Personal Data Protection Policy National Innovation Agency (Public Organization)
1. DEFINITION
1.“NIA” means National Innovation Agency (Public Organization).
“Person” means an ordinary person.
“Personal Data” means any information relating to a Person which enables the identification of such Person, whether directly or indirectly, but not including the information of a deceased in particular such as name, surname, nickname, address, contact details, identification card number, passport number social security number, driving license number, taxpayer identification number, bank account number, credit card number, email address, vehicle license plate, land title deed, IP Address, Cookie ID, Log File, etc.
However, the following information shall not be treated as Personal Data: information for business contact without any identified person, such as company name, company address, company registration number, office telephone number, office email address, group company email address like info@company.co.th, anonymous data or pseudonymous data, information of a deceased, etc.
“Sensitive Personal Data” means any information which is genuinely personal of a Person, but sensitive and likely exposed to unfair discrimination, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, criminal records, data relating to health and disability, labor union data, genetic data, biometric data or any other data which affects the Data Subject in such manner as prescribed and announced by the Personal Data Protection Committee.
“Data Subject” means a Person who owns Personal Data, except where the Person holds the data ownership or creates or collects such data on his/her own, whereby this Data Subject refers to only a natural person and excludes a “juristic person” established by law, such as company, association, foundation or any other organization.
In this regard, a Data Subject includes any of the following Persons:
1.1. Data Subject of legal age refers to:
1.2 A Person at the age of 20 or older; or
1.3 Anyone who is married at the age of 17 or older; or
1.4 Anyone who is married before the age of 17 with the Court’s permission; or
1.5 A minor whose legal representative has given consent for the minor to carry on trade or other business or to enter into an employment contract as an employee, and in relation to the business or employment above, the minor shall have the same capacity as a person of legal age (sui juris).
In this regard, for the purpose of giving any consent, a Data Subject of legal age may give consent of his/her own accord.
2.2. A minor Data Subject refers to a Person below the age of 20 and not of legal age under Item 1, and as such, for the purpose of giving any consent, the consent of the person with the parental power to act on behalf of the minor shall also be obtained.
2.3. A quasi-incompetent Data Subject refers to a Person adjudged by the Court to be quasi-incompetent on the ground that he/she is incapable of managing his/her own affairs or manages it to the detriment of his/her own property or family because of physical or mental infirmity, habitual prodigality, habitual intoxication or other similar causes, and as such, for the purpose of giving any consent, the consent of the curator with the power to act on behalf of the quasi-incompetent person must first be obtained.
2.4. An incompetent Data Subject refers to a Person adjudged by the Court to be incompetent on the ground of unsound mind, and as such, for the purpose of giving any consent, the consent of the guardian with the power to act on behalf of the incompetent person must first be obtained.
In this regard, such request for a Data Subject’s consent which does not proceed in compliance with the personal data protection law shall not be binding upon the Data Subject.
“Data Controller” refers to a Person or a juristic person with the power and duties to make decisions regarding the collection, use or disclosure of Personal Data.
“Data Processor” refers to a Person or a juristic person who proceeds with the collection, use or disclosure of Personal Data under such orders given by or on behalf of a Data Controller, whereby the Person or juristic person who proceeds as such is not a Data Controller.
2. SOURCES OF PERSONAL DATA
1.Basically, NIA shall not collect any Personal Data, except in the following cases:
2.1 NIA has directly received Personal Data from a Data Subject which NIA shall collect such Personal Data from the service processes as follows:
(1) The use of services with NIA or the filing of any applications with NIA, such as subscription for newsletters, job application, training application;
(2) The collection of data voluntarily provided by a Data Subject, such as survey or correspondence via email address or other channels of communications between NIA and the Data Subject;
(3) The collection of data from NIA’s website via browser’s cookies of a Data Subject and the use of electronic transaction services.
2.2 NIA has received Personal Data of a Data Subject from a third party, whereby NIA believes in good faith that such third party is entitled to collect and disclose the Data Subject’s Personal Data to NIA.
3. PURPOSES OF PROCESSING OF PERSONAL DATA
NIA collects, uses and discloses any Personal Data in accordance with the procedures which are lawful and fair, whereby the collection of Personal Data shall be limited to what is necessary for communications regarding the services, public relations or provision of news, including survey of the Data Subject’s opinions on NIA’s missions or activities, only for the purposes of NIA’s operations or as provided by law. Should such purposes be changed, NIA shall give notice thereof to the Data Subject and further record such change as evidence, and comply with the personal data protection law.
4. PROCESSING OF PERSONAL DATA
4.1 Collection of Personal Data
NIA shall limit the collection of any Personal Data to the extent necessary, depending on the categories of services used by the Data Subject or the Personal Data provided to NIA, such as registration for participation in activities, registration for use of services, both directly through NIA and via NIA’s information system, and such Personal Data shall be collected only to the extent necessary.
4.2 Use of Personal Data
NIA shall properly use the Personal Data according to the purposes for which such Personal Data is provided by the Data Subject to NIA, and shall provide measures to ensure the security and safety of as well as to control access to such Personal Data.
4.3 Disclosure of Personal Data
Normally, NIA shall not disclose any Personal Data, except for the purposes for which such Personal Data is provided by the Data Subject to NIA, such as disclosure of Personal Data for the services requested by the Data Subject or in compliance with contractual obligations or as required by law. In any event where NIA wishes to collect, use or disclose additional Personal Data or change the purposes of such collection, use or disclosure, NIA shall give notice thereof to the Data Subject prior to processing such Personal Data, unless required or permitted by law.
5. PERIOD OF STORAGE OF PERSONAL DATA
NIA shall keep the Personal Data as long as it is necessary for processing, and upon the lapse of such period, NIA shall destroy such Personal Data.
6. RIGHTS OF THE DATA SUBJECT
The Data Subject shall also be entitled to proceed as follows:
(1) Right to withdraw consent
The Data Subject shall have the right to withdraw consent to the processing of his/her Personal Data given to NIA at any time during the period his/her Personal Data is kept with NIA.
(2) Right of access
The Data Subject shall have the right to access his/her Personal Data and request NIA to make a copy of such Personal Data and provided the same to the Data Subject, as well as request NIA to disclose how the Data Subject’s Personal Data was collected without his/her consent to NIA.
(3) Right to rectification
The Data Subject shall have the right to request NIA to rectify any incorrect Personal Data or add any incomplete Personal Data.
(4) Right to erasure
The Data Subject shall have the right to request NIA to erase his/her Personal Data for certain reasons.
(5) Right to restriction of processing
The Data Subject shall have the right to restrict the use of his/her Personal Data for certain reasons.
(6) Right to data portability
The Data Subject shall have the right to require NIA to transfer the Personal Data provided by the Data Subject with NIA to another Data Controller or the Data Subject for certain reasons.
(7) Right to object
The Data Subject shall have the right to object the processing of his/her Personal Data for certain reasons.
The consent given by the Data Subject to NIA for collection, use and disclosure of the Personal Data shall remain valid until the Data Subject shall withdraw his/her consent in writing. The Data Subject may withdraw his/her consent or suspend the use or disclosure of his/her Personal Data for the purposes of any or all activities of NIA
NIA respects the Data Subject’s decision to withdraw his/her consent. However, NIA hereby informs the Data Subject that there may be certain restrictions to the right to withdraw consent by law or contract in favor of the Data Subject. The withdrawal of consent shall in no way affect the collection, use or disclosure of the Personal Data previously provided with consent by the Data Subject.
The Data Subject can exercise the Rights of the Data Subject by submitting such request in writing to NIA or via electronic mail (contact details are stated in Item “Contact with NIA” below).
7. SECURITY OF PERSONAL DATA
NIA provides appropriate security measures to prevent any unauthorized or undue access to, use, change, rectification or disclosure of the Personal Data. Moreover, NIA has set out its internal practice for authorization of access to or use of the Data Subject’s Personal Data in order to keep such data confidential and safe. NIA shall review such measures from time to time as appropriate.
8. USE OF COOKIES
Cookies refers to a small-sized data created by a website that is stored with the Data Subject while visiting the website in order to enable the website to keep track of the Data Subject’s preferences, such as, the most preferred language, system user or other settings. On the Data Subject’s next visit to the website, the website will recognize him/her as a user previously using the services and apply such settings selected by the Data Subject until the Data Subject will delete or disable cookies, as the Data Subject may accept or refuse cookies, and if cookies are refused or deleted, the website may not be able to provide the services or may not display correctly.
9. UPDATE ON THE PERSONAL DATA PROTECTION POLICY
NIA may update or revise the Personal Data Protection Policy without advance notice to the Data Subject so as to be appropriate and efficient in the provision of services. Therefore, NIA hereby advises the Data Subject to read the Personal Data Protection Policy every time he/she visits or uses the services from NIA or its website.
10. CONTACT WITH NIA
National Innovation Agency (Public Organization)
Address : 73/2 Rama VI Road, Tung Payathai, Rajdhevee, Bangkok 10400
Telephone : (+66) 0 017 5555 ext. 636 and 627
Telefax : (+66) 0 017 5566
E-mail : privacy@nia.or.th