Customer’s Privacy Notice
Pongpattana Language School (the “Institute”) is the owner and the developer of New Cambridge Institute (Thailand) and World Education links (the “Platform”). By signing up and registering for becoming the user of the service of the Platform (“User”) and representing to collect and use your personal data correctly and transparently only as necessary for the efficient provision of our services or performance of any obligations that the Institute may have with the Customer. In particular, the Institute is committed to ensuring the compliance of their personal data processing with the applicable personal data protections laws and the best information security measures
Objectives of this Privacy Notice
The Institute intends to inform this Customer’s Privacy Notice (the “Notice”) to notify the Institute’s necessity and conditions for the collection, use, and disclosure of the Customer’s personal data.
Acceptance of this Notice
When the Customer contact the Institute for any inquiries via any of the Institute’s channels that may include this Corporate Website or other channels; and when the Customer enter into an agreement and/or any transaction documentation with the Institute, the Institute shall deem that the Customer have accepted and acknowledged the terms and conditions of this Notice.
Change of this Notice
The Institute may review and update this Notice from time to time to ensure its compliance with the relevant laws and regulations and scope of the Institute’s services provided to the Customer. The Institute will notify the Customer of the amended Notice by announcing the updated Notice via Institute’s communication channels.
Definition and Scope of Personal Data
“Personal Data” means any information that is directly or indirectly personal identifiable in accordance with the definitions given under the Protection Data Protection Act B.E.2562, the amendment thereof and other relevant laws. For the avoidance of doubt, the Personal Data hereunder would also be referred to the Personal Data of the authorized representative of the corporate Customer (the “Representative”).
The Personal Data to be processed under this Notice shall include the process of the personal data of the individual Customer and the process of personal data of the authorized director and/or representatives who is authorized by the corporate Customer to contact with the Institute.
Source of Personal Data
The Institute may receive the Personal Data from the following sources:
(1) Directly from the Customer during the communication, the conversation, the contract and transaction document preparation process;
(2) Indirectly from public records and non-public records that the Institute may have the legitimate rights to get access to; or
(3) Indirectly from the reference made by any person; provided that in case the indirect collection of the Personal Data, the Institute will inform the Customer of the source of data.
Personal Data being Processed
The Institute would need to collect, use and process the following Personal Data of the Customer:
Contact information including full name, contact information of the Representative (i.e., telephone number, email and contact address); and the Identification information of the Representative, for instance, a copy of identification card or passport;
Personal Data of the Customer’s employees who will become the system or products users of the Institute which may include full name, telephone number, email address for user registration;
Technical information that the Institute’s systems may collect in connection with the use of electronic systems or of the device that the Customer uses to connect with the Institute’s systems, including without limitation to the IP Address, browser type, username and password information and all the log-in logs;
Other Personal Data that the Customer may submit to the Institute during the communication made between the Customer and the Institute that may include the complaint and feedback raised by the Customer; the request for any support from help desk; the Personal Data being submitted to participate in the Institute’s campaign or event, including without limitation the identity documentation of the Representative or other persons that would be required for the travel reservation).
In case the Customer submit any Personal Data of any related personal under their supervision to the Institute, upon the receipt of those Personal Data, the Institute shall deem that the Customer represent their legitimate rights to share and disclose those Personal Data to the Institute and therefore the Institute shall be fully entitled to process those Personal Data pursuant to this Notice.
Objectives of the Personal Data Processing
All of the Personal Data of the Customer and the relevant persons shall be collected, used, and processed by the Institute in order to serve the following purposes:
To communicate; to give the relevant information; and to coordinate with the Customer throughout the process of the negotiation and conclusion of the transaction arrangement as well as the documentation preparation and execution;
To perform any rights and obligations that the Institute may have with the Customer under the agreement entered into, including the provisions of the installation, advisory or maintenance services, the payment confirmation, the delivery services; and any the performance of any other duties that the Institute may have in any campaign or event that the Institute may host for the Customer in accordance with any agreement to be made between the Institute and the relevant Customer;
To protect the Institute’s legitimate right in case that the Institute may need to enforce their right against the non-complying Customer as defined under the relevant agreement and in the legal proceeding;
To improve the good relationship between the Institute and the Customer from the individual or on the overall perspective, for instance: to plan the product and service development or improvement that would match the Customer’s interest and requirements; to train the Institute’s employees; to manage the compliant and feedback made by the Customer; to prepare the internal audit process; or to prepare the Institute’s report summarizing the business performance of the Institute, both in the identifiable and non-identifiable statistic information of the relevant Customer;
To serve any other particular purposes that the Customer may give specific consent to the Institute to process, including without limitation to contact for marketing purposes.
Retention Period of the Personal Data
The Institute may need to retain the Personal Data throughout the period of time that Institute would need to serve the defined objectives under this Notice, in particular for the following retention period: (A) throughout the time that the Institute still have the business relationship with the relevant Customer; (B) for the period of time necessary for the Institute to protect our legitimate rights in the legal proceedings at the maximum prescription period of 10 years; (C) the period of time that the Institute would have the legal obligations to perform; (D) for the period of time necessary for the business operation of the Institute without causing excessive impact on the Customer’s rights; and (E) in case any Personal Data processing is executed with the consent granted, the Institute would retain the Personal Data until the time that the Customer may withdraw their consent.
Disclosure of the Personal Data
Generally, the Personal Data will not be disclosed to any third party, except in these necessary circumstances that the Institute may need to disclose and/or share the Personal Data to the following persons:
To third-party service providers of the Institute, including without limitation the Institute’s affiliates, subcontractors, consulting Institute or audit Institute, being engaged by the Institute to support the Institute’s performance of any obligations or to support its business operation; provided that the Institute shall disclose the Personal Data only on the necessary basis under the data processing agreement between the Institute and such third-party service providers; and
To any government authorities that the Institute is obliged under the relevant laws or the judgments or order of government authorities to disclose such Personal Data to; provided that the Institute shall only disclose Personal Data on the necessary to perform such statutory obligations solely.
To disclose the User’s data in the usage of the storage service on Computer System On-premises, storage service on server from an external service provider, Google Cloud Platform;
In case that the Institute will be disclosing or sharing the Personal Data to any person residing or operating in any country other than Thailand, the Institute commits to do so in strict compliance with the Personal Data Protection Act B.E. 2562.
Customer’s Right as a Data Subject
The Institute pays respect to the Customer’s statutory rights as the data subject under the relevant laws that the Customer shall be entitled to exercise any of the following rights in accordance with the conditions in the applicable laws:
Right to withdraw consent if the Customer have given the consent to the Institute to collect, use and disclose the Personal Data (whether the consent received before or after the effective date of the relevant laws) at any time that the Institute still possess the Personal Data;
Right to request for access to Personal Data that are in the Institute’s possession and request for the copy there of;
Right to request for data portability in case the Institute storing such Personal Data in the format which is readable or commonly used by ways of automatic tools or equipment and request for data portability of such Personal Data to other data controller at any time unless the technical problems;
Right to object to any processing of the Personal Data if the collection, usage, and disclosure of the Personal Data is processed for the legitimate interest and the Customer can prove that such process causes impact to the Customer’s fundamental rights;
Right to request for the deletion or de-identification if the Customer believe that the Personal Data are collected, used and disclosed illegally; or the Institute do not have any necessity to process their Personal Data or when the Customer exercise the right to withdraw the consent;
Right to request the Institute to suspend the Personal Data processing, in case the Institute is in the process of reviewing the relevant request from the Customer relating to the Personal Data or in any circumstance that the Institute have no further necessity to process such Personal Data;
Right to request to rectify the Personal Data to be correct, updated and complete; and
Right to complain to any authorities if the Customer believes that the collection, usage and disclosure of the Personal Data by the Institute do not comply with the relevant laws.
The Customer may exercise those defined rights by completing the request form and submit to the Institute via the designated channels; provided that it should be noted that certain request may be subject to legal restriction and in certain circumstances, the Institute may reject or object to the rights requested and the Institute shall notify the Customer of the legal justification.
Data Protection Officer
The Institute has appointed the Data Protection Officer (DPO) to supervise and monitor the Institute’s operation regarding the collection, use and disclosure of the Personal Data to ensure the full compliance with the Personal Data Protection Act B.E. 2562 and other relevant laws.
In case the Customers have any inquiries about the Personal Data, please feel free to contact the Institute at:
Name : Mr.Jakkrit Ut-sa
Tel No. : +66 2 613 1177
E-mail : [email protected]