National Science Museum Thailand (NSM) has set a higher level for the retention of personal data and compliance with the Personal Data Protection Act. Appropriate security measures will be provided. NSM, therefore, has been developed Data Protection Policy following the criteria as shown below.
"NSM" means National Science Museum Thailand. "Person" means an individual "Personal Data" means information about a person that enables the identification of that person, whether directly or indirectly, but does not include information of the deceased, such as first name, last name, nickname, address, phone number, national ID number, passport number, social security card number, driver's license number, tax identification number, bank account number, credit card number, email, vehicle registration plate, title deed, IP address, cookie ID, log file, etc. Nonetheless, data that does not identify an individual as a person is not considered personal information, such as company name, company address, company registration number, work phone number, work email address, group of company email such as info@company.co.th, anonymous data or hidden information that cannot be personally identified by technical means (pseudonym information), information of the deceased, etc. Sensitive Personal Data" denotes information that is inherently personal to an individual but is sensitive and susceptible to potential unfair discrimination. Such as race, ethnicity, political opinions, ideological, religious or philosophical beliefs, sexual behavior, criminal record, health information, disability, trade union information, genetic information, biometric data or any other information that affects the personal data subject in the same manner as announced by the Personal Data Protection Committee. “Data Subject” refers to the individual who possesses the personal data. Data subjects refer only to natural persons and do not include "legal entities" as defined by law including companies, associations, foundations or any other organizations. "Data Controller" means a person or juristic person who has the authority and duties to make decisions regarding the collection, use or disclosure of personal data. "Data Processor" means a person or entity who collects, uses or discloses personal data in accordance with the order or on behalf of the data controller.
Generally, NSM does not collect personal data except in the following cases: 2.1 NSM directly obtains personal data from the data subject. This personal data is collected from the following service processes: (1) Procedures for using services with NSM or the process of submitting an application to exercise various rights with NSM, such as receiving information, requesting access to local services or applying for a job. (2) Voluntary collection of data by the personal data subject, such as conducting surveys or replies by email or other communication channels between NSM and the personal data subject. (3) Collection of information from the use of NSM's website through cookies of the personal data subject's browser and the use of electronic transaction services. 2.2 NSM receives personal data of data subjects from third parties. NSM holds the belief in good faith that these third parties are entitled to gather personal data of the data subject and disclose it to NSM.
NSM utilizes lawful and ethical methods for collecting, utilizing, and disclosing personal data, only as necessary, to facilitate services, communication, or dissemination of various information, including conducting opinions surveys of the data subjects regarding the organization's operations or activities, solely for the purpose of the organization's operations or as required by law. Any changes in these purposes will be communicated to the data subjects, documented for evidence, and complied with in accordance with data protection laws.
4.1 Data Collection: NSM will collect personal data to the extent necessary, depending on the type of service the data subject utilizes or provides personal data to NSM. This may include registering for events, signing up for various services both directly with NSM and through the NSM's information systems, with the collection limited to what is necessary. 4.2 Use of Personal Data: NSM will use personal data for the purposes provided by the data subject to NSM, employing appropriate security measures and access controls. 4.3. Disclosure of Personal Data: Generally, NSM will not disclose personal data unless for the purposes specified by the data subject, such as providing services requested by the data subject, fulfilling contractual obligations, or as required by law. In cases where NSM needs to collect, use, or disclose additional personal data or modify the purposes of collection, usage, or disclosure, NSM will inform the data subject before proceeding, unless legally required or permitted otherwise.
NSM will retain personal data only for as long as necessary for processing purposes. Once this period has gone by, NSM will proceed to destroy the personal data.
NSM has a lawful right to process the data. Unless the Data Subject withdraws written consent, the collection, use, and disclosure of that personal information is still legal to use. However, the Data Subject can decide not to continue disclosed their personal data by written notice or by email to the NSM at info@nsm.or.th The Data Subject has the right to: 1. Right to withdraw consent: The data subject has the right to withdraw consent for the processing of their personal data provided to NSM throughout the duration their personal data is with NSM. 2. Right of Access: The data subject has the right to access their personal data and request NSM to provide copies of such personal data, including requesting NSM to disclose any personal data obtained without the data subject's consent. 3. Right to rectification: The data subject has the right to request NSM to correct inaccurate personal data or supplement incomplete personal data. 4. Right to erasure: The data subject has the right to request NSM to delete their personal data under certain circumstances. 5. Right to restriction of processing: The data subject has the right to request NSM to restrict the processing of their personal data under certain circumstances. 6. Right to data portability: The data subject has the right to request NSM to transfer their personal data, which has been provided to NSM, to another data controller or to themselves under certain circumstances. 7. Right to object: The data subject has the right to object to the processing of their personal data under certain circumstances. NSM respects the data subject's decision to withdraw consent; however, NSM informs the data subject that there may be limitations to the right of withdrawal under law or contract benefiting the data subject. Withdrawal of consent does not affect the lawfulness of processing personal data based on prior consent given by the data subject.
NSM has implemented appropriate security measures to prevent unauthorized access, usage, alteration, modification, or disclosure of personal data. Additionally, NSM has established internal policies to define the rights to access or use personal data of the data subjects in order to maintain the confidentiality and security of the data. Periodic reviews of these measures will be conducted by NSM to ensure their appropriateness.
Cookies refer to small pieces of data that websites send and store with the owner of the personal data who visits the website. They help the website remember the visitor's preferences, such as their preferred language, system users, or other settings. When the owner of the personal data visits the website again, the website remembers that they are a returning user and adjusts settings according to the owner's preferences until the owner deletes the cookies or refuses to allow them to work further. The owner of the personal data can choose to accept or decline cookies. If they choose not to accept or delete cookies, the website may not be able to provide services or display information accurately.
To make sure our service remains suitable and efficient, NSM may update or adjust the Personal Data Protection Policy without prior notice to the Data Subject. The Data Subject agrees to review the NSM Personal Data Protection Policy each time they visit or use a service through the NSM website.
If you have any questions about this Privacy Policy or any inquiry to assert your rights concerning the processing of your Personal Data, please contact us at: Data Protection Officer Email: Info@nsm.or.th Address: National Science Museum Thailand 39 Moo 3, Khlong Ha, Khlong Luang, Pathum Thani 12120 Phone: (+66) 02 577 9999 Website: WWW.NSM.OR.TH