To ensure your privacy and safeguard your personal data, SISB Public Company Limited developed this Privacy Notice to set the effective and suitable management measures relating to collection, use, or disclosure of the personal data in accordance with the international standard under the framework of the laws on personal data protection.
“The Law on personal data protection” means the Personal Data Protection Act B.E. 2562 (2019) including regulation, rule, notification pursuant to the Personal Data Protection Act B.E. 2562 (2019) issued by Personal Data Protection Committee or other authorised authorities. This also covers any other laws relating to the personal data protection or any other laws that are required to be applied to the Personal Data Protection Act B.E. 2562 (2019) or regulation, rule or notification pursuant to the Personal Data Protection Act B.E. 2562 (2019).
“Personal data” means any information relating to a person that makes it possible to directly or indirectly identify that person, but not including the data of the deceased in particular.
“Data Controller” means person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.
“Data Processor” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the order by or on behalf of a Data Controller, whereby such person or juristic person is not the Data Controller.
“Sensitive data” means any Personal Data pertaining to race, religion, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disability, labor union information, genetic data, biometric data, or any data which may affect the data subject in the same manner, as prescribed under the Personal Data Protection Act B.E. 2562 (2019).
“Processing” or “process” means the collection, use, or disclosure of the personal data.
“Cookies” mean small files stored on a desktop, laptop or mobile device by websites visited by a user that help identify whether there has been any contact between the user’s device and our websites as well as what language or other settings the user prefers.
Scope of application
This Policy covers the entire processing of personal data performed by us for personal data of the following individuals:
Students, who may be current, alumni or future students;
Parents or a person who has a parental responsibility;
Managing directors, authorised person to act on behalf of juristic persons, authorised representatives of SISB;
Staff, employees, officers, and personnel who currently work with SISB, including those who had worked or wish to work with SISB in the future, regardless of whether the contracts made with SISB were for permanent or temporary employment;
Shareholders, either juristic representatives or ordinary persons who obtain, hold, or transfer shares of SISB;
Managing directors authorised to act on behalf of juristic persons;
Probationers, and interns;
Vendors, suppliers, contracting parties who are natural persons or representatives of juristic persons;
Persons who have participated in SISB's activities or activities that SISB collaborated with other organisations and whose personal data were processed;
Any other persons who are the co-owners of personal data with the persons specified in (2.1) - (2.10) and whose personal data are processed by SISB.
This policy also applies to the processing of personal data on website pages, applications, mobile applications or any other means of personal data processed by SISB.
Purposes of collecting personal data
The purposes and use of the personal data collected are as follow:
To undertake and manage the school admissions and enrolment.
To provide a safe and secure learning environment.
To provide our educational services and other related services such as school activities arrangement, registration, food preparation, and medicine requirements
To verify a student’s academic status and other information.
To communicate to parents, students, alumni including the use of newsletters and information about events or activities.
To do marketing and promote our schools via online and offline channels.
To communicate with analyst/fund managers and investors
For school administration and operation.
For forecasting and planning for education service provision.
For statistical and research purposes.
For accounting, audit, finance, and tax purposes.
For alumni activities.
To enter into and comply with a contract between SISB and the data subject such as entering into job application and internship application, checking work experience, etc.
To check work experience from reference persons, job interview, entering into employment contract, providing welfare to staff for complying with contract.
To adhere to legal requirement relating to the operation of SISB such as claiming medical reimbursement of insured person with the Social Security Office, Work Permit extension, Visa extension, data storage for Withholding Tax purposes, VAT or Specific Business Tax collection, submission of staff list according to the law on labour protection and labour relations, etc.
To disclose and transfer the personal data to the group companies, SISB’s partners, service providers, contractors or to third country.
To manage human resource, evaluate the performance of the staff, record the exercise of rights related to work, such as absence, all types of leave of SISB, the action relating to the Social Security, Social Security Fund, probation, reassignment, annual medical extermination, staff’s performance evaluation, payroll, entry and exit record, preparation of training, promotion, participation of SISB’s activities, preparation of personal record and receiving welfare of SISB record.
To examine, analyse and prepare required documents for agencies or other relevant organisations or other organisations that may relate to the operation of SISB.
To exercise a right in legal claims or defend in the context of contract or judicial proceedings.
To manage the access of restricted area, to enable people to access area and/or the system set by SISB.
To develop and upgrade the website or application or platform which is the channel for reaching and having interaction with students and parents.
To provide child protection, safeguarding, and healthcare.
To collect the data of the data subject in case of requesting to exercise the rights under the law on personal data protection.
To prepare historical documents or archival materials for public interests or for purposes related to studies, research or statistics.
To prevent or restrain any harm to your life, body or health.
To perform a task carried out in the public interest by SISB, or when it is necessary for the exercising of official authority vested in SISB.
For the purposes of legitimate interests pursued by SISB or by third parties or by other juristic persons, except where such interests are overridden by the fundamental rights and freedoms of data subject.
To facilitate and provide services to a person who visits the school.
To manage the personal data for medical, healthcare, including public interest in public health such as protecting or preventing against epidemic, pandemic, or cross-border dangerous contagious decease.
To manage events organised by SISB or by third parties
In case, the data subject withdraws his/her consent or does not provide personal data to SISB, this may cause damage and/or loss to the data subject in respect of an employment or the performance of contract. Also, it may cause the failure to comply with laws and may result in further legal action to the data subject and SISB.
The Personal data we may collect
Personal details: title, name, surname, national ID, date of birth, age, gender, place of birth, weight, height, student ID, copy of house registration class, grade, marital status, nationality, passport number, details on social networks, photo, voice/video recordings, signature, handwriting, occupation, location/ geographic coordinate, driver’s licence, military status, leisure activities/ interests.
Educational information: tuition and extracurricular accounts, attendance and non-attendance records, exam details and results, curricular activities, performance and educational needs reports, incident reports involving pupils or students, graduate certificate, educational background, section/level/class name, language ability, entering level, academic information, school achievements, education material fee, snack & lunch fee, boarding, boarding academy, counselling records.
Contact information: E-mail, emergency contact, private address, private telephone number, reference person.
Information relating to a user profile: IP address, transaction details, Mac address.
Financial information: account name, bank account, financial transaction movement, tax identification number.
Information relating to jobs/ employment: Previous/ recent job or position, departments, transcripts, employment ID, reference, employment records, licence for professional practice, working place, salary, income, benefits/ welfare information, employment reference letters, staff badge ID, employee performance.
Sensitive/ Special Data: criminal records, special educational needs records and dietary requirements, religion, fingerprints, medical records/certificate, disabilities records, blood type/blood group, current health issues, certification of immunisation, history of illness, allergies, oral health examination report, symptoms, recording of incidents.
Others: sports teams and positions of responsibility, Membership of any clubs and societies within the school, event attendance and work experience placements, activity log such as log file, a contact person who drops/picks up the child from school, car licence plate number, counselling records, travel history, residential status.
We may need to collect sensitive data such as religion, health and disability information that is important to your benefit from you by asking you to disclose such data either in document or electronic format. You are entitled to decide whether or not to grant consent to disclose the sensitive data as your intention. If necessary, we would inform you that collecting the sensitive data is necessary in this case, especially when it is for your own benefit such as preparation of food or a suitable place, provision of benefit and welfare, or medical treatment.
How we collect personal data
The ways we collect it can be categorised as follows:
Data you provide
We may collect the personal data that you provide directly to us including a number of paper or electronic forms such as application for school administration form, job application form, school activity sign-up form, and survey. We will seek explicit consent from data subjects prior to or at the time of collection of personal data. If obtaining consent in such format is not possible, we may seek your consent in other ways, e.g. verbal consent through an automatic voice recording system.
Data we collect automatically
We may collect your personal data automatically via cookies, for example: the date and duration of your visit, and information from the device you used during your visit (e.g. device type, operating system, screen resolution, language, location and browser type). This information helps us identify whether there has been any contact between your device and our website as well as what language or other settings you prefer.
Data we collect from third parties
We may collect your personal data from third parties such as agencies (including governmental/regulatory bodies), social media sites (including but not limited to Facebook, Twitter, LinkedIn, or Instagram), online platforms of third parties or other publicly available information resources, service providers, consultants, or business partners. In these cases, we will notify data subject without delay, but not more than 30 (thirty) days from the date we collect personal data from such sources, and request consent to collect the personal data from the data subject, unless there are exceptions under the Law on personal data protection from the need to request consent from or notify the data subject.
Collection of personal data without consent
We may collect your personal data without your prior consent in the following cases:
To prepare historical documents or archival materials for public interests or for purposes related to studies, research or statistics. We shall implement appropriate measures to protect your rights and freedoms. In doing so, we shall proceed under applicable laws and in accordance with announcements set forth by the Personal Data Protection Committee.
To prevent or restrain any harm to your life, body or health.
To comply with a contract which the data subject is a party or in order to take steps requested by the data subject prior to entering into a contract.
To carry out duties in the public interest or perform duties exercising state power assigned to us.
For the purposes of legitimate interests pursued by us or by third parties or by other juristic persons, except where such interests are overridden by the fundamental rights and freedoms of data subject.
To comply with laws.
Storage location of personal data
All personal data may be stored in our database systems (which may be located within or outside the jurisdiction in which the personal data was collected) and online portals and will form part of the applicant’s official student records. It may also be stored in online student resources. In this connection, we will ensure that your personal data are adequately protected in accordance with PDPA.
Usage of Personal data
Only the authorized person as specified by us or as required by law will be able to access and use the personal data collected by us. We will set measures for accessing and using data in each type, situation, specific event or position in order to prevent damage or breach of the data subject’s rights and keep it confidential.
Disclosure and transfer of personal data
If you choose to make an application or send us an email for which you provide us with personally identifiable data, we may share necessary data with our affiliates, other agencies in Thailand or overseas to achieve the purposes described in this Policy as mutually agreed, taking into account adequate standard of personal data protection under the framework set out in the law on personal data protection.
We may disclose some of the data to third parties such as agencies (including governmental/regulatory bodies), service providers (including insurance providers, security/medical service providers and third-party activity organisers) and contractors appointed by us (whether within or outside the jurisdiction in which the personal data was collected) to undertake some of our academic, pastoral, extra-curricular and administrative functions. This includes transferring data between affiliates. We will not disclose any personal data to any external bodies or organisations unless:
such disclosure is expressly provided for under this Policy;
permitted to do so by the student or his/her parent/guardian; and/or
permitted or required by laws.
We provide cookies to suit your usage and have developed cookies to make our website system more efficient. Each type of cookies we use on our website is created for different purposes as follows:
Necessary Cookies are necessary for the use of basic operations of website such as encoding, user website browsing, etc. Without this type of cookie, the website cannot operate appropriately.
Statistic Cookies enable us to record statistical information of users’ behaviours on our website through processing of unidentifiable data.
Marketing Cookies are designed for advertising and marketing purposes which may track visitors using our website.
Unclassified Cookies are cookies that we are in the process of classifying. This is because it cannot be identified as a type of cookies.
The types of cookies we use can be also classified into first-party cookies and third-party cookies. The first-party cookies refer to cookies made by our website and it is readable from our website system. For third-party cookies, they are created by an organisation, agency, company or a third party whose service is used by us. For example, we may use the service to create and send advertisements, display of images and sound or video or analytics services, etc. Thus, when you visit our website, you may find content from other sources embedded in our web pages. Those websites set their own cookies which are out of our scope.
The length of time that cookies are stored depends on the type of cookie storage. For session cookies, the data will be stored only when a user has visited the website and the website will stop recording your personal data when the browser is closed. These types of cookies will not be stored on your devices. For other types of cookies, your personal data will be stored even though the browser is closed. Nevertheless, you have the right to delete such cookies at any time.
Microsoft Internet Explorer
iPhone or iPad (Chrome)
iPhone or iPad (Safari)
Social plugins and security measures
We use what are known as social plugins (hereinafter referred to as buttons) of social networks such as but not limited to Facebook, YouTube and Line. During your visit to our website, these buttons are deactivated as standard, i.e. without any action on your part they do not send any data to the respective social networks. Before you can use the buttons, you must activate them with a click. The button remains active until you deactivate it again or delete your cookies.
Following activation, a direct link with the server of the respective social network is established. The content of the button is then transferred directly from the social networks to your browser and integrated into the website by it. Following activation of a button the respective social network can already collect data, irrespective of whether you interact with the button. If you are logged-in to a social network, it can match your visit to this website with your user account. If you are a member of a social network and do not want it to link the data collected during your visit to our website with your stored membership data, you must log out of the respective social network before activating the buttons. We have no influence on the extent of the data which are collected by the social networks with their buttons. For information on the purpose and extent of data capture and the further processing and use of data by the respective social networks, as well as your rights in this regard and setting options for the protection of your personal privacy, please refer to the data protection information of the social networks in question.
We employ high-standard security measures both in terms of technology and procedures to prevent the theft of confidential information. To ensure the security of your information, we have installed our computer system with the following features:
Firewall: Double Firewall Protection has been utilised to protect our system as well as your information from access to the system or information by unauthorised persons.
Intrusion Detection: Intrusion detection software is installed to enable us to examine any suspicious activity and be immediately alerted of any intrusion.
Virus Scanning: Virus Scanning Software has been installed on our system to efficiently protect our system, and such Virus Scanning Software will be regularly updated.
Period for personal data retention
We will retain Personal Data with the following period:
In the event that there is a law specifying a specific retention period, we will keep Personal Data in accordance with such timeframe, for example, the Private School Act B.E. 2525 (1982), the Revenue Code, Accounting Act B.E. 2543 (2000), Labor Protection Act B.E. 2541 (1998), Cybersecurity Act, B.E. 2562 (2019), and etc.
In the event that the law does not specify a specific period for retaining the Personal Data, we will set the retention period as necessary for our operations.
After the above retention period, we will delete, destroy or make the Personal Data unidentifiable.
Personal data security
We have established appropriate organisational measures, technique, and management to prevent the unauthorised destruction, loss of, access to, and the use, modification, or disclosure of personal data under our control. However, it is understandable that the transfer of data over the internet or storage system is not completely secure. For this reason, we will continue to develop our security system in line with current technology.
Rights of personal data subjects
Right to withdraw consent: You have the right to revoke your consent that you have given to us. Withdrawing consent may affect the actions you have taken with us and you may not receive beneficial rights or services from us. However, the withdrawal of consent will not affect the processing of personal data for which you have lawfully given consent.
Right to access: You have the right to access your personal data and request us to make a copy of such data, including the right to ask us to disclose any acquisitions of your personal data that are under our responsibility. To this request, we may charge a reasonable fee based on administrative costs, as permitted by laws.
Right to restriction: You have the right to request us to restrict the use of your personal data.
Right to data portability: You have the right to obtain your personal data from us. Such personal data shall be in a structured, commonly used and machine-readable format and can be used or disclosed with automated means. In addition, you have the right to request us to transfer such personal data to other data controllers through automated means, and the right to have the personal data transmitted directly from us to other data controllers, where technically feasible.
Right to object: You have the right to object to the processing of your personal data that are under our control. By exercising the right to object, you may not receive beneficial rights or services from us. However, the exercising of the right to object will not affect the processing of personal data for which you have lawfully given consent.
Right to be forgotten: You have the right to request us to delete or destroy your personal data or make your personal data anonymous by deleting the personal data. Deleting personal data may affect the actions you have taken with us and you may not receive beneficial rights or services from us. However, the exercising of the right to be forgotten will not affect the processing of personal data for which you have lawfully given consent.
Right to rectification: You have the right to request us to rectify incorrect, outdated, misleading or incomplete data.
Right to lodge a complaint: In the event that you are aware of a breach of the personal data protection law, you have the right to file a complaint with the Personal Data Protection Committee immediately.
Policy review and improvement
We may update this Policy from time to time to comply with applicable laws or regulations. If we make any material change to this Policy, we will notify you of such changes through our website and, where appropriate, through email notification. If necessary, we will request consent from the data subject related to such change.
Please contact us at:
Data Protection Officer (DPO)
SISB Public Company Limited
498/12 Soi Ramkhamhaeng 39 (Tepleela 1) Wangthonglang Bangkok 10310 - Thailand
Contact number: +66 2158 9090
Please feel free to contact us if you have any enquiries or feedback on our data protection policies and procedures or exercising your rights.