NIA Academys  

Personal Data Protection Policy

Privacy Policy

National Innovation Agency

Because the National Innovation Agency (the "Office") respects and values the privacy rights and protection of personal data subjects, here are speakers, investors and applicants participating in office training and activities that are a fundamental right to the privacy of individuals. In conjunction with the Law on the Protection of Personal Data, guidelines or measures governing the protection of personal data relating to the collection of personal data have been established. The office has established this policy as a principle for the protection of personal data subjects. As in the following text:

In this Privacy Policy, A word or text can be defined as follows:

Personal Data Protection Law

Personal Data Protection Act B.E. 2562 (2019) and which will be amended, including related rules, regulations and directives.

Personal Information

Information about a person, which makes it possible to identify the person directly or indirectly, but does not include information about a particular deceased person.


Partners Any associate, supplier, or other person who contracts with the Office, is an office partner, or works with the Office.

Personal Data Protection Officer

An officer appointed by the Personal Data Controller to act as a personal data protection officer. Under the Personal Data Protection Act B.E. 2562 (2019)


National Innovation Agency


Individuals outside the office who are natural persons and have direct or indirect relationships with the Office, including the use of websites or products or other office services, by third parties for the office, including relevant government or private agency officials. Office participants, office consultants, office visitors, office website visitors, contacts, or other related third parties, etc.

Controller of Personal Information

Offices that have the power to make decisions regarding the collection, use or disclosure of such personal information, which the Office obtains personal information from third parties.  contractors or parties, or contractors, or contractuals with such persons;

Personal Data Processor

A person or legal entity who acts in connection with the collection, use or disclosure of personal data in accordance with the directive or on behalf of the controller of personal data.

Web Site

Website owned or provided by the National Innovation Agency as the case may be.

This policy is intended to provide details and procedures for protecting and managing third-party personal information.  The Office may update or amend this Privacy Policy in part or in whole from time to time in accordance with the Office's operating guidelines and the legal guidelines that may change. Therefore, you should always follow the details of this set-out privacy policy. However, the office will publish changes to the Privacy Policy on its website and in the event of a material change. The office will notify you.

The office collects your personal data for use for office operations, and the office collects personal data limitedly and only as necessary for the purposes for which it is collected. Use and/or disclose personal information and in accordance with Provisions of the Personal Data Protection Act by collecting personal data in the following ways:

The type of personal information that the office is storing

3.1 Your Personal Data collected and processed under this Policy Whether it is personal information that you provide directly to the office, or personal information obtained by the office from a third party or office from another source. The categories of personal data can be categorized as follows:

3.1.1 General personal data stored by the Office, such as:

  1. Personal information such as first name, last name, date/month/year of birth, age, gender, photo, signature, workplace, job title, education history, work history, training history, performance information, information based on copies of documents issued by government agencies, such as copies of ID cards, copies of passports. Copy of house registration, etc.
  2. Contact information, such as address Phone numbers, email addresses, contact information, and other information that the office can contact, etc.
  3. Financial information, such as bank book copy, tax ID number
  4. Information used as evidence or in transactions such as personal information appearing in copies of ID cards. Copy of passport, copy of last name change certificate Copy of house registration, copy of driver's license, copy of car registration manual, car registration number, copy of title deed, copy of power of attorney Copy of office certificate, invoice, receipt, payment voucher and copy of professional or business license, etc.
  5. Technological information, such as computer traffic information (Log), computer identification number (IP Address) Location data using location technology The type of computer program used to view web sites. (Browser) Web site access log information Website information accessed by users before and after Referring Website: Website usage history log information, login log information, transaction log information, website visit statistics, time of visit to the website. (Access Time) Data that is searched or visited.  Information on social media, the use of functions on the website, and information collected by the office through cookies or other similar technologies, etc.
  6. Record still images and movies through CCTV, voice recordings, conversations, or information.
    Others that can identify a person

3.1.2 Sensitive Data, which means personal data that is inherently personal to the data subject under Section 26 of the Personal Data Protection Act B.E. 2562 (2019), such as biometric data, finger print information, face scan / face recognition, religious or blood group information as shown in the copy of id card (if any).   Criminal history information, including alleged offenses or prosecutions. Health information, ethnic information, etc. The Office does not have a policy to store your sensitive personal data unless the Office has your express consent or any other case as required by law.

3.2 In case of transaction or contracting If you do not provide personal information or provide inaccurate or up-to-date personal information to the Office, it may affect you who may not be able to transact with the Office, or may be inconvenienced or uncompetitive in accordance with existing contracts with the Office, and may cause damage or loss of opportunity and may affect compliance with any laws that you or the Office must comply with.

3.3 Sources of personal information

The source of personal information that the office collects and receives. Here's how:

  1. The office receives personal information directly from you, such as when you fill out forms through the office website or other channels provided by the office. When you enter into a contract with the office, When you hand over documents and copies of documents containing personal information to the office, or when you ask for information, comment or feedback, or submit a complaint to the office by phone, email, fax, mail, etc. Usage information of the office's website or application Use of cookies, IP addresses, etc.
  2. The office receives personal information from third parties or from other sources, such as government agencies, department of business development websites, IRS websites, other websites, etc.

The office will only store your personal data as necessary for office operations. However, this is The office may have different purposes for processing personal data as the case may be as follows:                      

4.1 The Office collects, uses or discloses personal information for the following purposes:

  1. For the purpose of establishing and managing contracts between the Office and any counterparty, including the office's implementation of the contractual obligations.     
  2. For the purpose of purchasing or registering a new contractor or any other person of similar nature, as well as to process any requests requested by any party or other person of similar characteristics.
  3. To record the office payables, invoicing, issuance of tax invoices. Office credit bureaus, disbursements, as well as financial transactions and office accounting operations
  4. For the purpose of confirming or identifying yourself. In case of access to various services, contracting To ensure that such services, including all communications of the Office, are secure and confidential.
  5. For the purpose of communicating or coordinating the operation or mission of the office with third parties.  Contractor or contractor 
  6. For the purpose of complying with laws relating to the operation of the office and the lawful orders of government agencies and related officials, such as the registration of various business to the Department of Business Development, notification of registration of personnel or persons involved in the law. Preparation of tax reports filed with the Revenue Department Accounting audits by auditors, etc.
  7. For the purpose of promoting information, information, information Office activities such as training, meetings, seminars, office projects, relationship building activities, social events, etc.
  8. to create a database of participants. Participants, participants, participants, or office participants, as well as analyzing data and surveying the person's behavior.
  9. For health management purposes Occupational Health and Contractor Safety Annual health check-ups, including general health check-ups and occupational health check-ups (health check-ups based on risk factors) Health insurance and health readiness assessments, as well as information for reporting. Investigation, cause analysis or development of preventive health management (Preventive Health) and set measures to prevent any incidences occurring.
  10. To protect health from dangerous communicable diseases that may spread within the office by screening individuals in and out of the premises, as well as monitoring and arranging for travel reports that may pose a risk of disease spread.
  12. For the establishment of legal claims. Compliance or exercise of legal claims or raising legal claims Prosecutions, as well as legal enforcement actions, such as investigations and/or hearings by government officials. Preparing a case Prosecution and/or court martial, etc.
  13. For internal audit or audit of the office in accordance with operational standards and in accordance with applicable requirements or laws.
  14. For office information management and security surveillance in the office system.

4.2 The Office shall not collect, use and/or disclose your Personal Data other than for the purposes provided by the Office, except              

  1. This is the case when collecting, using and/or disclosing personal information for new purposes. The office has informed you of the new objectives and the office has obtained your consent.         

It is the case that the law requires and the office can take action.

The Office will disclose your personal data under the criteria required by law and for the purposes for which it has been provided to a person or entity. as follows

  1.  Service providers and personal data processors assigned or hired by the Office to manage/process personal data for the Office. To provide services such as human resource management, security services, information technology services, accounting audits, or any other services related to office operations or services that may benefit you.
  2. Counsel of the Office of Legal Counsel Lawyers, auditors, external auditors, speakers, or any other experts inside and outside the office, etc.
  3. Government agencies, regulators, independent bodies, or other entities as legal authority, including officers or agencies that are responsible for or exercising their legal authority, such as the Office of the Bureau of Government Development, the Office of Budget, the Ministry of Higher Education, Science, Research and Innovation. Court, Police, Department of Labor Protection and Welfare Department of Skill Development, Office of Social Development and Human Security Department of Promotion and Development of Quality of Life for People with Disabilities Revenue Department Social Security Office, Department of Transportation, Department of Business Development Department of Industrial Works Industrial Estate Authority of Thailand Immigration Bureau, Office of the Personal Data Protection Commission, National Police, Office of the Attorney General Courts and Department of Justice, etc.
  4. Your partners, contractors, contractors of the office to whom you are a communications contact or in connection with your duties or positions, or any other person of similar nature;
  5. Banks, financial institutions Bank of Thailand
  6. insurer or hospital for any office operations.
  7. Any person or entity with whom you consent to disclose your personal data to that person or entity.

5.2 The office may send or transfer your personal data abroad. If that is the case, the office must request it.

 Your consent for the transmission or transfer of your Personal Data to abroad The office will first seek your consent, and the office will check that the destination country will be processed. International organizations or overseas data recipients have adequate personal data protection standards and comply with the guidelines set by the Personal Data Protection Act.

The Office will store your Personal Data for as long as necessary for the purposes provided to you or for the purposes set forth in this Policy. In the event that you terminate your relationship or terminate your contract with the office, or no longer use the Services or Office Transactions, you may not be able to access the office. The Office will store your Personal Data for a specified period of time thereafter, or for the period specified by law, or by age, or for the exercise of legal claims. At the end of the storage period, such personal data is noted. The office will delete or destroy personal information or make personal information that cannot identify the person who owns the data. However, this is The retention period of data retention is in accordance with the office's data retention policy, where the office may retain your personal data for longer than required in the event of legal requirements.

In the event that you wish to know or obtain a copy of personal data relating to yourself that is under the responsibility of the Office, or ask the Office to disclose the acquisition of information that you have not consented to. You can have requests based on the rules and procedures set by the office.

7.2 In the event that you see any personal information relating to them as inaccurate. Not Current Incomplete or potentially misleading You can ask the office to take corrective action to provide accurate information. It is current, complete and does not cause misunderstanding. By making a request to the office in accordance with the guidelines and procedures prescribed by the Office. In the event that the Office does not comply with your request, The office will provide a record of your request and provide reasons as evidence so that you can review it.

7.3 You have the right to revoke the consent given to the collection office. Use and/or disclose your Personal Data at any time, unless the withdrawal of consent is limited by laws or contracts that benefit you, such as you still have a contract with the office, or you still have a debt obligation or legal obligation to the office. Revoking such consent may prevent you from receiving services or transacting with the office, or may inefficient the services received from the office.

7.4 You have the right to obtain personal information relating to you from the office. In the event that the Office has made that personal data in a format that can be read or generally used by tools or devices that work automatically and can be used or disclosed by automated means, you also have the right to request that the Office submit or transfer such information to another data controller. When this can be done by automated means, or obtain information sent by the office or transfer the data in such form directly to another data controller, unless technical conditions are not possible.

7.5 You have the right to object to the collection, use or disclosure of personal information relating to you at any time. In the following cases:

  1. In the event that the information collected is necessary for the conduct of the mission in the public interest of the office or the reason necessary for the legitimate interests of the Office, unless the Office demonstrates more important legitimate grounds or is intended to establish a legal claim. Compliance or exercise of legal claims or raising legal claims
  2. In the event that the collection, use or disclosure of personal information for direct marketing purposes
  3. In the event that the collection, use or disclosure of personal data for the purposes of scientific, historical or statistical research, unless necessary for the conduct of the mission in the public interest of the office.

7.6 You have the right to request that the Office delete or destroy or make personal information that cannot identify the person who owns the Personal Data. In the following cases:                           

  1. When personal data is deprived of the need to be retained for the purposes for which it is collected. Use or expose
  2. When you withdraw your consent to collect, use or disclose personal data, and the Office does not have the legal authority to collect, use or disclose that personal data.         
  3. When you object to the collection, use or disclosure of personal data pursuant to Clause 7.5 (1), and the Office may not refuse the request to object or to collect, use or disclose personal information for direct marketing purposes.
  4. When personal data is unlawfully collected, used or disclosed          

7.7 You have the right to ask the Office to suspend the use of personal data. In the following cases:                      

  1. When the office is under investigation as requested to process your personal data correctly. Current, complete or unleading      
  2. When it is personal data that must be deleted or destroyed because it is unlawfully collected, used or disclosed, you request that the use be suspended instead.      
  3. When personal data is deprived of the need to be retained for the purposes for which personal data is collected, it is necessary to request that it be retained for the establishment of legal rights. Compliance or exercise of legal claims or raising legal claims
  4. When the office is in the process of proving a more important legitimate cause, or the establishment of a legal claim. Compliance or exercise of legal claims or raising legal claims In the event that you exercise your right to object to the collection, use or disclosure of information;           

7.8 You have the right to complain to the Expert Committee under the Law on the Protection of Personal Data. In the event that the Office or the Data Processor, including employees or contractors of the Office or the Data Processor, violate or fail to comply with the laws governing the protection of personal data or notices issued in accordance with such laws, at

                        Office of the Personal Data Protection Commission

                        7th Floor, Prasat bhaktacharya Building 80th Anniversary Government Complex, Chaengwattana Road
Khwang Thungsonghong Laksi, Bangkok 10210

            The office reserves the right to consider requests for such rights and to comply with the personal data protection laws.

The office takes the security of your personal data very seriously.  Therefore, the office has security measures in place, including the collection, use or disclosure of secure and appropriate personal information. To prevent the loss of your personal data, it is used in ways that do not like, access, change or disclose without permission. The office restricts access to your personal data only to people who are authorized to access it. These individuals will only process your personal data under the conditions specified by the office.

The office will provide personal data security measures covering administrative safeguards. Technical and physical safeguards regarding access to or control of the use of personal data include at least the following:

  1. Access control of personal data and devices for the storage and processing of personal data with use and security in mind.
  2. Defining or assigning access to personal information
  3. Managing user access to access to personal information only for authorized persons.
  4. Determination of user duties and responsibilities to prevent unauthorized access to personal data disclosure or theft of copies of personal data or theft of storage devices or personal information;
  5. Providing a method to allow retrospective checks on access Change, delete, or transfer personal data in accordance with the methods and media used to process personal data.

In addition, the Office will retain personal data for the purposes notified to the owner of the personal data and in accordance with the law and in the event that the office will hire a third-party office to process your personal data. The office selects offices with standardized data protection systems and makes agreements relating to the retention of personal data in accordance with the same policies.

In the event of a breach of your personal data The Office will notify the Office of the Personal Data Protection Commission without delay within 72 hours of knowing the reasons possible, unless such violations pose no risk of affecting your rights and freedoms. In the event of a violation, there is a high risk of affecting your rights and freedoms. The office will notify you of the incident of violations along with the remedy without delay.

Cookies refer to small information submitted by a website to the owner of personal data that visits the Website to help the website remember the personal data of the personal data subject, such as the language of choice, system user, or other settings when the personal data subject visits the website the next time. The website recognizes that it is a user who has already accessed the Service and sets it as required by the personal data subject until the personal data subject deletes the cookie. Cookies or cookies are no longer allowed to work, which the personal data subject can accept or do not accept cookies. In the event that you choose not to accept or delete cookies, the Website may not be able to provide services or cannot display correctly.

Office websites may contain links to third-party websites where they may collect certain personal information about your services. The Office cannot be responsible for the security or privacy of any of your information collected by such third-party websites. You should exercise caution and review the privacy policies of those third-party websites, products and services.

This Privacy Policy applies to all personal information collected by the Office. You agree to give the Office the right to collect and take your Personal Data collected by the Office (if any), as well as your Personal Data currently collected by the Office, and to be collected in the future, used or disclosed to other persons within the scope specified in this Privacy Policy.

The office and related agencies review this policy at least once a year. The Office's Board of Directors will implement the revised policy as necessary or where appropriate. 

This Privacy Policy is governed by and construed in accordance with Thai law and gives the Thai courts the authority to consider any disputes that may arise.

If you wish to contact, or have questions, or would like to inquire about the details of the collection, use and/or disclosure of personal data, including your rights, this Policy, or wish to cancel your consent to collect, use and/or disclose personal data, or if your personal data is found to be used in a way that you do not like. You can contact the office via the following channels:

Personal Data Protection Officer : (Data Protection Officer)

Mr. Sakchai Jongyingcharoenyos

Mr. Thavin Ariyamethadol 

E-mail address : [email protected]

Tel. 02 017 5555 Ext. 636 and 627

Contact Place : National Innovation Agency 73/2 Rama VI Road, Thung Phaya Thai, Ratchathewi, Bangkok 10400

Request to cancel consent to the storage of personal data under the Personal Data Protection Act B.E. 2562 (2019) by downloading the form and sending it to email [email protected]


Post Views: 1,554