Order of Rajamangala University of Technology Isan
Subject appoint a committeeProtection of Personal Information of Rajamangala University of Technology Isan
For the operation of personal data protection of Rajamangala University of Technology Isan It complies with the Personal Data Protection Act B.E.
By virtue of Section XNUMX and Section XNUMX of the Rajamangala University of Technology Act B.E. XNUMX in conjunction with the Personal Data Protection Act B.E. XNUMX (XNUMX), hereby appoint the Personal Data Control Committee of Rajamangala University of Technology Isan as follows: go here
| 1. | chancellor | Chairman |
| 2. | Vice President for Administration and Human Resource Development | Vice Chairman |
| 3. | Vice President for Academic and International Relations Affairs | director |
| 4. | Vice President for Research, Innovation Development and Academic Services | director |
| 5. | Vice President for Strategic, Policy and Planning | director |
| 6. | Vice President for Student Affairs and Alumni Relations | director |
| 7. | Vice President for Special Affairs | director |
| 8. | Vice President of RMUTI Khon Kaen Campus | director |
| 9. | Vice President of RMUTI Surin Campus | director |
| 10 | Vice President of RMUTI Sakon Nakhon Campus | director |
| 11 | Vice President for Digital Technology Information and Affairs of the University Council | Director and Secretary |
| 12 | Director of the Office of Academic Resources and Information Technology | Director and Assistant Secretary |
| (XNUMX) | Provide appropriate security measures. To prevent the loss, access, use, alteration, alteration or disclosure of personal information without authorization or abuse. including reviewing such measures When necessary or when technology changes in order to be effective in maintaining appropriate security, in accordance with the law on personal data protection. |
| (XNUMX) | In the event that personal data is required to be provided to a person or entity other than the personal data controller Actions must be taken to prevent that person from using or disclosing personal information without authorization or wrongdoing. |
| (XNUMX) | Provide an audit system for the deletion or destruction of personal data in accordance with the Personal Data Protection Act. |
| (XNUMX) | Notify the personal data breach to the Personal Data Protection Committee without delay within seventy-two hours from knowing the cause as far as possible unless such infringement has no risk of affecting the rights and liberties of a person. Where the infringement has a high risk of affecting the rights and freedoms of a person Report the violation to the owner of the personal data along with the remedy. Without delay, such notification and exceptions shall be in accordance with the law on personal data protection. |
| (XNUMX) | Operate or assign an agent to record information in accordance with Section XNUMX of the Personal Data Protection Act B.E. XNUMX (XNUMX), as well as any other acts prescribed in accordance with the Personal Data Protection Act. |
| (XNUMX) | provide a personal data processing agreement between the data controller and personal data processor In the event of entrusting the processing of personal data to the processor of personal data |
| (XNUMX) | Provide information about the controller of personal data Agent or Data Protection Officer, Place of Contact and how to contact the owner of personal data and the Office of the Personal Data Protection Commission |
| (XNUMX) | To appoint a person, a group of people, a sub-committee or a juristic person to perform duties as follows: (XNUMX) Personal Data Processing Officer (XNUMX) Personal Data Protection Officer (XNUMX) Personal Data Control Committee of the agency (XNUMX) To carry out any action within the powers and duties of the Committee. control and support the operations of officials under Article XNUMX |
| (XNUMX) | Issue any announcements or orders to support the implementation of the Personal Data Protection Act B.E. |
Announcement of Rajamangala University of Technology Isan
Subject: Policy and Practice Guidelines for Personal Data Protection of Rajamangala University of Technology Isan
Whereas the Royal Decree prescribing rules and procedures for electronic transactions of the government sector, B.E. XNUMX has established measures to protect personal data. Therefore, in order to effectively protect personal data for electronic transactions of Rajamangala University of Technology Isan can be followed in a concrete manner
By virtue of Section XNUMX and Section XNUMX of the Rajamangala University of Technology Act, B.E. XNUMX University of Technology Rajamangala Isan therefore issued the following announcement:
This announcement is called “Announcement of Rajamangala University of Technology Isan on Policy and Practice Guidelines for Personal Data Protection of Rajamangala University of Technology Isan”.
This announcement shall come into force from the announcement date onwards.
in this announcement
“University” means Rajamangala University of Technology Isan.
“Policy Guidelines” means the principles concerning personal data protection established and announced by Rajamangala University of Technology Isan.
“Practice Guidelines” means the practice on personal data protection at Rajamangala University of Technology Isan. established and announced for users to strictly follow
“Personnel” means a government official, an employee in a higher education institution, a permanent employee, a government official and a salary employee under Rajamangala University of Technology Isan.
“External service provider” means an external agency that is outsourced to work in information technology or to perform other tasks according to the needs of Rajamangala University of Technology Isan, such as an internet service provider. hardware provider software provider system service provider
“Person” means a natural person.
“Personal Information” means information about an individual by which an individual can be identified. whether directly or indirectly but does not include information of the deceased in particular.
“Personal Data Controller” means a person or juristic person who has the power and duty to make decisions about the collection, use or disclosure of personal data.
“personal data subject” means a person who owns personal data or who has legal rights
“Service User” means a user who has applied for information technology services and other aspects such as applying to be a student, staff member, or receiving services directly with the University.
The university's personal data protection policy guidelines are as follows:
Collection of personal information of service users The University will use lawful and fair methods to store information as necessary to provide electronic transaction services. for the purposes of the university's operation as required by law only And the university will ask for consent from users before collecting. unless required by law or in other cases as set forth in this announcement
The university collects and stores personal information of users, will give importance to the accuracy, completeness and current of the information.
The university collects, stores, uses personal information of service users. The purpose is to be used for the benefit of the operation of the University as required by law only. will inform service users and ask for consent And the university will record the amendments as evidence as well.
The university will not disclose personal information of users. Other than the purpose of collecting and storing information except with the consent of the data subject or by court order and requiring external service providers to maintain confidentiality and the security of user information The information is prohibited to be used other than the intended action.
The university has measures in place to maintain the security of personal data of electronic transaction service users to prevent data loss, access, use of data, data destruction. and misuse of information Including changes, modifications or disclosures of information without permission in accordance with the policy and guidelines for maintaining information security of the university.
The University operates in accordance with the University's personal data protection policies and practices. which will be published through the website https://www.rmuti.ac.th Including if there is an amendment to the policy and practices for protecting personal information will be disseminated through such channels
The university will provide a channel for the owner of the personal data to check the existence and nature of the personal data. Purpose of Use of Information Personal Data Controller and the location of the Personal Data Controller at the university
The university will disclose the details of personal data to the data subject. only upon request from the personal data subject By submitting the request and the purpose of use, the university will complete the process within XNUMX days from the date of receipt of the request in the event that the data subject has objected to the storage, accuracy or any action on the data. personal after university has examined the credible evidence that the data subject has shown to the university The university will record the objection to keep as evidence.
The university may refuse requests for personal information in the event of a statutory refusal or a court order. or in the event that the user's personal information is made anonymous or characteristics that can identify the service user by preparing a statement informing the owner of the personal information
The university requires those involved in the collection, storage, use and disclosure of personal information of electronic transaction service users. must pay attention and be responsible for the storage and data protection personal data collected in accordance with the policy and strictly defined personal data protection practices
- This University's Personal Data Protection Guidelines are designed to apply in accordance with the University's Privacy Policy.
- To the extent that this protection of personal data applies solely to the University's actions with respect to personal data that the University collects, stores or obtains for the purpose. This information includes information that users have used the services of the university. Personal data is information that identifies a user's individual as well as their name, address, ID card number. The user's telephone number or e-mail address. The personal information contained herein does not include information that is generally accessible to the public. In addition, the scope of the personal data protection policy of the university added that it does not apply to the privacy practices of other entities that the university is not involved in or can control, nor does it apply to the guidelines. practices of persons who are not personnel or external service providers or that the University has no control over
- In the event that there is a change in the purpose or policy of personal data protection The university will announce and request consent from users through the university's website. https://www.rmuti.ac.th at least XNUMX days in advance and the university may make improvements Or amend the privacy policy without prior notice to the service user. For the suitability and efficiency of the service, it is recommended that the user read the personal information protection policy before will use the service every time
The university provides electronic transactions on the website. https://www.rmuti.ac.th And the paper is in accordance with the form of service in various fields, with the required information such as name, surname, ID number, address, telephone number and e-mail, etc., in accordance with the authority and mission of the university according to the law. On the establishment of Rajamangala University of Technology and then convert the data into an electronic system or store it by other means.
Users may be requested to provide personal information at any time in contact with the University and the University. This personal information may be used by the agency. The personal data will be used in accordance with the University's personal data protection policy. and may combine this personal information with other information. for the operation of the agency and this combined information will be treated as personal data for as long as they are combined with them.
The University will collect personal information of the service users who submit complaints/contacts via the website, such as the complainant's name, email address, phone number. Collect IP address information, etc., by collecting such information of all users who visit the University website for further reference.
The university will use personal information of service users such as name, address, national ID number. telephone numbers and e-mails, etc., only to the extent necessary for contacting the Service; public relations Processing or providing information of the university only
In the event that the University employs an external service provider to process the personal information of another website linked from the University website in order to know and understand that such website collects, uses or processes personal information of users. However, the university cannot certify the statement. or certify the actions that have been announced and not responsible for any If those sites are unable to operate or take any action in accordance with this announcement
The university will contact the service users by sending an electronic mail. or by phone to the service user To verify the service user name and password. The user may request to contact by other means during registration. In addition, the user can access various information. of the university through many other channels such as the university website https://www.rmuti.ac.th
Cookies are used by the University to facilitate the users to access the University services. A cookie is a small data file that the service system of the University website sends to the browser of the user. When the User visits the University website, these cookies allow normal communication between the User's computer and the University's electronic transaction system. Cookies allow users to benefit from various services provided by the University and users should allow cookies to function normally. Such cookies do not store personal information of the user of the university website. However, if the user does not wish to accept cookies Users can choose to decline cookies. Users are still able to visit the university's website. But some functions on the website may not be correct. or not as good as it should be
Universities collect demographic statistical data that can be linked to personally identifiable information. To explore the popularity of its use or for academic or research purposes. and services that are useful in applying statistical data to improve the quality of services and the development of academic and university services.
University website service Requires to keep records of entry and exit. and during the use of the service of the user who can automatically link such information with personally identifiable information such as the IP address (IP Address), date and time of the user, which is used as information that is linked back to Internet connection information, for example, which may identify the posting source or the person who posted it. including the website under the Computer Crime Act B.E. XNUMX and its amendments (No. XNUMX) B.E. XNUMX, Section XNUMX, which requires service providers to maintain computer traffic data for not less than XNUMX days. from the date that information enters the computer system but in case of necessity The competent official may order any service provider to maintain computer traffic data for more than XNUMX days but not more than XNUMX years in a special case, on a case-by-case basis and on a specific occasion.
To collect information through the website The website page will specify the right to provide the user's information. It is divided into two parts: the part of the information that the service user must provide. with the part of the information that the service user has the right to choose to provide or not, such as information on channels that can easily contact the service user Provide information through alternative channels such as electronic mail, fax, postal service, or directly related personnel.
In addition to the university website The university also has a website link to the department's website. or other government organizations such as the Ministry of Higher Education, Science, Research and Innovation, the Department of Provincial Administration, the Department of Business Development, etc. by providing information or using information between them, such as identification numbers Corporate registration number, etc., according to the mission of the university by collecting, collecting and securing such information in connection with it. The university adheres to policies and practices of other departments may differ. Therefore, the university recommends that users study the policy guidelines. and the personal data protection practices of those agencies as well
The university must notify the service user to give prior consent before making any changes to the data linkage with other agencies. or other organizations
In some cases, the university may combine personal information that users provide through the website with information obtained from other sources, such as address information of users from the Department of Provincial Administration. Ministry of Interior, etc., in order to make the information of the University complete, accurate and up-to-date. To enable the university to better serve its mission and duties.
The University does not allow anyone else to access or use the information the University collects about users of the Service. except in the case of compulsory disclosure of personal data as required by law for the benefit of the investigating officer's investigation or the trial and adjudication of the court under the subpoena or court order Universities are obliged to comply.
The University collects, collects, and uses information about users to the extent necessary to provide electronic transaction services in accordance with the University's operational purposes only, requiring a controller of personal data to collect, store, use and Disclosure shared information
In the event that the university will use the personal information provided by the service user for other purposes or other than those specified It will ask for the consent of the owner of the personal data first. and gives the user the right to choose the right to prohibit the use of personal information other than the purposes stated in the first For the case where the service user has given consent to use personal information for purposes other than those specified If you wish to revoke such consent, you can notify the cancellation by sending an electronic mail to info@rmuti.ac.th or come in person at the university
In the event that the user has provided various information to the university through the university's website and wishes to correct or improve such information to be correct or keep it current can contact the university by the university website https://www.rmuti.ac.th Or come to contact in person at the university, provided that the agency that is the owner of the information will edit or update the information. to be correct or to be up-to-date
The University has measures to maintain the security of personal data in accordance with the University's information security policies and practices. specified by the college and in accordance with ISO/IEC 27001 information security standards, with the following practices:
- Build awareness of personal data security responsibility for personnel. and related persons By disseminating information, knowledge, organizing seminars or training on such matters to personnel in the organization on a regular basis. This is in accordance with the policies and guidelines for maintaining information security at the university.
- Restrict access to personal data to personnel who have a need for the information to perform tasks in each hierarchy. and arrange to save and make backups of access or access for a reasonable period of time or for a period of time required by law. In addition, in some cases, SSL encryption may be used to maintain the security of data transmission. in accordance with the University's announcement on Policy and practice guidelines for maintaining information security
- Arrange for an audit and assessment of security risks of all websites or information systems at least once a year in accordance with the University's policies and guidelines for maintaining information security.
- It requires that appropriate and specific measures be taken for the security of personal data that is critical or that may affect feelings, beliefs, public order. and good morals of the people who use the service of the University or may cause damage or clearly affects the rights and freedoms of the data subject, such as a personal identification number telephone numbers, etc., in accordance with the University's announcement on Policy and practice guidelines for maintaining information security
- University website It is a website for the general public. It is not designed or intended to collect personal information from minors. So ask your parents to take care of your minors while accessing the website.
In the event that the service user has any questions, suggestions or comments regarding the policy and the university's personal data protection practices Users can contact the university.
Address : XNUMX Suranarai Road, Nai Mueang Subdistrict, Mueang Nakhon Ratchasima District Nakhon Ratchasima Province
Phone : XNUMX-XNUMX-XNUMX
Fax : XNUMX-XNUMX-XNUMX
Email : info@rmuti.ac.th
Website : https://www.rmuti.ac.th
The university shall publish this announcement to all concerned practitioners for general information. as well as create knowledge, understanding and provide training to relevant practitioners to raise awareness Understanding of actions to protect and prevent personal data breaches
to the Office of Academic Resources and Information Technology is responsible for the implementation of this announcement and the Office of Academic Resources and Information Technology and the Law Office jointly reviewed this announcement in accordance with the current situation. at least once a year
Related documents
