SERVICES AGREEMENT

THIS SERVICES AGREEMENT (the “Agreement”) is entered into by and between:

1 RABBIT CARE BROKER COMPANY LIMITED, a private limited company incorporated under the laws of Thailand, company registration number 0105557055010, having its registered head office at no. 1 Q. House Lumpini Building, 29th Floor, South Sathorn Road, Thungmahamek, Sathorn, Bangkok 10120 (“RCB”); and

2 The Service Provider, whose details are set out in the Registration Form or have been submitted online (the “Service Provider”).

RCB and the Service Provider hereinafter are referred to individually as a “Party” and collectively referred to as the “Parties”.

RECITALS:

A RCB is an insurance brokerage company and is appointed by various life and non-life insurance companies to offer and solicit any persons (whether individuals or corporate entities) to buy the insurance products through RCB’s channels.

B The Service Provider is a provider of affiliate network services in Thailand.

C RCB wishes to engage the Service Provider, and the Service Provider wishes to accept the engagement, to provide the Services (as defined below) to support the offer of the insurance products by RCB to the customers.

IT IS HEREBY AGREED AS FOLLOWS:

In this Agreement, unless the context otherwise requires, the following capitalized terms shall have the following meanings:

“Applicable Laws” means all legally binding laws, statutes, regulations, subordinate legislation, by-laws, orders and decrees of any governmental authority, and any judgments, decisions and injunctions of any court or tribunal, in each case having jurisdiction over the matter in question including without limitation, Data Protection Laws, laws regarding intellectual property, computer crime, Office of the Consumer Protection Board’s regulations and Office of Insurance Commission’s regulations;

“Data Protection Laws” means all laws, regulations, and other legal requirements including but not limited to the Personal Data Protection Act B.E. 2562 (2019) and its sub-regulations, applicable to the processing of personal data as amended and/or replaced, from time to time;

“Leads” means a set of contact information that contains the following parameters;

a) First Name and/or Nickname
b) Phone Number
c) Email Address
d) Nationality
e) Year / Month / Day of Birth

All Leads are unique Leads and shall not have similar phone number. For the avoidance of doubt, Leads that contain similar First Name or Last Name are not considered repetitive.

“Notified Address” means the contact address of the Parties set out in Clause 11.3 or such other address as either of the Parties may, by notice to the other, substitute for its Notified Address set out in Clause 11.3; “Personal Data” means any information that identifies or could reasonably be used to identify any individuals (or as otherwise specified by Data Protection Laws) related to this Agreement;

“Product” means insurance products offered by RCB as the insurance broker for sales to User who have accessed through the Services rendered by the Service Provider hereunder; “Registration Form” means the online sign up and registration form to be completed by the Service Provider;

“Services Fees” means the service fees payable to the Service Provider as consideration for the Services rendered by the Service Provider hereunder; and “User” means a person who is interested and wishes to buy the Product

2.1 Subject to the terms and conditions of this Agreement, RCB agrees to engage the Service Provider, and the Service Provider agrees to accept the engagement, to provide affiliate marketing and network services to create awareness and conversion of RCB’s landing page and generate Leads of User to buy the Product (collectively, the “Services”).

2.2 The Service Provider shall perform the Services hereunder via a website/social media URL, as provided in the Registration Form by the Service Provider (the “Designated Platforms”). RCB shall provide landing page leading the User from the Designated Platforms.

2.3 The Service Provider shall ensure that the Services provided by it are performed:

(a) in accordance with international professional standards;
(b) in accordance with international accepted industry practices;
(c ) in accordance with any instructions, directions, policies, standards, procedures and guidelines (and any revisions thereof) as advised by RCB from time to time;
(d) in compliance with any and all Applicable Laws; and
(e) by, and with suitable devotion of time and effort, persons with suitable experience, training and skill.

2.4 The Service Provider shall represent and warrant that the Services Provider shall not:

(a) act as an insurance broker or insurance agent;
(b) offer an insurance product to the customers;
(c ) direct or induce the customers to buy an insurance product; or
(d) directly contact an insurer or directly provide Leads to an insurer.

3.1 RCB shall provide marketing contents, graphics and artworks. All contents, graphics and artworks are to be approved by RCB before released to the public and place them on the Designated Platforms.

3.2 The Service Provider hereby agrees and certifies that the marketing contents and artworks provided to RCB pursuant to Clause 3.1 are not creating the violation of any Applicable Laws. In the event that the Service Provider is in breach of this clause, it shall be fully responsible for any penalties and damages which may be imposed by the government authorities to the Service Provider.

3.3 The Service Provider shall use the marketing contents and artworks, including but not limited to any logo or trademark approved/provided to the Service Provider pursuant to Clause 3.1 solely for the purpose of the Services hereunder.

RCB shall be responsible for (i) interacting with the persons being desirous to buy the Product through the awareness created by or the conversion redirected from the Designated Platforms, including but not limited to entering into any transaction documents and receiving insurance premiums, and (ii) providing the channel and supporting system for offering the Product, including but not limited (a) staffs to answer any questions about the Product and (b) feedback system, at its own costs and expenses.

5.1 Unless agreed otherwise, this Agreement shall commence on the date the Service Provider receives a confirmation email from RCB for indefinite period of time. (the “Term”).

6.1 The Service Fees shall be paid in accordance with the dashboard page link provided with the confirmation email, as amend from time to time.

6.2 RCB shall provide the Service Provider with a summary report, which shall at least include information concerning detail of payment (the “Summary Report”) on monthly basis for the Service Provider’s review and reconciliation of the Service Fees.

6.3 The Service Provider shall invoice RCB for the Service Fees within 15 (fifteen) days following the submission of Summary Report pursuant to Clause 6.2. The Service Fees are inclusive of all costs, including costs of the Designated Platforms and online media inventory purchase, incurred by the Service Provider in rendering the Services hereunder, but exclusive of VAT and any other applicable taxes. RCB shall deduct the withholding tax at the applicable rate.

6.4 RCB shall pay the amount invoiced to the Service Provider within 30 (thirty) days upon receipt of the invoice, in the manner prescribed in the invoice.

6.5 If RCB disputes any amount, in good faith, in an invoice or corrected an invoice issued under this Agreement, RCB shall promptly notify the Service Provider in writing of (a) the amount in dispute and (b) the basis for the dispute. RCB shall pay the undisputed amount of the invoice within the time specified in Clause 6.4 and may withhold payment of the disputed amount until such time when the dispute is resolved. RCB shall pay the Service Provider the disputed amount, without any interest, that was withheld within 30 (thirty) days upon the dispute being resolved.

With regard to the collection, disclosure and processing of any Personal Data by either Party during the course of the Services, each Party shall:

(a) comply with Data Protection Laws at all times;
(b) not process it for any purpose other than the provision of the Services hereunder; and
(c ) not export it outside Thailand without the prior written permission of the other Party. Where that

permission is given, such export shall be done in compliance with the lawful cross-border transfer mechanism under Data Protection Laws. Each Party agrees to enter into any agreement which is necessary to comply with Applicable Laws which applies to such data transfer.

8.1 Confidentiality Duty

Each Party shall retain in strict confidence of any information relating to this Agreement and/or any information or documentation provided by other Party in connection with this Agreement or any document referred to or contemplated herein (whether before or after the date of this Agreement), (the “Confidential Information”) and shall not disclose the Confidential Information to any person other than its directors, executives, officers, employees, professional advisers, on a need-to-know basis, provided that each Party shall cause those persons to strictly comply with the confidentiality obligations under this Agreement, nor use the Confidential Information for any purposes other than to perform its obligations under this Agreement.

8.2 Exceptions

Clause 8.1 shall not prohibit disclosure any Confidential Information if and to the extent:

(a) the disclose of it is required by Applicable Laws or orders of the competent juridical, governmental, supervisory or regulatory authority, provided that the Service Provider shall:
(i) furnish only portion of the Confidential Information that is legally required to disclosed on an as-needed basis;
(ii) inform RCB of the required disclosure as soon as practicable; and
(iii) use the best efforts to obtain reliable assurance that the confidential treatment will be accorded to the Confidential Information being disclosed;

(b) the Confidential Information is or becomes publicly available (other than by a breach of the confidentiality duty under this Agreement); or

(c ) Other Party has given prior written approval to such disclosure or use.

8.3 Deletion or Return of Confidential Information

Each Party shall promptly and in any event within 10 (ten) business days from the date of termination of this Agreement delete and/or return all Confidential Information and copies thereof, except where it is necessary to retain such Confidential Information for the purpose of compliance with any Applicable Laws. For such exceptional case, such Party shall continue to be responsible and bound by its confidential obligations under this Agreement in accordance with the terms hereof.

8.4 Period of Confidentiality

The obligation to protect Confidential Information under this Clause 8 shall continue for a period of 5 years after expiration or termination of this Agreement.

A Party (the “Non-Defaulting Party”) shall be entitled to terminate this Agreement forthwith with respect to the other Party (the “Defaulting Party”) by serving a notice in writing to the Defaulting Party upon an occurrence of any of the following events:

(a) if the Defaulting Party shall commit any material breach of this Agreement and shall fail to remedy such breach (if capable of remedy) within 7 (seven) days upon receipt of a notice for remedy served by the Non-Defaulting Party;
(b) an order is made by a court of competent jurisdiction for the business reorganization, receivership, bankruptcy or administration of the Defaulting Party;
(c ) an order is made by a court of competent jurisdiction for seizing any of material assets of the Defaulting Party; or
(d) a resolution is passed for the dissolution or liquidation of the Defaulting Party.

10.1 Each Party may terminate this Agreement with immediate effect at any time and for any reason, by written notice to the other Party.

10.2 This Agreement shall remain in full force and effect as between the Parties until the earlier of:

(a) a mutual agreement of the Parties that this Agreement is terminated; or

(b) termination of this Agreement pursuant to Clause 9 (Default).

10.3 Any termination of this Agreement shall not affect or impair any rights or obligations which have accrued to either Party hereto prior to the date of termination, including, without limitation, the rights to receive payments provided for hereunder.

10.4 The provisions contained in Clauses 8 (Confidentiality), 11 (Notices), 12 (Miscellaneous) and 13 (Governing Law) shall survive the termination of this Agreement.

11.1 Unless specifically indicated otherwise in this Agreement, any notice or other communication given pursuant to this Agreement shall be:

(a) in writing;
(b) in the English language; and
(c ) sent by the Permitted Method to the Notified Address.

11.2 The methods for any delivery of the notices under Clause 11.1 shall be any of the methods set out below :

Permitted Method: Personal delivery

Date on which notice deemed given and received: If left at the Notified Address before 5 pm on a business day, when left otherwise on the next business day.

Permitted Method: Post, where the Notified Address is in the same country as that from which the notice is sent Date on which notice deemed given and received: 2 (two) business days.

Permitted Method: Email

Date on which notice deemed given and received: On receipt of an automated delivery receipt or confirmation of receipt from the relevant server if before 5 pm on a business day and otherwise on the next business day.

11.3 The Notified Address of each of the Parties is set out below:

If to RCB:

Attention : Mr. Michael Manfred Steibl and Mr. Chayapat Sakulrompochai

Address : 1, Q. House Lumpini Building, Room number 2902, 29th Floor, South Sathorn Road, Thungmahamek, Sathorn, Bangkok, Thailand, 10120

Email : [email protected] and [email protected]

(with [email protected] being copied)

If to the Service Provider

As advice by the Service Provider or stated on the Registration Form.

12.1 Set-off

RCB may set off any matured obligation due from the Service Provider under the Agreement.

12.2 No Partnership

This Agreement is not intended, nor should anything herein or in any of the arrangements contemplated herein, be construed, to create a relationship of partners, partnership or principal and agent between or among the Parties. None of them shall (i) enter into any contract or commitment with third parties as agent for or on behalf of the other Party, (ii) describe or present itself as such as agent or in any way hold itself out as begin such as agent, or (iii) act on behalf of or represent the other Party in any manner, or for any purpose.

12.3 Assignment

The Service Provider shall not assign, transfer, sub-contract or deal in any other manner with any or all of its rights and obligations under this Agreement without the express written consent of RCB.

12.4 Severability

In the event that any provision contained herein is found invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions of this Agreement shall not in any way be affected or impaired thereby and shall continue in effect in order to fully effectuate the intentions of the Parties.

12.5 No Waiver

The rights of the Parties contained herein shall not be waived or varied otherwise than by an express waiver or variation in writing and any failure to exercise or delay in exercising any such rights of any Party shall not be construed or deemed as a waiver or variation of that or any other rights contained herein.

12.6 Entire Agreement

This Agreement and the attachments hereto constitute the sole and exclusive agreement between the Parties hereto relating to the subject matter hereof and supersedes all prior agreements, correspondence and expressions of intention relating thereto whether oral or in writing between the Parties.

12.7 Amendment

This Agreement shall be amended only by a written instrument executed by the Parties.

12.8 Counterparts

This Agreement may be executed in any number of counterparts, each of which when executed and delivered is an original and all of which together evidence the same agreement.

This Agreement shall be governed by and construed in accordance with the laws of Kingdom of Thailand

Rabbit Care (which refers to Rabbit Care Co., Ltd., Rabbit Care Broker Co., Ltd., and Ask Direct Group Co., Ltd.) (the “Company”, “we”, “us”, or “our”) recognizes the importance of the protection of Personal Data relating to our business partners. This privacy policy for business partner (“Privacy Policy”) explains how we collect, use and/or disclose Personal Data of the business partner’s personnel, authorized persons, authorized signatories, directors, shareholders and other contact persons (collectively referred to as “you”, or “your”) and informs you the rights relating to Personal Data protection.

“Business Partner”, according to this Privacy Policy, includes, without limitation, business partners, distributors, suppliers, vendors, service providers, construction contractors, investors, analysts, shops, billboard tenants, independent advisors, securities companies, insurance companies, insurance brokers, insurance agents, banks, joint venture partners, and third parties e.g., third parties requesting to enter the area, contractor’s sub-contractors, related persons according to the rules of the Securities and Exchange Commission (e.g., spouse, children under the age of 20), and other business alliances.

The Company collects, uses and/or discloses your Personal Data because we currently have business relationship with you or may have business relationship with you in the future, or because you work for, represent, or proceed on behalf of our business partners, e.g., companies which supplies or provide services for the Company, or which we have business communication with which may involve you.

“Personal Data” means any directly or indirectly identified or identifiable information about you (excluding information concerning the deceased).

“Sensitive Data” means Personal Data which is considered to be sensitive according to the law. The specific types of Personal Data collected will depend on the relationship which you have with the Company as follows:

• Personal details, such as name – surname, title, age, gender, photo, video, CCTV record, geographic location, date of birth, nationality, marital status, financial status, educational and professional information (e.g. position, division, division code, occupation, information contained in job application, company that you worked for or past employer, certification of employment, salary confirmation letter, professional license, work permit, visa, training information, income and salary, first date of work), identifiable information on government-issued document (e.g., national identification card number, passport number, taxpayer identification number, driving license number, house registration number), vehicle-related information (e.g., vehicle identification number or vehicle registration number), signature (including electronic signature), business partner’s identification number (including type of business partner, type of business, area of business), business partner’s information (e.g., evaluation score of business partner/service provider, merchant identification number, business partner registration date), bank account and payment information (e.g., bank account name, bank, bank account type and number, beneficiary account name, payment date, payment method, payment currency and payment account, domestic and cross-border transfer details), credit card details (e.g., credit card number, cardholder name, expiration date), including information relating to pricing strategy, discount rate, sales volume, disbursement items, disbursement amount, details relating to lands that you own (e.g., land rights certificate number), number of shares, securities holder registration number, number of securities and dividend amount);
  
  

• Contact details, such as phone number, mobile phone number, facsimile number, address, place of business address, email address, postal code, social media account information (e.g., LINE ID, Facebook account and available time) and other similar information;
  
  

• Information relating to the interactions between the Company and the business partner, such as information that you have given to the Company (as appeared in agreement, form or survey), transactional information between you and the Company (e.g., lease agreement or purchase and sale agreement, contractor agreement, consultancy agreement, tendering or bidding document), information relating to purchase and sale transaction with related person/third party, product type, budget type, disbursement budget, expense details, traveling expense, date of purchasing product/service, amount of products/services purchased, number of disbursement items, budget, headquarter number, document number, project name, registered company, creditors, branch, area and payment terms, computer data (e.g., IP address or cookies), vendor and service provider status inspection result, including information from the terms of reference or scope of tendering/bidding/procurement, report of interests, incident report, litigation information, details of quotation in procurement project, annual vendor/service provider evaluation report, CCTV record and construction details for each project;
  
  

• Information of your related person, such as identified information of your spouse or children, information about employee working for company relating to you;
  
  

• Sensitive data, such as health data, Sensitive Data from national identification card (e.g., nationality and religion) or Sensitive Data which can be used in litigation. We will collect, use, disclose and/or transfer Sensitive Data cross-border only on the basis of your explicit consent or where permitted by law.

2.1 Channels for Personal Data collection

The Company may collect your Personal Data through multiple channels including:

• Directly from you (e.g., when you conduct business with the Company or sign an agreement or fill out a form during interactions with the Company, including interactions through our online platforms, website or mobile application, communication via email, phone, survey, name card, postal, during meeting and activity or meeting arrangement with you);
  
  
• From business partners or service providers that you work for, represent or act as agent;
  
  
• Companies under BTS Group
  
  
• From database in the Company’s system, central drive/central database or transportation software and/or electronic file;
  
  
• From public domain e.g., social media platforms and third-party websites or relevant government agencies; and/or
  
  
• From other third parties e.g., other business partners of the Company, reference persons, complainants.
  
  

2.2 Personal Data of third party

If you provide Personal Data of third party to the Company e.g., spouse, children, parents, authorized persons or any other persons, please inform such third party of this Privacy Policy for their acknowledgement and request their consent to the Company if necessary, unless there is other legal ground(s) permitted for disclosure of Personal Data of such third party.

2.3 Personal Data of incompetent person

The Company only collects the Personal Data of children, quasi-incompetent person and/or incompetent person where their parent or guardian has given their consent. The Company does not knowingly collect Personal Data from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent (as the case may be). In the event that the Company learns that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required or from quasi-incompetent person and incompetent person without their legal guardians’ consent, the Company will delete it immediately or collect, use and/or disclose if we can rely on other legal basis apart from consent or where permitted by law.

3.1 THE PURPOSES OF WHICH WE RELY ON CONSENT

After having obtained your consent, the Company may collect, use, disclose and/or transfer your Sensitive Data cross-border, for the following purposes:

• Sensitive Data as appeared in identification documents (e.g., religion and nationality): for the purposes of authentication and verification;
  
  
• Health data: for food preparation and facilitation.
  
  

Where we rely on consent for the collection, use and/or disclosure of Personal Data, you have the right to withdraw your consent at all time by contacting us (please see contact details in Item 8 of this Privacy Policy). The withdrawal of consent will not affect the collection, use and/or disclosure of Personal Data and Sensitive Data that was previously consented before the withdrawal. The Company may request your consent directly from you or through the Companies under BTS Group, business partners and/or other legal entities.

3.2 THE PURPOSE THAT WE MAY RELY ON LEGAL BASES IN PROCESSING YOUR PERSONAL DATA

We will collect, use and/or disclose your Personal Data based on the context of your interactions with us by relying on legitimate interest, contractual basis, legal compliance, consent or other legal bases permitted under the applicable laws concerning personal data protection (as the case may be), for the following purposes:

1.) For business purposes, such as to proceed business transactions with business partners and fulfil our duties and/or requests from business partners, to contact business partners regarding products, services and projects of the Company or the business partners (e.g., to respond to questions or requests);

2.) For selection of business partners, such as to verify you and status of business partners, to check status of business or perform other background checks and screen you and business partners, to assess your and business partners’ suitability and qualifications, to assess your and business partners’ risks (including the verification of public information from law enforcement agencies and/or the Company’s blacklist record), to prepare quotations or bidding offer, to enter into agreements, prepare purchase orders or purchase requests with you or business partners and to evaluate your and business partners’ management;
3.) For relationship management, such as to keep your Personal Data up-to-date, to maintain the accuracy of Personal Data, to keep agreements, relating documents, agreement’s reference documents and evidence of the work of business partners which may mention you, to plan, operate and manage (contractual) relationships and rights with business partners (e.g., to appoint, withdraw or authorize business partners to engage in transaction and order products or services, process payment, to conduct activities relating to accountancy, audit, invoice issuance, management of product and service delivery), to manage your requests or complaints, to improve, support, monitor, and record;
4.) For business communications, such as communication with business partners about products, services and projects of the Company or business partners (e.g., communication via document, response to questions, requests or operational progress report);
5.) For marketing purposes, such as to inform you about news and public information which may be useful, including activities, new product and service offers, product and service price negotiation and survey, as well as for to evaluate and consider providing financial aid (e.g., financial loan) to you or business partners;
6.) For internal management and communication within the organization, such as to publish internal activities and to comply with business codes of conduct, including but not limited to, procurement, disbursement, internal management, training, inspection, report, document delivery and management, data processing, risk control or management, trend and statistical analysis and planning, and other similar or relating activities;
7.) For business analysis and improvement, such as to research, analyse data, estimate, survey and evaluate and report on our products and services and your or business partners’ performance, including to develop and improve our marketing strategy, and our products and services;
8.) For registration and authentication, such as for your registration, verification, identification and authentication;
9.) For IT systems and IT support systems, such as to support IT and IT support departments,
to administrate system access in which the Company has granted the right to access to you, to delete unused accounts, implement business control measures to continue business, and for the Company to identify and solve problems in the IT systems, and to safeguard the security of the our systems, to develop, implement, operate and manage the IT systems;
10.) For business partner information management, such as to compile list of business partners, record data in the system and update the list and directory of business partners (which includes your Personal Data), as well as to store and manage agreements and relating documents which may contain your name;
11.) For system monitoring and security, such as to control access, monitor systems, equipment and internet, and safeguard IT security;
12.) For dispute management, such as to resolve dispute, enforce the Company’s agreements, establish, exercise, or raising legal claims, including to grant authorization;
13.) For investigation, complaint and/or crime and fraud prevention;
14.) For compliance with internal policy and relating/applicable laws, rules, regulations, guidelines (such as to apply for business licenses as required by law) and to coordinate or communicate with government agencies, courts or relevant agencies (such as the Revenue Department, the Royal Thai Police Headquarter and the State Audit Office) including to investigate, complain and/or prevent crime and fraud;
15.) For danger prevention towards life, body or health of a person, such as to control contagious disease or epidemic;
16.) For organizing corporate social and environmental responsibility
Refusing to provide the Company your Personal Data may affect you, for example, we may not be able to proceed your request, facilitate you, or fulfil our contractual obligations we have with you, and you may suffer damages or loss of opportunity. Apart from that, refusing to provide your Personal Data may affect our or your legal compliance which may impose penalty.

The Company may disclose or transfer your Personal Data to the following third parties. We will collect, use, and/or disclose Personal Data in accordance with the purposes under this Privacy Policy. These third parties may be located in Thailand and outside Thailand. You can visit their privacy policy to learn more details on how they collect, use and/or disclose Personal Data since you could also be subject to their privacy policies.

4.1 Companies under BTS Group

As the Company is part of Companies under BTS Group which all collaborate and/or partially share customer services and systems, e.g., service systems and website-related systems, the Company may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by the Companies under BTS Group for the purposes set out in this Privacy Policy. Companies under BTS Group may rely on the consent obtained by the Company to use your Personal Data.

4.2 The Company’s service providers

The Company may use other companies, agents or contractors to perform services on our behalf or to assist us in our business with you. The Company may share Personal Data to third parties, including but not limited to (1) infrastructure, software and website developers and IT service providers; (2) marketing, advertisement, design, creative advertising and communication service providers; (3) hospitals; (4) data storage and cloud service providers; (5) banks and financial institutions; (6) insurance companies, sub-insurance companies, insurance brokers, insurance agents, lost adjustors and risk surveyors; (7) logistics and transportation service providers; (8) payment and payment system service providers; (9) voting and vote counting service providers; (10) analysts; (11) travel service agencies; (12) garages and auto parts stores; (13) booking system service providers; (14) outsource internal operation service providers; (15) printing houses; and (16) surveying service providers. In the course of providing such services, the service providers may have access to your Personal Data. However, the Company will only provide the Company’s service providers with the Personal Data that is necessary for them to perform the services, and we will ask them not to use your Personal Data for any other purposes. The Company will ensure that all the service providers we work with will keep your Personal Data secure.

4.3 Our business partners

The Company may transfer your Personal Data to the Company’s business partners, such as business partners, project owners, contract parties, securities companies, stores, construction contractors, joint venture partners, companies that the Company invests in, co-shared partners and third parties that the Company share marketing or promotional campaigns for the business operation and service provision of the Company, provided that the receiving business partner shall agree to treat Personal Data in a manner consistent with this Privacy Policy.

4.4 Third parties permitted by law

In certain circumstances, the Company may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligation. This includes any government agency, court, government authority, embassy, consulate, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect the rights of the Company, third party or individuals’ personal safety; or to detect, prevent, or otherwise address fraud, security or safety issues.

4.5 Professional advisors

The Company may disclose Personal Data to the Company’s expert advisors including, but not limited to, (1) independent advisors; (2) legal advisors who assist the Company in its business operations and provide litigation services such as defending or initiating legal actions; (3) external advisors; (4) project advisors; (5) financial advisors; and (6) auditors who provide accounting services or conduct financial audit for the Company.

4.6 Assignees of rights and/or duties

We may disclose or transfer your Personal Data to our business partners, investors, significant shareholders, assignees or transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, or any other similar events involving transfer or other disposition of all or any portion of our business, assets or stock. If any of above events occurs, the receiving party will comply with this Privacy Policy to respect your Personal Data.

The Company may disclose or transfer Personal Data to third parties located overseas, which the destination countries may have the higher or lower data protection standards than Thailand’s, such as when the Company stores your Personal Data on cloud platforms or servers located outside Thailand or when we engage IT support services.

Where it is necessary to transfer your Personal Data to countries having lower data protection standards than Thailand’s, the Company will take steps to ensure that Personal Data is securely transferred, the receiving parties has in place suitable data protection standard, or the transfer is permitted under the applicable data protection law. For instance, the Company may have to obtain a guarantee from third parties who have the rights to access Personal Data that such Personal Data will be protected under the same data protection standards as Thailand’s.

If you require more information on how the Company protects your Personal Data when being transferred cross-border, please contact the Company as per the details in “Our Contact Details” section.

The Company will retain your Personal Data for as long as it is reasonably necessary to fulfil purposes for which the Company obtained them and to comply with the Company’s legal and regulatory obligations. However, the Company may have to retain Personal Data for a longer duration, as required by applicable laws.

Subject to applicable laws and exceptions thereof, a data subject may have the following rights to:

(1) access or request a copy of the Personal Data or request the Company to disclose how we acquired the Personal Data without your consent;
(2) request for revision of your Personal Data to be accurate, updated, complete and not misleading;
(3) request for deletion, destruction or anonymization of your Personal Data;
(4) obtain Personal Data relating to you, in a structured, readable or usable electronic format, and to transmit or transfer such Personal Data to another data controller, where (a) this is Personal Data which you have provided to the Company, and (b) the Company is processing such data on the basis of your consent or to fulfill contractual obligation under the agreement we have with you;
(5) object our collection, use and/or disclosure of your Personal Data or restrain our further use of your Personal Data;
(6) withdraw consent to our collection, use and/or disclosure of your Personal Data which we have to rely on your consent to at any time.

If you wish to exercise any rights above, please contact us as per the details in “Our Contact Details” section. There may be cases where the law limits the exercise of any rights above or where the Company may appropriately or justifiably decline your request, for example, the Company may decline your exercise of right in order to comply with the laws or court’s orders. If we decline your request due to such reason, the Company will notify you of the reason.

If you believe that our collection, use and/or disclosure of your Personal Data by has does not comply with the applicable laws concerning personal data protection, you have the right to submit a complaint to the relevant agencies relating to personal data protection. However, if you have any complaints, please contact the Company first before contacting the relevant agencies so that we have an opportunity to resolve your complaints accordingly.

As a way to protect personal privacy, the Company maintains appropriate security measures, which includes administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of Personal Data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.

In particular, the Company has implemented access control measures which are secured and suitable for the Company’s collection, use and/or disclosure of Personal Data. The Company restricts access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user, access management to limit access to Personal Data to only authorized persons, and implement user responsibilities to prevent unauthorized access, disclosure, perception, unlawful duplication of Personal Data or theft of device used to store and process Personal Data. This also includes methods enabling the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of collecting, using and/or disclosing of Personal Data.

The Company may amend this Privacy Policy from time to time if there is a change in the Company’s practice in personal data protection due to reasons, such as changes in technology or the law. Such amendment shall be in effect when the Company publishes the Privacy Policy. Notwithstanding the fact that if such amendment has significant impact on you as a data subject, the Company will appropriately notify you in advance before the amendment takes effect.

If you wish to contact us to exercise the rights relating to your Personal Data or if there are any queries about your Personal Data under this Privacy Policy, please contact our Data Protection Officer (DPO) at: Rabbit Care (which refers to Rabbit Care Co., Ltd., Rabbit Care Broker Co., Ltd., and Ask Direct Group Co., Ltd.)

1 Q. House Lumpini Building, 29th Floor, South Sathorn Road, Thungmahamek, Sathorn, Bangkok 10120 [email protected] or 084-021-9999