humanit managed services

OUR SERVICES

Legal

Transparency, Contracts & Data Protection

Legal & Contractual Information

This page provides an overview of our legal, contractual, and data protection framework to support customers, procurement teams, and legal reviewers during due diligence and contracting. The information on this page is provided for transparency only and does not replace the legally binding terms contained in the Master Services Agreement (MSA) and associated schedules.

How Our Contracts Are Structured

Our services are governed through a clear, enterprise-ready contractual structure:

  • Master Services Agreement (MSA) – Core legal terms governing the relationship
  • Service Schedules – Tier-specific scope, service levels, and inclusions
  • Service Level Agreements (SLA) – Response targets, escalation paths, and service reviews
  • Data Processing Agreement (DPA) – Personal data protection and processing obligations

Full contractual documents are provided during the sales and onboarding process.

Book a Free IT Assessment

SLA & DPA Summary

We provide a plain-language summary of our Service Level Agreements and Data Processing Agreement to help customers understand expectations before contracting.

Includes:

  • service levels by tier (Bronze, Gold, Platinum)
  • incident prioritisation and escalation
  • breach detection and notification approach
  • data protection roles and safeguards
  • shared responsibility model

Compliance & Regulatory Alignment

Our services are designed to support alignment with applicable regulations and standards, including:

  • Thailand Personal Data Protection Act (PDPA)
  • Thai Computer Crime Act
  • ISO/IEC 27001:2022 (aligned controls)
  • ISO 22301 business continuity principles (Platinum)
  • TISAX and supply-chain security expectations

Detailed compliance information is available in our Compliance Pack.

Governing Law & Jurisdiction

Unless otherwise agreed in writing, our agreements are governed by the laws of the Kingdom of Thailand, and disputes are subject to the jurisdiction of Thai courts.

Data Protection & Privacy

When delivering services that involve personal data:

  • customers act as Data Controllers
  • we act as a Data Processor

We apply appropriate technical and organisational measures to protect personal data and support customers in meeting PDPA obligations.

Sub-Processors

We may use carefully selected sub-processors to deliver parts of our services (for example, infrastructure or security platforms).

Sub-processors are subject to contractual confidentiality and security obligations consistent with PDPA and industry best practice.

A current sub-processor list is available upon request.

What This Page Is (and Is Not)

This page:

  • provides transparency into our legal and contractual approach
  • supports procurement and due diligence
  • helps set expectations early

 

This page does not:

  • constitute legal advice
  • replace the MSA, SLA schedules, or DPA
  • create contractual obligations

Request Full Legal Documentation

If you require full copies of our legal agreements, SLA schedules, or data protection documentation, our team can provide them as part of the contracting process.

Contact us to request full legal documentation or discuss contractual requirements.