Term of Use

Whereas, the University has duties to collect, use, process or disclose the personal data of personnel, students or affiliated/related persons for the purposes relating to the University’s operation and business, and whereas, the University is aware of the responsibilities in accordance with the Personal Data Protection Act. Pursuant to Section 43 (1) of the Private Higher Institution Act B.E. 2546 (2003), the President of Bangkok University hereby issues the Policies on the Personal Data Protection of Bangkok University B.E. 2564 (2021), detailing policies for collection, use, process and disclosure of the personal data to be administered by the University, as follows:

This announcement shall come into force on the announcement date.

In this Announcement,
“Personal Data” refers to any information relating to an identified or identifiable data subjects, whether directly or indirectly, including but not limited to a name, an identification number, address, an online identifier, online information, or to one or more factors specific to the physical, mental, economic, cultural or social identity of that person.

“Data Subjects” refers to the persons identifiable by the personal data.

“Personal Data Protection Act” refers to the Personal Data Protection Act B.E. 2562 (B.E. 2019), including any amendments, royal decrees, ministerial regulations, announcements, orders or any laws pertaining to the personal data protection.

The University’s Policies
In order to collect, use, process or disclose the personal data of personnel, students or any affiliated persons, the University as a Data Controller and Data Processor of the Personal Data is obliged to comply with the personal data protection laws, as follows:

To collect, use, process or disclose the personal data accurately, lawfully and in accordance with related laws.
(2) To support personal data protection.

(3) To provide appropriate security measures and confidentiality of the personal data in accordance with the standards as required by laws.

(4) To manage a collection, use, processing or disclosure of the personal data with a consideration of the privacy of the data subjects.

4. The University shall collect and process the personal data under 6 principals, as follows:

(1) The University shall collect, use, process or disclose the personal data lawfully, fairly and in a transparent manner.

(2) The University shall collect, use, process or disclose the personal data in accordance with explicit and legitimate purposes, legal authorization, scope of jobs/duties specified in contracts or the University’s business or operation only.

(3) The University shall collect, use, process or disclose the personal data as necessary and only when that processing is related to specified purposes , unless it is required by law to further processing or in order to protect legitimate interest of the University.

(4) The University shall examine and update the personal data to be up-to-date and, where necessary, corrected without delay when found to be inaccurate.

(5) The University shall retain the personal data only as necessary or as required by law for the purposes as specified by the University, unless it is required for additional collection to protect the legitimate interest of the University.

(6) The University shall provide the appropriate security measures which meet the standards for personal data protection in order to protect the controlled personal data against any unlawful/unauthorized access and use, loss, or destroying by any third party



The personal data required to be collected, used, or disclosed by the University includes the following information.
Normal Personal Data includes but is not limited to only Name-Last name, Address, Telephone Number or Email Address, for example.
Sensitive Personal Data, in accordance with Section 26 of the Personal Data Protection Act B.E. 2562 (2019), includes but is not limited to only race, ethnicity, political opinions, cult, philosophical beliefs, sexual behavior, criminal records, health data, disability, genetic data, biometric data or any other similar data. The University shall carefully access, collect, use, disclose or control the personal data as required by laws. In addition, the University shall inform the data subjects details related to the collection, use or disclosure of the sensitive personal data before or during the collection under the terms, conditions, and regulations as required by law.
In the event of any offense in civil or criminal or any other law, the University reserves the rights to collect or use the personal data pertaining to the offences. However, the University shall carefully exercise the rights to access, collect, use, disclose or control the personal data under the conditions as required by laws.
In order to protect the interest of the University, the University has set up closed circuit television system (“CCTV”) to ensure safety on the premises of the University. In this regard, the University or Service Providers outsourced by the University shall collect, use or process information from the still pictures or motion pictures or personal data of the data subjects when being present on the premises of the University, for the safety of the University and other individuals.
The University may collect, use, disclose or process the personal data collected directly from the data subjects or from external resources.
In some cases, the University may request additional information from the data subjects, in order for the University to carry out contractual obligations or any other requests. In this regard, failure to provide required information may result in a termination of contract between the University and the data subjects, or the University may not be able to carry out related requests for the data subjects.