Data Protection Addendum

This Data Processing Addendum (“Addendum”) forms part of the Smart Finder Co., Ltd. Privacy Policy and the Terms and Conditions available at https://soraso.net/addendum/ (the “Agreement”). This Addendum covers the operation of https://soraso.net/ (the “Site”) and its private label services (collectively, the “Business”), operated on behalf of third parties (its “Clients”) regarding the processing of Personal Data in accordance with Data Protection Laws.

This Addendum applies where Smart Finder Co., Ltd processes Client and Customer Data subject to Data Protection Laws on behalf of Clients as Data Processor while providing Business pursuant to the Agreement.

1. Definitions

• Account Users: Individuals accessing or using the Business through the Client’s Account as authorized by Clients.
• Soraso: Smart Finder Co., Ltd.
• Customer Data: Personal Data that Smart Finder Co., Ltd. processes as Data Processor on behalf of Client.
• Data Controller: The entity that determines purposes and means of processing Personal Data. Clients are Data Controllers.
• Data Processor: The entity that processes Personal Data on behalf of the Data Controller. Smart Finder Co., Ltd is the Data Processor under PDPA.
• Data Protection Laws: Thailand PDPA and, where applicable, GDPR.
• Personal Data: Has the same meaning as in applicable Data Protection Laws, limited to Personal Data processed in relation to Client’s use of the Service.
• Request: A written request from a Data Subject to exercise data rights under Data Protection Laws.
• Service: Soraso software and web-based application for hotel management, mobile applications, software customization, e-commerce solutions, POS distribution.
• Sub-processor: Any Data Processor engaged by Smart Finder to fulfill obligations under this Addendum or the Agreement.

2. Processing of Personal Data

• Roles of the Parties: Clients are Data Controllers; Soraso acts as Data Processor on Client instructions.
• Client Responsibilities: Comply with Data Protection Laws, maintain privacy policies, provide notice, respond to data rights requests, and ensure legal collection of Customer Data. Clients are responsible for accuracy, quality, and legality of Customer Data.
• Soraso Responsibilities: Process Customer Data only per Client instructions, including Account User actions.

Details of Processing

• Subject Matter: Customer Data.
• Duration: Until termination of the Agreement.
• Purpose: Provision of the Business and performance of obligations under the Agreement.
• Nature: Software and web application for hotel management, bookings, payments, mobile apps.
• Categories of Data Subjects: Account Users and End Users of client applications and channels.
• Categories of Customer Data:
  • Account Users: login credentials, name, phone, email, website, address, payment info, IP address, URL info.
  • End Users: names, phone numbers, emails, online identifiers, location data.
• Sources of Customer Data: Stored on Soraso database or Client’s server.

3. Data Requests

• Clients may use Service tools to retrieve, correct, delete, or restrict Customer Data.
• Soraso will reasonably assist Clients in responding to Data Subject or authority requests, at Client’s cost where legally permissible.
• Soraso will not respond to requests directly without Client authorization, unless legally compelled.
• Soraso does not disclose or sell Customer Data.
• Government Requests: Soraso will attempt to redirect agencies to Clients. If compelled to disclose, Soraso will notify Clients unless prohibited.

Contact for Data Requests:
Email: smartcenter@smartfinder.asia
Contact: Irin Somboon

4. Sub-processors and Third-Party Partners

• Soraso may engage sub-processors, permitted only to access data needed for service delivery. No Customer Data used for promotions.
• Clients will be notified of changes to sub-processors and may object within 14 days.

5. Relationship with the Agreement

• Except for changes made in this Addendum, the Agreement remains unchanged. If conflicts occur, this Addendum prevails.
• Claims: Governed by Agreement’s terms, including limitations of liability. Soraso’s liability for Customer Data issues tied to Client obligations will count toward liability under the Agreement.
• No Third-Party Beneficiaries: Only parties to this Addendum may enforce it.
• Governing Law: As per the Agreement, unless otherwise required by Data Protection Laws.

6. Legal Effect

This Addendum is binding when executed as described in its introductory section.

7. Annual Update

Soraso’s Privacy Policy and this Addendum will be updated annually.

---

Customer Acknowledgment
Customer Name: ____________________
Signature: ____________________
Date: ____________________

Soraso (Smart Finder Co., Ltd)
Signature: ____________________
Name: ____________________
Title: ____________________
Date: ____________________

---