In this policy,
“University” means King Mongkut’s University of Technology Thonburi.
“Personal Data” means any data related to an applicant that could, directly or indirectly, identify the applicant.
“Personal data processing” means any operation carried out by the University on applicant’s personal data including the collection, use, storage, disclosure and erasure of personal data.
“Applicant” means a person of Thai or foreign nationality who possesses the characteristics and educational qualifications as prescribed by the University, who applies for an undergraduate, graduate, certificate or training program or enrolls in courses and subjects at the University;
“Website” means any website, admission system and/or software application whose services are provided by the University.
“Cookies” mean small files that store data by recording them on a computer or selected web browser. “Cookies” assist web browser in directing users to contents in various sections of a website for ease of browsing.
2. Collection of personal dataOnce applicants gain access to relevant websites and software applications and apply for user registration and admission to the University’s study program, they shall have the rights to pay an application fee, attend an entrance examination/interview, and subsequently be admitted and pay admission acceptance confirmation fees. The provided personal data shall form the basis for the University’s application and admission processes or public relations contacts, and shall be further used for statistical processing and analysis of the University’s services.
The following personal data shall be collected and stored:
- Personal data such as applicant’s national identity card number, passport number, title, first-last names, gender, date of birth, age, nationality and special ability, etc.
- Educational background: applicant’s educational institution name, educational qualification, field of study/study plan, study status (studying or graduated) cumulative grade point average, O-Net scores, research title, thesis advisor and academic publication details, etc.
- Contact information: applicant’s current address, telephone number, e-mail address, and guardian’s personal data such as parents’ first and last names and telephone number (for undergraduate program applicants only).
- Work experience: applicant’s occupation, position, office, office telephone number as well as work/research experiences (for graduate program applicants only).
3. Use and disclosure of personal dataThe University will use and disclose applicable applicant’s personal data for the execution of its objectives as follows:
- Applicant’s personal data shall be used to the extent necessary for processing purposes only. The University shall collect applicant’s personal data and “cookies” from the applicant’s initial access to its websites and software applications for user registration public relations purposes, news and information, including announcements of lists of eligible applicants for payment of the application fee, written examination/interview, lists of eligible candidates for admission offer and payment of admission offer confirmation fee.
- The University certifies that it will not use applicant’s personal data for any benefits other than those permitted by the University’s operational scope and objectives or disclose them to a third party, except with the data subject’s permission.
- It may be necessary for the University to allow a third party (whether within or outside the University) to access and use applicant’s personal data for data processing, educational qualification verification or criminal record check purposes. For example, a transmission of applicants’ and selected candidates’ personal data to the Thai University Center Admission System (TCAS), under the Council of University Presidents of Thailand, for data verification of candidates who confirmed KMUTT’s admission offer.
4. Personal data securityThe university recognizes the importance of applicant’s personal data protection and has appropriate security measures in place to prevent unauthorized or unlawful loss, access, destruction, use, alteration, correction or disclosure of personal data as prescribed in the University’s information technology security policy and guidelines.
Using “cookies” will allow more convenience of web browsing as they will remember the sites that you have previously visited. The University shall use the data recorded or collected by “cookies” for its statistical analysis or activities and for the improving of its service quality.
6. Personal data retention periodThe University will collect and retain applicant’s personal data only for the period required to carry out its objectives and to perform the University’s vital legal, financial and accounting, monitoring, and auditing operations under the applicable laws.
7. The rights of applicants over their personal dataApplicants shall have the following rights over their personal data:
- Right of Access. Applicants have the right to obtain a copy of their personal data in order to check whether the University’s processing of their personal data is lawful or not.
Right to Data Portability. In the event that the University has applicant’s personal data processed in a machine-readable format by automated means and the personal data can be used or disclosed by automated means, applicants can:
- request to have the University send or transmit their personal data to another entity by automated means;
- request for a copy of the personal data that the University directly sent or transmitted to another entity, unless such request is not technically possible.
- Right to Object. Applicants can object to the University’s processing of their personal data when it is done for the following purposes:
- for the performance of the University’s public tasks or legitimate interests;
- for the University’s direct marketing purposes;
- for the University’s objectives relating to scientific or historical research or statistical purposes unless such task is essential for the performance of the University in the public interest.
- Right to Erasure. Applicants can request the University to delete, destroy or anonymize their personal data in the following cases:
- when the processing of personal data is no longer necessary;
- when an applicant withdraws his or her consent to the processing of personal data and the University no longer has the legal power to continue processing the personal data;
- when an applicant has submitted his or her objection to the processing of personal data;
- when there is unlawful processing of applicant’s personal data.
- Right to Restrict Processing. Applicants can request for a suspension of personal data use in the following cases:
- when the University is investigating applicant’s personal data rectification request;
- when the personal data need to be erased or destroyed, but an applicant instead requests for a suspension of his or her personal data use;
- when it is no longer necessary to keep applicant’s personal data for the original processing objectives, but an applicant needs to keep them for the establishment, exercising or defense of his or her legal claims.
- when the University is investigating or verifying the applicant’s objection request.
- Right to Rectification. Applicants can request to have inaccurate, incomplete or outdated personal data rectified when the applicant found them to be inaccurate, incomplete or outdated and the University cannot verify and correct such data on its own.
Applicants should be informed that the University shall record activities related to the processing of their personal data request in order to provide solutions to such problems. For any inquiries regarding details of the University’s personal data protection practices, applicants can get more information from KMUTT Personal Data Protection Guideline at https://admission.kmutt.ac.th.
If applicants wish to exercise any of the above-mentioned rights or to file any complaint on the University’s personal data processing practices, please send an email to firstname.lastname@example.org. The University shall promptly process the applicant’s request pursuant to the provisions of applicable law. Applicants can file a complaint about breaches of personal data protection to the Personal Data Protection Office.