Home   /  Data Protection Agreement of the Sevice Provider

PROEN Data Protection Addendum

Data Protection Agreement of the Service Provider

The Data Protection Agreement (“Agreement”) forms part of the Personal Data Protection Policy and the terms and conditions of services provided by PROEN Corp Public Company Limited (“Company”), including services rendered through the website www.proen.co.th (“Website”) and private-labeled services performed on behalf of third parties (“Service Users”) involving the processing of personal data pursuant to personal data protection laws.

This Addendum applies solely to activities where the Company processes customer data under personal data protection laws, specifically in instances where the Company processes data on behalf of Service Users as a data processor to fulfill contractual service obligations.

The Company and the Service Users agree to the following personal data processing provisions:

1. Definitions

Company means PROEN Corp Public Company Limited.
Service User refers to any individual, company, or legal entity utilizing the Company’s services.
Account User means any person who accesses and/or uses the services through the Service User’s account as authorized by the Service User.

Principal Agreement refers to the service agreement entered into between the Service User and the Company, including service orders, quotations, or any similar purchase confirmation documents.
Customer Data means personal data processed by the Company on behalf of the Service User in the capacity of a data processor.

Data Controller means the legal entity that determines the purposes and means of processing personal data.
Data Processor means the legal entity that processes personal data on behalf of the Data Controller. Under this Agreement, the Company acts as a data processor under the Thailand Personal Data Protection Act, B.E. 2562 (PDPA).

Data Protection Laws refer to the Thailand Personal Data Protection Act, B.E. 2562 and any applicable regulations.

Personal Data has the meaning assigned under applicable Data Protection Laws, particularly relating to access and use of services.

Data Subject Request means any written request from a Data Subject to exercise their personal rights under applicable Data Protection Laws.

Services refer to the Company’s services, including Infrastructure Services, Data Services, Connectivity Solutions, Security Services, and Solutions as detailed.

Sub-Processor means any third party engaged by the Company to assist in fulfilling the obligations set forth in this Agreement.

Terms such as “Data Subject,” “Member State,” “Processing,” “Process,” and “Supervisory Authority” shall have the same meaning as defined in the PDPA and related regulations.

2. Personal Data Processing

  1. 2.1 Role of the Parties
    The Parties acknowledge and agree that the Service User acts as the Data Controller of the Customer Data, and the Company acts solely as the Data Processor, processing data according to the Service User’s instructions.
  2. 2.2 Obligations of the Service User
    The Service User shall:

    • (i) Comply with Data Protection Laws and fulfill the obligations of a Data Controller;
    • (ii) Maintain and implement privacy policies for mobile applications, web domains, software applications, and communication channels connected to the business;
    • (iii) Provide privacy notices, establish mechanisms for exercising Data Subject rights, collect, use, disclose, and obtain consents as legally required for the lawful processing of Customer Data.
      The Service User is solely responsible for the accuracy, quality, and legality of Customer Data, including the manner of its collection and use.
  3. 2.3 Company’s Processing of Customer Data
    The Company shall process Customer Data strictly in accordance with the Service User’s instructions, including initial processing through account creation and service usage.
  4. 2.4 Data Processing Details Subject Matter: Customer Data processing.
    Duration: Until termination or expiration of the Principal Agreement.

Purpose: Fulfillment of service obligations under the Principal Agreement and this Agreement.
Nature of Processing: Collection, use, disclosure of personal data in connection with services provided.
Categories of Data Subjects: Account Users and general users.
Categories of Personal Data:
Customers and Account Users: Login credentials, name, phone number, email, website, address, credit card/account information, IP address, and URL data.
End Users: Data processed through the Service User’s configuration, including name, phone number, email, online identifiers, and location data.
Sources of Customer Data: Data collected and stored in the Company’s database.

3. Data Requests

  1. 3.1 Data Subject Requests
    The services provided allow the Service User to retrieve, correct, delete, or restrict Customer Data to fulfill legal obligations regarding Data Subject rights. Where the Service User cannot access the data independently, the Company shall assist, subject to reasonable costs and applicable laws.
    If a request is made directly to the Company, the Company shall not respond without prior authorization from the Service User unless legally required. The Company will promptly notify the Service User and provide a copy of the request unless prohibited by law.
  2. 3.2 No Disclosure or Sale of Customer Data
    The Company shall not disclose or sell Customer Data to any third party.
  3. 3.3 Government Requests
    If law enforcement authorities request Customer Data (e.g., via a subpoena or court order), the Company shall request that such authorities contact the Service User directly. If disclosure is legally compelled, the Company will notify the Service User unless prohibited by law.
  4. 3.4 Contact for Data Requests
    Data Protection Officer: Miss. Jiraporn Pimjumpa
    Contact: Tel. +66-2-690-3888 ext. 113 / E-mail: jiraporn.p@proen.co.th

4. Sub-Processors

  • 4.1 Appointment of Sub-Processors
    The Service User acknowledges and agrees that the Company may engage Sub-Processors to provide services. Sub-Processors may access Customer Data only as necessary for service delivery and shall not use the data for promotional purposes.
  • 4.2 List of Sub-Processors
    The list of authorized Sub-Processors can be requested from the Company. The Company will notify the Service User at least ten (10) days in advance of any changes.

5. Relationship to Other Agreements

  • 5.1 No Change to Principal Agreement
    This Agreement does not modify the Principal Agreement. In the event of any conflict, this Agreement shall prevail regarding data protection.
  • 5.2 Claims
    Any claims arising under this Agreement are subject to the terms and limitations set forth in the Principal Agreement, including liability caps.
  • 5.3 No Third-Party Beneficiaries
    Except for the parties and their permitted successors and assigns, no other party shall have any rights under this Agreement. Penalties or liabilities resulting from the Service User’s non-compliance shall be treated as if they arose from the Service User’s breach under this Agreement.
  • 5.4 Governing Law
    This Agreement shall be governed by and construed in accordance with the governing law and jurisdiction specified in the Principal Agreement, unless otherwise stipulated under applicable Data Protection Laws.

6. Legal Effect

This Agreement is legally binding between the Service User and the Company as per the above terms.

7. Annual Review and Update

The Company’s Privacy Policy and this Agreement will be reviewed and updated annually.
This Data Protection Addendum forms part of the Principal Agreement. Any use of the Company’s services under the Principal Agreement constitutes legal acceptance of this Addendum.

 

 

PROEN Corp Public Company Limited.
Signed on behalf of the “Company” / “Service Provider”
(Mr.Chaiyooth Srijabok and Mr.Kittipan Sri-bua-iam)
Authorized Directors