Chanapatana International Design Institute has to collect, use, process, or disclose personal information of personnel, students, or other related persons to operate in various affairs of the Institute and has responsibilities under the Personal Data Protection Act B.E. 2562.

1. This announcement is called "Announcement of Chanapatana International Design Institute on Privacy Policy 2022"

2. This announcement shall come into force from now on.

3. Definition

"Institute" means Chanapatana International Design Institute or Chanapatana Design School.

"Personal Information" means any information relating to an individual that enables the identification of that individual either directly or indirectly, including all personally identifiable information. This includes, but is not limited to, name, ID number, location information, online information, and personally recognisable physical, mental, social, economic, cultural and social identity information.

"Personal Data Subject" means a person whom personal data identifies to.

4. Operation policy of the Institute

To collect, use, process or disclose personal information of personnel, students, or other related persons, the Institute as personal data controller and processor of personal data, has to comply with the personal data protection laws as follows:

(1) Accurately collect, use, process or disclose personal information, and to the extent legally required by law.

(2) Encourage the protection of personal data.

(3) Provide a security system and personal data storage that protect and secure the confidentiality of personal data following the standards prescribed by law.

(4) Establish a system and collect, use, process, or disclose personal data with due regard for the privacy of the personal data subject.

5. Collection of personal data

The Institute collects personal data through the following processes.

(1) Information that the Institute receives directly from the subject of personal data, from applying for a study, applying for a job, making payments, submitting a request from voluntarily completing questionnaires, evaluation forms, correspondence by mails or electronic channels, use of the website through cookies.

(2) Information that the Institute receives from third parties from educational institutions that have contracts or memorandums of academic cooperation or that the personal data owner is studying or graduated from, the login system Facebook, Google, Google Analytics.

(3) Personal information obtained from public information and non-public that the institution is legally entitled to collect.

(4) Personal data obtained from government agencies or a regulatory body exercises legal powers.

6. Purposes for collecting, using and disclosing personal data

The Institute will collect, store, use, and disclose personal information in an orderly manner, comply with the law for the benefit of the operation of the affairs of the Institute in organising education and providing services to data subjects such as communication authentication, inquiries, complaints, suggestions including other matters necessary for the Institute or the benefit of studies, research, statistical preparation, data analysis course presentation benefits or other services including promotional items and marketing activities as well as allowing the Institute to transmit, transfer, or disclose personal information to businesses that have contracts with the Institute including government agencies and organisations with legal powers.

7. Types of information to be collected, used, and disclosed

Including

(1) General personal data includes, but is not limited to, first name, last name, identification number, passport number, nationality, date of birth, address, telephone number, email, photograph, blood group, name of the school, workplace name, interesting course, credit card number.

(2) Browsing behaviour data refers to information that is not related to an identifiable natural person, such as browser type, domain, website visited, website time, the website address references the information to support the owner of the personal information by keeping a log of the owner's use of the personal information on the Institute's application.

(3) System information means information that the Institute automatically collects when the subject of personal information logs in to the Institute's website, whether through cookies, web beacons, login files, scripts, including technical information such as IP address, browser type, domain, history of the websites visited, access time referring website address, information about what personal data subjects search or view while using the institution's website including application usage behaviour.

(4) Location information means data obtained from GPS, Wi-Fi, compass, accelerometer, IP address, or public post indicating location information.

(5) Cookies mean data placed on the personal data subject's computer by a web server. After the cookie has been placed on the personal data subject's computer, cookies retain or remember the data of the personal data subject until the browser is closed or until the data subject deletes, or rejects cookies. However, the personal data owner will find it convenient to navigate the use of the website because cookies help store information about the websites that the Personal Data Subject visits or opens.

(6) To maintain security within the Institute's premises, CCTV has been installed. It collects, uses and processes data from still images or animations of people entering the Institute's area.

8. Storage period and where to store personal data

Storage period, the Institute will retain the personal data of the personal data subject for the minimum period required by law in the subject matter or retain the personal data for at least 10 years after the termination of the relationship with the institution. However, the Institute may continue to store personal data after the expiration of such a period. If the Institute deems it necessary to keep the information to collect such information or for any other necessities that the Institute deems appropriate, such as enforcing legal rights according to the contract of the institution, etc., by the controller to keep personal information in the form as follows:

(1) Store as a soft copy via encrypted in Google Drive for Education or other electronic media in the future.

(2) Store as a hard copy in a lockable steel cabinet

(3) After the storage period's expiration, the Institute will take steps to destroy that personal data. Deleting it from the computer system or destroying it will be completed within 120 days from the end of the said period.

In addition, the Institute also requires that its personnel Have a duty to keep personal information confidential. and is safe according to the measures set by the Institute when any action is required with personal information

9. Disclosure of Personal Information

The institution will disclose personal information to individuals or external organisations in the following cases:

(1) Educational institutions that have contracts or memorandums of academic cooperation

(2) Contractor or contract party in case the institution uses the service from the contractor to perform any operations that require the personal data of the personal data subject, such as using a credit card payment service through an intermediary company.

(3) หน่วยงานรัฐบาล หรือองค์กรอื่นๆ ตามกฎหมาย เพื่อเป็นการปฏิบัติตามกฎหมาย คำสั่ง คำร้องขอ เพื่อการประสานงานกับหน่วยงานต่างๆ ในเรื่องที่เกี่ยวข้องกับการปฏิบัติตามกฎหมาย

10. Use of special sensitive personal data

The Institute has opted out of collecting, using, processing, or disclosing religious information.

11. Use of personal data for marketing purposes

In addition to the above purposes and under the provisions of the law, the institution will use personal data for marketing purposes such as sending documents by any other means, telephone calls to introduce courses or institutional activities. The owner of the personal data can opt-out of receiving communications for marketing purposes from the Institute, except for relevant and necessary communications such as tuition payment reminders, postponement of the announcement, date of school opening, etc.

12. Rights of the personal data subject

Rights of the personal data subject is a legal right that should be known, including

(1) Right to withdraw consent.

(2) Right to request access to information.

(3) Right to request data transfer.

(4) Right to object.

(5) Right to request deletion or destruction of information.

(6) Right to request to suspend the use of information.

(7) Right to request to amend the information.

(8) Right to complain.

The exercise of rights, personal data owners can be done by filling out a general request form and submitting it to the Institute. However, the exercise of the rights of the personal data subject may be limited under applicable law or there is a necessity that the institution may reject or may not be able to proceed with the request to exercise the above rights of the personal data subject, the Institute will inform the reason for the refusal to the owner of the personal information.

13. Questions regarding Privacy Policy and contact channels

If the personal data subject has questions about the Institute's Privacy Policy or wants to exercise their rights under the Personal Data Protection Law, please contact to

Chanapatana International Design Institute, CIDI world building, 44 Soi Punnawithi 20, Sukhumvit 101 Rd., Bangchak, Phra Khanong, Bangkok 10260 Tel. 027413717 Email info@chanapatana.com Website www.chanapatana.com