Privacy Policy

iTIC Privacy Policy

For prioritizing your privacy and safeguarding your personal data, iTIC Foundation ( “iTIC” ), has set out policies, regulations and rules for the iTIC's business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to iTIC will be processed to meet your needs and in accordance with the laws.

​

1. What is the purpose of this Policy?

   This Policy is to inform you, as a data subject and a user of the products and/or services developed and/or operated by the iTIC, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data.
   
   This Policy is applied to products and services owned and operated by the iTIC under the product and/or service name "iTIC" including the web sites under domain iTIC and mobile applications with the name "iTIC", and the product and/or service name "PromptPai" including the web sites under domain promptpai.com and mobile applications with the name "PromptPai", which will be collectively referred to as "iTIC service". 
   
   Each product / service might have additional privacy policies. Please refer to them and their Terms of usage before using the products / services.

2. Which personal data that the iTIC collects, uses, and/or discloses?

   • 2.1 Personal Data That You Gave Us: Personal data that you gave us directly, or through the use of our products and/or services, or through the use of other organizations' products and/or services that in turn use our products and/or services, that can directly or indirectly identify you, such as:
     • Name
     • Telephone number
     • Email address
     • ID of Facebook, LINE, Google, etc.
     • Address
     • Birthdate
     • Gender
     • Payment information, e.g., parts of credit card credentials, citizen/tax identification number
   • 2.2 Indirect Personal Data: the data related to you that you did not directly give us but we can collect from your usage of our products and/or services, such as:
     • Device information, e.g., IP address, MAC address, Cookie ID, UUID, hardware model. The iTIC might associate these information to your iTIC account.
   • 2.3 Usage Data: the usage and transaction data that is collected automatically through your usage of our products and/or services, such as:
     • Log information: The log data is automatically collected by the system via iTIC's and/or 3rd parties tools, e.g., Google Analytics, Facebook, when you uses our products and/or services. The iTIC might send cookies or other tools that aid this collection. Log information is, for example:
       • Log in and log out events
       • Search queries
       • Input data
       • Command actions
       • IP address
       • Errors, warnings
       • Logged in devices, software version, software installation details

     • Location Information: When you use a location-enabled iTIC service and have given the permission to collect the location information, we may collect, store, process information out of that data and use, redistribute the data and information in non-personally identifiable forms. 

   • 2.4 Sensitive Data is personal data that is specially categorized by law. The iTIC's products and/or services, in general, will not collect any sensitive data. If any products and/or services of the iTIC are collecting such data, it will be stated clearly in their additional privacy policies for your consideration.

3. What are the iTIC's purposes of collecting, using and/or disclosing your Personal data?

   
   The iTIC will collect your Personal Data for your benefits in using products and/or services; for performing legal obligations required by any law applicable to iTIC or you; and for any purposes provided in this Policy, as follows;
   • 3.1 For your benefits in using the iTIC's products and/or services that meet your own purposes, such as:
     • (1) To log in as a registered user
     • (2) To receive notifications and other information during the use of the products and/or services
   • 3.2 To comply with relevant or applicable law (Legal Obligation), for instance,
     • (1) to comply with an order from a competent authority
     • (2) to comply with applicable laws, including Computer Law, and other laws to which the iTIC is subject both in Thailand and in other countries including regulations and rules issued pursuant to such laws. ​​
   • 3.3 For improving, developing of the iTIC's Products and/or Services The iTIC may use your personal data in improving and developing of its products and/or services in order to serve you better. 
   • 3.4 For better services for you from the iTIC The iTIC may use your personal data for you to receive products and/or services that are better and suitable for your need.
     
     If the iTIC is required to collect, use and/or disclose your Personal Data to meet our legal obligations or enter into an agreement with you, the iTIC may not be able to provide (or continue to provide) our products and/or services to you if the iTIC cannot collect your Personal Data when requested.

4. To whom may the iTIC disclose your Personal Data?

   The iTIC may disclose your Personal Data to other persons to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy

   • 4.1 Personal Data That You Gave Us: The iTIC will strictly use the Personal Data That You Gave Us only within the iTIC or its subsidiaries or its contracted partners. The iTIC will not disclose it in other purposes unless it is clearly specified in the iTIC's products and/or services' privacy policy and you have given an explicit consent or the iTIC is obligated by law to do so.
   • 4.2 Indirect Personal Data: The iTIC may use the Indirect Personal Data within the iTIC or its subsidiaries or its contracted partners. The iTIC may also disclose to other parties it in non-personally identifiable forms.  The iTIC will not disclose it in other purposes unless it is clearly specified in the iTIC's products and/or services' privacy policy and you have given an explicit consent or the iTIC is obligated by law to do so.
   • 4.3 Usage Data: The iTIC may use the Usage Data within the iTIC or its subsidiaries or its contracted partners. The iTIC may also disclose to other parties it in non-personally identifiable forms.  The iTIC will not disclose it in other purposes unless it is clearly specified in the iTIC's products and/or services' privacy policy and you have given an explicit consent or the iTIC is obligated by law to do so.

5. Will the iTIC send or transfer your Personal Data to other countries?

   When it is necessary, the iTIC may send or transfer your Personal Data to receivers in ordinary course of the iTIC's business, e.g. sending or transferring the Personal Data to be stored on server/cloud services in other countries. The iTIC will try its best to choose such services that are of good standard and have privacy protections mechanisms that are in consistent with privacy measures in this policy. 

6. How long does the iTIC retain your Personal Data?

   The iTIC will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with the iTIC, or for as long as necessary in connection with the purposes set out in this Policy, unless law requires or permits longer retention period. For example, retention pursuant to Cyber Crime Act and Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of not over 10 years, etc.
   
   The iTIC may erase destroy, or anonymize the Personal Data when it is no longer necessary or when the period lapses.

7. How does the iTIC protect your Personal Data?

   For retention of your Personal Data, the iTIC implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. The iTIC has set out policies, rules and regulations on Personal Data protection, e.g. security standards of information technology and measures to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. The iTIC will amend the policy, rule and regulation as frequently as necessary and appropriate.
   
   Moreover, the iTIC's executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by the iTIC.

8. What are your rights related to Personal Data?

   Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the iTIC. In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf. 

   • 8.1 Withdrawal of consent: If you have given consent to the iTIC to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to iTIC, unless it is restricted by laws or you are still under beneficial contract.
     
     Withdrawal of your consent may affect your use of products and/or services. For example, you may not be able to use the services as a registered user, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.
   • 8.2 Data Access: You have the right to access your Personal Data that is under the iTIC's responsibility; to request the iTIC to make a copy of such data for you; and to request the iTIC to reveal as to how to iTIC obtain your Personal Data
   • 8.3 Data Portability: You have the right to obtain your Personal Data if the iTIC organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the iTIC to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the iTIC directly to other data controllers unless not technically feasible
     
     Your Personal Data above must be under your consent given to the iTIC to collect, use, and/or disclose; or those the iTIC deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the iTIC; or to take steps at your requests before using products and/or services; or as legally required by competent authority.
   • 8.4 Objection: You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the iTIC, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the iTIC will continue collecting, using and/or disclosing your Personal Data only when the iTIC can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis.
     
     In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to marketing, scientific, historical or statistical research.
   • 8.5 Data Erasure or Destruction: You have the right to request the iTIC to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the iTIC is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
   • 8.6 Processing Suspension: You have the right to request the iTIC to suspend processing your Personal Data during the period where the iTIC examines your rectification or objection request; or when it is no longer necessary and the iTIC must erase or destroy your Personal Data pursuant to relevant laws but you instead request the iTIC to suspend the processing.
   • ​8.7 Data Rectification: You have the right to rectify your Personal Data to be updated, complete and not misleading.
   • 8.8 Complaint Lodging: You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.
   The exercise of rights above may be restricted under relevant laws and it may be necessary for the iTIC to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the iTIC denies the request, the iTIC will inform you of the reason.

9. Changes

   Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

10. How can you contact the iTIC and the Data Protection Officer?

    If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact the iTIC and/or the Data Protection Officer via the following channel:

    • Email: webmaster@iticfoundation.org

    • Head Office for contact
: iTIC Foundation, Unit 704, 7th floor, 100th year Engineering Building
, Faculty of Engineering, Chulalongkorn University
, 254 Phayathai Road, Pathumwan, Bangkok 10330
, Thailand
    • Telephone: +66-2-218-6450