Privacy Statement

Policy Guidelines for Personal Information Protection
According to the Personal Data Protection Act B.E. 2562

1. Principle and Reason

          The Ministry of Foreign Affairs (Ministry) attaches great importance to legal compliance and recognizes the importance of data privacy protection, which is an important fundamental right of citizens that must be protected by law. Therefore, strict and careful supervision is in place to ensure that the data subject’s data is safe, stable, and processed transparently.

2. Scope

          This Privacy Policy covers employee information, outsiders working for the ministry, users and contractors that have been collected, used, and disclosed from ministry activities.

3. Objective

           For the data subject to be informed of the ministry’s data protection policy.

4. Meaning

“Personal Information”

means information about an individual which enables an individual to be identified directly or indirectly but does not include the information of the deceased in particular.

“Personal Data Controller”

means a person or juristic person responsible for the collection, use, or disclosure of personal data.

“Personal Dataa Processor”

means a person or a juristic person who performs the collection, use, or disclosure of personal data following the order or on behalf of the Personal Data Controller, it is not a controller of personal data


means a natural person.


means the Personal Data Protection Committee under the Personal Data Protection Act B.E.


means the acquisition of personal data.

“Data Processing”

means any operation performed on personal data. Either by automatic methods or not, such as a collection of systematic records, retention, use, disclosure, change, or any other action which causes its availability, or blending together, erasing, destroying.

5. Collection of Personal Information

         5.1 Collection of personal data will be done for the purpose and only to the extent necessary following the objective framework or for the benefit that is directly related to the purpose of collection by informing the data subject of the details before or at the time of personal information collection as follows:

5.1.1 Purpose of Collection

(1) For the implementation of the Ministry’s objectives in providing services to improve service quality, education, data analysis. 

(2)  To improve the service quality of the Ministry to be more efficient

(3)  For the benefit of the data owner for the benefit of the data subject’s interests 

(4) For procurement.

(5)  For the operation of employees and to comply with the law.

If there is a change in the new purpose, it will be announced to the owner of the information as soon as possible.

5.1.2 Personal data collected and collection period

          The ministry will collect information about individuals such as name, surname, address, date of birth, gender, educational history, phone number, email, national ID number, IP number, service number, cookies, Mac Address, user account information, service behavior, the satisfaction of service, records of the data subject’s communication with the ministry and any other information that may occur while providing the service 

          The Ministry will retain personal data for as long as it is necessary for data processing and following the relevant laws after the retention period or the Ministry. It has no right to store or can no longer claim a base for processing personal data of the data subject. The ministry will proceed with the destruction of that personal data appropriately and legally. 

5.1.3 If the data subject is required to provide personal data to comply with a law or contract Or to enter into a contract, the ministry will also inform the potential impact of not providing personal information to the data subject.

5.1.4 The ministry may disclose personal information collected to individuals or entities, such as legal disclosure and security, service provision. The ministry will disclose information as necessary. 

5.1.5 Data Subject Rights 

The data subject has the right to request the following actions: 

(1) The right to revoke the consent that the data subject has given to the ministry.

(2) The right to request access to their personal data. 

(3) The right to request amendments to personal data to be accurate, up-to-date and complete at all times. 

(4)  The right to request erasure, destroy personal data or make it identifiable to the person who owns the personal data.

(5) Right to request suspension of use of personal data. 

(6)  Right to request the transfer of personal data.

(7)  Right to object to the processing of personal data.

In this regard, it is following the law relating to personal data. unless it is contrary to or inconsistent with the provisions of the law Impact on the Security of the Kingdom or affect the economy and commerce of the country or affect the investigation of the rights and freedoms of others. The data subject can contact the Personal Data Protection Officer (DPO) through the channels specified by the ministry. The Ministry considers and notifies the result of the request within 30 days from the date of receipt of the request.

5.2 The ministry will collect personal information of the data subject directly. When the data subject has voluntarily consented by one of the following methods:

5.2.1 Service request form or the process of submitting a request for various rights.

5.2.2 Questionnaire or correspondence by email.

5.2.3 Via the Ministry’s website or mobile application

5.2.4 By short message (SMS)

5.2.5 Other communication channels between the data subject and the Ministry are following the Ministry’s methodology.

5.3 The Ministry has a policy on the use of cookies as prescribed by the Ministry.

5.4 The ministry will provide express consent in the event of collection of sensitive personal data such as race, marital status, religious beliefs, health information, criminal record, labor union information, and the ministry will collect this information. Only when necessary to comply with laws and regulations

5.5 Where the data subject provides the personal information of another person involved (such as a spouse, family member, or friend) to the ministry, for example, it may be identified as an emergency contact. The data subject must represent and warrant that the data subject has consented to the collection, use, and disclosure of such personal data following the policy.

6. Use or Disclosure of Personal Information

           Departments will use or disclose personal information for the purposes or as necessary that are directly related to the purpose of the collection, such as disclosing personal information to the Technology Crime Suppression Division or the security agency to do so as required by law

7. Request for Consent

          The ministry will seek the consent of the data subject before or during the collection, use, disclosure of personal data except in the following cases: 

          7.1 For the benefit of research or statistics, for statistics, to protect the rights and freedoms of data subjects. 

          7.2 To prevent or suppress life-threatening the body or health of the data subject or another person.

          7.3 To perform the contract or to be used to perform the request of the data subject to enter into that contract

          7.4 For the performance of duties in carrying out missions for the public interest or has been assigned to perform duties in the exercise of state power

          7.5 To follow the order or as required by law such as Computer Crime Act, Cyber Security Act, Anti-Money Laundering Act, etc.

          7.6 It is legally public information.

8. Quality of Personal Data

          The ministry will ensure that the quality of the personal data it collects is accurate, up-to-date, as informed by the data subject, and does not cause misunderstandings.

9. Security and Safety

          For the benefit of Confidentiality, Integrity and Availability of the Ministry of Personal Information have the following measures;

9.1 Provide a measure of confirmation (Authentication), assigning rights (Authentication), and recording activities (Accounting) in accessing, using, disclosing, and processing personal data strictly following the Ministry of Information Security.

9.2 If the Ministry sends or transfers personal data abroad, including the use of personal information to collect evidence of information in any other system in which the data transfer service provider or data storage service is abroad, the ministry will verify that the transferee of personal data has adequate personal data protection measures or equivalent to those under this policy, unless required by law or with the consent of the data subject

9.3 In the event of a breach of the Ministry’s security measures leading to a breach of personal data or personal information leaked to the public. The ministry will notify the owner of the information as soon as possible as well as inform the remedial plan for damage caused by infringement or leakage of personal information to the public in the event of a defect caused by the ministry. The ministry will not be responsible for any loss resulting from the use or disclosure of personal information to third parties caused by negligence or ignore the logout from the system (Log out) that the owner of the data or any other person who has the consent of the data owner.

9.4 The Ministry has conducted a review and evaluation of the effectiveness of computer systems to effectively maintain the security of personal data.

10. Privacy Policy of Other Websites

          This policy is only for the use of the Ministry’s services and the use of the Ministry’s website and mobile applications. If the data subject visits the website or accesses another mobile application (even through channels on the website or mobile application of the ministry), the data subject must study and comply with the personal data protection policy found elsewhere on the website or Mobile Application, which is separate from the policy of the Ministry.

11. Person's Responsibility

          The Ministry requires employees or entities involved in personal data to pay strict attention to and be responsible for collecting, using, or disclosing personal data following this personal data protection policy.

12. Policy Review

          The Ministry will review this policy to comply with applicable practices, laws, and regulations when amended. The ministry will notify the owner of the information by updating the information on the ministry’s website as soon as possible.

13. If you have any questions about personal data, please contact

Personal Data Protection Officer (DPO)


Telephone Number……..

Ministry of Foreign Affairs 

Sri Ayutthaya Road, Phaya Thai, Bangkok 10400

Electronic mail…..