Privacy Policy
Sasin Privacy Notice
1. COMMITMENT TO PRIVACY
Sasin Graduate Institute of Business Administration (“Sasin”) is a postgraduate institute under Chulalongkorn University (CU), who is a data controller under the Personal Data Protection Act 2019 (B.E. 2562) (“PDPA”) when you visit Sasin’s website. CU and Sasin (collectively referred to as “we” or “us”) are committed to collect, use, and disclose your personal information (to be defined in section 2.) in a manner that respects and protects your privacy. This statement aims at notifying why your personal data is collected, used, or disclosed, relevant lawful bases, retentions and deletion policies, recipient entities, contact details, and rights of the data subject in accordance with Section 23 of the PDPA.
2. COLLECTED PERSONAL DATA
According to Section 6 of the PDPA, “personal data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular. We collect the following personal data categories: Academic Information; Advertisement and Promotion; Application Information; Bank Information; Basic Information; Billing; Biodata; Bonding Trip Information; Car Information; Career Information; Course Evaluation; Data Timestamps; Emergency & Health; Employer Information; Enrollment; Event Participation; Family Information; Flight information; Hotel Information; Identifiers; Language; Library Information; Open House; Opt-in Choices; Personal Assistant Information; Personal Contact Information; Preferences; Registration Information; Scholarship Information; Sponsor Information; Student Committee Information. Each category maybe made up of one or more data points, for example, the Basic Information category includes First Name, Middle Name, Last Name, Nick Name etc. The Academic Information may include Previous Degree, Previous Graduation Date, Previous University etc. For more information on all data points collected, please contact Sasin’s Data Office.
3. OBJECTIVES OF COLLECTION, USAGE, AND DISCLOSURE AND RELEVANT LAWFUL BASES
| Objective of collection, usage, and disclosure | Categories of Personal Information | Lawful bases |
| Student Administration To deliver its service adequately, and run its operations from Admissions to Graduation, Sasin relies on personal information about its customers. | Academic Information, Application Information, Billing, Biodata, Bonding Trip Information, Career Information, Emergency & Health, Employer Information, Enrollment, Event Participation, Flight information, Hotel Information, Language, Preferences, Registration Information, Scholarship Information, Sponsor Information, Family Information, Advertisement and Promotion, Personal Assistant Information, Personal Contact Information, Student Committee Information, Identifiers | Contract: it appears necessary for us to collect and use this category of personal data for Applicant Administration, Student Administration and Graduation Administration. |
| Course Enrollment, Billing and Finances To provide its service, and keep track of transactions with its customers, Sasin needs to collect personal information. | Academic Information, Application Information, Billing, Employer Information, Enrollment, Library Information, Scholarship Information, Sponsor Information | Contract: it appears necessary for us to collect and use this category of personal data for the enrolment and the event as per your request. |
| Access to Facilities and Security At Sasin we strive to provide full access to facilities to our customers and staff members, while ensuring the safety of all visitors. | Academic Information, Application Information, Billing, Biodata, Car Information, Family Information, Identifiers, Personal Contact Information | Contract: it appears necessary for us to collect and use this category of personal data for processing your parking request |
| Accreditation, quality assurance and reporting Sasin strives to provide quality education and services, for which it collects data regarding customer feedback as well as information about our students, alumni, and faculty bodies for the purpose of quality control and accreditation by third party auditors. | Academic Information, Application Information, Billing, Biodata, Career Information, Course Evaluation, Employer Information, Identifiers, Personal Contact Information, Registration Information | Legitimate interest: it is Sasin’s legitimate interest to use and disclose this category of personal data to the extent necessary for accreditation, quality assurance, and reporting |
| Other Services Sasin offers services beyond its core educational activity, such as career services, networking, event catering, and more. To fulfill such services, we require some personal information. | Academic Information, Advertisement and Promotion, Application Information, Biodata, Career Information, Emergency & Health, Employer Information, Event Participation, Family Information, Hotel Information, Open House Participation, Personal Contact Information, Preferences, Registration Information, Identifiers | Contract: it appears necessary for us to collect and use this category of personal data for the event registration as per your request. |
| Advertising, marketing, and data analytics Sasin regularly shares information with its customers about new course opportunities and offers, or events that could be of interest to you, based on your profile and preferences. | Academic Information, Advertisement and Promotion, Application Information, Billing, Biodata, Career Information, Employer Information, Family Information, Identifiers, Language, Event Participation, Personal Contact Information, Preferences, Registration Information | Consent: we rely on your written consent for the collection and usage of this category of data |
4. RETENTION AND DELETION POLICIES
We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.
5. SHARING YOUR DATA WITH THIRD PARTIES
We may share your data with third parties who provide services on our behalf, such as those who help us to operate the website. All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions. We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our site terms of use or to protect the rights, property or safety of our site, our users, and others. As per your request for an exchange program or other international program, personal information provided to us may be transferred to host institutes in other countries where data protection laws may differ from those of the PDPA. However, all reasonable steps will be taken to protect your privacy in accordance with the applicable data protection laws.
6. CONTACT INFORMATION
We are committed to complying to the PDPA and protecting the privacy of its data subjects. As such Sasin provides multiple channels for users to access their data.
- Registered Sasin users may access their User Management portal, located at user.sasin.edu where they are able to request their personal information. This portal is still work in progress and will be fully ready by the end of 2021.
- Data Subjects may submit their requests, questions, concerns, suggestions, or complaints to Sasin’s Data Office by email at data@sasin.edu.
- Data Subjects who are not satisfied with the service provided by Sasin’s Data Office may raise their issue to Chulalongkorn University’s Data Protection Officer.
7. RIGHTS OF THE DATA SUBJECT
- The data subject is entitled to request access to and obtain copy of the Personal Data related to him or her, which is under the responsibility of the Data Controller, or to request the disclosure of the acquisition of the Personal Data obtained without his or her consent (Section 30 of the PDPA).
- The data subject shall have the right to receive the Personal Data concerning him or her from the Data Controller. The Data Controller shall arrange such Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment and can be used or disclosed by automated means (Section 31 of the PDPA).
- The data subject has the right to object the collection, use, or disclosure of the Personal Data concerning him or her, at any time in accordance with Section 32 of the PDPA.
- The data subject shall have the right to request the Data Controller to erase or destroy the Personal Data or anonymize the Personal Data to become the anonymous data which cannot identify the data subject in accordance with Section 33 of the PDPA.
- The data subject shall have the right to request the Data Controller to restrict the use of the Personal Data in accordance with Section 34 of the PDPA.
- The Data Controller shall ensure that the Personal Data remains accurate, up-to-date, complete, and not misleading (Section 35 of the PDPA).
8. SECURITY, SENSITIVITY AND CONFIDENTIALITY
Adopting administrative safeguard, technical safeguard, and physical safeguard, we strive to store your data in secure systems, protected from any malicious users or potential hacking or data breach. We also protect your personal data security by limiting access to users who are required to access your data to perform their duties on a need-to-know basis. Whenever possible, we also pseudonymize or anonymize your data prior to usage or sharing, depending on data sensitivity. Regular surveys of data collection, storage and usage, prescription of usage guidelines, data warehousing and privacy protection measures are supervised by Sasin’s Data Office.