Data Privacy Policy
Service: CMU Academic Development Badge Application Builder Provided by: Teaching and Learning Innovation Center (TLIC), Chiang Mai University ("we", "us", "TLIC") Last updated: 30 June 2026 Version: 1.0
1. Purpose of this policy
This service lets CMU academic staff fill in a badge-application form online and download a single, digitally signed PDF carrying a verifiable Document ID. This policy explains what personal data the service handles, why, for how long, and your rights under the Personal Data Protection Act B.E. 2562 (2019) ("PDPA").
We have designed the service to handle as little personal data as possible. The server is content-stateless: it does not keep your completed application, your answers, your uploaded files, or any record of which badge you applied for.
2. Who is responsible for your data
The data controller is Chiang Mai University, acting through TLIC.
- Controller: Teaching and Learning Innovation Center (TLIC), Chiang Mai University
- Contact: tlic@cmu.ac.th · Tel. +6653941472
- Chiang Mai University Data Protection Officer (DPO): ccarc@cmu.ac.th · Tel. +6653941000, +6653941300
3. What data we process, and why
3.1 Information retrieved from CMU systems (to pre-fill your form)
When you sign in, we look you up by your CMU email in a maintained applicant directory and pre-fill parts of the form. The fields retrieved are:
| Data | Purpose | Lawful basis (PDPA) |
|---|---|---|
| Full name | Identify the applicant on the form/PDF | Performance of a public task / legitimate interest |
| CMU email address | Sign-in lookup key; identify the applicant | Performance of a public task |
| Faculty / department | Pre-fill the application | Performance of a public task |
| Badge indicator code(s) | Show eligibility and history | Performance of a public task |
| Application status and pass date(s) | Show your badge history | Performance of a public task |
Sign-in uses your Chiang Mai University account (CMU Account) via the university's single sign-on (SSO). This service never sees or stores your password — the University authenticates you and passes only your verified CMU email to the service, which uses it as the key to load your directory record.
3.2 Information you enter into the form
The answers you type and the files you upload (your essay PDF and evidence attachments) are processed only in server memory to generate your PDF, and are discarded as soon as the PDF is produced. We do not store, log, copy, or transmit them anywhere else.
3.3 The verification log
For each PDF we generate, we append one row to a verification database containing exactly:
doc_id— the document's public identifier (e.g.A1-1-v1-20260630-A1B2C3D4)sha256— a cryptographic fingerprint of the finished PDFcreated_at— the date and time it was generated
The Document ID follows the pattern <form-code>-v<version>-<date>-<random>, so it
does encode the badge and level, the form version, and the generation date
(e.g. A1-1 = indicator A1, level 1). However, this row contains no name, no
email, and no form answers — it records only that a document for a given
badge/level was generated, and when, not who generated it, and on its own
cannot identify you or be traced back to the contents of your file.
This log serves two purposes: (a) letting anyone holding a PDF confirm that the Document ID is genuine and the file has not been altered, and (b) producing aggregate usage statistics (e.g. how many documents are generated per badge, level, and period) to administer and improve the service — such statistics are aggregate and do not identify individuals. We can only connect a log row to a person if you present the corresponding PDF to us — we cannot do it from our side.
3.4 Session cookie
We set one strictly-necessary session cookie to keep you signed in while you use the service. It holds only a session identifier and your sign-in email for the duration of your session. It is not used for advertising, analytics, profiling, or cross-site tracking. The cookie is cleared when you sign out or when the session expires. Because it is strictly necessary to provide a service you have requested, it does not require separate consent under the PDPA.
3.5 In-progress drafts (stored on your device only)
While you fill in the form, your draft — including field values and any files you have attached — is auto-saved to your own browser's local storage (IndexedDB). This data never leaves your device until you submit the form to generate a PDF. You can clear it at any time by clearing your browser's site data.
4. What we do NOT collect
To be explicit, the service does not:
- store your generated PDF;
- store your form answers or uploaded attachments;
- link the badge, level, or indicator you generated to your identity (the verification log stores each document's badge/level without recording who generated it — see §3.3);
- use analytics, advertising, or third-party tracking cookies;
- sell, rent, or share personal data with third parties for marketing.
5. How long we keep data
| Data | Retention |
|---|---|
| Directory pre-fill data (name, email, faculty, badge history) | Held in CMU's source systems under CMU's own retention rules; this service only reads it at the moment you use it and does not retain a separate copy after your session. |
| Form answers and uploaded files | Not retained — discarded immediately after the PDF is generated. |
Verification log (doc_id, sha256, created_at) |
Retained indefinitely so that issued documents can always be verified, and used to produce aggregate usage statistics. Contains no personal identifiers (name/email); the Document ID does encode each document's badge/level/date — see §3.3. |
| Session cookie | Until you sign out or the session expires. |
6. Who can see your data
- TLIC / CMU staff administering the badge programme may see information you submit in your application only via the PDF you provide to them — not through this service, which does not retain it.
- We use no third-party processors for advertising or analytics. The service runs on CMU-controlled infrastructure. Any infrastructure or sub-processor used to host the service acts under contract and CMU's instructions.
- We do not transfer your personal data outside Thailand for the purpose of this service.
7. Security
- Each generated PDF is digitally signed (PAdES / PKCS#7) and stamped with a Document ID, so its authenticity and integrity can be checked independently.
- The verification log stores only a one-way SHA-256 fingerprint, never content.
- In production the service is served over HTTPS with a signed, HTTP-only session cookie.
No method of transmission or storage is perfectly secure, but the content-stateless design means there is very little personal data to expose.
8. Your rights under the PDPA
Because this service does not retain your application content, most rights below apply to the directory data CMU holds about you, which you can exercise through CMU. Subject to the conditions and exceptions in the PDPA, you have the right to:
- access and obtain a copy of your personal data;
- request correction of inaccurate or incomplete data;
- request erasure or restriction of processing in defined circumstances;
- object to certain processing;
- request data portability;
- withdraw consent where processing relies on consent (note: most processing here relies on CMU's public task, not consent); and
- lodge a complaint with the Personal Data Protection Committee.
To exercise these rights, contact us or the CMU Data Protection Officer at the addresses in Section 2.
9. Children
This service is intended solely for CMU academic staff (adults). It is not directed at, and must not be used by, minors.
10. Changes to this policy
We may update this policy. The "Last updated" date and version above will change, and material changes will be communicated through the service or by CMU. Continued use after an update constitutes acknowledgement of the revised policy.
11. Contact
Questions or requests regarding this policy or your personal data:
Teaching and Learning Innovation Center (TLIC), Chiang Mai University tlic@cmu.ac.th · Tel. +6653941472