Privacy Notice for Venders
1. Personal information we collect from you
We collect your personal data obtained through electronic platforms and normal channels as follows:
-
Name Surname
-
Address
-
Email
-
National Identification Number
-
Contact telephone number
-
Bank account number
-
Taxpayer Identification Number
-
Date of birth
2. Purpose of collecting, using and disclosing personal information
University of the Thai Chamber of Commerce is a university licensed as a private higher education institution, established under the Private Higher Education Institution Act B.E. 2546 (2003). Its objectives are to provide education, promote academic and higher vocational studies, conduct teaching, conduct research, provide academic services to society, and preserve national arts and culture. In carrying out these objectives, we use your personal data only as necessary and within the scope of data protection laws. We have a lawful basis of processing your personal data as specified in the Personal Data Protection Act B.E. 2562 (2019), as follows:
-
It is necessary for the performance of duties in carrying out missions for the public benefit because the operation of the University as a private higher education institution is considered a public service in which the state has allowed the private sector to manage education on behalf of the state (Announcement of the Higher Education Commission on the Guide to Applying for a License to Establish a Private Higher Education Institution, 2015).
-
It is necessary for the University’s legitimate interests (Legitimate Interests) or the legitimate interests of a third party or your legitimate interests, without impairing your fundamental rights over your personal data.
-
It is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
-
To comply with the University’s laws or to prevent or suppress danger to the life, body or health of an individual.
-
To achieve research or statistical purposes for which appropriate safeguards have been put in place to protect the rights and freedoms of data subjects.
We have summarized our use of your personal data to provide our services to you and explained the lawful basis of processing we use to process your personal data for each activity in the table below.
objective |
Data types |
Legitimate basis for processing personal data |
To provide services to you, including communicating with you in activities related to the contract both before and after the contract is made. |
– Name and surname– Address– National identification number– Contact telephone number– Bank account number– Taxpayer Identification Number– Date of birth |
1) For the necessity to perform the service contract.2) For our legitimate interests to collect your personal data for– It is evidence of any payments and wages related to the contract.– Photos of the location/construction to check the neatness and completion of the work. If there are people in the photos, we will ask for the consent of the owner of the personal data first. |
We may use more than one legitimate basis for processing your personal data depending on the purposes for which we process your personal data.น
3. Source of personal data
1. We obtain personal data directly from you when you provide information to the University through electronic platforms, websites or applications and normal channels as follows:
-
Contact us for service or become our partner (Vendor).
-
Contact us to inquire about our services.
2. Your personal information that we receive from third parties or affiliates who have an agreement with us to collect, use or disclose personal information for the purpose of providing services to you, which your personal information will not be used beyond the purposes that the third party or affiliates have agreed with us, and we have set a duty to protect your personal information between us and the third party or affiliates to protect and maintain the security of your personal information.
4. Disclosure or sharing of personal data
1. We may disclose or share your personal information with third parties as follows:
-
Agencies that are responsible for inspecting the operations of the University, such as auditors or agencies that inspect the operations of the University, etc.
-
Other agencies responsible for approving project implementation
-
Regulatory agencies such as the Personal Data Protection Commission
We require third parties with whom we disclose or share your Personal Data as described above to keep your Personal Data confidential and protect it in accordance with the standards set out in the Thai Data Protection Act and to use your Personal Data only for the purposes for which we have specified or instructed such third party to do so. Such third parties may not use your Personal Data other than for such purposes.
2. When requested, we may disclose your personal data to relevant authorities to comply with the law, such as to prevent threats to life or health, for law enforcement purposes, indictment, exercising and defending legal rights, and preventing fraud.
5. Storage and retention period of personal data
We store your personal data in our information systems and have standard security measures in place to ensure the security of our information systems and the use of your personal data by taking the following measures:
-
Restrict access to personal data that may be accessed by employees, agents, partners or third parties. External access to personal data will be permitted only as required or as directed, and external parties are required to maintain the confidentiality and protection of personal data.
-
Provide technological means to prevent unauthorized access to computer systems.
-
Destroy your personal data for security purposes when it is no longer required for legal or business purposes.
-
There is a process for handling cases of personal data breaches or suspected cases, and personal data breaches must be reported to the Personal Data Protection Committee in accordance with the conditions stipulated by law.
Duration of retention of personal data
-
We retain your personal data for the period necessary to fulfill the purposes for which we provide our services and in accordance with applicable accounting standards, legal standards and other regulations.
-
In determining the retention period for data, we consider the amount, nature of use, purpose of service, sensitivity of personal data, and potential risk of misuse of personal data, and the periods required by applicable laws.
Your personal information obtained from cookies when you use our website will be kept for no longer than 13 months or as required by applicable law.
6. Rights of data owners
As a data subject, you have the following rights to the extent permitted by law:
1. You have the right to withdraw your consent (Right to withdraw Consent) to the processing of personal data. You have given consent to the University for the duration that your personal data is with the University.
2. You have the right to access your personal data (Right of Access) and request the University to provide you with a copy of such personal data, including requesting the University to disclose the acquisition of personal data that you have not given consent to the University.
3. You have the right to have the University correct your personal data or add incomplete information (Right to Rectification).
4. You have the right to request that the University delete your data for certain reasons (Right to Erasure)
5. You have the right to request that the University suspend the use of your personal data for certain reasons (Right to Restriction of Processing)
6. You have the right to transfer the personal data you have provided to the University to another data controller or to yourself for certain reasons (Right to Data Portability)
7. You have the right to object to the processing of your data on certain grounds (Right to Object)