Journyx, Inc. Data Privacy Framework Notice

About Journyx

Journyx, Inc. (“Journyx,” “we,” “us,” “our”) is a leading provider of enterprise time tracking solutions for our customers, who include companies, schools, non-profits, and other organizations. Our offerings include cloud-based business software, and hardware and professional services directly related to our business software (collectively, the “Services”).

We do not sell the personal information of individuals.

Notice

Journyx adheres to the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), and the UK Extension to the  EU-US Data Privacy Framework (collectively, “Data Privacy Framework(s)”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom (and Gibraltar), respectively, to the United States.  Journyx has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Frameworks’ Principles. Information regarding the Data Privacy Framework and Journyx’s certification can be found at: https://www.dataprivacyframework.gov.

For purposes of this notice, personal data means data about an identified or identifiable individual (“Data Subject(s)”) that is received by Journyx in the United States from the EEA, Switzerland, or the United Kingdom, and recorded in any form, and is within the scope of Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), the Swiss Federal Data Protection Act, or the UK Data Protection Act 2018, respectively.

Personal Information in the Journyx Services

Journyx does not have a direct relationship with the end users of the Services. If you are an end user of the Journyx Services, your use is governed by your organization’s policies. Your privacy questions or concerns regarding personal information in the Services should be directed to your organization’s Journyx administrators. Journyx cannot respond directly to your request. For more information, see our Privacy Statement at: https://journyx.com/privacy-policy/.

Types of Personal Data Collected

Journyx collects personal data from individuals in the EEA, Switzerland, and the United Kingdom (and Gibraltar) who visit our public-facing web sites (“EEA, Swiss, and UK Website Visitors”), and individual representatives of organizations we have a business relationship with, such as our customers, suppliers, and business partners (“EEA, Swiss, and UK Business Contacts”). We also supplement the data with data collected from third parties (including other companies).

Where permitted by law, or with the visitor’s consent, Journyx may collect the following types of personal data from EEA, Swiss, and UK Website Visitors:

• Contact information;
• Company information;
• Connection information (such as IP address), activities, interactions, preferences, and other information relating to use of our websites and our services;
• Information collected by cookies and similar technologies about the pages viewed, links clicked, and other actions taken when accessing our websites;
• Event registrations and preferences;
• Photos, social media profile, areas of expertise and any other information visitors choose to provide when accessing the Journyx User Community;
• Feedback and reviews, or requests for support; and
• Other personal data provided by EEA, Swiss, and UK Website Visitors.

Where permitted by law or with the visitor’s consent, Journyx may collect the following types of personal data from EEA, Swiss, and UK Business Contacts:

• Contact information;
• Company information;
• User and/or company authorization and authentication information;
• Website and/or service usage data; and
• Financial and billing information;
• Other personal data provided by business contacts.

Purposes for Which We Collect and Use

collects and uses personal data of EEA, Swiss, and UK Website Visitors and EEA and Swiss Business Contacts for the purposes of:

• Supplying information about our products, services, and events;
• Providing products, services, and assistance to our customers;
• Conducting business communication with our business partners;
• Performing tasks in pursuit of our legitimate business purposes;
• Personalizing visitors’ experience on our websites;
• Aggregating data; and
• Other purposes disclosed at the time of collection.

Commitment to Subject Personal Data to the Principles

Journyx subjects to the relevant Data Privacy Framework Principles all personal data that we receive from individuals or companies in the EEA, Switzerland, or the United Kingdom (and Gibraltar) in reliance on the Data Privacy Frameworks. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Access

Data Subjects have the right to access the personal data an organization holds about them. A Data Subject may also request that the personal data be corrected, amended, or deleted if the data are inaccurate or processed in violation of the Data Privacy Frameworks’ principles.

EEA, Swiss, and UK Website Visitors and EEA, Swiss, and UK Business Contacts may direct any questions regarding this Data Privacy Framework Notice or submit requests to update, change, or remove information using the form provided at https://journyx.com/data-request, or by regular mail addressed to:

Journyx, Inc.
Attn: Privacy
3800 N. Lamar Blvd, Suite 200
Austin, TX 78756

Journyx will respond to your request within 30 days.

Journyx cannot respond directly to inquiries about personal data entered into the Journyx Services; our relationship with respect to the Services is with our customer organization and not with individual users. Please direct any questions about personal data in the Services to the customer organization.

Choice

EEA, Swiss, and UK Website Visitors or EEA, Swiss, and UK Website Business Contacts may contact us about changes to personal data, preferences about receiving information from us, or cancelling a website account by contacting us using the contact information in the “Access” section, above.

Individuals may unsubscribe from our marketing communications by following the instructions of the unsubscribe mechanism in the message. We will retain and use personal data and information for as long as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

Journyx is committed to safeguarding the personal data we receive. While we cannot guarantee the security of personal or other data, we take reasonable and appropriate measures to protect personal data in our possession from loss, misuse, or unauthorized access, disclosure, alteration, or destruction. A description of our security measures is available at: https://journyx.com/legal/security-measures.pdf.

Data Integrity and Purpose Limitation

We limit our collection and processing of personal data to what is necessary to accomplish the disclosed purposes and compatible purposes. We retain the data only for as long as is necessary to accomplish the disclosed purposes, comply with legal requirements, or preserve or defend our legal rights.

Onward Transfer: Types of Third Parties to Which We Disclose Personal Data and the Purposes for Disclosure

Journyx may share personal data Journyx may share personal data we collect from individuals or companies in the EEA, Switzerland, United Kingdom (and Gibraltar) with subcontractors and third-party agents who help us to provide information and services to our customers and prospective customers. Before any data are shared, we will oblige these parties to use the data only as we instruct them to provide the services, provide the same level of data protection as required by the Data Privacy Frameworks’ principles, and notify us if they can no longer meet these requirements. Upon notice, we will promptly stop the processing of personal data by these parties.

As permitted by law or with your consent, Journyx may share personal data we collect from individuals or companies in the EEA, Switzerland, United Kingdom (and Gibraltar) with the following types of third parties and for the following purposes:

• Partners, such as resellers or distributors, to provide customers and prospective customers with information about Journyx and its products and services, and to fulfill product and information requests;
• Sponsors, partners, or other third parties with whom we collaborate to offer webinars, white paper downloads or other events and information; and
• Other corporate entities if Journyx undergoes a business transition, such as a merger, acquisition, or sale of some or all of its assets.

Independent Dispute Resolution Body

In compliance with the Data Privacy Framework Principles, Journyx commits to resolve complaints about our collection or use of your personal data. EEA, Swiss, or UK Journyx Website Visitors or EEA, Swiss, or UK Business Contacts with inquiries or complaints regarding our Data Privacy Framework notice should first contact Journyx via the information provided above (see “Right to Access”).

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Journyx, Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Investigatory and Enforcement Powers of the FTC

Journyx is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Journyx also is committed to cooperating with EEA, Swiss, and UK data protection authorities.

Arbitration

If you are located in the EEA or Switzerland and have exhausted all other means to resolve your concern regarding a potential violation of Journyx’s obligations under the Data Privacy Framework Principles, you may seek resolution via binding arbitration for residual claims not otherwise resolved by other redress mechanisms. For additional information about the arbitration process please see https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf.

Requirement to Disclose Personal Data

Journyx may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce the website Terms and Conditions; or (d) act to protect the interests of our users or others.

Liability

If a third-party service provider providing services on Journyx’s behalf processes personal data from the EEA or Switzerland in a manner inconsistent with the Data Privacy Framework Principles, Journyx will be liable unless we can prove that we are not responsible for the event giving rise to the damages.