Journyx Privacy Statement

About Journyx

Journyx, Inc. (“Journyx,” “we,” “us,” “our”) creates certain software products. In connection with these products, we provide product demonstrations, product development, product enhancements, cloud services, professional technical services, and technical support services (collectively, the “Services”).

What this Statement Describes

This Privacy Statement describes the information that Journyx and/or our Affiliates collects about you when you visit our websites or submit information to the Services, how we will use the information we collect, other parties with whom we may share the information, and your choices and rights with respect to the information that we collect or obtain. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with Journyx, Inc.

This statement does not apply to information that is processed by our software if it is installed and hosted on our customer’s premises and/or systems. The customer is responsible for all such information processing. This statement also does not apply to our recruiting processes.

We do not sell the personal information of individuals.

Privacy Statement

Personal information we collect may be stored and processed in the United States, the European Union, or in any other country where our Affiliates or third-party service providers maintain facilities. We follow applicable data protection laws when transferring and handling personal information.

This Privacy Statement distinguishes between our public-facing websites, which provide information about our offerings and related information of interest, and the Journyx Services, which are separate from our websites and available only to customers and certain prospective customers.

This Privacy Statement describes how we handle three categories of personal information:

  • Personal information of customers, prospective customers, and other parties that may become prospective customers of the Services (such as business contact information), which we refer to here as “Relationship Management Information”.
  • Personal information of our customers’ end users who use our Services, which includes the information end users enter into the Services, or information about end users that our customers enter into the Services (“Customer Services Data”).
  • Information we process relating to the usage of the Services by customers and their end users (“Customer Usage Data”).

Controller and Processor Roles

Certain data protection and privacy laws differentiate between a “controller” and a “processor” of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of, and under the instructions of, a controller.

Purpose and Legal Basis of the Processing

When we process Relationship Management Information, we act as a controller. We use the information to further our legitimate interests to understand who our customers and potential customers are and their interest in our Services, to fulfill requests for information, and to communicate with individuals about our offerings in accordance with any marketing preferences that apply. We use the information to fulfill our contractual obligations to our customers by managing the customer account, carrying out necessary business operations such as accounting, taxes, and compliance, and by undertaking efforts to detect, prevent or investigate security incidents, fraud or misuse of our Services.

When we process Customer Services Data, we act as a processor to our customer (the controller). We process the data to fulfill our contractual obligations under our agreement with the customer.  If you use our Services as an end user of one of our customers, that customer can provide more information about the personal information they are collecting and using in the Services.

When we process Customer Usage Data, we may do so as a processor to fulfill our contractual obligations to our customer to provide, optimize, and maintain the Services and data security; to investigate fraud, spam, wrongful or unlawful use of the Services, and to comply with applicable law, in accordance with the terms of our contract with the customer. We may also process Customer Usage Data as an independent controller to carry out necessary business functions required to fulfill our contractual and legal obligations such as accounting, tax, billing, audit, and compliance.

Personal Information in the Journyx Services (Customer Services Data and Customer Usage Data)

Journyx does not have a direct relationship with the end users of the Services.

Journyx customers and their end users may input Customer Services Data into the Journyx Services. The information entered into the Services is determined by the customer, as the controller. Consequently, Journyx does not know the categories of personal data to be processed or the purpose(s) of the processing unless and until Journyx receives this information from its customers or prospective customers. Journyx processes the data on our customers’ behalf. Customer Usage Data relate to customers’ and customers’ end users’ usage of the Services.

Journyx will use the Customer Services Data and Customer Usage Data only in accordance with the contractual agreement between Journyx and the customer, or as may be required by law.  Customers are responsible for complying with applicable regulations and laws that govern their collection and use of data, including providing notice, disclosure, and/or obtaining consent before transferring the data to Journyx for processing.

If you are an end user of the Journyx Services, your use is governed by your organization’s policies. Your privacy questions or concerns should be directed to your organization’s Journyx administrators. Journyx cannot respond directly to your request.

Biometric Data in the Services

The customer, and not Journyx, administers and manages the customer’s data in the Services. Customers may elect to use terminals with a biometric information collection feature to collect certain employee data. The use of biometric features is undertaken and controlled by the customer. Customers collect such data and store it either on a customer-controlled site or on a secure site or sites (in accordance with applicable law) made available by Journyx in a cloud environment. We process such biometric data submitted to the Services by our customers as Customer Services Data.

The data, if collected and used by customers, is for employee verification in connection with timekeeping. The data are in the form of numerical templates and are not processed or retained in the form of a scanned image (for example, a fingerprint). The security measures we undertake for the secure space on which customers can store such data are described at https://journyx.com/legal/security-measures.pdf. The measures include strict controls on access to data; Journyx employees may not access such data unless at the customer’s express request (such as a technical support request). If access is granted upon such request, it is limited only to staff authorized to fulfill the request under the customer’s instructions and is revoked promptly after the purpose for access is satisfied.  Customers are responsible for the destruction of employee biometric data they collect, control, process, or store on their premises and/or systems.

Certain mobile devices have a biometric authentication feature native to the device. The Journyx mobile apps may permit a user to use the feature to authenticate to the mobile app. Used in this way, the device biometric feature does not provide biometric data to the mobile app or transmit it to the Journyx Services. The app will receive only confirmation of authentication.

Journyx does not have a direct relationship with individual users of terminals that may collect biometric information. The customer is responsible for using terminal and Services features to grant, revoke, or modify individual user accounts as necessary to flag biometric data for deletion in the Services as appropriate to their employees’ job roles or employment status. Questions regarding biometric data, including questions about retention schedule or deletion, should be directed to your employer.

Data Collected by the Mobile Application

The mobile apps are interfaces to the Journyx Services and do not operate separately from the Services. The personal information end users submit to the mobile apps is Customer Services Data that we will process in accordance with our contractual agreement with the customer.

If you use a Journyx mobile application, Journyx may obtain information from, or access data stored on your mobile device to deliver requested application services and to improve our mobile applications. For example, when you are using a Journyx mobile application, we may access your camera to allow you to upload photographs to the Journyx Services. If your organization elects to use a geo-fencing feature in a mobile app, the app will access your device’s location information. Journyx may also collect Customer Usage Data through the mobile application to monitor usage statistics and for security purposes.

To make the Services available to you through the mobile app, we will collect other Customer Usage Data from your mobile device, such as how often you use the application, the username you use to login to the application, the type of device and its operating system version, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Location of the Services Data Processing

We process Customer Services Data and Customer Usage Data in processing facilities located either in the United States or in the European Union, depending on the terms of our agreement with the customer.

Personal Information Collected by Journyx Outside the Services (Relationship Management Information)

Personal information we collect outside the Journyx Services is Relationship Management Information. You may provide your personal information to us directly, or we may collect it automatically when you interact with us, our websites, or our content.  We may also collect personal information about individuals from publicly available sources.

Information You Share with Us Directly

Our customers and their end users may consent to provide us with personal information for purposes of managing our business relationship, such as contact information. We use this information to fulfill requests for information, and to exercise our rights and obligations under our contract with the customer.

On our websites, you may consent to provide us with personal information, such as your name, email address, company information, or telephone number. Some areas of our websites, such as the Journyx User Community, require that you have an account with a username and password. As part of your account in these website areas, you may consent to provide us with additional information.

Certain website features may enable you to submit requests to us. A “Contact Us” form, for example, allows you to request information or assistance from us. We will request from you the information necessary to fulfill your request. If you sign up to receive ongoing marketing communications from Journyx, you can choose to opt out of further communications through a preferences page available from our website at https://hs.journyx.com/subscriptions-page-email-entry; this page is also available using the “Unsubscribe” link included with marketing email messages.

If you register, on our website or by other means, to attend a Journyx-sponsored event, we will require information such as your name, email address, company name, or other contact information. For certain kinds of events, we may also require you to provide billing information (such as billing name and address).

When you provide personal information to Journyx directly outside the Journyx Services, such as on our website, by phone, by email or other means, you consent to the processing and transfer of your personal information within the United States and elsewhere worldwide.

You may post comments or questions in a user community forum on our websites. Your participation in a forum may require that you create a profile using your personal information. Information you provide in these public areas can be read and collected by others who access them. The content of postings by participants in an online forum reflects the participant’s own views and not the opinion of Journyx.

Information We Collect Automatically

Information we collect automatically from website visitors and individuals who access our content– who may be our customers, our customers’ end users, prospective customers, or other individuals interested in our offerings — is Relationship Management Information.

Journyx or our service providers may observe your computer and connection information (such as an IP address), activities, interactions, preferences, and other information relating to your use of the Journyx websites or interaction with our email. We may collect and store this information and may also combine this information with other personal information provided to Journyx. Where permitted by law or with your consent, we also use information about your activity to send you information that we believe may be of interest to you. Such information may include newsletters, or product and event announcements.

In addition to the uses described in this section, there may be other uses for the information we collect, which we would disclose to you at the time of collection.

Tracking Technologies

We may collect some Relationship Management Information automatically using cookies and similar tracking technologies. These technologies allow us to track email effectiveness, analyze web traffic, provide interest-based advertising, improve our products and services, and tailor content to your preferences.

Journyx uses tracking technologies as described in this privacy statement only with your consent where consent is legally required. You may obtain additional information about how we use these technologies here: https://journyx.com/cookie-policy.

Other Information We Collect

We may collect Relationship Management Information from publicly available sources so we can better understand our customers, prospective customers, and other parties that may be interested in our offerings. We may use publicly available information from services like LinkedIn or obtain information about your company from third party providers to better understand the customer base and markets we serve, such as industry, company size, and website URLs.

When and Why We Share Personal Information

Compliance with legal obligations. We may disclose our customers’ or their end users’ personal information to a third party if: (i) we believe disclosure is compelled by applicable law, regulation, legal process, or government request (such as a law enforcement request), (ii) to enforce our agreements and policies in order to comply with law, (iii) to meet legal obligations to protect the security or integrity of our products and services, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires that we disclose information to assist in preventing death or serious bodily injury. If Journyx is required by law to disclose your or your end users’ personal information, we will notify you of the disclosure requirement unless prohibited by law.

Business transfers. If Journyx goes through a business transition, such as a merger, acquisition, or sale of all or a portion of its assets, your personal information may be among the assets transferred so that we may continue to perform under our customer contracts and comply with legal requirements.

Other Journyx group entities. We may share your personal information within our group of companies, such as subsidiaries of Journyx, Inc. If your information is Relationship Management Information, the other group entities will only use the information as described in this notice. If your information is Customer Services Data, the other group entities will only use the information in accordance with our contract with the customer.

Service providers or consultants. We may share information with third parties contracted to provide services on our behalf. These third-party service providers may use the information only as instructed by us.

Subprocessors. Certain third parties are sub-processors who assist Journyx in providing the Journyx Services. Our sub-processors process Customer Services Data we provide to them only on our instructions; we instruct and contractually oblige sub-processors in accordance with applicable law and the terms of our contractual agreements with customers.

Information providers. We may offer information or events jointly with third parties or partners, such as webinars, whitepaper downloads, or other services related to our products and services. We may share Relationship Management Information, such as your contact information and information about your interests in such offerings or services, with these parties to communicate with you about Journyx or, where permitted by law or with your consent, other topics.

Events we sponsor or participate in.  If you provide your information as an attendee to events that we participate in or sponsor, your information may be shared with us, as well as with any partner or third party participating in that event. Your information may be shared with the entity sponsoring your attendance at the event. For example, we may use the information to understand who attended an event, and potentially follow up with you on relevant products or services. The handling of your information will be governed by privacy notice of the party producing the event.

Security

Journyx takes reasonable and appropriate technical and organizational security measures to protect personal information from loss, unauthorized access, theft, and unintentional disclosure, modification, or destruction. We take measures to ensure service providers that process personal information on our behalf have appropriate controls in place. However, the security of information transmitted through the Internet cannot be guaranteed.

The security of your password or your other forms of authentication is your responsibility. We recommend our customers enable two-factor authorization for user access to the Journyx Services.

We may suspend your use of a website without notice, pending an investigation, if necessary to investigate or respond to a suspected security breach, as required by law and our contractual obligations to safeguard data.

How to Make Choices about Your Personal Information

In accordance with the Choice Principle of the of the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and the UK Extension to the  EU-US Data Privacy Framework (“Data Privacy Frameworks”), we will offer you the opportunity to make choices about your personal information. Journyx will not use your personal information for a purpose that is materially different from the purpose(s) for which it was originally collected without your prior consent.

Information We Need to Respond to Your Inquiry

If you inquire of us about your personal information, we will need to collect certain information from you to respond to your inquiry and, in some cases, to verify your identity before we can provide a response or disclose personal information.

How to Inquire and Make Choices if You are a Journyx Customer or End User

Customer Services Data

If you are a Journyx customer, end users that you authorize to do so (a “Services Administrator”) can make various choices about the personal information contained in your Customer Services Data, using the self-service features of the Services. Certain Services features and reports may not work as intended if you delete or modify information. To understand the impact of your choices, consult the documentation provided with the Services. Customers may have obligations under applicable law that limit these choices; understanding and complying with such obligations is the responsibility of the customer.

If you are an end user of the Services, you must contact your organization’s Journyx Services Administrator to inquire about your choices with respect to your personal information within the Customer Services Data. Journyx cannot respond directly to your request.

Relationship Management Information

You may contact your Journyx Account Manager to request access, correction or removal of your personal information that is part of the Relationship Management Information.  If you need to find out how to contact your Account Manager, email [email protected].  Journyx has a legitimate need to ensure that Relationship Management Information remains sufficient for us to exercise our rights and obligations under our contractual agreements with our customers. For example, we must retain information sufficient to permit us to bill our customers for our services. Therefore, Journyx may request from a customer the personal or non-personal information sufficient for such purposes. To the extent possible within our contractual rights and obligations, we will assist you in making such choices.

How to Inquire and Make Choices if You Are Not a Journyx Customer

If you are not our customer or a customer’s end user, you may inquire about access or request deletion or correction of your personal information that we may process using the form provided at https://journyx.com/data-request.

Opt-Out Choices

You may make choices about our marketing communications with you using our website’s preferences page at https://hs.journyx.com/subscriptions-page-email-entry. You may also use the Unsubscribe link in a marketing email to opt-out or modify your preferences. To opt out of other, non-email marketing communications, or to be added to our Do Not Call list, you may contact [email protected]. We need to retain the information necessary to continue to honor your opt-out choices (such as a telephone number in a Do Not Call list).

To opt out of cookies that may be placed by our public-facing website, use the cookie icon hovering in the lower left corner of our website to set your cookie preferences.

We cannot offer opt-out choices with respect to the information that end users enter into our software-service. If you are an end user of the Journyx Services, please direct your privacy questions or concerns to your organization’s Journyx administrators.

Opt-out choices are not available for communications necessary to fulfill the terms of the agreement between Journyx and our customers, including accounting, customer support, and product communications, among others.

Do Not Track

Journyx does not currently respond to browser Do Not Track (DNT) signals. We will continue to monitor the progress of a DNT standard as it develops.

Our Retention of Personal Information

Customer Services Data entered into the Journyx Services is retained in accordance with the agreement between the Journyx customer and Journyx.

Journyx will store Relationship Management Information as long as needed to provide customers with our services and to operate our business. If you ask Journyx to delete specific personal information from your Relationship Management Information, we will honor the request unless such deletion prevents us from carrying out necessary business functions, like billing, calculating taxes, complying with legal requirements for information retention, or conducting required audits.

Certifications

Journyx adheres to the principles of the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and the UK Extension to the  EU-US Data Privacy Framework (“Data Privacy Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom (and Gibraltar), respectively, to the United States.  Journyx has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Frameworks’ Principles. To learn more about our adherence to these principles, see our Data Privacy Framework Notice here.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Journyx is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Your Privacy Rights

Depending on where you are located, you may have certain legal rights in accordance with local privacy laws. We will use your personal information consistent with the purposes for which it was collected, as required or permitted by law, or with your prior or subsequent consent.

In accordance with applicable law, you may exercise some or all of the following rights regarding our collection, use, and sharing of your personal information:

  • Access the personal information we hold about you;
  • Update or correct any inaccurate or incomplete personal information we hold about you;
  • Request that we delete the personal information we hold about you;
  • Object to or restrict the processing of your personal information;
  • Receive the personal information you have previously provided to us in a structured, commonly used and machine-readable format;
  • Opt out of the sale of your personal information. This right is applicable in certain jurisdictions; however, we do not sell your personal information.
  • Object to the processing of your personal information under our legitimate interests and ask us to restrict the processing. Where Customer System Data is concerned, end users of our Services must contact their Journyx system administrator with any concerns or objections to our processing of their personal information included in their organization’s Customer System Data.
  • Withdraw your consent at any time to our collection and processing of your personal information. Such withdrawal will not affect the lawfulness of any processing we conducted prior to withdrawal of your consent, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • Opt out of our marketing communications.

Exercising Your Rights

You may contact us with inquiries about the personal information we may hold about you, or if you would like to assert any of your rights discussed above. We take reasonable steps to protect your privacy and security by verifying a requester’s identity before granting access to any personal information. We will request certain information from you to allow us to adequately address your request. We will take steps to verify your identity, such as validating your name and the email you use when communicating with us. We will respond to your request within a reasonable timeframe, or as required by law. In the event we need additional time to fulfill a request, we will notify you. If we deny your request, we will provide you with reasons for our denial.

If your personal information was provided to us through the Journyx Services because you are a user whose account is provided by a customer of ours, please inquire with the applicable customer directly to exercise your rights. We have no direct relationship with our customers’ users.

With respect to the processing activities covered by this privacy statement, Journyx does not make decisions based solely on automated processing that results in legal or similarly significant effects.

Please direct your request to us using the form provided at https://journyx.com/data-request. Or you may contact us by mail at:

Journyx, Inc.
Attn: Privacy
3800 N. Lamar, Suite 200
Austin, Texas 78756

Lodging a Privacy Complaint

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Journyx, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the VeraSafe Data Privacy Framework Dispute Resolution Procedure, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/  for more information or to file a complaint. The services of VeraSafe are provided at no cost to you.

Binding Arbitration

If your dispute or complaint related to your personal information that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

European Representative

VeraSafe has been appointed as Journyx’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to the Journyx contacts listed above, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

Changes to This Privacy Statement

We reserve the right to change or update this Privacy Statement at any time. Changes to the Privacy Statement will be posted on this website. We encourage you to periodically review this Privacy Statement for any changes. For new users, changes or updates are effective upon posting. For existing users, changes or updates are effective 30 days after posting.

Last Updated: September 24, 2024