PRIVACY NOTICE

D1 Proxy Service System

I. Introduction

This Privacy Policy is issued by Data One Asia (Thailand) Co., Ltd., in behalf of the Service provider of the “D1 Proxy Service System” to clarify and outline the manner in which the Company collects, processes, uses, and discloses your personal data. This policy applies when the Relying Party (RP) engages the D1 Proxy Service System, which provide the exchange of information between Relying Parties (RP) and Identity Providers (IDP) or Authoritative Sources (AS) via the NDID Platform.

II. DEFINITION

 “Company” means Data One Asia (Thailand) Co., Ltd.

 “Relying Party or (RP)” means an entity acting as a provider is obligated to verify and authenticate the identity of user prior to the provision of services.

 “Identity Provider or (IdP)” means an entity obligated to provide confirmation of the accuracy of the registration data of user upon request

 “Authoritative Source or (AS)” means an entity or government agency that holds reliable personal data of user.

 “User” means any persons requesting services from the RP.

 “NDID” means National Digital ID Co., Ltd. (NDID).

 “D1 Proxy Service System” means system developed to serve as an intermediary for the integration of data with Digital ID Platform.

 “Services” means the Services offered by Company in connection with D1 Proxy Service System, including collecting, recording, submitting, accessing, receiving Original Data, storing, processing, and onboarding the Transactions so that Relying Party (RP) may utilize the Digital ID Platform as if Relying Party (RP) is directly connected to the Digital ID Platform.

 “Personal Data” means Personal data as defined under the Personal Data Protection Act, which user has provided through the system of the Relying Party (RP).

 “Data Controller” means an individual or entity vested with the authority and responsibility to make determinations concerning the collection, use, or disclosure of personal data

 “Data Processor” means an individual or entity that processes the collection, use, or disclosure of Personal Data pursuant to the instructions or on behalf of the Data Controller. Such individual or entity shall not be deemed a Data Controller.

III. HOW DO WE USE YOUR PERSONAL INFORMATION?

This policy is issued to provide a detailed explanation of the D1 Proxy Service System offered by the Company. It outlines the service model of the D1 Proxy Service System, which is provided as an Outsourcing Service. The D1 Proxy Service System will be deployed at the Company's Data Center and Disaster Recovery (DR) Site. The requests from the Relying Party (RP) will be processed via the RESTful API provided by the Company. The System will request Personal Data from the NDID Platform and transmit the data back, encrypted in accordance with established standards (AES256 + RSA2048). Upon successful transmission of the Personal Data to the Relying Party (RP), the Company will not retain any Personal Data.

IV. PERSONAL DATA PROTECTION

Recognizing the critical role of services related to the exchange of information for Digital ID, and their importance in ensuring effective and secure electronic transactions while mitigating potential risks, the Company, in its capacity as a Data Processor acting in accordance with the instructions or on behalf of the Data Controller, has established the technical and administrative measures for the protection of personal data following;

Data Encryption: Personal Data will be encrypted during transmission through the System to prevent unauthorized access.

Access Control: The Company has a strict access control system in place to ensure that only authorized individuals can access your Personal Data.

Security Audits: The Company performs regular security audits to identify and mitigate potential risks or breaches, ensuring the protection and integrity of the data.

V. TERM

The Company will retain Personal Data of Data Subjects only for the duration necessary to provide the D1 Proxy Service System. Once the data has been successfully transmitted to the Relying Party (RP), the Company will no longer retain any personal data.

VI. AMENDMENT TO PRIVACY NOTICE

The Company reserves the right to amend this Privacy Notice periodically to reflect changes in legal requirements and company operations. Any such amendments will be published on the company's website. It is recommended that you review this notice regularly to stay informed of any updates.

VII. CONTACT US

If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Location:       Data One Asia (Thailand) Co., Ltd.

Address:        1023 MS Siam Tower, 30th Floor, Rama 3 Road, Chongnonsi, Yannawa, Bangkok 10120

Telephone:    (662) 686-3000, 682- 6111, 682-6222