1. Scope of policy implementation
This policy is applied to personal data of persons who are related to TISTR, in the present or may be in the future. Data shall be processed by TISTR employees and staff, employees by contracts, business entities, or entities in other forms operated by TISTR, including contract parties or third parties who process data on behalf of TISTR (“personal data processors”) for various products and services, such as website, systems, applications, documents or other forms of services supervised by TISTR (hereinafter referred to collectively as “services”).
2.1 Personal data refers to data about the person which can be used to identify that person identity directly and indirectly, but excluding personal data of the dead persons.
2.2 Sensitive personal data refers to personal data about the person which is sensitive and risk to unfair discrimination, such as nationality, ethnic origin, political opinions, beliefs, religion and philosophy, sexual behavior, criminal data, health data, disability, trade-union membership, genetic data, bio data, or any other data which affects data owners in the same ways, as announced by the Personal Data Protection Committee.
2.3 Personal data subjects refer to persons who own personal data, but not persons who have ownership of data, or persons who create or collect the data. The personal data subjects refer to natural persons only; excluding juristic persons which are formed as legal entities, such as companies, associations, foundations or any other organizations.
2.4 Personal data controllers refer to persons or juristic persons who have authority to make decisions on collection, usage or disclosure of personal data.
2.5 Personal data processors refer to persons or juristic persons who collect, use or disclose personal data by instruction (or on behalf) of personal data controllers. The persons or juristic persons who perform such things are not personal data controllers.
3. Sources of personal data collected by TISTR
TISTR collects or obtains various types of personal data from the following sources;
3.1 Personal data that TISTR collects directly from personal data subjects by various service channels, such as application process, register, applying for job, signing of contracts or documents, survey answering, product or service usage, or other service channels supervised by TISTR, or when personal data subjects contact with TISTR at its office or by other communication channels supervised by TISTR.
3.2 Data that TISTR collects when personal data subjects access to website, products or services, according to contracts or missions.
3.3 3 Personal data that TISTR collects from other sources. Such sources shall have authorized power, legitimate grounds or consents given by the personal data subjects, to disclose such data to TISTR, including necessary services of the contracts which allows the exchange of personal data with the contract parties.
4. Purposes of personal data processing
TISTR shall collect, use or disclose your personal data for the purposes of operation by TISTR, research study, service, collaboration, public information, public relations, database preparation, survey of opinion toward activities of TISTR, in order to improve its quality of work to be more efficient, for the purposes of operation by TISTR and/or as required by laws. TISTR shall store and use such data within the necessary period for the purposes given to the personal data subjects, or as required by laws.
5. Personal data disclosure
TISTR shall not disclose any personal data, unless such disclosure is performed according to the purposes of personal data subjects given to TISTR (e.g., compliance with service as requested by personal data subjects, or obligations of contracts, or be disclosed as required by laws), including the cases of request to disclose personal data by virtue of laws (e.g., prosecution or legal proceeding) In case TISTR has to disclose personal data more or change from the purposes of personal data subjects given to TISTR, TISTR shall notify such personal data subjects before data execution; except the cases as required or permitted by laws to perform such things.
6. Personal data storage
TISTR shall perform personal data storage as follows;__________________________
6.1 to store the data in the forms of documents and/or electronic data
6.2 to store the data in restricted areas to access / on the server
6.3 The period of personal data storage: TISTR shall perform personal data storage within the necessary period, or contract period, or as required or permitted by laws.
6.4 TISTR shall erase or forgot personal data, or make the data unable to identify its subject, when the data is unnecessary or the period of personal data storage ends.
7. Personal data subject rights
Personal data subject has rights as follows;
7.1 Right to withdraw a consent: you have right to withdraw a consent at any time during your personal data stored by TISTR. Unless there is any restriction by laws, in that TISTR has to keep storing the data or there is any obligation between you and TISTR which benefits you.
7.2 Right to access: you have right to access, obtain a copy, and request for disclosure of personal data origin for the data TISTR stored without your consent. Unless TISTR has right to decline your request based on legitimate grounds or court orders, or the case your right may affect rights and freedoms of other persons.
7.3 Right to rectification: you have right to request for rectification of personal data to be correct, up-to-date, complete and do not cause any misunderstanding.
7.4 Right to erased or be forgotten: you have right to request your personal data to be erased or be forgotten, or to make the data unable to identify to its subject, in cases as follows;
(1) Your data is no longer necessary for the purposes of processing.
(2) When you withdraw a consent, and TISTR has no legal authority to continue processing of such data.
(3) When you object to the processing of such data.
(4) When your personal data processing is unlawful.
7.5 Right to restrict the processing: you have right to request for restrict the processing of your personal data, in cases as follows;
(1) During verification upon your request for rectification of your personal data to be correct, complete and up-to-date.
(2) Your personal data is collected, used or disclosed unlawfully.
(3) Your personal data is no longer necessary to be stored according to the given purposes by TISTR, but you prefer TISTR to continue storing such data for the exercise of legal rights.
(4) During verification upon your request for restrict the processing of such data.
7.6 Right to obtain, transfer or portability: you have right to obtain your personal data in readable format or be usable in general by automatic-operation tools or devices from TISTR. You also have right to request TISTR to transfer data in such format to another personal data controller. However, only personal data which is stored with a consent, obligation under contract, or requirement by laws.
7.7 Right to object to the processing: you have right to object to the processing of personal data concerning you, unless TISTR has legitimate grounds to decline such a request.
8. Personal data protection
TISTR shall provide proper data protection measures to prevent unauthorized access, usage, change, amendment or disclosure of personal data. Moreover, TISTR shall set organizational guidelines to limit right to access or right to use of the data, to maintain data confidentiality and security. TISTR shall set periodical review on such measures to maintain its propriety.
10. Complaint with data protection authorities
In case you found that TISTR did not comply with Personal Data Protection Law, you have right to make a complaint with the Personal Data Protection Committee, or protection authorities appointed by the Personal Data Protection Committee or by laws. In this regard, prior to making such a complaint, you are invited to contact TISTR, so that TISTR could learn and clarify the facts, in order to settle your concerns early.
11. Data Protection Officers
TISTR shall appoints Data Protection Officers who take responsibility to investigate, supervise and give advice on data collection, usage and disclosure, including collaboration with the Office of the Personal Data Protection Committee, in accordance with Personal Data Protection Act (B.E. 2562).
13. Contact Information
If you have any queries, suggestions or concerns about data collection, usage and disclosure performed by TISTR, or about this Policy, or you wish to use your rights under Personal Data Protection Law, please contact:ี่
Thailand Institute of Scientific and Technological Research (TISTR)
35 Technopolis, Moo 3, Khlong 5, Khlong Luang, Pathum Thani 12120
Call Center : 02 – 577 9000
Data Protection Officers
Email : DPO@tistr.or.th
Website : www.tistr.or.th