Privacy Policy

Effective date: 6 October 2025

Contents

This Privacy Notice explains how RATF ("we", "us", "our") collects, uses, discloses, and safeguards personal data in connection with our events, competitions, training, and online services operated at ratevents.org and related subdomains, registration portals, scoring systems, and communication channels.

We are committed to protecting personal data in accordance with Thailand's Personal Data Protection Act B.E. 2562 (2019) (PDPA) and applicable laws.

1. Who this notice covers (Scope)

This notice applies to:

  • Students/Participants (including minors),
  • Parents/Guardians, where relevant to a student participant,
  • Teachers/Coaches and team mentors,
  • Volunteers, Judges, Contractors and Vendors, and
  • Website visitors and event attendees.

This notice covers data collected online and offline, including registration forms, event check‑in, scoring platforms, volunteer systems, email, and messaging tools we use for event operations.

2. Personal data we collect

The types of personal data we process depend on your relationship with us and the event. Typical categories include:

A. Identification & contact

  • Name, preferred name, date of birth/age bracket, nationality, student ID or team number.
  • School/organisation name and role (student, coach, teacher, parent, volunteer, judge).
  • Contact details: email, phone, postal address (for adults), emergency contacts (for minors).

B. Event & competition data

  • Team registration details, division, role assignments, check‑in and attendance.
  • Match schedules, scores, rankings, awards, penalties, and adjudication notes.
  • Project submissions, engineering notebooks (metadata only, not contents unless you submit them to us), judging rubrics, and feedback.

C. Safeguarding & logistics

  • Consent records (e.g., photo/video consent, travel consent for minors).
  • Medical or accessibility information only where voluntarily provided and necessary for safety, accessibility, or dietary/accommodation needs.
  • Incident reports and health/safety records where required by law.

D. Payment & administration (adults only)

  • Billing contact information, transaction identifiers, and invoice metadata (we do not store full card numbers on our systems; payments are handled by PCI‑compliant processors).

E. Media & communications

  • Photos, video, livestreams, and audio from events.
  • Testimonials or quotes you provide, and communications with us (email, forms, chat).

F. Website & systems usage

  • Account credentials (hashed), audit logs, device/browser information, IP address, cookies or similar technologies used for site functionality, security, and analytics.
Children's data: For participants under 20 (or as local law defines a child/minor), we collect data with involvement of a parent/guardian or school representative, as appropriate.

3. How we collect data

  • Directly from you (online forms, emails, at‑event registration, volunteer sign‑up, judge portals).
  • From schools/organisations registering teams or providing contact details for coaches and students.
  • From service providers that operate event software (e.g., scheduling, scoring, volunteer management, payments) on our behalf.
  • From public sources (e.g., publicly posted results, team pages) where lawful.

4. Why we use your data (Purposes) and legal bases

We process personal data for the following purposes under PDPA legal bases:

Purpose Examples Legal basis under PDPA
Event & competition operations Registration, scheduling, scoring, judging, volunteer coordination, credentialing, security, incident management Contract (to provide the event/services), Legitimate interests (to run safe, fair events), Legal obligation (health & safety)
Safeguarding & wellbeing Emergency contacts, essential medical/accessibility details, incident response Vital interests, Legal obligation, Explicit consent where required
Communications Event updates, logistics, critical notices, policy updates Contract, Legitimate interests
Marketing & publicity Event highlights, photos/video, winner announcements, testimonials, newsletters Consent (you may withdraw any time)
Payments & finance Invoicing, refunds, reconciliation, accounting Contract, Legal obligation
Website, IT & security User accounts, authentication, fraud prevention, logs, cookies, analytics Legitimate interests, Consent where required

Where we rely on consent, you may withdraw it at any time without affecting prior lawful processing.

5. Sensitive data

We avoid collecting sensitive data (e.g., health data) unless strictly necessary for safety, accessibility, or legal compliance. Where collected, we limit access, store it securely, and retain it only for as long as needed for the purpose.

6. Disclosures and transfers

We share personal data only as needed for the purposes above:

  • Event service providers (e.g., registration, scheduling, scoring, volunteer and judge platforms, email/SMS, cloud hosting, payments). These providers act on our instructions and are bound by data protection obligations.
  • Venues and hosts for security and access control.
  • Judges, referees, and volunteers for competition operations.
  • Schools/organisations associated with your team (e.g., to verify entries, resolve incidents, or coordinate logistics).
  • Public results & media: We may publish team names, rankings, awards, and event photography/video. You may opt out of non‑essential publications where feasible.
  • Legal and safety: Where required by law or to protect vital interests.

Cross‑border transfers: Our systems and providers may operate outside Thailand. When we transfer personal data internationally, we implement appropriate safeguards consistent with the PDPA (e.g., contractual protections, risk assessments, and security measures).

7. How long we keep data (Retention)

We retain personal data only as long as necessary for the purposes collected and to meet legal, accounting, or reporting requirements, typically:

  • Registration and competition records: up to 6 years after the event season.
  • Incident/safeguarding records: as required by law (may exceed 6 years).
  • Marketing assets (photos/video): until consent is withdrawn or the materials are no longer in use.
  • Website logs and analytics: up to 13 months, unless needed to investigate security issues.

We apply shorter or longer retention periods if required by law or operational necessity, after which data is securely deleted or anonymised.

8. Your rights (PDPA)

Subject to applicable law and exemptions, you may have the right to:

  • Access your personal data and request a copy;
  • Rectify inaccurate or incomplete data;
  • Erase data (where no longer needed or processed unlawfully);
  • Restrict or object to certain processing (including direct marketing);
  • Data portability for data you provided to us where processing is based on consent or contract and carried out by automated means;
  • Withdraw consent at any time where processing relies on consent; and
  • Lodge a complaint with the Personal Data Protection Committee (PDPC) or relevant authority.

We will respond to requests in accordance with PDPA timelines. We may ask for additional information to verify your identity.

9. Children's privacy

We treat children's data with additional care. Where required, we obtain consent from a parent/guardian or from the school acting as organiser/representative. We design our forms to minimise data collection from minors and use age‑appropriate communications.

10. Security

We use administrative, technical, and physical safeguards appropriate to the risk, including access controls, encryption in transit and at rest where appropriate, staff/volunteer training, and vendor due diligence. No method of transmission or storage is 100% secure; we regularly review and improve our measures.

11. Cookies and similar technologies

We use strictly necessary cookies for site operation and may use functional and analytics cookies to improve services. Where required, we will present a cookie banner to obtain consent and provide a cookie settings tool. For details, see our Cookie Policy (linked in site footer).

12. Third‑party links

Our websites, livestreams, and scoring platforms may link to third‑party sites. Their privacy practices are governed by their own policies.

13. Contact us

RATF Events – Data Protection

Email: privacy@ratevents.org

Postal: Bangkok, Thailand (provide full address on the website's Contact page)

For urgent safeguarding or safety issues during events, please contact event control or a senior organiser immediately.

14. Updates to this notice

We may update this notice from time to time. Material changes will be communicated via our website or email. The most current version will always be published at ratevents.org/privacy.

Annex: Photo/Video & Media Guidance (summary)

  • We capture photos/video to document and promote events. These may be published on our websites, social media, and press releases.
  • We will provide opt‑out mechanisms where feasible (e.g., wristbands, seating zones) and will respect reasonable requests not to feature identifiable images of a participant in non‑essential media.
  • Livestreams of competition fields and awards are core to the event experience and may incidentally capture attendees.

Annex: School/Team Responsibilities (summary)

  • Schools/teams registering minors confirm they have appropriate authority and parent/guardian permissions to share participants' data with us for event purposes.
  • Schools/teams must provide accurate information, keep emergency contacts up to date, and communicate any safeguarding needs in advance.

Questions about tailoring or vendor lists? We can publish a separate Data Processing Register (systems & vendors, purposes, and storage regions) and a Records of Processing summary for transparency.

Last updated: 6 October 2025