Announcement on Personal Data Processing of Aksorn One Account Users

Aksorn Education Public Company Limited (“Aksorn”) respects the privacy rights of Aksorn One Account (“One Account”) users. In order to ensure that your personal information is protected, this announcement on personal data processing of Aksorn One Account users (“Announcement”) has been created for your information and agreement to accept details of the collection, use, disclosure, forwarding, management as well as processing for providing services that access your personal data as One Account user from offline or online channels through the system and Website (“Website”) and/or other channels as stipulated by the Personal Data Protection Law.

When you apply for One Account, you will be considered as "User", which is an agreement between you and Aksorn for using the services, regardless of your access channel. For the benefit of your own use, you certify that you have read and understood the announcement, terms and conditions, including the conditions set forth in other documents as well as any information provided by Aksorn to you well. This user account is intended for identifying you during the use of various channels on Aksorn’s Website. The user can connect to the service in each channel according to your rights with the convenience of purchasing products and/or services of Aksorn in response to the needs.

“Users” of “One Account” may be divided into several groups of data subjects as follows: (1) schools or educational institutions (2) teachers (3) students (4) parents of students (5) general people. Each type’s users acknowledge that the users may not be able to use all One Account services, depending on the right to use each type of service.

In case of any change under this announcement, Aksorn will notify the users of such change through various contact channels, especially through Aksorn’s Website, which shall be deemed effective as soon as it is announced.

  1. Scope of One Account services

    Main purposes of Aksorn’s services under One Account

    When you apply for One Account and become a user, Aksorn will collect personal data for registration and authentication purposes, including management of your user account. This tool will help support the Learning Performance of users involved in all educational systems. In order to achieve the main objectives stated in providing services under One Account, action is taken through 5 Function main activities as follows.

    1. To provide knowledge and training through teaching materials of Aksorn’s copyright.
    2. To be a tool for educational management related to providing knowledge, training for developing knowledge and skills as well as evaluation.
    3. To test knowledge, understanding of users both Online and/or Offline. This reflects the abilities of users being tested and/or the effectiveness of educational management of schools, teachers or parents.
    4. To provide advice in the manner of Mentor or Coach for different groups of users about strengths and/or points that each group of users needs improvement by assessment based on the results of participation in all the activities as mentioned.
    5. For the convenience of Online efficient trading of goods and services (E-commerce) system and other services as possibly specified and created additionally by Aksorn at its sole discretion in consistency with the terms of One Account services.
  2. Collection of personal data and processing

    Sources of personal information

    1. Receiving personal data directly from users through registration or providing any form of information to Aksorn.
    2. Personal data stored, collected, processed and analyzed with automated system of Aksorn include test results, login logs and using various services of users of One Account all systems (Function).
    3. When registering to open a user account by the original affiliation or other persons acting on behalf of the data subject or disclosing personal data of other persons (disclosing person), such as schools and/or teachers who work as a system administrator (Admin) proceeding to open a user account on behalf of students and/or parents or providing the student's and/or guardian's personal data to register, the disclosing person warrants to Aksorn that such personal data is accurate, complete, and up-to-date and that he or she has the right and/or has obtained the consent of the data subject to disclose such personal data to Aksorn in accordance with the law. Nevertheless, Aksorn reserves the right (but not the obligation) to verify the validity of such disclosures.

    Personal data processed

    Personal information comes from opening One Account through your entered information and/or delivery of that personal information from the person of your original affiliation for Aksorn to record personal data and open One Account for you as user. Information from filling out or recording must be kept, collected and used for assessing the authentication of user and providing services according to the terms of services specified by Aksorn. It also includes personal data obtained from automatic storage by the system (Function) through the user’ use of services. Such information is as follows.

    • General information about the user, i.e. name, surname.
    • Contact information, including email address, phone number, date of birth and gender.
    • ID card number information.
    • Information on the user's original affiliation (if necessary) such as the school of original affiliation, grade level, etc.
    • Information on Username and Password used by user to sign up.
    • Detailed information about accessing various Functions that you have performed.
    • Data obtained from analysis and evaluation of test results, including participation in various activities or services operated through various Functions of Aksorn.
    • Log information, records of your services used, which are automatically collected and stored.
    • Contact information as questions, concerns, complaints possibly communicated by you to Aksorn.
    • Information about your interests and needs. You may register to fill additional information in various questionnaires of Aksorn.
    • Address information for delivery of goods and/or services that you are interested to purchase through system, trading transaction information, which may include, but not limited to payment information, including proof of payment, bank account, credit card or other information that you may provide to Aksorn in order to purchase such goods and/or services.

    Purposes and time period of storing and processing personal data for using One Account

    All personal information received by Aksorn while you are using One Account services specified will be stored, collected and used for the following main purposes.

    1. Aksorn have contractual obligations under the terms of services toward the users. Therefore, it is necessary to process your personal data at all times from the user account opening until 1 year after the user’s notification of user account cancellation in writing to Aksorn for this purpose.
      1. For the user’s authentication before granting permission to access and use the Functions of One Account.
      2. For providing services or performing activities for each Function that the user is interested in accessing or joining.
      3. To respond to your request for assistance through various contact channels.
      4. For collecting the results of using all the services of each user into Learner's Profile.
      5. To provide personalized advice for each user (Personalized Mentor and Advice) about training, use of additional educational media services appropriate for each user.
    2. For trading products and/or services on the Website, Aksorn is contractually obliged to process personal data of users to check the completeness and validity of purchase orders, including payment and for delivery of goods and/or services to users. Aksorn will retain personal data collected from users for this purpose for 10 years from the date of confirmation of receipt.
    3. For providing all services of Aksorn that may be obliged by law or by order of the government authorities to keep, collect and report personal information of users to such authorities, including but not limited to account and tax preparation. Also, for the purpose of the performance of such duties, Aksorn will keep your personal information for the period as required by law.
    4. For (a) processing the design or development of other products and/or services of Aksorn, including improving the presentation and/or improving products and/or services under One Account to match the users’ interests as a whole and of each user more, including (b) improving relationship between users and Aksorn through staff training and review of complaint resolution. Aksorn will retain personal data collected from users for this purpose for 5 years from the date of the last service usage.
    5. Without prejudice to your rights as data subject, Aksorn reserves the right to retain personal data in preparation for the protection of rights that may exist under law in the process of litigation or corruption prevention in the system for a reasonable period to effectively defend such rights. In principle, Aksorn reserves the right to keep data for another 10 years after cancellation of user account as mentioned.
  3. Disclosure of your personal information

    In principle, Aksorn guarantees neither disclosure nor forwarding of any personal information of users to other persons except the following persons.

    • Other users on One Account, namely
      1. School of original affiliation that hires Aksorn to provide educational tool service for the benefit of the user affiliated. In this case, as a service provider, Aksorn needs to forward and disclose test data, educational results or information on measurement of educational satisfaction of user of affiliation to such original affiliation.
      2. Teacher users, educational managers through system and tools of Aksorn and assigning student users to participate in activities. In that case, Aksorn needs to forward, exchange, disclose personal information of users involved in joining activities to such activity-organizing teachers.
      3. Parent users that will have access to personal information of students who are under the care, protection of such parents to provide additional support for minor students affiliated.

      In this regard, for forwarding and disclosing personal information to the persons of affiliation as stated, Aksorn will take action under the limitation of rights of each user group according to the terms of services specified by Aksorn and on the basis of necessity for each group (Need to Know Basis) only.

    • External service providers possibly hired by Aksorn to provide services that may be necessary. Aksorn will take appropriate measures for personal data security through established measures to limit access to data and contracting for the processing of personal data that limits the scope of purposes of disclosure and access to such personal data only on a necessary basis.
    • Government agencies or regulators that Aksorn may be responsible to under the relevant laws, rules or regulations, including orders of the government agencies.

      In order to maintain the highest quality of our products and services, Aksorn may need to transfer users' personal data to outsourcing companies abroad, both in countries with and without adequate personal data protection standards. However, to protect users’ personal data, Aksorn will ensure that these personal data recipients have personal data protection measures that meet the minimum requirements of Thailand's personal data protection laws.

  4. Measures for personal information security

    It is important to protect the security of your personal data. Aksorn agrees to keep your personal data for as long as it is necessary for the stated purposes in the safe storage facility and will take necessary measures to protect personal data stored from misuse, loss, unauthorized access, alteration, addition or disclosure.

    Overall, Aksorn has established internal practice guidelines to assign access or use rights to personal data of data subjects for data confidentiality and security. Aksorn will arrange for periodic reviews of such measures for appropriateness according to industry standards and in consistency with relevant laws.

    Nevertheless, measures used to prevent access to personal data or to control the use of personal data must consist of at least the following:

    1. The security measures must encompass the collection, use, and disclosure of personal data in compliance with the personal data protection law, regardless of the format of such personal data, whether in hard copy, electronic, or other form.
    2. The security measures must include appropriate organizational and technical measures, including necessary physical measures.
    3. The security measures should identify potential risks to information assets, prevent significant risks, and monitor threats to personal data and breach incidents. This involves responding to threats and breach incidents, as well as recovering damages caused by such events as necessary and appropriate based on the level of risk.
    4. The security measures should take into account the ability to maintain confidentiality, integrity, and availability of personal data appropriately based on the level of risk, considering technological factors, context, environment, accepted standards for entities of the same or similar nature or type, nature and purposes of personal data collection, use, or disclosure, and resources required.
    5. For the processing of personal data in electronic format, security measures should encompass the components of information systems involved in collecting, using, and disclosing personal data. This includes systems and devices that store personal data, as well as other devices used appropriately based on the level of risk. These measures should consider the principle of defense in depth, which involves implementing multiple layers of security controls.
    6. The security measures in relation to accessing, using, altering, correcting, deleting, or disclosing personal data shall take into account the necessity of access and use in accordance with the nature and purpose for which it was collected, used, and disclosed the level of risk, and resources required. Such security measures must at least consist of the following actions appropriately according to the level of risk:
      1. Access control of personal data and key information system components includes identity proofing, authentication, and appropriate authorization. considering the principle of least privilege and need-to-know basis;
      2. Appropriate user access management, which may include user registration and de-registration, user access provisioning, management of privileged access rights, management of secret authentication information of users, review of use access rights, and removal or adjustment of access rights;
      3. Defining user responsibilities to prevent unauthorized or unlawful access, use, alteration, correction, deletion, or disclosure of personal data, including instances that go beyond their assigned roles, illegal or wrongful duplication of personal data, and theft of personal data storage or processing devices; and
      4. Providing a method to enable traceability of access, change, alter, or transfer personal data in accordance with the methods and media used to collect, use, or disclose personal information.
    7. The security measures must include raising awareness about privacy and security as well as notifying and ensuring compliance that users and individuals who access, collect, use, alter, correct, delete, or disclose personal data of the policies, guidelines, and measures regarding personal data protection and maintaining appropriate security. This should include altering the nature and purpose of collecting, using, and disclosing personal data and considering the level of risk, the resources required, and the possibility of such personal data to be combined and capable of identifying the data subjects.

      Nevertheless, third parties processing personal data for Aksorn must act solely in accordance with Aksorn's instructions and agree to maintain the security of personal data.

  5. Your rights as data subject

    Aksorn acknowledges and respects the legal rights of users with respect to your personal data in Aksorn’s control by agreeing and guaranteeing that you can exercise your rights under the law as follows.

    • Right to request access and obtain a copy of personal data, including the right to request modification of personal data to be up to date and correct except that Aksorn may be subject to restrictions under law to disclose or provide you with a copy of such information.
    • Right to request personal information if Aksorn makes that personal data readable or generally usable with tools or devices that work automatically, including the right to request the sending or transfer of data in such forms to another personal data controller.
    • Right to object to the processing of personal data.
    • Right to request that personal data be deleted or destroyed or made as non-personally identifiable when that data is no longer necessary or when personal data subject withdraws consent.
    • Right to request suspended use of personal data for personal data that needs to be deleted or when such data is no longer necessary.
    • Right to rectify the personal data.
    • Right to object to the processing of personal data.
    • Right to withdraw consent to process information previously given by user for the stipulated purpose.

    The users can contact Aksorn to request the exercise of the above rights according to specified contact details. Also, the results of considering the users' requests will be notified within a reasonable timeframe.

    Nevertheless, if users find that Aksorn, the data processor of Aksorn, including Aksorn’s employees, does not comply with PDPA or other announcements under PDPA, users have the right to file a complaint with the competent authorities at the PDPC.

  6. Aksorn contact information as personal data controller

    Aksorn welcomes any questions, complaints, comments and requests related to this announcement, especially the exercise of your rights as data subject. You can contact Aksorn’s Data Protection Officer (DPO) at E-mail : privacy@aksorn.com or post to Aksorn Education Public Company Limited at the address No.142 Praeng Sanphasat Alley, Tanao Road, San Chao Pho Suea Sub-district, Phra Nakhon District, Bangkok Metropolis 10200.

 

Announced as of 1 July 2023

Privacy Center

Corporate Privacy Policy Announcement on Personal Data Processing of Aksorn One Account Users Term of Service One Account Cookies Privacy Notice Recruitment Privacy Notice Event Privacy Notice Vendor Privacy Notice Procurement Privacy Notice CCTV Privacy Notice