Facebook Youtube Tiktok

# COOKIE POLICY

Personal Data Protection Policy

Personal Data Protection Policy of Geo-Informatics and Space Technology Development Agency (Public Organization)

In accordance with the Personal Data Protection Act of 2019, effective from May 28, 2019, the Office of Geo-Informatics and Space Technology Development Agency (Public Organization) places great importance on the protection of personal data and compliance with personal data protection laws. The office is committed to ensuring the security and confidentiality of personal data and has implemented appropriate security measures. To reinforce this commitment, the office has formulated the following Personal Data Protection Policy:

Definitions:

“Office” refers to the Office of Space Technology Development Agency (Public Organization)

“Individual” refers to an ordinary person.

“Personal Data” means information about an individual that can directly or indirectly identify that person, including but not limited to name, surname, nickname, address, phone number, national ID, passport number, social security number, driver’s license number, taxpayer ID, bank account number, credit card number, email address, vehicle registration, land title deed, IP address, Cookie ID, Log File, etc. The following information is not considered personal data: business contact information that does not directly identify an individual, such as company name, company address, company registration number, work phone number, work email address, and group email addresses like info@company.co.th. Anonymous Data or Pseudonymous Data that has been technically processed to prevent personal identification, and beneficiary information, among others. 

“Sensitive Personal Data” refers to personal data that is genuinely related to an individual but is sensitive and may pose risks of unfair discrimination, such as race, ethnicity, political opinions, beliefs, religion or philosophy, sexual behavior, criminal record, health information, disabilities, labor union information, genetic information, biometric data, or other data as defined by the Personal Data Protection Committee.

“Data Subject” refers to an individual who is the owner of the personal data, excluding cases where the individual has ownership rights over the data or is the creator or collector of the data. The term specifically applies to natural persons and does not include “Juridical Persons,” such as companies, associations, foundations, or any other legally established organizations.

The Data Subject includes individuals falling into the following categories:

  1. Data Subject who has reached legal age:
    1.1 Individuals aged 20 years or older.
    1.2 Married individuals aged 17 years or older.
    1.3 Individuals married before the age of 17 with court approval.
    1.4 Minors whose legal representatives provide consent for engaging in commercial or other business activities, or for entering into employment contracts, in connection with business operations or hiring labor. In such cases, minors are considered to have a legal status similar to those who have reached legal age.

    It is important to note that a Data Subject who has reached legal age has the right to provide consent independently for any purposes.
    1. In obtaining any form of consent, it must be obtained from the legal guardian or person with parental authority who has the power to act on behalf of the minor.
    2. Data Subject as a Minor refers to an individual below the age of 20 who has not yet reached legal age, as defined in point
    3. Data Subject as a Person of Incapacity refers to an individual whom the court has deemed to be incapacitated due to physical or mental disabilities, erratic behavior, alcohol or substance dependence, or any similar condition that renders them incapable of independently performing tasks or managing affairs that may lead to the detriment of their own or their family’s property. In obtaining any form of consent, prior approval must be obtained from the authorized guardian acting on behalf of the person of incapacity.
    4. Data Subject as an Incapacitated Person refers to an individual whom the court has declared incapacitated due to severe mental disorders. In obtaining any form of consent, prior approval must be obtained from the legal representative with the authority to act on behalf of the incapacitated person.

    It is important to note that if consent is sought from a Data Subject in a manner not in compliance with personal data protection laws, such consent is not binding on the Data Subject.

 

  1. Source of Personal Data
    Generally, the office does not collect personal data unless in the following circumstances:
    2.1 The office obtains personal data directly from the Data Subject, and the data collection occurs during service-related processes, such as:
    (1) Service usage with the office, or the process of submitting requests for various rights to the office, e.g., receiving newsletters, job applications.
    (2) Voluntarily provided information by the Data Subject, such as responses to surveys or communications via email or other channels between the office and the Data Subject.
    (3) Data collected through the use of the office’s website via the Data Subject’s browser’s cookies and electronic transaction services.
    2.2 The office may receive personal data of the Data Subject from third parties, and the office believes in good faith that such third parties have the right to collect and disclose the personal data to the office.
  1. Purpose of Personal Data Processing
    The office utilizes lawful and fair means to collect, use, and disclose personal data, only storing the necessary information. The purposes of processing personal data include providing services, public relations, information dissemination, and gathering opinions of the Data Subject regarding the office’s operations or activities. All data processing is conducted in accordance with the law and is limited to the office’s operational needs or as required by law. If there are changes to the purposes, the office will inform the Data Subject and document the changes as evidence, ensuring compliance with personal data protection laws.
  1. Data Processing
    4.1 Data Collection
    The office will collect personal data in a limited and necessary manner, depending on the type of services used or provided by the Data Subject to the office. This includes activities such as registering for events, applying for various services, whether directly through the office or through the office’s information system. The collection of personal data will be limited to what is necessary.
    4.2 Use of Personal Data
    The office will use personal data for the purposes specified by the Data Subject when providing the data to the office. The data will be used appropriately, with security measures in place, and access to personal data will be controlled.
    4.3 Disclosure of Personal Data
    Generally, the office will not disclose personal data unless it is in line with the purposes specified by the Data Subject. For instance, personal data may be disclosed to fulfill a service requested by the Data Subject or comply with contractual obligations or legal requirements. In cases where the office needs to collect, use, or disclose additional personal data or change the purposes, the Data Subject will be informed unless the law requires or permits otherwise.
  1. Data Retention Period
    The office will retain personal data for as long as necessary for processing. Once this period has elapsed, the office will proceed to destroy the personal data.
  1. Rights of the Data Subject
    The consent provided by the Data Subject for the collection, use, and disclosure of personal data will remain valid until the Data Subject withdraws their consent in writing. The Data Subject has the right to withdraw consent or suspend the use or disclosure of personal data for any specific activities or all activities of the office. This can be done by submitting a written request to the office or via email at supportit@gistda.or.th.
    In addition to the above-mentioned rights, the Data Subject also has the following rights:
    (1) Right to Withdraw Consent
    The Data Subject has the right to withdraw consent for the processing of personal data given to the office at any time during the period when their personal data is with the office.
    (2) Right of Access
    The Data Subject has the right to access their personal data and request the office to provide a copy of the personal data, including disclosing the sources of personal data that the Data Subject did not provide consent to.
    (3) Right to Rectification
    The Data Subject has the right to request the office to correct inaccurate or incomplete personal data.
    (4) Right to Erasure
    The Data Subject has the right to request the office to delete their personal data under certain circumstances.
    (5) Right to Restriction of Processing
    The Data Subject has the right to restrict the processing of their personal data under certain circumstances.
    (6) Right to Data Portability
    The Data Subject has the right to request the office to transfer their personal data, which the Data Subject provided to the office, to another data controller or to themselves under certain circumstances.
    (7) Right to Object
    The Data Subject has the right to object to the processing of their personal data under certain circumstances. The office respects the decision to withdraw consent by the Data Subject. However, the office informs the Data Subject that there may be limitations on the right to withdraw consent under the law or contract that provides benefits to the Data Subject. The withdrawal of consent does not affect the collection, use, or disclosure of personal data that the Data Subject has already consented to.
  1. Data Security Measures
    The office has implemented appropriate security measures to prevent unauthorized access, use, alteration, correction, or disclosure of personal data without authority or consent. Additionally, the office has established internal practices to define the rights of accessing or using personal data by the Data Subject, aiming to maintain the confidentiality and security of data. The office conducts periodic reviews of these measures for their appropriateness.
  1. Use of Cookies
    “Cookies” refer to small pieces of data that a website sends and stores on the Data Subject’s device when they visit the website. This helps the website remember the Data Subject’s preferences, such as language preferences, user settings, or other configurations, during subsequent visits. The website can recognize that the user has visited before and adjust settings as specified by the Data Subject until the Data Subject deletes or refuses the cookies. The Data Subject may choose to accept or reject cookies. In cases where cookies are rejected or deleted, the website may not be able to provide services or display information accurately.
  1. Update of Personal Data Protection Policy
    The office may make revisions or amendments to the Personal Data Protection Policy without prior notice to the Data Subject for the sake of appropriateness and efficiency in service delivery. Therefore, the office recommends that the Data Subject read the Personal Data Protection Policy every time they visit or use services from the office or the office’s website.
  1. Compliance with the Personal Data Protection Policy and Contacting the Office
    In the event that the Data Subject has concerns or suggestions regarding the Personal Data Protection Policy or compliance with this policy, the office is willing to address inquiries and listen to suggestions for the benefit of improving the Personal Data Protection Policy and the office’s services. The Data Subject can contact the office at info@gistda.or.th or at the address provided below:

Geo-Informatics and Space Technology Development Agency (Public Organization)

120 THE GOVERNMENT COMPLEX COMMEMORATING HIS MAJESTY THE KING’S 80 TH BIRTHDAY ANNIVERSARY, 5TH DECEMBER, B.E.2550(2007) RATTHAPRASASANABHAKTI BUILDING 6TH AND 7TH FLOOR, CHAENG WATTANA ROAD, LAK SI BANGKOK 10210, THAILAND

1 Civil and Commercial Code, Section 19: A person is considered to have reached legal age and is exempt from being a minor when they reach the age of twenty years.

2 Civil and Commercial Code, Section 1448: Marriage can take place when both the man and woman have reached the age of seventeen. However, in cases deemed appropriate, the court may grant permission for marriage before that age.

3 Civil and Commercial Code, Section 27, in conjunction with the Personal Data Protection Act B.E. 2562, Section 20: According to the Civil and Commercial Code, Section 27, a legal representative may give consent on behalf of a minor to engage in commercial activities or contracts of employment. If a legal representative refuses consent without reasonable cause, the minor may petition the court for permission to engage in business or employment. In such cases, the court may grant permission if the minor’s interests are safeguarded. The legal representative may revoke the consent given to the minor, and in cases where the court has granted permission, the legal representative may request the court to withdraw such permission. Revocation of consent by the legal representative or withdrawal of permission by the court shall terminate the status of the minor as if they had reached legal age, but it shall not affect any actions taken by the minor before the consent was revoked or permission was withdrawn. The Personal Data Protection Act B.E. 2562, Section 20, reserves the rights of minors, who are not yet of legal age due to marriage or equivalent status according to Section 27 of the Civil and Commercial Code, to request consent from their data owners to proceed as follows: 

(1) In cases where the consent of a minor is not obtained in accordance with the provisions of Sections 22, 23, or 24 of the Civil and Commercial Code, approval must be obtained from the legal guardian who has the authority to act on behalf of the minor.

(2) If the minor is under the age of ten, consent must be sought from the legal guardian with the authority to act on behalf of the minor. In cases where the data subject is incapacitated, consent must be obtained from the legal representative. If the data subject is incapacitated or of similar status, consent must be sought from the data owner, and if the data owner is incapacitated, consent must be obtained from the representative authorized to act on behalf of the incapacitated person. In such cases, the rights of the data subject, guardian, or representative under this law, including the right to withdraw consent, file complaints, and other rights, shall be exercised as appropriate.

4 Civil and Commercial Code, Section 32: Individuals with disabilities, mental disorders, incompetence, or those who behave recklessly or become addicted to intoxicants, causing harm to their own property or family, may request the court to declare them incapacitated. The court may appoint a guardian according to the provisions of Section 5 of this law. The appointment of a guardian shall be in accordance with the regulations specified in Section 5 of this law.

5 Civil and Commercial Code, Section 28: A person with juristic act capacity, such as a spouse, ascendant, descendant, adopted child, or guardian, may request the court to declare a person of impaired juristic act capacity, such as an insane or recklessly behaving person, incapacitated. The court may then appoint a guardian for the incapacitated person, and the provisions regarding the appointment, powers, and termination of the guardian’s authority shall be in accordance with Section 5 of this law. The court’s order under this section shall be announced in the Government Gazette.

Space Affairs Promotion And Services Center (SAPASC) collect data research network and aerospace services of Thai aerospace industry by the Geo-Informatics and Space Technology Development Agency (GISTDA) 

Facebook Youtube Twitter Tiktok

Sitemap

Contact us

Get in touch

Copyright 2022 Spacetech All Rights Reserved. Website Design by Ario Marketing