Privacy Policy
Safety Station & all subdomains
Trainer In Thai Co., Ltd. (“Company”, “we”, “us”), operating as Safety Station Vocational School, respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data under Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and other applicable laws.
1. Scope
This Policy applies to all websites and services we operate, including the following domains:
safety.ac.th— main website (courses, company info, contact)my.safety.ac.th— training management system, course booking, invoicing, and certificatesai.safety.ac.thand LINE Official Account@trainerinthai— membership via LINE LIFFquiz.safety.ac.th,lms.safety.ac.th,law.safety.ac.th,exp.safety.ac.th,app.safety.ac.th,e.safety.ac.th,fb.safety.ac.th,x.safety.ac.th,101.safety.ac.th,acnews.safety.ac.th, and any other subdomain undersafety.ac.th
2. Data Controller
Trainer In Thai Co., Ltd. (Tax ID 0105554120104)
- Address: 23 Soi Chaloem Phra Kiat Rama 9 Soi 45 Yaek 2, Nong Bon Sub-district, Prawet District, Bangkok 10250, Thailand
- Phone: +66-2-328-2110
- General email: [email protected]
- Data Protection Officer (DPO): [email protected]
3. Personal Data We Collect
The categories of data we collect depend on the services you use:
3.1 Main website (safety.ac.th)
- Automatically collected technical data: IP address, browser type, OS, pages visited, timestamps, referrer
- Cookies and similar tracking technologies (see Cookie Policy)
- Information you submit via contact forms (if used)
3.2 Training management system (my.safety.ac.th)
- Identification data: full name, Thai national ID number, date of birth
- Contact data: email, phone number, postal address
- Employer/organization information: company name, address, tax ID, branch, job title
- Training data: enrolled courses, exam results, certificates, post-training evaluations
- Payment data: invoice/receipt numbers, payment slips, payment method (full card numbers are not stored)
- User account: email and password (hashed with Argon2)
- Usage logs: login activity, device, IP
3.3 LINE Official Account and LIFF (ai.safety.ac.th)
- LINE User ID and public profile (name, profile picture)
- Phone number and email you provide via LIFF
- Linkage of training history and certificates to your LINE account
3.4 Live Quiz system (quiz.safety.ac.th)
- Player name you provide (not required to be real name)
- Answers and scores per session
Sensitive Personal Data: We generally do not collect sensitive personal data under PDPA Section 26 (e.g., race, religion, health data), except for specific courses where labor/safety law requires it (e.g., medical examination prior to confined space work). In such cases we will request your explicit consent separately.
4. Purposes and Legal Bases for Processing
| Purpose | Legal basis |
|---|---|
| Delivering training services, issuing certificates, and preparing training records required by law | Contract / Legal obligation |
| Issuing quotations, invoices, receipts, tax invoices, and bookkeeping | Legal obligation (Accounting Act, Revenue Code) |
| Submitting trainee lists to government agencies (e.g., Department of Labour Protection and Welfare) | Legal obligation |
| Communicating with you about training, payment status, and documents | Contract performance |
| Improving service quality and system security (logs, aggregate usage analytics) | Legitimate interest |
| Marketing/PR (emails about new courses, promotions, news) | Consent (which you may withdraw at any time) |
| Analytics and marketing cookies | Consent |
5. Retention Period
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law, including:
- Accounting and tax records — at least 5 years under the Accounting Act and Revenue Code
- Training records and trainee registers — as required by occupational safety and labour welfare law
- User account data — for the duration of your account, plus 1 year after closure for complaint handling and audit
- Cookies — as specified in the Cookie Policy (maximum 13 months)
Once the retention period expires, we will delete or anonymize the data.
6. Disclosure to Third Parties
We may disclose your data where necessary, as follows:
- Government agencies — e.g., Department of Labour Protection and Welfare, Department of Business Development, Revenue Department, to comply with the law
- Third-party service providers (Data Processors):
- Google LLC — Gmail (for sending emails to you), Google Workspace, Google Analytics
- LINE Corporation — LINE Login, LINE Messaging API, LIFF
- Hostinger International Ltd. — cloud hosting
- Department of Business Development (DBD Open API) — verifying customer juristic information
- Payment slip verification provider (Slipok or equivalent)
- Online payment providers (PromptPay, commercial banks)
- Auditors, lawyers, and professional advisors as necessary
- When required by law, such as court orders or requests from competent authorities
We do not sell your personal data to third parties for their marketing purposes.
7. Cross-border Data Transfer
As we use international service providers (such as Google in the United States / Singapore, and LINE in Japan), your data may be processed or stored in countries that may have data protection standards different from Thailand. We select providers whose protection standards are equivalent to or higher than PDPA, and enter into Data Processing Agreements as required by law.
8. Cookies and Similar Technologies
We use cookies to make our websites work properly, to analyze usage, and to present relevant content. Non-essential cookies (e.g., analytics and marketing) only operate after you provide consent. You may change your preferences at any time via the "Cookie settings" button on the website. See the Cookie Policy for details.
9. Security Measures
- HTTPS (TLS) encryption on all websites and subdomains
- Passwords hashed with Argon2 (we do not store plaintext passwords)
- Role-Based Access Control and audit logs
- Encrypted data backups
- Regular staff training on data protection and cybersecurity
10. Your Rights as a Data Subject
Under PDPA you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — request correction of inaccurate or outdated data
- Right to erasure ("right to be forgotten") — request deletion in cases permitted by law
- Right to restriction of processing — request temporary suspension of processing
- Right to object to processing, including direct marketing
- Right to data portability — receive your data in a machine-readable format, or have it transferred to another controller
- Right to withdraw consent you have given
- Right to lodge a complaint with the Personal Data Protection Committee Office (PDPC)
Exercising these rights is free of charge, except for excessive or repetitive requests. We will respond within 30 days of receiving a complete request.
11. How to Exercise Your Rights and Contact the DPO
You may exercise the rights above by emailing our Data Protection Officer at [email protected] and providing:
- Your full name and the email/phone number you use with our services
- The right(s) you wish to exercise (see Section 10)
- Details of your request (e.g., which data you want corrected/deleted)
- Proof of identity (to prevent impersonation)
12. Complaints
If you believe our processing is unlawful, you have the right to file a complaint with:
- Our DPO: [email protected]
- Personal Data Protection Committee Office (PDPC) — www.pdpc.or.th
13. Changes to this Policy
We may update this Policy from time to time to reflect legal changes or changes to our services. We will post significant changes on this website and may notify you by email if your rights are materially affected. Please review the "Last updated" date at the top of this document.
This document is published in both Thai and English. In case of any conflict between the two versions, the Thai version shall prevail. The Thai version is available at /privacy.