       When Third Party objects to the processing of the Personal Data referred in Clause 7.5(1) and the Institute cannot reject such request, or the processing of Personal Data is for the purposes relating to direct marketing; or

(4)       The Personal Data have been unlawfully collected, used, or disclosed

  1. Third Party have the rights to request the Institute to restrict the use of Personal Data, where the following applies:
  1. When the Institute is pending examination process in accordance with Third Party’s request to ensure that the Personal Data remains accurate, up-to-date, complete, and not misleading.
  2. Where it is the Personal Data which shall be erased or destroyed because it has been unlawfully collected, used, or disclosed, but Third-Party request for restriction of the use instead.
  3. Where it is no longer necessary to retain such Personal Data for the purposes of such collection, but Third Party have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims; or
  4. Where the Institute is pending verification to demonstrated that there is a compelling legitimate ground or pending examination for the establishment, compliance or exercise of legal claims, or defense of legal claims to reject the objection request made by Third Party.
    1. Third Party have the rights to complain to expert committee in accordance with PDPA in cases the Institute or the Data Controller including Third Parties or Data Processor(s) does not take action or does not comply with PDPA at the following address:

     Office of the Personal Data Protection Commission  
7th Floor, Ratthaprasasanabhakdi Building 80th Anniversary Government Center, Chaengwattana Road, Thungsonghong Subdistrict, Laksi District, Bangkok 10210

Nevertheless, the Institute reserves the rights to examine your request where it is permitted by law.

8.        Security Measures for Storing Personal Data

       The Institute is committed to protecting Third Party’s Personal Data. Hence, the Institute shall provide security measures including a safe and appropriate system for collecting, using, or disclosing Personal Data to prevent Third Party’s Personal Data from accidental loss, unauthorized access of data, destroy of data, misuse of data, unauthorized change or disclosing of data in accordance with the Institute’s information technology security policies and/or procedures.

       The Institute shall provide security measures of Personal Data which include operational safeguards, technical protection measures and physical safeguards regarding access or control of the Personal Data usage which at least consists of the following actions:

  1. Control of access to Personal Data and storage devices and Processing of Personal Data considering the usage and security.
  2. Determine permission to access Personal Data.
  3. Users access management to Personal Data for designated person(s) only.
  4. Determine roles and responsibilities of users to prevent unauthorized access, disclosure, cybercrime, copy of Personal Data, or to prevent theft of storage devices or data; and
  5. Provide method for tracing back in access, alteration, disposal, or transmission of Personal Data in accordance with the methods and storage media used for processing of Personal Data.                    

8.        Link to Third Party Website Disclaimer

The Institute's Website may contain links to third parties’ websites whereas those third parties may collect certain information of your usage of the services. The Institute accepts no liability for the security risk or privacy risk of any of your information collected by such third parties’ websites. You shall carefully check the third parties’ Privacy Policy.

9. Policy Review

       This Privacy Policy applies to all Personal Data in which the Institute collected, used, and disclosed, and in which the Institute had obtained consent from Data Subject prior to carrying out the processing activity (if any), as well as the collection of the Data Subject’s Personal Data in current or in the future for use and disclosure to the Third Parties within the scope of this Privacy Policy.

       Policies are reviewed at least once a year. Updated versions are to be adopted by the Institute where deemed necessary or appropriate.

10. Governing Law and Jurisdiction         

     This Privacy Policy is governed by and construed in accordance with Thai laws and Thai courts have the jurisdiction to consider any disputes that may arise.

11. Policy Review

       This Privacy Policy applies to all Personal Data in which the Institute collected, used, and disclosed, and in which the Institute had obtained consent from Data Subject prior to carrying out the processing activity (if any), as well as the collection of the Data Subject’s Personal Data in current or in the future for use and disclosure to the Third Parties within the scope of this Privacy Policy.

       Policies are reviewed at least once a year. Updated versions are to be adopted by the Institute where deemed necessary or appropriate.

  1. Governing Law and Jurisdiction         

     This Privacy Policy is governed by and construed in accordance with Thai laws and Thai courts have the jurisdiction to consider any disputes that may arise.

12.Contact Information

     Any questions or concerns regarding this Privacy Policy, the exercising of Third Party’s rights, or have reasonable reasons to believes that the Personal Data has been misused, please contact the Institute via the following channels:

Data Protection Office
Email address: [email protected]
Telephone No.: +66 2035 4900
Address: Thailand Professional Qualification Institute (Public Organization) 1177 Pearl Bangkok Building, 14th floor, Phahonyothin road, Phayathai Sub-district, Phayathai District, Bangkok 10400