EDA (Thailand) Company Limited (hereinafter referred to as the “Company”, “we”, “us”, or “our”) is the provider of life-long learning management systems and electronic educational media under the name “ZUNO” primarily in the form of applications and websites.

We recognize the importance of personal data protection and respect your privacy rights as a user, whether you are a teacher, a student, or a parent of the student (hereinafter referred to as the “User”, “you”, “your”, or “yours”). We announce this Privacy Policy (the "Policy") to comply with the Thailand’s Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) and to inform you of the protection of your Personal Data (as described below) that is collected, used, disclosed and/or transferred (collectively, “process”) to any other relevant persons by us via our website and application.

For any related actions, we shall maintain the security of your Personal Data following the standards for personal data security and prevent the use of your data for any purposes other than those outlined in this Policy without your permission.

1. Personal Data that We Collect

Under this Policy, “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly. Your Personal Data that we process are as follows:

• General Personal Data

• Personal information, e.g., title, first name and last name, national ID, Date of Birth affiliated educational institution information;
• Contact information, e.g., phone number, e-mail address;
• Personal data for system use, e.g., profile picture,username and password of your user account;
• Other related personal data, e.g., learning progress & scores, study results.

• Sensitive Personal Data

• Biometric Data (Facial Recognition): Used for identity verification, access to the platform or application, and delivery of relevant promotions, financial services, literacy courses, and subscription payment reminders (If any).
• Academic Records: Used for skill gap analysis and course recommendations.
• Social Media Profiles: Used for multi-channel marketing campaigns.

We will ensure compliance with applicable laws or will obtain your consent prior to or at the time of processing of your sensitive Personal Data unless we can rely on other lawful bases under the PDPA.

You can register and access the system by logging in using third-party platforms, such as "Line”, “Facebook", "Google", "ZUNO Account", or "Apple”. These platforms authenticate your identity and give you options to disclose certain Personal Data to the Company, which includes your name and e-mail address. Therefore, if you authorize these third-party platforms to share your Personal Data with us, you will be asked to share your Personal Data with us and we may receive your additional information through such mechanisms.

• Automatically Collected Personal Data

Upon your access to our services, we may automatically collect information about your usage, including access times, device identifiers, IP addresses, general usage data, usage history, settings, language preferences, device name and model, location and time zone, network provider, operating system details, and session duration. Additionally, we collect publicly available information such as messages, posts, comments, and any conversational messages shared through our services.

1. Channels Through Which We Obtain Personal Data

We receive your Personal Data primarily directly through your registration for the purpose of creating a user account for service access and receiving information from content providers, teachers or class instructors. Additionally, you may provide further Personal Data to us during user account creation via website and application registration or for accessing services.

2. The Purposes and Lawful Bases for Processing Personal Data

We will process your personal data for the following purposes:

• To support any actions necessary for fulfillingcontractual obligations or to assist with your requests prior to forming a contract, including:

• Registering to create a user account;
• Verifying your identity for account registration;
• Testing the instructional system services;
• Accessing the instructional and quiz systems;
• Evaluating or enhancing student abilities through exercises and quizzes;
• Recording exercise and quiz results for students to review and improve their skills;
• Facilitating communication and learning activities between teachers, students, and authorized individuals such as administrators;
• Verifying identity, providing access to the platform or application, and delivering relevant promotions, financial services, and literacy courses;
• Conducting skill gap analyses and providing course recommendations;
• Implementing multi-channel marketing campaigns;
• Displaying publicly published content created by users through “posts” or “topics” to other users;
• Processing payments for service charges and/or additional services on the website and application (if any);
• Responding to your requests for information and service usage; and
• Providing support services, contacting for information, responding to requests, or inquiring about the service.

• To comply with legal obligations relating to business operation, such as submitting information to government agencies as required by law, complying with court orders or legal officer directives, paying legal fees, or exercising of rights for legal or judicial claims.

• In certain cases, we need to perform operations for our legitimate interests, which include:

• Disclosing Personal Data, including study results, to teachers and administrators for score evaluation, study results analysis and study result report preparation, and reporting the study results to you;
• Managing customer relationships, conducting market research,and improving and developing more/new efficient services;
• Contacting you regarding complaints or feedback on our services that need improvement;
• Monitoring your use of services to improve our serviceefficiency;
• Developing and improving service quality, enhancing service efficiency, and facilitating service usage through any systems for customers and users;
• Disclosing your Personal Data when necessary for investigation and prevention, or responding to suspected illegal activities or fraud, or protecting the safety, rights, or assets of the Company or other persons; and
• Disclosing your Personal Data for our internal audit.

• The Company processes your Personal Data with yourconsent for the purpose of presenting or submitting news about privileges, promotions for services, or campaigns related to our service

3. Disclosure of Personal Data

We will not disclose your Personal Data to third parties for purposes not specified in the Policy without obtaining your explicit consent or another appropriate lawful basis.

Notwithstanding the foregoing, your Personal Data and other information shall be backed up on the servers of web hosting service providers and ZUNO applications, located in Thailand. In the event that your Personal Data is transferred outside of Thailand, we shall ensure that legal mechanisms, such as adequate data protection standards or appropriate safeguards, are in place to comply with the requirements for the cross-border transfer of personal data under the PDPA.

Moreover, we may share your Personal Data with our affiliates or third-party service providers to perform operations related to information systems in the platform management and any other necessary actions under the purposes mentioned in this Policy for the benefit of our services. We shall ensure that these entities process your Personal Data in compliance with this Policy and applicable laws.

Where necessary, we may disclose your Personal Data to comply with the laws, court orders, or orders of any government agencies or regulatory agencies, including submitting your Personal Data to relevant agencies for verifying your information to prevent fraud or corruption without your consent or to take action as required by laws.

4. Cookies

When you visit our website, we may place cookies on your device to automatically collect your Personal Data.

What are cookies?

Cookies are small data files sent from our website and stored on your computer. Cookies are used to record your browsing activities on our site, such as your preferred language, list of favorites, general usage, and other settings. This helps us customize the website to suit your needs, making your browsing experience faster and more convenient.

Managing cookies

You can adjust your browser settings to disable cookies to prevent it from automatically accepting new ones. However, this may affect the quality of your experience on our website or cause difficulties in using certain features.

5. Retention and Security Measures

The Company will retain your Personal Data for the duration of your use of our services or as necessary to fulfill the purposes outlined in this Policy. The retention period will be determined appropriately based on the terms of the agreement, statute of limitations, the necessity to retain your Personal Data for establishment or exercise of legal claims, or compliance with the period required under the applicable laws and regulations. After the retention period ends, the Company ensures that your Personal Data, including any copies or backups, is deleted, destroyed, or de-identified as appropriate.

To ensure the security of your Personal Data, we implement the security measures that cover the Personal Data whether it be stored in documents, electronic systems, computer systems, or any other tools. These security measures include administrative, technical, and physical safeguards according to the standards under applicable laws in order to prevent loss, access, usage, alteration, amendment or unlawful disclosure of Personal Data or any act without lawful authority.

We restrict access to your Personal Data and employ technologies to secure it and prevent unauthorized access or attack to our computer or electronic systems. When your Personal Data is disclosed to third parties for processing, we shall ensure and supervise the process to maintain appropriate security.

6. Rights of DataSubject

Subject to the PDPA, you as the data subject may have the rights as follows:

• Right toaccess: You may have the right to request access to or a copy of your Personal Data that was processed by the Company.

• Right to data portability: You may have the right torequest the transfer of your Personal Data in an organized format that can be read in electronic form, and to request the data portability of Personal Data to other persons as intended (the Company reserves the right to collect charges which will be appropriately determined based on the actual expenses).

• Right to objection: You may have the right to object to the processing of Personal Data. In this case, as required by law.

• Right to deletion: You may have the right to request erasure or destruction of your Personal Data or make the same non-identifiable by any means.

• Right to restriction: You may have the right to restrict our use of your Personal Datawhere you suspect such Personal Data to be inaccurate, or our processing is unlawful, or we no longer need such Personal Data, provided that there are no legal restrictions that we cannot carry out according to your request.

• Right to withdraw consent: Where you have given your consent to us, you may withdraw your consent at any time. Your withdrawal of consent will not affect the collection, use, and disclosure of Personal Data you have legally and previously consented to.However, if you exercise your right to withdraw your consent, we may not be able to provide convenience, communicate with, or provide some services to you.

• Right to rectification: We are committed to maintaining the completeness, accuracy, and currency of your Personal Data to prevent any misunderstandings. However, if there are any changes or inaccuracies in your Personal Data, you have the right to request that we rectify it.

• Right to lodge a complaint: You have the right to make a complaint to the Office of the Personal Data Protection Commission (PDPC) if you deem that the Company does not comply with applicable data protection laws

The exercise of your rights mentioned above shall be in accordance with the laws. The Company may refuse the exercise of your rights above under the restrictions on the exercise of your rights as the data subject as required by laws.

To submit a request for the exercise of your right, you may contact our data protection officer (DPO) through the channels provided in Article 11. The Company will consider and inform you of the results within 30 days from the date of receipt of your request for the exercise of your right. If the Company refuses the exercise your rights, the Company will give you the reason for the rejection of the exercise of the right.

7. Settings of NewsNotification/Notification

We may send news notifications or other notifications to your devices. You can disable these messages at any time by adjusting the notification settings on your device or within the website and/or application.

8. Links to Third-party Applications or Websites

Some of the Company’s services may contain links to third-party applications or websites. The access and use of these third-party applications or websites are not governed by our Policy but by the privacy policy of the respective third parties. We shall not be liable for any issues arising from your access to or use of third-party applications or websites, even such third parties do not operate their applications or websites in accordance with their privacy policies.

9. Update of Privacy Policy

We will regularly review and maintain the security level of personal data protection and will notify you of any amendments or updates to our Policy if any. Your continued use of the service after such notifications will be considered acceptance of each amendment or update.

10. Our Contact Channels

If you wish to exercise any rights mentioned above or have any questions, inquiries, suggestions, or complaints regarding our personal data protection policy, please contact us through the following channels:

EDA (Thailand) Company Limited

23/72, 2nd – 4th Floor, Block G, Royal City Avenue Building, Soi Soonvijai, Rama 9 Road, Bangkapi, Huay Kwang, Bangkok 10310 Thailand

Tel: +662 203 1492

Fax: +662 203 1495

Email: support@usezuno.com

Data Protection Officer

23/72, 2nd – 4th Floor, Block G, Royal City Avenue Building, Soi Soonvijai, Rama 9 Road, Bangkapi, Huay Kwang, Bangkok 10310 Thailand

Tel: +662 203 1492

Fax: +662 203 1495

Email: DPO@usezuno.com