Adobe Systems

Announcement of Somapa Information Technology Public Company Limited

No. DPO 001 / 2025

Subject: Personal Data Protection Policy for InfoSurf Application

……………………………………………………………………………………………………………………………………

Somapa Information Technology Public Company Limited ("the Company") recognizes the importance of personal data protection and have supervision and management of personal information to be in line with personal data protection laws and related laws Therefore, we would like to inform you of the following information to comply Personal Data Protection Act B.E. 2562 with the important points as follows:

1. Personal Data
1.1 Characteristics of Personal Data In this document
Personal Data means any data relating to a natural person that can be directly or indirectly identified to that natural person. This does not include the personal information of the deceased person.
Sensitive Personal Data means personal data relating to race, ethnicity, political opinions, doctrine religion or philosophy sexual behavior, criminal record, health information, disability union information, genetic data, biometric data (e.g. fingerprint scans, face scan, etc.) or any other information that affects the owner of personal data in the same way as announced by the Personal Data Protection Committee.

1.2 Personal Data Collected
The Company may collect your personal data as follows:
General Personal Information
(a) Information about your use of electronic systems, including email address, first name - last name, browser type and mobile OS type.

2. Respect for Privacy Rights
The company respects the rights of the data subject's personal data and conscious that the owner of the information would like to have security concerning their Personal Data. Data received by the company will be used for the relevant purposes only, where the company has strict measures to maintain security as well as preventing the use of personal information unlawfully.

3. Collection of Personal Data
To collect personal data directly from the data subject and the use of personal data including the disclosure of personal information, the company will ask for consent from the data owner before or during the collection. If the law requires consent and will process personal data as necessary in accordance with the purposes set by the Company expressly stated.

4. Purpose of collection, use and disclosure of Personal Data
The Company collects, uses and discloses Personal Data for the following purposes:
(a) For communicate with users and update the application
(b) For analyzing and tracking the use of services on the application and the purpose of retrospective auditing in case of usage problems.

Personal Data that the company carry out the collection for the above purposes. If you do not provide such necessary personal data, the Company may not be able to provide services to you.
However, if there is a change in the purpose of collecting personal data, the Company will notify you.

5. Period of storage of Personal Data
The company will keep your personal information throughout the period of providing the application service and may continue to keep for a period necessary for compliance with the law or under the legal statute of limitations. The company will delete your personal data from its database upon service termination or when it is no longer legally necessary.

6. Security
The company has put in place measures to maintain the security of personal data to prevent the loss, access, destruction, use, transformation, alteration or prevention of unauthorized or unlawful use of personal data.

7. Your rights as a Data Subject
As a personal data subject, you have the rights set forth in the Personal Data Protection Act B.E.2562 , including the following rights:

7.1 Right to be informed
Collection of personal data. The personal data controller must provide the details of the data collection as well as the use or disseminate to the data owner before or during data collection (except in the case where the data owner already knows such details, such as using various services), where the data owner has the right to know the purpose of data collection, use or dissemination, things to store, storage period as well as the details of the personal data controller such as contact address and how to contact including the potential consequences of not providing information.

7.2 Right to withdraw consent
You have the right to revoke your consent to the processing of personal data that you have given consent to the Company, unless the revocation of consent is limited by law. The revocation of consent will not affect the processing personal data you have given consent legally.

7.3 Right to request access to Personal Data
You have the right to request access and obtain a copy of your data which is under the Company's responsibility include asking the Company to disclose the acquisition of such information that you have not given consent to the Company.

7.4 Right to request sending or transfer of Personal Data
You have the right to request the Company to transfer your personal data that you have provided to the company as required by law.

7.5 Right to object to the collection, use or disclosure of Personal Data
You have the right to object to the processing of data about you in case of collection, use or disclosure of your personal data as required by law.

7.6 Right to request deletion of Personal Data
You have the right to request the Company to delete, destroy or anonymize personal data as required by law.

7.7 Right to request suspension of use of Personal Data
You have the right to request the Company to suspend the use of your information as required by law.

7.8 Right to request rectification of Personal Data
In case you see that the information that the company is inaccurate or you have changed your own personal information, you have the right to request the Company to correct your personal information so that such personal information is accurate, current, complete and not misleading.

7.9 Right to complain
You have the right to file a complaint with the competent official under the Personal Data Protection Act B.E.2562 if the Company violates or fails to comply with the said Act.
In case the subject of personal data is limited by choosing to provide specific personal data may result in being unable to fully receive services from the Company. Including the Company may not be able to provide any service if the data subject does not agree to provide the information that the company needs.

8. Disclosure of Personal Data to other persons or entities
The company will not disclose your personal data to the other entities except in accordance with the law.

9. Personal Data Protection Officer
The Company has operated in accordance with the Personal Data Protection Act B.E.2562 by appointing a Data Protection Officer (DPO) to inspect the Company's actions regarding the collection, use and disclosure of personal data in accordance with the Personal Data Protection Act B.E.2562, including laws related to the protection of personal data.

10. How to contact
If you have any questions or want to ask more details about the protection of your personal data. Please contact the company through the following channels:
Somapa Information Technology Public Company Limited
Contact address: No. 12 Soi Phrayasuren 35,Bangchan, Khlongsamwa, Bangkok 10510
Phone number: 02-791-8888


Personal Data Protection Officer
Contact address: No. 12 Soi Phrayasuren 35, Bangchan, Khlongsamwa, Bangkok 10510
Email: [email protected]

11. Changes to Personal Data Protection Policies and Practices
The company will review the terms and conditions of the company's policies, in this edition from time to time to be consistent with the practice and related laws. If there is any change in the Company, it will be notified by dissemination through appropriate announcements by the Company.

12. Consent Consent
Using the InfoSurf Application services is considered as the user acknowledging the personal data protection policy for the InfoSurf Application and consenting to the company collecting, using, and disclosing personal data as per Clause 1.2, and acknowledging the rights of personal data owners under the Personal Data Protection Act B.E. 2562 already

13. Children
Our Services are not directed to, or intended for, children under 13. We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 has provided Personal Data through the Services, please email us at [email protected]. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.

Announced on date July 15, 2025