Data Processing Agreement

This Data Processing Addendum (“DPA”) is entered into between ConnectX Co., Ltd (“ConnectX” or “data importer”) and the entity identified as the Customer (“Customer” or “data exporter”) and is appended to either (i) the Terms of Service (as applicable); or (ii) other electronic or written agreement in incorporating this DPA, governing the Customer’s access and use of the ConnectX platform and related services (the “Agreement”). The parties agree that this DPA shall be incorporated into and form part of the Agreement and subject to the provisions therein.

This DPA sets forth the terms and conditions under which ConnectX may receive and process Customer Personal Data from Customer and incorporates the Standard Contractual Clauses. If Customer makes any deletions or revisions to this DPA, those deletions or revisions are hereby rejected and invalid, unless agreed by ConnectX. Customer’s signatory represents and warrants that he or she has the authority to bind the Customer to this DPA. This DPA will terminate automatically upon termination of the Agreement, or as earlier terminated pursuant to the terms of this DPA.

Data Processing Terms

1.DEFINITIONS

“Users” means any individual accessing and/or using the Business through the Client’s Account as authorized by Client.

“ConnectX” means ConnectX Co.,Ltd

“Customer Data” means any Personal Data that M Intelligence Co.,Ltd processes as a Data Processor on behalf of Client.

“Data Controller” means the entity which determines the purposes and means of the processing of Personal Data. Client is the Data Controller with respect to Client Data.

“Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller. M Intelligence Co.,Ltd  is the Data Processor with respect to Client Data under Thailand’s Personal Data Protection Act BE 2562 (PDPA).

“Data Protection Laws” means Thailand’s Personal Data Protection Act BE 2562 (PDPA) and, and to the extent applicable, including General Data Protection Regulation (GDPR). 

“Personal Data” shall have the same meaning as in the applicable Data Protection Laws, provided, that with respect to this Addendum, the reference is to Personal Data processed in relation to Client’s access to and use of the Service.

“Request” means a written request from a Data Subject to exercise his/her specific data subject rights under the Data Protection Laws in respect of Personal Data.

“Service” means ConnectX web-based application for managing omnichannel marketing campaigns including mobile messaging capabilities.

“Sub-processor” means any Data Processor engaged by ConnectX to assist in fulfilling its obligations with respect to providing Business pursuant to the Agreement or this Addendum.

The terms, “Data Subject”, “Member State”, “Processing”, “Process” and “Supervisory Authority” shall have the same meaning as in the Thailand’s Personal Data Protection Act BE 2562 (PDPA), and their cognate terms shall be construed accordingly.

2.PROCESSING OF PERSONAL DATA

2.1 Roles of the Parties. The parties acknowledge and agree that regarding the Processing of Personal Data, Client is the Data Controller of Customer Data, and ConnectX will process Customer Data only as a Data Processor acting on the instructions of Client.

2.2 Client’s Processing of Customer Data. Client shall 

(i) comply with the Data Protection Laws and its obligations as a Data Controller under the Data Protection Laws in respect of its use of the Business, and 

(ii) maintain a legally adequate privacy policy and notices for a web-based application  and/or communication channels owned or controlled by the Data Controller that connects to the ConnectX  Business, and 

(iii) provide notice, respond to individual rights requests, and obtain all legally required rights, releases and consents to allow Customer Data to be collected, processed, stored, used, transmitted and disclosed in the manner contemplated by the Agreement and this Addendum. Client shall have sole responsibility for the accuracy, quality, and legality of Customer Data and how Client acquires and uses Customer Data.

2.3 ConnectX’s Processing of Customer Data. ConnectX shall only process Customer Data on behalf of and in accordance with Client’s instructions. Instructions by Client to ConnectX to process Customer Data include processing initiated by Account Users in their use of the Business.

2.4 Details of Data Collection and Processing

(a) Subject matter: The subject matter of the data processing under this Addendum is the Customer Data.

(b) Duration: As between ConnectX and Client, the duration of the data processing under this Addendum is until the termination of the Agreement in accordance with its terms.

(c) Purpose: The purpose of the data processing under this Addendum is the provision of the Business to the Client and the performance of ConnectX’s obligations pursuant to the Agreement (including this Addendum) or as otherwise agreed by the parties.

(d) Nature of the processing: ConnectX is a web-based application for managing marketing campaigns, integrate omnichannel, Audience Segmentation, Customer Journey and Social media connect.

(e) Categories of data subjects: Accounts Users and any end user of a web-based application and/or communication channels owned or controlled by Client and to or with respect to whom Client sends notifications or processes Personal Data via the Service (collectively, “End Users”).

(f) Categories of Customer Data:

  • Client and Account Users: Account User’s login credentials to the Service, name, phone number, email, website, physical address, credit card or account information, IP address, and URL information.
  • End Users: Client may process Personal Data via the Service, the extent of which is determined by Client based on Client’s configuration and use of the Service, which may include, at Client’s sole discretion, but is not limited to the following categories of Personal Data: names, phone numbers, email addresses, online identifiers, and location data.

(g) Sources of Customer Data: All Customer Data is stored on the ConnectX database.

3.DATA REQUESTS

3.1 Data Requests. The Service provides Client with a number of functions that Client may use to retrieve, correct, delete, or restrict Customer Data, which Client may use to assist it in connection with its obligations under the Data Protection Laws including, for example, its obligations relating to responding to Requests from Data Subjects or applicable data protection authorities (including requests for information relating to the processing, and requests relating to access, rectification, erasure or portability of the Personal Information).

To the extent Client is unable to independently access the relevant Customer Data within the Service, ConnectX will provide reasonable cooperation to assist Client, at Client’s cost to the extent legally permissible, to respond to any requests from Data Subjects or applicable data protection authorities relating to the processing of Personal Data under the Agreement and this Addendum.

In the event any such request is made directly to ConnectX, ConnectX will not respond to such communication directly without Client’s prior authorization, unless legally compelled to do so. If required, ConnectX will promptly notify Client and provide it with a copy of the request unless legally prohibited from doing so.

3.2 ConnectX does not disclose or sell Customer Data to third parties.

3.4 Government Requests. If a law enforcement agency sends ConnectX a demand for Customer Data (for example, through a subpoena or court order), ConnectX will attempt to redirect the law enforcement agency to request that data directly from Client. If compelled to disclose Customer Data to a law enforcement agency, then ConnectX will give Client reasonable notice of the demand to allow Client to seek a protective order or other appropriate remedy unless ConnectX is legally prohibited from doing so. 

3.5 Data Requests can be made by email to Data Protection Officer (DPO)

ISOBUDDY CO,. LTD  

88/346 moo 9 Bangkrui Nonthaburi Tel. 065-459-7445 

Email: [email protected]

4.SUB-PROCESSORS

4.1 Appointment of Sub-processors. Client acknowledges and agrees that ConnectX may engage third-party Sub-processors in connection with the provision of the Service. Any such Sub-processor will be permitted to customer data only to the extent needed to deliver the Services. None of this customer data is used for any promotional purposes, or shared with third parties for their promotional purposes.

5.RELATIONSHIP WITH THE AGREEMENT

5.1 Except for the changes made by this Addendum, the Agreement remains unchanged and in full force and effect. If there is any conflict between this Addendum and the Agreement, this Addendum will prevail to the extent of that conflict.

5.2 Claims. Any claims brought under or in connection with this Addendum will be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Agreement. Other than liability that may not be limited under applicable law, each party’s liability, taken together in the aggregate, arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party under the Agreement and all Addenda together.

5.3 No Third Party Beneficiary. No one other than a party to this Addendum, its successors and permitted assignees will have any right to enforce any of its terms. Any claims against ConnextX under this Addendum will be brought solely against the entity that is a party to the Agreement. Client further agrees that any regulatory penalties or other liability incurred by ConnectX in relation to the Customer Data that arise as a result of, or in connection with, Client’s failure to comply with its obligations under this Addendum or any applicable Data Protection Laws will count toward and reduce ConnectX’s liability under the Agreement as if it were liable to the Client under the Agreement.

5.4 Governing Law. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.

6.LEGAL EFFECT

This Addendum shall only become legally binding between Client and ConnectX when executed as described in the introductory paragraphs to this Addendum.

7.ANNUAL UPDATE

ConnectX’s Privacy Policy and this Addendum will be kept current and updated annually.