Data Processing Agreement - Appendix A

Overview of data processing activities to be performed by the Processor

1. Controller

The Controller transfers Personal Data identified in sections 3, 4 and 5 below, as it relates to the processing operations identified in section 6 below.

The Controller is the Customer.

2. Processor

The Processor received data identified in sections 3, 4 and 5 below, as it relates to the processing operations identified in section 6 below.

The Processor is:
DIMDATA Systems Co., Ltd. a private limited company registered in Thailand with number 0105555052633, with its registered office at 99/922 Krungthepkreetha Rd, Saphan Sung, Bangkok 10250 Thailand.

3. Data Subjects

The Personal Data transferred includes but is not limited to the following categories of Data Subjects:

  • Individuals about whom data is uploaded to the Service by (or at the direction of) the Controller or by Users, Subsidiaries and other participants whom the Controller has granted the right to access the Service in accordance with the provisions of the Agreement.

4. Categories of Data

The Personal Data transferred includes but is not limited to the following categories of data:

  • Data relating to individuals uploaded to the Service by (or at the direction of) the Controller or by Users, Subsidiaries and other participants whom the Controller has granted the right to access the Service in accordance with the provisions of the Agreements

5. Special categories of Data

Personal Data transferred includes but is not limited to the following special categories of data:

  • No sensitive or special categories of data are permitted to be transferred and shall not be contained in the content of attachments to emails.

6. Processing operations

The Personal Data transferred will be subject to the following basic processing activities:

  • Personal Data will be processed to the extent necessary to provide the Service in accordance with both the terms of the Agreement and the Controller’s instructions. The Processor processes Personal Data only on behalf of the Controller. Processing operations include, but are not limited to the provision of the Service – this operation relates to all aspects of Personal Data processed.
  • Technical support, issue diagnosis and error correction to ensure the efficient and proper running of the systems and to identify, analyse and resolve technical issues both generally in the provision of the Service and specifically in answer to a Controller query. This operation may relate to all aspects of Personal Data processed but will be limited to metadata where possible.
  • URL scanning for the purposes of the provision of targeted threat protection and similar service which may be provided under the Customer Terms. This operation relates to attachments and links in emails and will relates to any Personal Data within those attachments or links which could include all categories of Personal Data.