refers Rangsit University and its affiliates.
refers RSU Horizon Company Limited, RSU Healthcare Company Limited, RSU Medical Resort and Spa Company Limited, RSU International Hospital Company Limited, RSU Hospital Company Limited, Suntara Real Estate Company Limited, RSU FC Company Limited, RSU Innovation Company Limited, Prasittirat Company Limited, Prasittirat 11 Group Company Limited, Club House Company Limited, British International Company Limited, Ban Arthit Company Limited, Prasit Pattana Holding Company Limited, Satit Rangsit Company Limited, and RSU Vista Golf Course Company Limited.
refers students, former students, and employees of Rangsit University and other people whose information is processed by Rangsit University.
refers a natural person or a juristic person.
refers to information that can directly or indirectly be used to identify a person. Personal information excludes information of a dead person.
refers to personal information including information about a person’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, sexual orientation or practices, criminal record, health, genetic or biometric information, disabilities, labor union, or any other that affects the owner of information as determined by the Personal Information Protection Committee.
refers to a person, a juristic person, or a department/faculty with authorization to make a decision about the collection or the disclosure of personal information as required of the system or following the purposes of use of the department/faculty.
refers to a person, a juristic person, or a department/faculty collecting, using, or disclosing personal information in compliance with the order or on behalf of the personal information controller. A personal information processor shall not be a personal information controller as required of the system or following the purposes of use of the department/faculty.
refers to any act where personal information is involved, e.g. collecting, recording, reproducing, organizing, filing, storing, improving, changing, retrieving, disclosing, sending, publicizing, transferring, gathering, eliminating, destroying, etc.
refers to small digital files that temporarily contain necessary personal information. Cookies are stored on the computer of the owner of personal information for convenience and ease of use in communication and created by a web server while a user is browsing a website.
refers to a service user’s personal information that can directly or indirectly be used to identify a person. Personal information excludes information of a dead person. Personal information includes:
3.1 The University may obtain personal information directly from service users and through the services and activities as follows:
3.2 Tracking technology by which a service user uses when accessing any websites and applications of the University which create cookies, such as https://www2.rsu.ac.th and https://intranet.rsu.ac.th
3.3 University affiliates, e.g. RSU Horizon Company Limited, RSU Healthcare Company Limited, etc.
3.4 The University obtains personal information from a third party with legal authorization to disclose a service user’s personal information and from a service user’s representative or subcontractor and use such personal information obtained via e-mail or telephone or from a document disclosed by a person with legal authorization for applying for services for and providing services to the aforesaid service user.
If the University acknowledges that the owner of personal information is a child, an incompetent person, or a quasi-incompetent person, the University shall not collect such personal information until granted consent from his or her legal representative, custodian, or curator as specified by law.
If the University does not acknowledge that the owner of personal information is a child, an incompetent person, or a quasi-incompetent person but later discovers that the University has collected such person’s personal information without consent from his or her legal representative, guardian, or curator, the University shall immediately destroy the personal information that has been collected unless the University has lawful purposes other than requesting for consent to collect, use, or disclose personal information, except that the aforesaid legal representative, guardian, or curator makes a clear and definite promise later or after the deadline for avoiding voidable acts as prescribed by law.
The University shall process service users’ personal information with the following objectives:
6.1 Disclosure and transfer of personal information
When the University has obtained personal information from a source, the University shall process such personal information by collecting, using, or disclosing it based upon the objectives previously specified. The University may disclose personal information and service users’ information to business groups, legal government agencies, information technology service providers, banks, payment and intersection service providers, customer support service providers, marketing and advertising service providers, business consultants, as well as legal entities or other parties which are contractual parties or have legal relationship with the University and/or the service users. Furthermore, the University may submit service users’ personal information to a supervisory authority for verification. The results of the verification may be used to prevent fraud and to comply with various laws to the extent relevant and necessary.
If the University is required to collect personal information in order to comply with a contract, perform duties under the law, or make a contract, refusal by service users to provide the personal information or objection to personal information processing based upon the objectives as specified shall probably result in the University being unable to provide services as requested by service users.
6.2 Disclosure and transfer of personal information to other countries
If necessary, the University may transfer service users’ personal information to individuals or international agencies or organizations with adequate and appropriate personal information safeguards and the University may request consent from service users for transferring their personal information to other countries as required by law. A third party who receives personal information from the University shall not disclose such information for any other purposes which are not notified to the University.
The University’s personal information retention and retention period are as follows:
If the University has assigned or procured a third party (personal information processor) to process personal information on behalf of the University in which the third party may offer various forms of services such as hosting, outsourcing, cloud computing service provider, etc., the University shall provide an agreement specifying the rights and obligations of the University as a personal information controller and of individuals entrusted by the University as a personal information processor. This includes the details of the types of personal information the University entrusts to process, objectives, and the scope of the personal information processing, and other relevant agreements. Personal information processors are responsible for processing personal information within the scope as specified and shall not process personal information for other purposes.
Service users, as information owners, have rights regarding the personal information in accordance with the Personal Information Act B.E. 2562 (2019) as follows:
The University shall determine the lawful basis of the collection of personal information as appropriate and in the context of the provision of services. The lawful basis of the collection of personal information used by the University shall be as follows:
| Lawful Basis of Information Collection | Detail |
| To carry out duties for the public interests or to exercise the authorities that the University was granted by the government. | To enable the University to exercise the authorities granted by the government and carry out duties for the public interests, according to the mission of the University. A private university is considered a public service assigned by the government to the private sector to provide education on behalf of the government which is prescribed by laws, such as Private Higher Education Institution Act, B.E. 2546 (2003), amended (No. 2), B.E. 2550 (2007), rules, regulations, orders, relevant cabinet resolutions, etc. |
| To perform legal duties. | To allow the University to comply with the laws that direct the University, such as Private Higher Education Institution Act, B.E. 2546, amended (No. 2), B.E. 2550 (2007), Tax Law, Court Decree, etc. |
| As necessary for the legitimate interests. | For the legitimate interests of the University and other people. Such interests are not less important than the fundamental rights of personal information owner, such as for the security of buildings and areas of the University, for the processing of personal information related to the internal affairs of the University, etc. |
| As necessary for the prevention or suppression of dangers to a person’s life, body or health. | To prevent or suppress dangers to a person’s life, body or health, such as providing the University's applications (Line, Facebook) to report a mishap, installing closed-circuit televisions (CCTV) and various types of access control-related devices, fingerprint scanning, face scanning, etc. in order to monitor any incident. |
| To comply with the obligations in the contracts. | To enable the University to perform the duties under the contracts or take actions that are necessary for making a contract. The service user is a counterparty with the University, such as an employment contract, hire of work agreement, memorandum of understanding, or other forms of contracts, etc. |
| For the preparation of important documents related to history, research, or statistics. | To enable the University to prepare or support the preparation of documents related to history, research, or statistics as the University may be assigned to do, such as the preparation of position directory of directors or board, the preparation of statistics of using services of the service users, the preparation of graduate directory, etc. |
| For the service user's consent. | For the collection, use or disclosure of personal information in case the University requires the consent of the service user with notification of the purpose of collecting, using or disclosing the personal information before requesting the consent, such as the collection of sensitive personal information for the lawful purpose that does not comply with the exceptions of Section 24 or 26 of the Personal Information Protection Act, B.E. 2562 (2019), or the presentation and promotion of the products and services of a counterparty or business alliance to service users, etc. |
In case the University is required to collect service users’ personal information for the performance of a contract, legal duty performance, or necessity of entering into a contract, but the service users refuse to provide their personal information or object to carrying out the processing according to the purposes of the activity, it may result in the University being unable to carry out or provide the services requested by service users, in whole or in part.
Under the purposes as aforementioned in 5, the University may disclose service users’ personal information to the following people. Generally, the following types of information recipients are the University’s personal disclosure framework. This personal disclosure framework is applicable only to the person receiving information related to the products or services the person uses or is associated with.
| Types of information recipients | Detail |
| A government agency or authority to which the University is required to disclose the information for the purpose of legal proceedings or for other important purposes. | Agencies of law enforcement or agencies with the power to control and supervise or agencies with other important objectives, including Ministry of Higher Education, Office for National Education Standards and Quality Assessment (Public Organization), National Research Council of Thailand, Revenue Department, Royal Thai Police, Court, Office of the Attorney General, Department of Disease Control, Ministry of Public Health, Ministry of Digital Economy and Society, Department of Consular Affairs, Student Loan Fund (SLF), etc. |
| Various committee related to the legal proceedings of the University | The University may disclose the information of the service users to the person taking a position of a committee member in a variety of boards, including University Council Committee, Labor Protection Committee, Fact-finding Investigation and Disciplinary Committee, Student Discipline Investigation Committee, etc. |
| A counterparty who operates on welfare of the University's service users | Outsiders procured by the University to take action on welfare, such as insurance companies, health insurance companies, hospitals, bank payroll providers, telephone service providers, etc. |
| Business alliance | The University may disclose the information of the service users to a person or establishment that cooperates with the University for service benefits to the service users, such as government agencies or other universities or private entities with which the University has made a memorandum of understanding (MOU) or agreement, service providers from external agencies that you contact through the University services, marketing and advertising service providers, financial institutions, platform service providers, telecommunication service providers, etc. |
| Service providers | The University may appoint other people as service providers on behalf of the University or sponsors of the University's operations, including service providers in information storage (such as Cloud Storage), system developers of software, applications, and websites, document delivery service providers, payment service providers, Internet service providers, telephone service providers, digital ID service providers, social media service providers, risk management service providers, transportation service providers, etc. |
| Other types of information recipients | The University may disclose the information of the service users to other types of information recipients, such as visitors, family members of service users, non-profit foundations, temples, hospitals, educational institutions, or other agencies, etc., especially for the operations related to the services of the University, such as training, receiving awards, religious activities, donations, etc. |
| Information disclosure to the public | The University may disclose the information of the service users to the public in case of necessity, such as operations that require the University to declare or comply with the law, etc. |
According to the law, RSU needs to collect all personal information in order to provide services or to conduct some activities. If service user chooses not to give his/her personal information, the university may not be able to provide any services.
In case of refusal by service users to provide personal information other than the university uses personal information for practice based on contracts and legal compliance, service users can still use the university's services but with less convenience because of the refusal to use personal information for the full quality of effective services.
During using services, RSU will provide all information related to marketing activities and promotions, products, services including advertisers and business partners which the university expects it would best fit service user’s interests. Therefore, service users can cancel their consent to receive information in accordance with the information provided by the university.
This personal information protection policy applies only to RSU’s services and websites. If service user connects to other websites or use other channels via the university's website, service user must study and comply with the personal information protection policies that appear on the particular website separately from RSU.
RSU regularly reviews personal information protection policies in accordance with applicable practices and regulations. However, the University may reserve the right to change the policy on its website without prior notice.
Service user agrees that this personal information protection policy applies to all personal information collected by RSU. Service user agrees to give the university the right to store, maintain, and bring personal information which was collected or will be stored in the future, to be used or disclosed to others within the scope of the Personal Information Protection Policy.
Service user acknowledges and agrees to the "Personal Information Disclosure Letter" under Thai law and The Thai Court that has jurisdiction over any dispute that may arise.
Service users who have any questions, suggestions, or concerns regarding to the collection, use, and disclosure of personal information of RSU or wish to exercise their rights under the Personal Information Protection Act can contact the Committee on Personal Information Protection, Rangsit University, as follows:
Committee on Personal Information Protection, Rangsit University
No. 52/347, Muang Eke Village
Lak Hok Subdistrict, Muang District, Pathumthani Province, 12000
0-2997-2200
pdpa@rsu.ac.th
https://pdpa.rsu.ac.th
This policy is the latest updated as shown on the date stated above. We may change this policy from time to time and we will inform you in the event of such amendments. We will seek your consent for any modifications if needed.