Data Protection Addendum

This Data Processing Addendum (“Addendum”) forms part of the Smart Finder Co., Ltd. Privacy Policy and the Terms and Conditions available at https://sorasoone.com/addendum/ (the “Agreement”). This Addendum covers the operation of its https://sorasoone.com/ (the “Site”) and its private label services (collectively, the “Business”), operated on behalf of third parties (its “Clients”) regarding the processing of Personal Data in connection with clients’ use of the Business, in accordance with the requirements of Data Protection Laws.

This Addendum applies only to the extent that Smart Finder Co., Ltd. processes client and Customer Data that is subject to Data Protection Laws on behalf of clients as Data Processor under the Agreement.

Smart Finder Co., Ltd. and clients agree to comply with the following provisions with respect to any Consumers’ Personal Information:

1. DEFINITIONS

  • Account Users: Any individual accessing and/or using the Business through the client’s account as authorized by clients.
  • Soraso: Smart Finder Co., Ltd.
  • Customer Data: Any Personal Data that Smart Finder Co., Ltd. processes as a Data Processor on behalf of the Client.
  • Data Controller: The entity that determines the purposes and means of the processing of Personal Data. Clients are the Data Controllers.
  • Data Processor: The entity which processes Personal Data on behalf of the Data Controller. Soraso is the Data Processor under Thailand PDPA.
  • Data Protection Laws: Thailand PDPA and, to the extent applicable, the General Data Protection Regulation (GDPR).
  • Personal Data: As defined under applicable Data Protection Laws in relation to the Client’s use of the Service.
  • Request: A written request from a Data Subject to exercise data rights under the Data Protection Laws.
  • Service: Soraso, a hotel management software and web application including POS and related services.
  • Sub-processor: Any data processor engaged by Soraso to assist in fulfilling obligations under this Addendum.

The terms “Data Subject”, “Member State”, “Processing”, “Process”, and “Supervisory Authority” shall have the same meanings as defined in the Thailand PDPA.

2. PROCESSING OF PERSONAL DATA

2.1 Roles of the Parties

Clients are the Data Controllers of Customer Data, and Soraso processes this data only as a Data Processor on clients’ instructions.

2.2 Client Responsibilities

Clients shall:

  • Comply with Data Protection Laws.
  • Maintain a privacy policy and notices for all applications or services connected to Soraso.
  • Ensure notice, consent, and data accuracy when using the Service.

2.3 Soraso Responsibilities

Soraso processes data only as instructed by Clients, including actions performed by Account Users.

2.4 Details of Processing

  • Subject matter: Customer Data.
  • Duration: Until Agreement termination.
  • Purpose: To provide and support the Business.
  • Nature: Hotel and booking management services.
  • Data subjects: Account Users and End Users.
  • Customer Data categories:
    • Account Users: login credentials, name, contact, payment info, IP, URL.
    • End Users: names, contact details, location, and any other personal data configured by clients.
  • Data sources: Soraso database or client-hosted systems.

3. DATA REQUESTS

3.1 Data Subject Rights

The Service includes tools to manage Customer Data under data rights laws. Soraso will assist with requests where clients cannot do so themselves.

Soraso will not respond directly to Data Subjects unless required by law, and will notify clients unless prohibited.

3.2 No Disclosure or Sale

Soraso does not sell Customer Data.

3.3 Government Requests

Soraso will redirect law enforcement data requests to clients unless legally prevented. Clients will be notified where allowed.

3.4 Data Request Contact

4. SUB-PROCESSORS AND THIRD PARTY PARTNERS

4.1 Appointment

Soraso may engage sub-processors to support service delivery. These parties only access Customer Data as necessary and never for promotional use.

4.2 List and Notification

The current list is available at https://soraso.net/integrations/. Soraso will notify clients of any changes and provide 14 days for objections.

5. RELATIONSHIP WITH THE AGREEMENT

5.1 Supremacy

If this Addendum conflicts with the Agreement, this Addendum will govern.

5.2 Liability

All liability remains governed by the Agreement. This Addendum does not extend liability except as legally required.

5.3 No Third-Party Rights

Only the parties to the Addendum may enforce its terms.

5.4 Governing Law

This Addendum follows the same jurisdiction as the Agreement unless required otherwise by law.

6. LEGAL EFFECT

This Addendum is binding once executed by both parties per the Agreement.

7. ANNUAL UPDATE

Soraso will update this Addendum annually.

CUSTOMER SIGNATURE

  • Customer Name (Required):
  • Signature (Required):
  • Date (Required):
  • EU Representative (if applicable):
  • Data Protection Officer (if applicable):

SORASO (Smart Finder Co., Ltd.)

  • Signature:

  • Name: ______________

  • Title: ______________

  • Date: ______________

  • Signature:

  • Name: ______________

  • Title: ______________

  • Date: ______________