GDPR – Data Sub-Processing Addendum


Last revised: March 13, 2022

Effective date: March 13, 2022

This Data Sub-Processing Addendum (“Addendum”) amends and forms part of the Terms of Service agreement governing the use of the Services and Products, and the Order form, if any (“Principal Agreement”), entered by and between you, a customer of the Services and Products (“you” or “your” or “Customer”) and Pathfix Inc. (“we” or “us” or “our” or “Pathfix”) to reflect the parties agreement with regard to the Processing of Personal Data by Pathfix solely on behalf of the Customer. The Customer and Pathfix may hereinafter be referred to individually as a “Party” and collectively as the “Parties”.

The scope and duration, as well as the extent and nature of the collection, processing and use of Customer Personal Data under this Addendum has been defined in the Principal Agreement. The term of this Addendum corresponds to the duration of the Principal Agreement.

Capitalized terms not defined herein shall have the meanings assigned to such terms in the Principal Agreement.

By using the Services, you accept the terms and conditions of this Addendum and you represent and warrant that you have full authority to bind the Customer to this Addendum. If you cannot, or do not agree to, comply with and be bound by this Addendum, or do not have authority to bind the Customer or any other entity, please do not provide Personal Data to us.

If you need a signed copy of this Addendum, you can download this Addendum and send a signed copy to and we’ll provide you a countersigned copy.



Unless otherwise defined herein, capitalized terms and expressions used in this Addendum shall have the following meaning;

a. “Addendum” means this Data Processing Addendum and all annexures attached hereto;

b.Pathfix” means Pathfix Inc., a Delaware Corporation and its affiliates and subsidiaries. 

c. “Business’,’ “Business Purpose”, Consumer”, “Person”, “Personal Information”, “Sell”, “Service Provider” and “Third Party” shall have the meanings set forth in CCPA. 

d. “California Personal Information” means Personal Data that is protected under the CCPA.  

e. “CCPA” means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018) as may be amended from time to time, and any rules or regulations implementing the foregoing. 

f. “Customer Personal Data” means any Personal Data Processed by Pathfix on behalf of the Customer pursuant to or in connection with the Principal Agreement.

g. “Data Protection Laws” means the data protection or privacy laws, rules, and regulations of the European Union, the European Economic Area and their member states, and the State of California, United States applicable to the Processing of Customer Personal Data under this Addendum.

h. “Data Transfer” means:

  1. A transfer of Customer Personal Data from the Customer to Pathfix; or 
  2. an onward transfer of Customer Personal Data from Pathfix to a Sub-processors, or between two establishments of Pathfix, in each case, where such transfer would be prohibited by Data Protection Laws  

i. “EEA” means the European Economic Area; 

j. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;

k. “GDPR” means EU General Data Protection Regulation 2016/679;

l. “Services” means the services provided by Pathfix to the Customer pursuant to the Principal Agreement. 

m. “Standard Contractual Clauses” means the standard contractual clauses for Processors approved pursuant to the European Commission’s decision (EU) 2021/914 of 4 June 2021, for the transfer of personal data to third countries in the form set out in Annexure 3; as amended, superseded or replaced from time to time in accordance with this Addendum.

n. “Sub-processors” means any person or entity appointed by or on b