Notice of Processing on Personal Data
(Students/ Potential Students)
Dusit Thani Public Company Limited (“Dusit”), as a controller of Personal Data, is bound by Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). In processing1 individual’s Personal Data, Dusit is required to comply with PDPA, including the obligation to notify the data subject of his legal rights pursuant to this document, and for certain cases, obtaining consent from data subject.
- Collection of Personal Data
Dusit may collect Personal Data directly and indirectly from data subject, his representative or other related persons, through Dusit’s business partners, other businesses in Dusit Group, Dusit’s phone services and digital services (including website and application) as well as other reliable sources (such as association, governmental organization, governmental body, private organization, seminars, training workshops, exhibitions) organized either by Dusit, governmental or private sector including social media.
- Types of Personal Data Collected
- Personal details of pupils and students, and parents: Full name, nationality, date of birth, gender, place of birth, postal address, private telephone number, email address, parents name and contact details, date of birth, emergency contact, days of absence, bank account details of parents, needs reports, recording of medical data and incidents, special educational needs records and dietary requirements
- Educational information: prep school and university attendance, tuition and extracurricular accounts, attendance and non-attendance records, exam details and results, curricular activities: performance and educational needs reports, incident reports involving pupils or students
- Membership of any clubs and societies within the School
- Event attendance and work experience placements
- Photographs or images of students
- Sensitive Personal Data (such as health, race and religion)
- Other relevant categories for the performance of our services (such as assessment, relevant medical information, special educational needs information, exclusions/behavioral information and psychological reports and assessments)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Logging and audit in the use of IT systems and education technology apps, applications and cloud-based systems
- Information in the form of CCTV
- Retention Period
Dusit will retain your Personal Data as long as it is necessary for the purpose of data processing. After that, Dusit will erase and destroy your Personal Data except as may be required, by applicable laws, or for protection of our interest. In general, your Personal Data will be kept for a maximum period of 10 years or otherwise longer if it is specifically provided by law.
- Purposes of Use and Disclosure
Dusit will use and disclose your Personal Data for the following purposes:
- Set up and administer student accounts
- Selection for admission, award of entrance scholarships, and communication on admission-related matters
- Verify student identity, student qualifications and academic records in relevant schools or other places, and other information provided in the application forms/documents
- Identify possible multiple applications and records of previous and existing studies at the School/College and other schools of students (if applicable)
- Create a profile for each student, revealing their performance and progress
- Provide educational products and services, including tailored questions and support
- Provide an overview for teachers to allow them to monitor student progress and record their actions.
- Provide reports to teachers on student progress
- Conduct research into the usage of our products and services, educational performance and outcomes
- Evaluate and improve our products and services
- Detect and prevent fraud
- Comply with applicable laws that require us to process certain Personal Data
- Comply with inspection, analysis and preparation of documents upon request of governmental organizations and regulatory bodies
- For all educational purposes at, activities conducted by, and facilities, services and benefits provided by the School/ College (in particular those governed by the relevant regulations, policies and procedures of the School/ College)
- Maintain contact, updating the latest developments of the school, and provision of information
- School’s promotional material such as prospectuses and the website
- Conduct statistical analysis, research, survey, review and audit
- For approved school trips
- For proceed with the internship/job application of each student at hotel or other entity
- Issue joint certificate and/or diploma with other institution to students
- Send marketing communications relating to education courses via email, direct mail, and social media
- Protect the health of the students
- Ensure the safety and security of students
In the case where Dusit appoints third party service provider(s) to process your Personal Data, Dusit will process your Personal Data for the purposes of performing Dusit’s contractual obligations, compliance with legal obligations, based on Dusit’s legitimate interests or based on your consent (if necessary). Dusit will not disclose or permit the disclosure or make available your Personal Data other than in accordance with the relevant ground unless a prior consent of data subject has been given to Dusit or PDPA allows Dusit to do so without obtaining consent from data subject.
If any data subject could not share Personal Data necessary for Dusit to process Personal Data based on the ground specified above, Dusit will not be able to perform its contractual obligations with such subject matter nor able to comply with legal obligations.
Dusit will process Personal Data in strict compliance with applicable laws. In case where you have given a consent to any data processing activity, you may withdraw your consent at any time.
Dusit will not disclose your Personal Data without any legal basis. Your data may be disclosed or transferred to governmental organizations, governmental bodies or third parties including:
- Government Authorities: We may share the Personal Data of students to relevant government authorities to fulfill any legal obligations and/or requirement we may have. In case of international students, we may share your information with appropriate government authorities including to act as your sponsor for visa or other facilitation purposes.
- Dusit: We may share the Personal Data of students to Dusit in order to proceed with student internship, trainee program, school trips and outing.
- Third-Party Hotel or Other Organization: We may share the Personal Data of students to third-party hotel or other organization in order to proceed with student internship, trainee program, school trips and outing.
- Partner School and Institutions: We may share the Personal Data of students to our partner school and/or institutions who have collaborated with us for a joint degree in order to evaluate and issue the joint certificate and/or diploma to the students who attend the course.
- Hospital and Medical Organisation or Personnel: We may share the Personal Data of students to family nurses, doctors or social service organisations where sharing is in the vital interests, or where not sharing could have a negative impact on the individual.
- Service Providers: We may share the Personal Data to service provider that are necessary for School to deliver the admissions, administration, teaching and learning, pastoral development, students benefits/ social care and child protection services
- Franchisor: We may share the Personal Data of students to our franchisor education institutions who have granted us the license to operate the institutions in order to evaluate and issue the certificate and/or diploma to the students who attend the course.
- Financial Institutions: We may share Personal Data to any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under local law to gain access to such information provided they are able to prove their authority to access such information.
Dusit will disclose your Personal Data to the recipient outside of Thailand only where it is permitted by PDPA or other applicable laws.
In the event where Dusit is required to disclose your Personal Data to a third party, Dusit will follow appropriate procedures to ensure that the third party will properly handle your Personal Data in order to prevent data loss, unauthorized access, improper use, modification, disclosure or processing.
- Data Security Measure
Dusit adopts the high-standard security system in both technology and procedures to prevent any possible data theft. Dusit implements various measures to protect its computer system (such as Network Firewall, Intrusion Detection, Threat Prevention, URL Filtering, Application Control, Email Security, Server and Endpoint Protection, Secure Socket Layer, Cookies), through substantial investments, effort and human resources as to ensure that Dusit achieves high-standard measures and your personal data remains safe.
Although Dusit makes its best efforts to protect personal data with our technical mechanism along with the management by our personnel to control access and keep personal data against unauthorized access, Dusit cannot always guarantee the security and confidentiality of personal data from every incident that may arise, such as virus threat and unauthorized access. A data subject should regularly keep up with technology news, install personal firewall software to prevent his computer from threat or data theft.
- Right of Data Subject
In exercising any right under Clause 7, data subject shall comply with criteria and procedures specified in Clause 8 of this document. However, the rights specified in this Clause are subject to change as the relevant law may be amended from time to time by the government. Dusit will inform you about the changes.
- Right to be notified: if Dusit wishes to collect, store, use or disclose your Personal Data in any manner beyond the intended purposes or your given consent, Dusit will notify and/or seek your prior consent with respect to such additional scope.
- Right to Access to your Personal Data: You may request for a copy of your Personal Data and request to disclose about the source of your Personal Data.
- Rectification of the Personal Data: To ensure that your Personal Data is accurate, up-to-date, complete and not misleading, you may file a request to rectify any of your Personal Data that has been changed by following the procedures specified in Clause 8.
- Right to data portability: In case where it is technically available, you may request to receive your Personal Data in a commonly used or readable by the automatic device or to automatically transfer.
- Right to erasure of your Personal Data: You may request to erase or make your Personal Data pseudonymised under any of the following circumstances: (a) your Personal Data is no longer needed to be collected, stored, used or disclosed for the intended purposes, (b) you withdraw your consent for your Personal Data to be collected, stored, used or disclosed and Dusit no longer has any legal right to process your Personal Data for the intended purposes, (c) you object to Dusit’s processing of your Personal Data, or (d) your Personal Data was processed in contravention of the PDPA.
- Request to suspend the use of your Personal Data: You may request Dusit to suspend its use of your Personal Data in any of the following events:
- when Dusit is in the process of verifying certain information for the purpose of rectifying, updating, completing or avoiding any misleading about your Personal Data upon your request;
- when your Personal Data is to be erased under Clause 7.5, but you instead request to suspend its use;
- when it is no longer necessary to store your Personal Data, but you request Dusit to continue the storage of your Personal Data for establishing legal claims, legal compliance, exercise of legal rights or defenses; or
- when Dusit is in the process of verifying its legitimate rights in its data collection or processing for purposes specified by law.
- Right to object the processing of Personal Data: You may object to the collection, storage, use or disclosure of your Personal Data in any of the following events:
- In case where your Personal Data was collected by Dusit for the purpose of (a) Dusit’s compliance with a governmental order or (b) any legitimate interest of Dusit or other legal entity;
- In case where Dusit has processed your Personal Data for the purpose of direct marketing; and
- In case where Dusit has processed your Personal Data for any research purposes as specified in relevant laws, including for statistical purpose.
- Right to withdraw consent: You may withdraw your consent at any time. Your withdrawal will not have any effect on Dusit’s previous data processing. If your withdrawal will affect any part of your Personal Data, Dusit will notify you of such effect at the time you make such withdrawal.
However, Dusit may deny your request to withdraw consent if the processing is for the purpose of, or for complying with, applicable law or court order, the withdrawal may adversely affect and harm the rights and freedom of the data subject himself or other people, the processing is for research purposes that has appropriate protection for Personal Data, or the processing is for establishing legal claims, legal compliance, exercise of legal rights or defenses.
- Criteria and Procedures for Exercise of Your Rights
If you wish to exercise your right, please submit your request via e-mail at firstname.lastname@example.org Alternatively, you may contact our Data Protection Officer at the following: Dusit International 319 Chamchuri Square Building 29th Floor, Phayathai Road, Pathumwan, Bangkok 10330, Thailand Tel: 02200-9999 Ext 3662 e-mail: email@example.com Please mark as “Personal Data Request from a Guest” with your first name, last name and contact information.
Your request will be sent to Dusit’s data protection officer for verification of your identity. We will require you to produce some form of photo identification (copy of a government-issued identification with signature, passport, driver’s license or Student ID Card), home or business address, phone number, information of your stay with Dusit Hotels & Resorts, and details of products purchased. You will also be asked to sign a request form.
The data protection officer will consider your request by considering various factors such as its legitimate reasons, its negative effect on a third party etc. and whether the PDPA provides for any exemptions.
If your request is approved, the data protection officer will proceed and report the result to you without delay via the channel you have specified in your request.
If you request is denied, the data protection officer will notify you with explanation without delay via the channel you have specified in your request. You may make an appeal to the authority as prescribed by the PDPA which Dusit will inform you in Dusit’s notification of such denial.
- The procedures above will take no more than 30 (thirty) days following the receipt of your request and all supporting documents.
- Dusit’s process will not incur any costs to you. But if there is any cost, Dusit will notify you prior to taking any action.
9. Contact Information
If you have any questions relating to an exercise of your rights or your given consent, you may contact us at:
Name: Suwat Itsarothaikul (Data Protection Officer)
Address: Dusit International,
319 Chamchuri Square Building, 29thFloor,
Phayathai Road, Pathumwan,
Bangkok 10330, Thailand
Telephone: 02200-9999 Ext 3662
(Students/ Potential Students)
I, Mr./Mrs./Ms.________________________________ (“Data Subject”) hereby give consent to Dusit Thani Public Company Limited (“Dusit”) to process my/our Personal Data for the following purposes as I have þ the consent box.
|1.||To verify the students health qualification for consideration of admission, and to provide appropriate treatment and services during school||To collect, store, use and disclose health conditions, health history and food allergies for verifying your health qualification at the application stage for consideration of admission, and to provide appropriate treatment and services during school||o|
|2.||To comply with applicable laws and/or regulations||To collect, store, use and disclose race and religion information in order to comply with applicable laws and/or regulations as an Institutional of Higher Education License Holder||o|
|3.||To communicate information regarding marketing and direct marketing purposes||To collect, store, use and disclose name, address, telephone number, and e-mail address for communication of information relating to education courses, newsletter, promotion, campaign and marketing activities as well as other communication.||o|