Pursuant to the Personal Data Protection Act, B.E. 2562 (2019), King Mongkut’s University of Technology Thonburi (KMUTT) hereby establishes the present KMUTT Applicant Privacy Policy to provide details on the collection, use and disclosure of personal data of applicants seeking admission to KMUTT’s study programs. This policy is consistent with the University’s scope and objectives of operations and can be revised at any time. Applicants shall be notified of any policy revision through appropriate communications media.
In this policy,
“University” means King Mongkut’s University of Technology Thonburi.
“Personal Data” means any data related to an applicant that could, directly or indirectly, identify the applicant.
“Personal data processing” means any operation carried out by the University on applicant’s personal data including the collection, use, storage, disclosure and erasure of personal data.
“Applicant” means a person of Thai or foreign nationality who possesses the characteristics and educational qualifications as prescribed by the University, who applies for an undergraduate, graduate, certificate or training program or enrolls in courses and subjects at the University;
“Website” means any website, admission system and/or software application whose services are provided by the University.
“Cookies” mean small files that store data by recording them on a computer or selected web browser. “Cookies” assist web browser in directing users to contents in various sections of a website for ease of browsing.
This privacy policy shall apply to the enforcement of user registration, admission application and access to the contents, features, technologies or functions contained in our websites as well as to existing and future software applications. All applicants must read this policy and other personal data protection policies that are specific and relevant to their application where additional data may be collected. They should also study details of the policies in order to understand how the University collects and uses their personal data.

Once applicants gain access to relevant websites and software applications and apply for user registration and admission to the University’s study program, they shall have the rights to pay an application fee, attend an entrance examination/interview, and subsequently be admitted and pay admission acceptance confirmation fees. The provided personal data shall form the basis for the University’s application and admission processes or public relations contacts, and shall be further used for statistical processing and analysis of the University’s services.
The following personal data shall be collected and stored:

• Personal data such as applicant’s national identity card number, passport number, title, first-last names, gender, date of birth, age, nationality and special ability, etc.
• Educational background: applicant’s educational institution name, educational qualification, field of study/study plan, study status (studying or graduated) cumulative grade point average, O-Net scores, research title, thesis advisor and academic publication details, etc.
• Contact information: applicant’s current address, telephone number, e-mail address, and guardian’s personal data such as parents’ first and last names and telephone number (for undergraduate program applicants only).
• Work experience: applicant’s occupation, position, office, office telephone number as well as work/research experiences (for graduate program applicants only).

The University will use and disclose applicable applicant’s personal data for the execution of its objectives as follows:

• Applicant’s personal data shall be used to the extent necessary for processing purposes only. The University shall collect applicant’s personal data and “cookies” from the applicant’s initial access to its websites and software applications for user registration public relations purposes, news and information, including announcements of lists of eligible applicants for payment of the application fee, written examination/interview, lists of eligible candidates for admission offer and payment of admission offer confirmation fee.
• The University certifies that it will not use applicant’s personal data for any benefits other than those permitted by the University’s operational scope and objectives or disclose them to a third party, except with the data subject’s permission.
• It may be necessary for the University to allow a third party (whether within or outside the University) to access and use applicant’s personal data for data processing, educational qualification verification or criminal record check purposes. For example, a transmission of applicants’ and selected candidates’ personal data to the Thai University Center Admission System (TCAS), under the Council of University Presidents of Thailand, for data verification of candidates who confirmed KMUTT’s admission offer.

In the event that the University uses or transmits applicant’s personal data to a third party outside the University, only the necessary or the least amount of data shall be used or transmitted. Anonymization and pseudonymization techniques may be considered for data security. A third party who processes personal data on behalf of the University must provide appropriate measures for the protection of personal data that are consistent with this privacy policy. The University will not allow the third party to use the personal data for any purpose other than those prescribed by the University.

The university recognizes the importance of applicant’s personal data protection and has appropriate security measures in place to prevent unauthorized or unlawful loss, access, destruction, use, alteration, correction or disclosure of personal data as prescribed in the University’s information technology security policy and guidelines.

The University shall send “cookie” data to applicants via a web browser. Once the “cookie” data have been installed in an applicant’s computer system, they will enable the University’s website to record or remember the applicant’s data until the applicants leave the website’s search program and delete or disable the “cookies”.
Using “cookies” will allow more convenience of web browsing as they will remember the sites that you have previously visited. The University shall use the data recorded or collected by “cookies” for its statistical analysis or activities and for the improving of its service quality.

The University will collect and retain applicant’s personal data only for the period required to carry out its objectives and to perform the University’s vital legal, financial and accounting, monitoring, and auditing operations under the applicable laws.

Applicants shall have the following rights over their personal data:

• Right of Access. Applicants have the right to obtain a copy of their personal data in order to check whether the University’s processing of their personal data is lawful or not.
• Right to Data Portability. In the event that the University has applicant’s personal data processed in a machine-readable format by automated means and the personal data can be used or disclosed by automated means, applicants can:
  • request to have the University send or transmit their personal data to another entity by automated means;
  • request for a copy of the personal data that the University directly sent or transmitted to another entity, unless such request is not technically possible.
• Right to Object. Applicants can object to the University’s processing of their personal data when it is done for the following purposes:
  • for the performance of the University’s public tasks or legitimate interests;
  • for the University’s direct marketing purposes;
  • for the University’s objectives relating to scientific or historical research or statistical purposes unless such task is essential for the performance of the University in the public interest.
• Right to Erasure. Applicants can request the University to delete, destroy or anonymize their personal data in the following cases:
  • when the processing of personal data is no longer necessary;
  • when an applicant withdraws his or her consent to the processing of personal data and the University no longer has the legal power to continue processing the personal data;
  • when an applicant has submitted his or her objection to the processing of personal data;
  • when there is unlawful processing of applicant’s personal data.
• Right to Restrict Processing. Applicants can request for a suspension of personal data use in the following cases:
  • when the University is investigating applicant’s personal data rectification request;
  • when the personal data need to be erased or destroyed, but an applicant instead requests for a suspension of his or her personal data use;
  • when it is no longer necessary to keep applicant’s personal data for the original processing objectives, but an applicant needs to keep them for the establishment, exercising or defense of his or her legal claims.
  • when the University is investigating or verifying the applicant’s objection request.
• Right to Rectification. Applicants can request to have inaccurate, incomplete or outdated personal data rectified when the applicant found them to be inaccurate, incomplete or outdated and the University cannot verify and correct such data on its own.

Under certain circumstances, the University may not be able to comply with an applicant’s request, such as when the University is required to comply with its legal or contractual obligations. In the event that an applicant has given his or her consent to the processing of personal data, he/she can withdraw the consent at any time by sending an e-mail to the relevant office(s). In such case, the University shall cease processing the applicant’s personal data as soon as possible. However, the withdrawal of consent shall not affect the lawfulness of processing based on applicant’s consent before its withdrawal.

Applicants should be informed that the University shall record activities related to the processing of their personal data request in order to provide solutions to such problems. For any inquiries regarding details of the University’s personal data protection practices, applicants can get more information from KMUTT Personal Data Protection Guideline at https://admission.kmutt.ac.th.

If applicants wish to exercise any of the above-mentioned rights or to file any complaint on the University’s personal data processing practices, please send an email to admission@kmutt.ac.th. The University shall promptly process the applicant’s request pursuant to the provisions of applicable law. Applicants can file a complaint about breaches of personal data protection to the Personal Data Protection Office.

The University reserves the right to review and revise this privacy policy as it deems appropriate. Applicants shall be periodically notified about substantial policy changes and receive reminders of specific personal data processing practices.

In case of any questions, suggestions or complaints about this privacy policy or its compliance, the University is most willing to address them for further improvement of our services. You can contact the University at the address given below.