Privacy Policy

Policy statement

International Christian School Nonthaburi (ICSN) personnels who are involved in the process of collecting and processing data hereinafter collectively referred to as “ICSN” recognize the importance of your privacy and protecting your personal data in compliance with the Personal Data Protection Act B.E. 2562 (“PDPA”), relevant laws and regulations. This policy describes the definition of PDPA, how we as a school collect and use or disclose your information. This policy also tells you our contact information as well as outlining what rights you have with regard to your personal data.


What is PDPA?

The Personal Data Protection Act, B.E. 2562 (2019) ('PDPA') is Thailand's first consolidated data protection law. It governs the collection, use, and disclosure of personal data within Thailand, in accordance with the purpose and with the consent of the personal data subject.



In general, Thailand’s PDPA is essentially derived from the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”). Although there are many similarities between these two pieces of legislation, adjustments have been made to fit the Thai context.


When did PDPA start?

PDPA was published in the Thai Government Gazette on 27 May 2019 and becomes fully enforceable on June 1st, 2022


What is personal data?

According to the Personal Data Protection Act, B.E. 2562 (2019) in Act 6, 'personal data' refers to any information which identifies you or can be used to identify directly or indirectly, a data subject when used in conjunction with other information such as name, last name, phone number, personal email, address, social security number, passport number, drivers license, work experience, academic background, financial background, medical information, license’s plate, house registration, etc. Other than that, there’s also ‘sensitive information’ that needs to be handled carefully. This information can lead to discrimination. Sensitive information refers to nationality, ethnicity, political opinion, religious beliefs, sexual orientation, criminal record, genetic information, biological information, etc.


Who is involved with PDPA?

Data Subject, an individual who can be identified directly or indirectly by the personal data, except for deceased and juristic persons

Data Controller means a person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.

Data Processor means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the order by or on behalf of a Data Controller, whereby such person or juristic person is not the Data Controller. “Sensitive data” means any Personal Data pertaining to race, religion, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, labor union information, genetic data, biometric data, or any data which may affect the data subject in the same manner, as prescribed under the Personal Data Protection Act B.E. 2562 (2019).

Data Protection Officer (DPO) means a person who is in charge of monitoring internal compliance and providing advice regarding the PDPA where: (1) their activities require large scale, regular and systematic monitoring of personal data, or (2) their activities involve processing sensitive personal data. Employees or service contractors who have expertise in data protection laws, regulations and practices may be appointed as DPO


Scope of application

This Policy covers the processing of personal data performed by ICSN for the following individuals:

  • Students 

  • Parents

  • Staff

  • Outsourced staff (ECA Instructors, Nurses, etc.)

  • Vendors

  • Interns

  • Volunteers

  • Alumni

  • Learning aides

  • Prospective students and staff

  • Visitors

  • School Residents

  • Nonthaburi Baptist Church Members


Types of information ICSN is collecting

Personal details and demographic information such as name, gender, nationality, date of birth, passport, visa and national identity number and details of family members
Educational information, prospective students academic and other records from their previous schools
Contact information such as addresses, telephone numbers, email addresses and emergency contacts
Vehicle details for both parents picking up their students and staff for using the school’s car parking facilities
Students health and medical information such as allergies and dietary requirements
Images and video recordings of students, staff, parents and visitors in the school site
Financial information such as parent’s bank account details for reimbursements or staff’s bank account details for their salary
Employment information, such as staff’s personal and professional information, as well as criminal records
Surveys Information from parental and staff surveys and feedback forms

Purpose of data collected

ICSN will collect personal data upon obtaining consent of the owner of the personal data first. The purpose of collecting data will be as follows;

Communication channels -to maintain a regular communication channel with parents and guardians, to keep parents informed on student’s progress
Administration purposes - to process application forms, test, interviews and all activities relating to the student’s enrollment at the school
Management of security and risk - to provide a safe and healthy environment for students and staff
Provide education services - to develop, support and assess students.
Review strategic plans, academic policies and guidelines - to improve our services, develop and improve our teaching
Marketing - to provide newsletters, updates and offers relating to our services

How is data collected?

Most, if not all, of your personal data was obtained from you directly, either from the following sources or from any other information you provided. This may include:

  • Enquiries to the school

  • Various applications and registration forms

  • All other school and services-related request forms

  • Previous qualifications, certificates and similar documents


Confidentiality of information

At ICSN, only authorized personnel will be able to access the information you provide us. We will set measures for accessing and using data in each type, situation, specific event or position in order to prevent damage or breach of the data subject’s rights and keep it confidential. In order to provide our education and schooling services effectively, we may sometimes need to share the information collected with third parties (Ministry of Education, PSIS, Epicure, Montri School bus, Local authorities). We would only do so with your consent and will always ensure that your information used is in accordance with the terms of this Privacy Policy. Unless required or permitted to do so by law, we will not otherwise share or distribute any of the information you provide to us without your consent.


Data Subject Rights
The rights which you may have under applicable data protection legislation are:

  • Right to be informed (Act 23) 

    •  be informed of how we are processing your Personal Data

  • Right of access (Act 30) 

    •  right to request access to information about you that we hold. (Note that certain data is exempt from the right to access – including information that identifies other individuals or any confidential reference given for the purpose of the education, or employment of an individual)

  • Right to data portability (Act 28, 31) 

    • allows you to receive personal data that you have provided us in a structured, commonly used machine readable format. It also allows you the right to request us to transmit this data to another controller.

  • Right to object (Act 32) 

    • allows you, in certain circumstances, to object to the processing of your personal data.

  • Right to erasure / Right to be forgotten (Act 33) 

    • allows you to be able to request the erasure of personal data in some circumstances (when it is no longer needed for the purpose for which it was collected or you have withdrawn your consent).  The right to erase is not an absolute right and the school reserves the right to maintain needed data (discipline for a student or employee).

  • Right to withdraw consent (Act 19) 

    • you may at any time withdraw any consent already given, or deemed to have been given under the PDPA, for any purpose when giving reasonable notice to ICSN.

  • Right to restrict processing (Act 34) 

    • the right to request the restriction of your personal data in certain circumstances (for example, where you have told us the data is inaccurate and we are in the process of verification)

  • Right to rectification (Act 35) 

    • have your data corrected if it is inaccurate or incomplete


Contact Information

If you have any questions regarding this matter, please contact our school’s Data Protection Officer by phone or by email at dpo@icsn.ac.th

International Christian School Nonthaburi
145/1 Pracharad Rd. Moo.6
Tambon Talat Khwan Amphur Muang
Nonthaburi, Thailand 11000
Tel. 02-525-1302