Coach HCM

Terms of Use

Terms of use effective as of 1 January 2024

1. Definitions

1.1.  “Software” means the proprietary HR software developed and provided by Puumsoft, including updates and documentation.
1.2. “Licensee” means a party who has purchased a license to use the Software.
1.3.  “Subscriber” means a party who has entered into a subscription agreement for the Services.
1.4.  “User” means an individual authorized to access the Services by the Licensee or Subscriber.

2. Grant of Rights

2.1.  For Licensed Users: Subject to payment of all applicable fees and compliance with these Terms, Puumsoft grants the Licensee a non-exclusive,
non-transferable, license to install and use the Software for internal business purposes.
2.2. For Subscribers: Subject to payment of subscription fees and compliance with these Terms, Puumsoft grants the Subscriber a non-exclusive, non-transferable, time-limited license to access and use the Services via a cloud-based or hosted platform.

 3. Maintenance and Support

3.1.  For Licensed Users: Maintenance and support are provided pursuant to a separate Maintenance Agreement. Unless otherwise agreed, maintenance services include:
     3.1.1. Software updates and bug fixes
     3.1.2. Technical support during business hours
     3.1.3. Access to knowledge-base documentation
3.2.  For Subscribers: Maintenance, hosting, and support are included in the Subscription and may vary by tier. Support includes:
3.2.1. Software updates and bug fixes
     3.2.2. Cloud hosting and data backups (Saas)
     3.2.3. Technical support during business hours
     3.2.4. Access to knowledge-base documentation

4. Restrictions Users may not:

4.1.  Reverse engineer, decompile, or disassemble the Software.
4.2 Use the Services to provide a service bureau or SaaS offering without written consent.
4.3.  Circumvent usage limits, license keys, or access controls.
4.4.  Transfer, sublicense, or resell the Software or Subscription without authorization.
4.5. You must not transmit any information into Puumsoft’s system that would violate the Computer Crime Act B.E. 2550 (2007), Section 14, which stipulates:
“Any person who commits the following offenses shall be subject to imprisonment for not more than five years, or a fine of not more than one hundred thousand baht, or both:
(1) Introducing into a computer system forged computer data, whether in whole or in part, or false computer data in a manner likely to cause damage to another person or the public;
(2) Introducing into a computer system false computer data in a manner likely to cause harm to national security or cause public panic;
(3) Introducing into a computer system any computer data related to an offense against national security or an offense related to terrorism under the Criminal Code;
(4) Introducing into a computer system any obscene computer data which may be accessible to the public;
(5) Disseminating or forwarding computer data, knowing that such data is computer data described in (1), (2), (3), or (4).”

5. Data Ownership & Privacy

5.1.  All data input by Users remains the property of the Licensee or Subscriber.
5.2. Puumsoft will access and process data only to provide the Services and in accordance with the Privacy Policy. Subscribers acknowledge and agree to data being stored in secure, third-party cloud environments.

6. Fees and Payment

6.1.  Licensed Users: Fees are due as specified in the License Agreement. Maintenance renewals must be paid annually to retain access tosupport and updates.
6.2.  Subscribers: Subscription fees are billed monthly or annually, as selected. Failure to pay may result in suspension or termination of access.

7. Term and Termination

For Licenses, these Terms remain in effect as long as the Licensee uses the Software. For Subscriptions, these Terms remain in effect until the end of the Subscription term unless earlier terminated for breach. Either party may terminate with written notice in the event of a material breach not cured within 30 days.

8. Intellectual Property

All intellectual property rights in the Software and Services remain the exclusive property of Puumsoft. No rights are granted other than those expressly set out in these Terms.

9. Limitation of Liability

To the maximum extent permitted by law, Puumsoft will not be liable for indirect, incidental, special, or consequential damages. Users are responsible for data checking, validation and correctness.

10. Shared Responsibility Model

The Company and the Customer share responsibility for information security in accordance with the matrix below. The Company shall communicate this Shared Responsibility Matrix to the Customer before the commencement of the services and incorporate it into the applicable Service Agreement or Data Processing Agreement (DPA).

Responsibility AreaCompany (SaaS Provider)CustomerSupplier/Vendor (AWS / INET)
Provisioning of Windows ImagesResponsible for preparing and providing the Windows images.
Provisioning of Virtual Private Cloud (VPC)Responsible for provisioning the VPC.
Provisioning of SubnetsResponsible for provisioning the subnets.
Physical InfrastructureResponsible through the underlying Cloud Service Provider (CSP), such as AWS, Azure, or Google Cloud Platform.
Application SecurityFully responsible for application security, including security patching, Static Application Security Testing (SAST), and penetration testing.
Customer DataResponsible for protecting Customer Data and preventing unauthorized access.Acts as the data owner and is responsible for the accuracy, legality, and appropriateness of the data submitted to the service.
Personal Data Breach NotificationResponsible for notifying the Customer’s Data Protection Officer (DPO) in the event of a personal data or PII breach.Responsible for notifying the Office of the Personal Data Protection Committee (PDPC), where required by applicable law, in the event of a personal data or PII breach.Responsible for notifying the relevant customer or contracting party in the event of a personal data or PII breach affecting the cloud service.
Identity and Access ManagementResponsible for managing backend access and the administrative console.Responsible for managing its own user accounts, access rights, and user activities.
Data EncryptionFully responsible for encryption of data at rest and in transit.Not responsible, as this is within the Company’s scope of responsibility.
Backup and RecoveryResponsible for platform-level backup and recovery.Responsible for performing any additional exports or backups of its own data, where required.
Legal and Regulatory Compliance, Including PDPAResponsible in its capacity as the Data Processor.Responsible in its capacity as the Data Controller.
Information Deletion and Service TerminationResponsible for disabling access to the application upon termination of the service.Responsible for deleting or otherwise managing its personal data after termination of the service.Responsible for deleting cloud-hosted data when the Customer terminates the cloud service, in accordance with the applicable agreement and retention policy.
Vulnerability ManagementResponsible for conducting source-code and application security scans before deployment.
 Responsible for remediating Critical- and High-risk vulnerabilities before deployment.
 Responsible for applying security patches and updates to remediate identified vulnerabilities.Responsible for cooperating with security patching and update activities in accordance with the implementation plan jointly agreed with the Company and the CSP.
Incident ManagementResponsible for investigating and resolving service-related incidents and communicating the resolution or status to the Customer by email, telephone, or other agreed communication channel.Responsible for reporting service-related problems or incidents to the Company.Responsible for resolving incidents that fall within the Cloud Provider’s area of responsibility.
 Responsible for securely handling supporting information used for incident reporting, investigation, and resolution within systems managed by the Company.Responsible for securely handling supporting information used for incident reporting, investigation, and resolution within systems managed by the Customer.
Change ManagementResponsible for notifying the Customer of changes that may affect the Customer’s use of the services.Responsible for reviewing and approving applicable changes and cooperating with the implementation of such changes.Responsible for notifying the Company or customer of changes that may affect the use or availability of the cloud services.

11. Warranties and Disclaimers

Puumsoft warrants that the Software will substantially perform in accordance with documentation for 180 days following go live delivery. EXCEPT AS EXPRESSLY STATED, THE SOFTWARE AND SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND.

12.Governing Law

These Terms shall be governed by the laws of Bangkok Thailand without regard to conflict of law principles. Any disputes will be subject to the exclusive
jurisdiction of the courts located in Bangkok Thailand. 

13. Changes to Terms

Puumsoft reserves the right to modify these Terms with notice. Continued use of the Services constitutes acceptance of the updated Terms.

14. Contact

If you have questions about these Terms, please contact:

Puumsoft Co., Ltd.
54 BB Building 14th Floor #1402
Sukhumvit 21 (Asoke) Road
Khlong Toei Nuae, Watthana
Bangkok, 10110 Thailand

info@puumsoft.co.th
02-260-0100

ISO standard

Security and Governance

Protect your employee data with confidence through globally recognized security standards ISO27001, ISO27701 and ISO29110. Our platform ensures robust Information Security, Privacy Management, and Secure Software Development. With advanced encryption and Single Sign-On (SSO) support, your data stays safe, private, and fully compliant at every level.

curious.jpg
Learn more about the COACH HCM