Chulalongkorn University (hereinafter referred to as “we) fully realizes the importance of personal data and has therefore prepared a policy for personal data protection for Chulalongkorn University’s students and staff, outsiders and users (hereinafter referred to collectively as “users) of websites, online platforms and other types of online social media of Chulalongkorn University or other agencies of Chulalongkorn University that take part in the management (hereinafter referred to as “our online media), the details of which are as follow:

1. Scope and objectives of this policy

This document serves as a policy of personal data protection for our online media users with Chulalongkorn University in charge of personal data control in accordance with the Personal Data Protection Act B.E. 2562 (2019) along with the explanation that the University processes.  It makes use of the personal data of the users within the scope and objectives of our online media data processing.   

Contact the Personal Data Control at

Chulalongkorn University

254 Phayathai Road,
Wang Mai Subdistrict, Pathumwan District,
Bangkok 10330 

Telephone:  +66 2218 3377

This policy applies to Chulalongkorn University’s students and staff, outsiders and users for activities related to data processing on our online media.

  • “Students” refer to Chulalongkorn University students at the undergraduate and graduate levels and this also includes exchange students from foreign universities who have data posted on the website.  
  • “Staff” refers to Chulalongkorn University staff, personnel and faculty according to the division they are affiliated with who have data posted on the website.  
  • “Outsiders” refer toother individuals who are not Chulalongkorn University students and personnel who have data posted on the website.  
  • “Users” refer to individuals who have access to websites, online platforms and other online social media channels of Chulalongkorn University or of those agencies of the University that are responsible in the management.  

In this policy the following terms will be used:

  • Processing” refers to any of the operations by Chulalongkorn University toward personal data of Chulalongkorn University’s students and staff, outsiders and users which include the compilation, usage, storage, disclosure and erasure of personal data.  
  • Processing base” refers to that which necessitates the processing of personal data according to articles 24 and 26 of the Personal Data Protection Act B.E. 2562 (2019).   

2. Who are the persons whose personal data we can process?

We are able to process the personal data as follow:

  • Identity data such as first and last names, academic titles, photographs of persons, student ID numbers, national ID numbers, signatures, passport numbers, video/photos etc.
  • Data on address and contacts such as mailing addresses, telephone numbers, email addresses, Line ID, agency of affiliation etc.
  • Data on educational records such as faculty/department, grade point average, academic achievements, educational attainments etc.
  • Technical information such as IP Address, MAC Address, Cookie ID, Activity Log, information on equipment being used, browser information, network information, access information, system access information, period of time for usage, search history and data of words searched, etc.
  • Other information such as occupation, type of information of interest, preferred language for receiving news etc.

3. How do we collect personal data?

In general, we store data we receive from the user directly via the various sign ups of forms on online channels, for example:

  • News subscriptions
  • Donations 
  • Applications for study 
  • Applications to participate in various activities 
  • From contacts for information, petitions, suggestions, complaints or praises via our online channels
  • From records 
  • From the contact via other channels of Chulalongkorn University  
  • This includes the technical storage of data deriving from access to our online media.    

We may, however, compile data from other sources that do not derive directly from personal data (Indirect Collection) such as 

  • From work systems such as library searches (
  • From the agency that the owner of data belongs to 
  • and, from the agency of the owner of the personal data processing activity, for example 

4. How do we use personal data?

We use personal data in order to process the organizing of teaching and learning activities and to process activities in accordance with the objectives of our online media which are concluded as follow:  

Communication Advertising  Public Relations
Identity Data Address and Contact Data  Education Data
Consent Base Necessity that serves as legitimate benefit to the organization base
As a channel for communication and contact
Identity data Address and Contact Data
Consent Base Necessity that serves as legitimate benefit to the organization base
Internal management and administration
Identity data Address and Contact Data
Necessity that serves as legitimate benefit to the organization base 
Applications Contact for inquiry, suggestions or complaints
Identity data Address and Contact Data
Consent Base
Improve and develop efficiency of service or usage experience
Technical Data
Consent Base

We will only process personal data in accordance with the specified objectives.  In some cases, consideration might be given to allow your personal data to be processed for other reasons that are related to and are not in conflict with or aside from the existing objectives.    In cases where it is necessary for us to process the data for any other objective unrelated to the original ones we shall first seek consent for usage of that data.    

5. Use of personal data in conjunction with external agencies

We might find it necessary to send data to an external agency to process that data in accordance to their responsibility, contract or legal obligation.    

In such cases where personal data is sent to an external agency we will make sure to keep that at a minimal or only as necessary and might consider such options as Anonymisation, Pseudonymisation, Encryption, Data Backup as well as records of Logging as well as Access Control Lists.  This is meant to ensure the safety of our data where we will arrange to have the appropriate measures that ensure the protection of personal data.  We also will not permit the outsiders to use the data for any purpose other than what we have determined.  

6. Transmitting and transferring data to foreign countries

In some cases, it may be necessary for us to send data of students, staff, outsiders or users to a foreign country, in such cases data will be transmitted to a foreign country only if they conform to one of the following conditions: 

  • The destination country receiving the data is determined by the Data Protection Committee as having an adequate level of data protection.     
  • The foreign agency receiving the data falls under the policy for personal data protection that has been examined and certified by the Office of the Personal Protection Data Protection Commission (PDPC).   
  • The foreign agency has arranged to have adequate measures for personal data protection to be enforced in accordance with the owner of such rights.  It must also effective legal remedial measures in accordance with the criteria and methods announced by the Data Protection Committee such as standardized terms of contract, code of practice or accredited standards etc.    
  • That it is a necessity for the use of one’s legal rights.  
  • That is has received your consent and that you are aware of the inadequate standards of personal protection of the destination country or an international organization that has accepted that personal data.   
  • That is necessary to comply with the contract where you are party to that contract or to use it to proceed with your request prior to entering that contract 
  • That this is in accordance with the contract between us and an individual or other juristic person for your benefit 
  • That this is to protect or abate any danger towards your life, physical body or health or any other individual when you are unable to give your consent at a certain time 
  • That this is necessary in the execution of tasks for the good of the public.   

7. Cookies

What are cookies?  

Cookies are small text files with small pieces of data on your computer, mobile telephone or other devices that are used to identify your computer as you use a computer website.  

 How do we use cookies?

Cookies help us and the third person to understand which aspects of their services are the most popular.  Since cookies enable us to identify which page you are accessing and what are their qualities and how long you spend on that particular page.  Studying this type of information can help us adjust our services and provide you with a better user experience.  When you use the web browser to access those services you can adjust the browser so that it accepts all cookies, refuses all cookies or alerts you whenever a cookie is being sent.  Each particular browser is different and therefore you should check the “help” menu on your browser in order to find out how to make changes to your use of cookies.  The function on your device might add additional control for cookies.  Kindly note that some services may be designed to work with the use of cookies and that turning off the use of cookies may effect your ability to use those services, partially or in full. 

The types of cookies we use

Our website comprises the following types of cookies: 

Functionality Cookies: 

These are used to remember what you have chosen or your settings on a platform including presenting data that matches individual needs such as user account or language.

Strictly Necessary Cookies: 

These are necessary for platform use in order to allow you wide and safe access your data.     

Performance Cookies: 

These are used to store the data of those who visit the platform anonymously as well as to analyze the numbers of visitors and their behavior in order to improve the efficiency of the platform to better respond to the needs of the users.   

Third-party Cookies: 

These cookies are determined by third party users of the service such as Google Analytics.

How to adjust your cookies setting  

In cases where you do not wish to have a users’ data compiled by way of cookies or measurement software you can erase or refuse such cookies or some of the software via your browser.  In such cases where cookies are removed you will be exiting the website system and the system might erase your recorded preferences with the following methods:  

8. Protecting the security and safety of personal data

We have arranged to have measures for security and safety protection of personal data of our users in place.  Outsiders who do data processing of personal data for us will need to follow these orders and agree to maintain the security and safety of personal data.   

9.  Period of time in personal data collection

We will maintain our collection of personal data for the necessary duration in accordance with the objectives of the Faculty of Law, Chulalongkorn University along with other matters related to the legal, accounting and monitoring aspects.    

10. The rights of the individual to their personal data

Each individual has the right to their personal data as follows: 

  • Right of Access means you are able to request a copy of your data to check whether or not we have processed your data as required by the law.
  • Right to Data Portability means that in cases where we have prepared personal data in a format for general reading or usage with tools or equipment that work automatically and can be used or reveal personal data automatically you shall be able to request that the data be sent or transferred to another agency through automatic means or ask to receive the personal data that we send or transfer to other agencies directly except in cases where it is technically not possible to do so.    
  • Right to Object means you have the right to raise your objections in cases where we have processed your personal data.    
  • Public Task or via Legitimate Interest
  • For the purpose of direct sales marketing 
  • For the purpose of scientific, historical and statistical education and research except where it is necessary to carry out tasks for our public interest.   
  • Right to Erasure where you are able to request that your data be erased or destroyed or so that the data cannot identify you as the owner in the following cases:  
    • When personal data processing is no longer needed.  
    • When you have revoked your approval for personal data processing and we no longer have the reason to continue processing personal data legally.     
    • When you have already expressed objection to the processing of your personal data.
    • When the personal data has been illegally processed.  
  • Right to Restrict Processing whereby you can request that the processing of your personal data be stopped in the following instances:    
    • While in the process of checking matters when you have requested that your personal data be amended.   
    • When the personal data needs to be erased or destroyed but you have asked that their usage be halted instead.   
    • When the personal data no longer needs to be stored according to its objectives but you find it necessary to request that they be kept in order to establish the right to legal demands, adherence or the right to fight for legal demands.   
    • While in the process of proving or examining in accordance with your request to use your objection rights.   
  • Right to Rectification whereby you are able to request that your personal data be amended, corrected or updated if you have found that your data is incomplete, inaccurate or not current.  We are unable to check or amend such data ourselves since in some cases or under certain circumstances we may not be able to process your requests for example if there is a need to fulfill one’s responsibilities in accordance with a contract or law.    However, in such cases where you have given your consent for your personal data to be processed you may be able to revoke your consent at any time by contacting the related work section after which we will halt the personal data processing as soon as possible.  Even though the revoking of that consent does not have any effect as revoking the processing of personal data that has already taken place please be assured that we will record all the items we have processed in connection with your request to be used in solving the problems that have occurred.   Should you have any questions on matters related to personal data protection matters (you might consult the (TDPG3.0) guidelines found in  In cases where you wish to avail of the rights aforementioned or if you have problems regarding personal data processing kindly contact us at  

Chulalongkorn University

254 Soi Chula 42 Phayathai Road,
Wang Mai Subdistrict, Pathumwan District,
Bangkok 10330 

Telephone:  +66 2218 3377

We will make sure to address your concerns as soon as possible and in accordance with what is determined by the law.  However, by law you do have the right to submit a complaint regarding inadequate protection of personal data at the Office of Personal Data Protection.  

11. Revisions and improvements of this policy

This document outlines thepolicy for personal data protection for Chulalongkorn University’s students and staff, outsiders and users   of websites, online platforms and other types of online social media of Chulalongkorn University or other agencies of Chulalongkorn University responsible for their administration and management.  The latest update was June 20, 2022.    

We reserve the rights in revising and improving this policy as appropriate.  For this reason, we ask that you kindly go through the policy for personal data protection on a regular basis.  Any changes or alterations will be taken into effect immediately once the amendments have been published on our website.