Data Processing Addendum

UPDATED: January 1, 2023

Route Data Protection Addendum

THIS DATA PROCESSING ADDENDUM (this “DPA”) supplements and is a part of the Master Services Agreement or other written or electronic agreement (in either case, the “Agreement”) for the purchase of services (identified in the Agreement as either “Services” or otherwise, and hereinafter defined as “Services”) entered into between Route App Inc. (“Route”, “we”, “us” and “our”), and the entity that has offered our services pursuant to the Agreement (“Merchant-Customer”, “you” and “your”). This English language version controls regardless of any translation.

Appendix 1

Annex I

    • Data exporter(s):  
      • Merchant-Customer, and Merchant-Customer’s details and signature shall be as provided in the Agreement.
      • Activities relevant to the data transferred under these Clauses: Collect consent and transfer User Data for purposes of Route providing Services under the Agreement.
      • Role (controller/processor): Controller
    • Data importer(s): 
      • Name: Route, Inc.
      • Address: 1441 West Innovation Way, Suite 150, Lehi, Utah 84043
      • Contact person’s name, position and contact details: John Jensen, General Counsel, [email protected].
      • Activities relevant to the data transferred under these Clauses: Route will process personal data in accordance with the Addendum and the Agreement that governs Route’s insurance and tracking services for retail purchases. Processing may include collecting, storing, using, altering, and otherwise transferring personal data as required to provide the Services.
      • Role (controller/processor): Controller/Processor
    • Categories of data subjects whose personal data is transferred
      • Merchant-Customer’s end users of the Services (i.e., Merchant Customer’s personnel)
      • Consumer-Customers
    • Categories of personal data transferred
      • Identifiers, such as: phone number, first name, last name, physical address, email address, zip/postal code, device ID, order ID, transaction ID, items purchased, credentials
      • Transaction information, such as: transaction amount, payment method, last 4 digits of a payment card number
      • Internet or Network Activity, such as: login behaviour, behaviour transaction analyses, IP address
      • Professional or Employment Related Data, such as: Merchant-Customer’s end-user contact information 
    • Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
      • N/A
    • The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
      • Continuous basis per transactions reviewed, as per the Agreement. 
    • Nature of the processing
      • Route is responsible for performing the services to Merchant-Customers as set forth in the Agreement, in particular providing insurance and tracking services for Merchant-Customers’ products.
    • Purpose(s) of the data transfer and further processing
      • N/A
    • The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
      • For Merchant-Customer Personal Data: The duration of the Agreement plus a reasonable period thereafter to ensure deletion of backup and archived copies.
      • For Consumer-Customer Personal Data: As long as reasonably required to provide the Services to Merchant-Customer, unless Consumer-Customer establishes an independent relationship with Route (in which case retention is governed by Route’s Privacy Policy)
    • For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
      • Subprocessors will be subject to the same nature and purposes of Processing as set out in this Addendum.
    • Identify the competent supervisory authority/ies in accordance with Clause 13
      • Irish Data Protection Authority
Oops -- something went wrong.
Let’s give this another try. Try again

One more step

See how Route can help your business

Are you a merchant or a shopper?
This site is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply.