Privacy Notice

Employee Personal Data Processing Policy (Privacy Notice for Employees)

1. Personal information we collect from you

The personal data of University employees that we collect includes:

Name and Surname
Employee ID
National Identification Number
Telephone number
Current address and address according to house registration
Bank account number
Taxpayer Identification Number
Health information

2. Purpose of collecting, using and disclosing personal information

We use your personal data within the scope of data protection laws and collect only the information necessary to do so. We will only collect information that is necessary for the processing of your business with us:

For our legitimate interests (Legitimate Interests), or the legitimate interests of a third party, or your legitimate interests, without diminishing your fundamental rights over your personal data.
For the performance of a contract to which you are a party or to take action at your request prior to entering into a contract.
To comply with our laws or to prevent or suppress a danger to the life, body or health of a person.

We have summarized how we use your personal data for the various activities we handle with you and explained the lawful basis for processing your personal data we rely on for each activity in the table below.

objective	Legitimate basis for processing personal data	Data types
1) To be used for contacting the owner of personal data for an interview for employment.	If necessary for the performance of a contract or for use in taking action at the request of an employee prior to entering into a contract, failure by the data subject to provide information in this section will prevent the University from performing its obligations under the employment contract.	– Name and surname – Employee ID number – National identification number – Telephone number – Current address and address according to house registration – Bank account number – Taxpayer Identification Number – Health information
2) To proceed with the preparation of an employment contract to which the employee is a contracting party.
3) To carry out the provision of rights and benefits regarding medical treatment and social protection of employees, which is necessary for compliance with labor laws.	In order to comply with the labor law in providing rights and benefits regarding healthcare and social protection to employees, as personal data in this regard is sensitive, the University has implemented higher level data security measures to protect the fundamental rights and interests of personal data owners.
4) For human resource management to develop the potential of employees and the organization.	For the legitimate interests of the University as the personal data controller or of any other person or juristic person who is not the personal data controller, for human resource management to develop the potential of employees and the organization, increase the efficiency of the organization, employee training, employee benefits, performance evaluations, job promotions, salary structure management, and recording working hours, leave days, holidays, and overtime work.

We may use more than one legitimate basis for processing your personal data depending on the purposes for which we process your personal data.

3. Source of personal data

The University collects personal data of its employees in the following ways:

Personal information obtained directly from you includes job applications that you submit to the University through normal channels and electronic channels, such as the University’s website application channel, sending applications by mail, and applying in person at the University.
Personal data obtained indirectly includes applications you submit to other organizations that provide recruitment services.

4. Disclosure or sharing of personal data

1. We may disclose or share your personal data with third parties as follows:

Departments within the University
Regulatory agencies such as the Personal Data Protection Commission
Government agencies
Private sector agencies to process data for the benefit of employees in various areas such as insurance, provident funds, etc.

We require third parties with whom we disclose or share your Personal Data as described above to keep your Personal Data confidential and protect it in accordance with the standards set out in the Thai Personal Data Protection Act and to use your Personal Data only for the purposes for which we have specified or instructed such third party to do so. Such third parties may not use your Personal Data other than for such purposes.

2. When requested, we may disclose your personal data to relevant authorities to comply with the law, such as to prevent threats to life or health, for law enforcement purposes, indictment, exercising and defending legal rights, and preventing fraud.

5. Storage and retention period of personal data

We store your personal data in our information systems and have standard security measures in place to ensure the security of our information systems and the use of your personal data by taking the following measures:

Restrict access to personal data that may be accessed by employees, agents, partners or external parties. External access to personal data will be permitted only as required or as directed, and external parties are required to maintain the confidentiality and protection of personal data.
Provide technological means to prevent unauthorized access to computer systems.
Destroy your personal data for security purposes when it is no longer required for the University’s legal and operational purposes.
There is a process for handling cases of personal data breaches or suspected cases, and personal data breaches must be reported to the Personal Data Protection Committee in accordance with the conditions stipulated by law.

Duration of retention of personal data

3 years after ceasing to be a University employee or as required by relevant laws. However, the University may retain your personal data for a longer period if there is a dispute between the University and you at any time during the performance of the contract or after the contract ends for the benefit of exercising the right to claim in defending a lawsuit, but will not retain your personal data for more than 5 years after the case has been finalized.

6. Rights of data owners

As a data subject, you have the following rights to the extent permitted by law:

You have the right to withdraw your consent (Right to withdraw Consent) to the processing of your personal data. You have given consent to the University for the duration that your personal data is with the University.
You have the right to access your personal data (Right of Access) and request that the University provide you with a copy of your personal data, including requesting that the University disclose the source of your personal data that you have not given consent to the University.
You have the right to have the University correct your personal data or add incomplete data (Right to Rectification).
You have the right to request that the University erase your data for certain reasons (Right to Erasure).
You have the right to request that the University restrict the use of your personal data for certain reasons (Right to Restriction of Processing).
You have the right to transfer the personal data you have provided to the University to another data controller or to yourself for certain reasons (Right to Data Portability).
You have the right to object to the processing of your data on certain grounds (Right to Object)

7. Contact channels

You may contact the University’s Data Protection Officer (DPO) at [email protected] or the University’s Legal Affairs Division to submit a request to exercise the above rights.

Privacy Notice

Employee Personal Data Processing Policy (Privacy Notice for Employees)

1. Personal information we collect from you

The personal data of University employees that we collect includes:

Name and Surname

Employee ID

National Identification Number

Telephone number

Current address and address according to house registration

Bank account number

Taxpayer Identification Number

Health information

2. Purpose of collecting, using and disclosing personal information

We use your personal data within the scope of data protection laws and collect only the information necessary to do so. We will only collect information that is necessary for the processing of your business with us:

For our legitimate interests (Legitimate Interests), or the legitimate interests of a third party, or your legitimate interests, without diminishing your fundamental rights over your personal data.

For the performance of a contract to which you are a party or to take action at your request prior to entering into a contract.

To comply with our laws or to prevent or suppress a danger to the life, body or health of a person.

We have summarized how we use your personal data for the various activities we handle with you and explained the lawful basis for processing your personal data we rely on for each activity in the table below.

objective

Legitimate basis for processing personal data

Data types

1) To be used for contacting the owner of personal data for an interview for employment.

If necessary for the performance of a contract or for use in taking action at the request of an employee prior to entering into a contract, failure by the data subject to provide information in this section will prevent the University from performing its obligations under the employment contract.

– Name and surname

– Employee ID number

– National identification number

– Telephone number

– Current address and address according to house registration

– Bank account number

– Taxpayer Identification Number

– Health information

2) To proceed with the preparation of an employment contract to which the employee is a contracting party.

3) To carry out the provision of rights and benefits regarding medical treatment and social protection of employees, which is necessary for compliance with labor laws.

4) For human resource management to develop the potential of employees and the organization.

We may use more than one legitimate basis for processing your personal data depending on the purposes for which we process your personal data.

3. Source of personal data

The University collects personal data of its employees in the following ways:

Personal information obtained directly from you includes job applications that you submit to the University through normal channels and electronic channels, such as the University’s website application channel, sending applications by mail, and applying in person at the University.

Personal data obtained indirectly includes applications you submit to other organizations that provide recruitment services.

4. Disclosure or sharing of personal data

1. We may disclose or share your personal data with third parties as follows:

Departments within the University

Regulatory agencies such as the Personal Data Protection Commission

Government agencies

Private sector agencies to process data for the benefit of employees in various areas such as insurance, provident funds, etc.

2. When requested, we may disclose your personal data to relevant authorities to comply with the law, such as to prevent threats to life or health, for law enforcement purposes, indictment, exercising and defending legal rights, and preventing fraud.

5. Storage and retention period of personal data

We store your personal data in our information systems and have standard security measures in place to ensure the security of our information systems and the use of your personal data by taking the following measures:

Restrict access to personal data that may be accessed by employees, agents, partners or external parties. External access to personal data will be permitted only as required or as directed, and external parties are required to maintain the confidentiality and protection of personal data.

Provide technological means to prevent unauthorized access to computer systems.

Destroy your personal data for security purposes when it is no longer required for the University’s legal and operational purposes.

There is a process for handling cases of personal data breaches or suspected cases, and personal data breaches must be reported to the Personal Data Protection Committee in accordance with the conditions stipulated by law.

Duration of retention of personal data

6. Rights of data owners

As a data subject, you have the following rights to the extent permitted by law:

You have the right to withdraw your consent (Right to withdraw Consent) to the processing of your personal data. You have given consent to the University for the duration that your personal data is with the University.

You have the right to access your personal data (Right of Access) and request that the University provide you with a copy of your personal data, including requesting that the University disclose the source of your personal data that you have not given consent to the University.

You have the right to have the University correct your personal data or add incomplete data (Right to Rectification).

You have the right to request that the University erase your data for certain reasons (Right to Erasure).

You have the right to request that the University restrict the use of your personal data for certain reasons (Right to Restriction of Processing).

You have the right to transfer the personal data you have provided to the University to another data controller or to yourself for certain reasons (Right to Data Portability).

You have the right to object to the processing of your data on certain grounds (Right to Object)

7. Contact channels

You may contact the University’s Data Protection Officer (DPO) at [email protected] or the University’s Legal Affairs Division to submit a request to exercise the above rights.