top of page

Our Privacy & Data Protection Policy

Effective Date: June 2, 2025

1. Our Commitment to Your Privacy

We, Beyond Group Company Limited (“we”, “us”, or “our”) is committed to protecting the personal data of our students and their parents/guardians. This Privacy Notice explains how we collect, use, disclose, and protect your and your child's personal data when you enroll in our programs, use our services, or interact with us, in compliance with Thailand's Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).

We encourage you to read this notice carefully to understand your rights and our practices regarding personal data.

2. What Personal Data We Collect

We collect personal data necessary to provide a safe, effective, and enriching learning environment. The types of data we collect include:

  • Student’s Personal Details: Title, full name, nickname, date of birth, age, gender, nationality, and photographs (for identification and center activities).

  • Parent/Guardian’s Personal Details: Title, full name, relationship to the student.

  • Contact Details: Home address, email addresses, and telephone numbers of parents/guardians.

  • Identification and Authentication Details: Signature, and user account credentials for our student portal.

  • Educational and Developmental Data: Information on academic progress, assessment results, learning history, teacher feedback, and behavioral observations.

  • Financial and Transaction Details: Bank account details, credit/debit card information, payment history, and records of courses and services purchased.

  • Technical and Usage Data: IP address, cookies, login data, and information about how you use our website or online learning platforms.

  • Security and Surveillance Data: Visual images from CCTV systems installed within our premises for security purposes.

  • Marketing and Communication Preferences: Your preferences for receiving information about new courses, workshops, and holiday camps.

In some cases, and only where necessary, we may need to collect Sensitive Personal Data. We will only process such data with your explicit consent or as permitted by law:

  • Health Data: Information on allergies, medical conditions, dietary restrictions, and emergency contact information to ensure your child’s safety and well-being.

 

3. How We Collect Your Personal Data

We collect personal data through the following channels:

  • Directly from you: When you complete an enrollment or registration form, communicate with our staff, use our student portal, or participate in our events.

  • From your child’s participation: Through observations and assessments conducted by our instructors during classes and activities.

  • From third-party sources: We may receive data from previous educational institutions or partners, but only with your prior consent.

4. Purposes for Collecting, Using, and Disclosing Your Personal Data

We process personal data based on lawful grounds to manage our educational programs effectively.

  • To Perform a Contract: To fulfill our agreement to provide educational services to your child. This includes managing enrollment, scheduling classes, processing tuition fees, tracking academic progress, and communicating with you about your child’s development.

  • To Comply with a Legal Obligation: To comply with applicable laws, such as those from the Ministry of Education or public health and safety regulations.

  • For Our Legitimate Interests: For necessary business interests, such as ensuring the health and safety of our students, improving our curriculum and teaching methods, managing our administrative operations, and for internal security (e.g., CCTV). We only rely on this basis when our interests do not override your and your child's fundamental rights.

  • Based on Your Consent: For specific purposes where we have asked for your explicit consent, such as sending you marketing communications about new programs or using photos/videos of your child in our promotional materials. Crucially, we will always seek your explicit consent to process any sensitive personal data, such as health information. You have the right to withdraw your consent at any time.

5. How we share your personal data

We may disclose your personal data to the following parties under the provisions of the PDPA:

  • Our affiliates, business partners, and other persons with whom we have a legal relationship, such as educational partners or event co-sponsors. This includes our directors, executives, employees, instructors, contractors, and advisors.

  • Governmental, supervisory, or regulatory authorities, such as the Ministry of Education, the Office of the Private Education Commission, or other authorities as required by law.

  • Suppliers, agents, and other entities where disclosure is necessary for our operations. This may include external auditors, professional associations we are members of, and document storage providers, all under appropriate security measures.

  • Relevant parties in the event of a business transfer, merger, or acquisition. In such cases, we may transfer our rights and your data to the new entity as part of the business transaction.

  • Banks, financial institutions, and third parties as required by law to process payments, investigate payment disputes, or trace funds in cases of suspected financial crime.

  • Debt collection agencies, lawyers, fraud prevention agencies, courts, and other authorities or persons to whom we are required or permitted by law to share personal data, for example, to enforce our terms and conditions.

  • Third parties providing services to us, such as IT and cloud service providers, online learning platform providers, payment gateway providers, and other agents or subcontractors acting on our behalf.

  • Social media service providers and other third-party advertisers (in a secure format) to display relevant messages about our courses and services to you and others on our behalf. This may be based on your previous online activities.

  • Third-party security providers, for example, companies that monitor our CCTV systems or provide physical security for our premises.

  • Other persons that provide benefits or services associated with our programs, such as an insurance company providing accident insurance for students during our activities.

  • Your authorized representatives, attorney, or any person who has lawful authority to act on your behalf.

6. International Data Transfers

If we transfer personal data to a service provider located outside of Thailand (e.g., a cloud storage provider), we will ensure the destination country has adequate data protection standards or that we implement appropriate safeguards as required by the PDPA to protect the data. This includes ensuring that our service providers comply with recognized international security standards, such as SOC 2 Type 2 or ISO/IEC 27001, to provide an additional layer of protection for your data.

7. How Long We Keep Your Data

We will maintain and keep your personal data while you are our customer and once you have ended the relationship with us (e.g., after your child has completed their courses, your application to use our services is disapproved, or you have terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.

The period for which we keep your personal data will be linked to the prescription period or the period under relevant laws and regulations (e.g., laws related to education, accounting, tax, and labor). In addition, we may need to retain records of CCTV surveillance in our center to prevent fraud and to ensure security, including investigating suspicious incidents.

 

8. Your Rights as a Data Subject

Under the PDPA, you have the following rights regarding your and your child's personal data:

  • Right to Access: You have the right to request access to and obtain a copy of the personal data.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

  • Right to Erasure: You have the right to request the deletion or destruction of personal data under certain conditions.

  • Right to Restrict Processing: You have the right to request that we restrict the processing of personal data.

  • Right to Object: You have the right to object to the processing of personal data, particularly for direct marketing.

  • Right to Data Portability: You have the right to receive the personal data in a commonly used, machine-readable format.

  • Right to Withdraw Consent: If we are processing data based on your consent, you have the right to withdraw that consent at any time.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) if you believe our processing violates the PDPA.

To exercise any of these rights, please contact us using the details provided in Section 11.

9. Security of Your Personal Data

We have implemented appropriate technical and organizational security measures to protect personal data from accidental loss, unauthorized access, use, alteration, or disclosure.

10. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of any significant changes by posting the new notice on our website and updating the effective date.

11. How to Contact Us

If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us our Data Protection Officer (DPO) by writing to E-mail: dpo@beyondcodeacademy.com

bottom of page