This Privacy Statement describes the information that Journyx, Inc. and/or our Affiliates (“Journyx”, “we”, “our”) collects about you when you visit our websites or enter information into our software service(s), how we will use the information we collect, other parties with whom we may share the information, and your choices and rights with respect to the information that we collect or obtain. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with Journyx, Inc.
You may change your preferences about marketing communications you receive from us here.
Personal information we collect may be stored and processed in the United States, the European Union, or in any other country where our Affiliates or third-party service providers maintain facilities. We follow applicable data protection laws when transferring personal information.
This Privacy Statement describes how we handle three categories of personal information:
- Personal information of customers or potential customers of our offerings (“Services”), such as business contact information, which we refer to here as “Customer Account Information,” and
- Personal information of our customers’ end users who use our Services, which includes the information end users enter into the Services, or information about end users that our customers enter into the Services (“Customer Services Data”), and
- Information we process relating to the usage of the Services by customers and their end users (“Customer Usage Data”).
This Privacy Statement also distinguishes between our public-facing websites, which provide information about our offerings and related information of interest, and the Journyx Services, which are separate from our websites and available only to customers and certain prospective customers.
Controller and Processor Roles
Certain data protection and privacy laws differentiate between a “controller” and a “processor” of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of, and under the instructions of, a controller.
Purpose of the Processing
When we process Customer Account Information, we act as a controller. We use the information to further our legitimate interests to understand who our customers and potential customers are and their interest in our Services and other offerings, to manage our relationship with our customers, to carry out necessary business operations such as accounting, taxes, and compliance, and to detect, prevent or investigate security incidents, fraud or misuse of our Services.
When we process Customer Services Data, we act as a processor to our customer, the controller, under the terms of our contractual agreement with our customer.
When we process Customer Usage Data, we may do so either as a processor under our customer’s instructions, or as an independent controller as required to carry out the necessary functions to provide the Services and to comply with applicable law. We will process Customer Usage Data as a controller to carry our functions such as accounting, tax, billing, audit and compliance; to provide, optimize and maintain the Services and security; to investigate fraud, spam, wrongful or unlawful use of the Services; and as required by applicable law or regulation and in accordance with our contractual agreement.
If you are an end user of one of our customers, that customer can provide more information about the personal information they are collecting and using in the Services.
Personal Information in the Journyx Services
Information Our Customers Submit to the Services
Journyx does not have a direct relationship with the end users of the Services.
Journyx customers and their end users may input Customer Services Data into the Journyx Services. Customer Services Data may contain personal information about a customer’s end users; the information entered into the Services is determined by the customer, as the controller. Journyx processes the data on our customers’ behalf. Customer Usage Data relate to customers’ and customers’ end users’ usage of the Services.
Journyx will use the Customer Services Data and Customer Usage Data only in accordance with the contractual agreement between Journyx and the customer, or as may be required by law. Customers are responsible for complying with applicable regulations and laws that govern their collection and use of data, including providing notice, disclosure, and/or obtaining consent before transferring the data to Journyx for processing.
If you are an end user of the Journyx Services, your use is governed by your organization’s policies. Your privacy questions or concerns should be directed to your organization’s Journyx administrators.
Location of the Services Data Processing
We process Customer Services Data and Customer Usage Data in processing facilities located either in the United States or in the European Union, depending on the terms of our agreement with the customer.
Personal Information Collected by Journyx Outside the Services
Information You Share with Us Directly
On our websites, you may choose to provide us with personal information, such as your name, email address, company information, or telephone number. Some areas of our websites, such as the Journyx User Community, require that you have an account with a username and password. As part of your account in these website areas, you may choose to provide us with additional information.
Certain website features may enable you to submit requests to us. A “Contact Us” form, for example, allows you to request information or assistance from us. We will request from you the information necessary to fulfill your request. If you sign up to receive ongoing marketing communications from Journyx, you can choose to opt out of further communications through a preferences page; this page is also available using the “Unsubscribe” link included with marketing email messages.
If you register, on our website or by other means, to attend a Journyx-sponsored event, we will require information such as your name, email address, company name, or other contact information. For certain kinds of events, we may also require you to provide billing information (such as billing name and address).
When you provide personal information to Journyx directly outside the Journyx Services, such as on our website, by phone, by email or other means, you consent to the processing and transfer of your personal information within the United States and elsewhere worldwide.
Information We Collect Automatically on Our Websites
Where permitted by law, or with your consent, we also use your contact information and/or information about your activity on our websites to send you information that we believe may be of interest to you. Such information may include newsletters, or product and event announcements.
In addition to the uses described in this section, there may be other uses for the information we collect, which we would disclose to you at the time of collection.
Other Information We Collect
We may collect personal information from publicly-available sources so we can better understand our customers and prospective customers. We may use publicly-available information from services like LinkedIn, or obtain information about your company from third party providers to better understand the customer base and markets we serve, such as industry, company size, and website URLs.
The customer, and not Journyx, administers and manages the customer’s data in the Services. Customers may elect to use terminals with a biometric information collection feature to collect certain employee data. The use of biometric features is undertaken and controlled by the customer. Customers collect such data and store it either on a customer-controlled site or on a secure site or sites (in accordance with applicable law) made available by Journyx in a cloud environment.
The data, if collected and used by customers, is for employee verification in connection with timekeeping. The data are in the form of numerical templates and are not processed or retained in the form of a scanned image (for example, a fingerprint). The security measures we undertake for the secure space on which customers can store such data are described at https://journyx.com/legal/security-measures.pdf. The measures include strict controls on access to data; Journyx employees may not access such data unless at the customer’s express request (such as a technical support request). If access is granted upon such request, it is limited only to staff authorized to fulfill the request under the customer’s instructions and is revoked promptly after the purpose for access is satisfied. Customers are responsible for the destruction of employee biometric data they collect, control, process, or store.
Certain mobile devices have a biometric authentication feature native to the device. The Journyx mobile apps may permit a user to use the feature to authenticate to the mobile app. Used in this way, the device biometric feature does not provide biometric data to the mobile app or transmit it to the Journyx Services. The app will receive only confirmation of authentication.
Questions regarding biometric data, including questions about retention schedule or deletion, should be directed to your employer.
The mobile apps are interfaces to the Journyx Services and do not operate separately from the Services. The personal information end users submit to the mobile apps is Customer Services Data that we will process in accordance with our contractual agreement with the customer.
If you use a Journyx mobile application, Journyx may obtain information from or access data stored on your mobile device to deliver requested application services and to improve our mobile applications. For example, when you are using a Journyx mobile application, we may access your camera to allow you to upload photographs to the Journyx Services. If your organization elects to use a geo-fencing feature in a mobile app, the app will access your device’s location information. Journyx may also collect information from your usage of the mobile application to monitor usage statistics and for security purposes.
To make the Services available to you through the mobile app, we will collect other information from your mobile device, such as how often you use the application, the username you use to login to the application, the type of device and its operating system version, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.
When and Why We Share Personal Information
Journyx does not sell your personal information to third parties, or allow it to be used by third parties for their own marketing purposes unless you give us your consent to do this.
Compliance with legal obligations. We may disclose our customers’ or their end users’ personal information to a third party if: (i) we believe disclosure is compelled by applicable law, regulation, legal process, or government request (such as a law enforcement request), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our products and services, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires that we disclose information to assist in preventing death or serious bodily injury. If Journyx is required by law to disclose your or your end users personal information, we will notify you of the disclosure requirement unless prohibited by law.
Business transfers. If Journyx goes through a business transition, such as a merger, acquisition, or sale of all or a portion of its assets, your personal information may be among the assets transferred.
Other Journyx group entities. We may share your personal information within our group of companies, such as subsidiaries of Journyx, Inc., who will only use the information as described in this notice.
Service providers or consultants. We may share information with third parties contracted to provide services on our behalf. These third-party service providers may use information we provide to them only in accordance with our instructions and contractual obligations that appropriately safeguard information.
Subprocessors. Certain third parties are sub-processors who assist Journyx in providing the Journyx Services, like our infrastructure provider, for example. Our sub-processors process personal information only on our instructions; we instruct and contractually oblige sub-processors in accordance with applicable law and the terms of our contractual agreements with customers.
Information providers. We may offer information or events jointly with third parties or partners, such as webinars, whitepaper downloads, or other services related to our products and services. We may share your contact information and information about your interests in such offerings or services with these parties to communicate with you about Journyx.
Events we sponsor or participate in. If you provide your information as an attendee to events we participate in or sponsor, your information may be shared with us, as well as with any partner or third party participating in that event. Your information may be shared with the entity sponsoring your attendance at the event. For example, we may use the information to understand who attended an event, and potentially follow up with you on relevant products or services. The handling of your information will be governed by privacy notice of the party producing the event.
Journyx takes reasonable and appropriate technical and organizational security measures to protect personal information from loss, unauthorized access, theft, and unintentional disclosure, modification, or destruction. We take measures to ensure service providers that process personal information on our behalf have appropriate controls in place.
The security of your password or your other forms of authentication is your responsibility. We recommend our customers enable two-factor authorization for user access to the Journyx Services.
We may suspend your use of a website without notice, pending an investigation, if any security breach is suspected.
Journyx User Community
You may post comments or questions in a user community forum on our websites. Your participation in a forum may require that you create a profile using your personal information. Information you provide in these public areas can be read and collected by others who access them. The content of postings by participants in an online forum reflect the participant’s own views, and not the opinion of Journyx.
Tracking Technologies and Targeted Advertising
Journyx uses tracking technologies only with your consent where consent is legally required.
Journyx or our service providers may observe your computer and connection information (such as an IP address), activities, interactions, preferences, and other information relating to your use of the Journyx websites. We may collect and store this information, and may also combine this information with other personal information provided to Journyx.
You may use your browser’s settings to modify its handling of certain tracking technologies. Some tracking technologies require additional steps to manage or remove. Some of these technologies may operate across all of your browsers.
You may obtain additional information about the cookies Journyx uses on our sites, and manage your preferences here: https://journyx.com/cookie-policy.
Information collected about your web browsing behavior, such as the pages you have visited or the searches you have conducted, may be used by online advertising to display more relevant advertisements and content to you on non-Journyx websites. The information used for targeted advertising may come from Journyx or through third-party ad networks. To opt out of targeted advertising, see “Opt-Out Choices,” below.
How to Make Choices about Your Personal Information
Information We Need to Respond to Your Inquiry
If you inquire of us about your personal information, we will need to collect certain information from you to respond to your inquiry and, in some cases, to verify your identity before we can provide a response or disclose personal information.
How to Inquire and Make Choices if You are a Journyx Customer
Customer Services Data. If you are a Journyx customer, end users that you authorize to do so can make various choices about the personal information contained in your Customer Services Data, using the self-service features of the Services. Certain Services features and reports may not work as intended if you delete or modify information. To understand the impact of your choices, consult the documentation provided with the Services. Customers may have obligations under applicable law that limit these choices; understanding and complying with such obligations is the responsibility of the customer.
If you are an end user of the Services, you must contact your organization’s Journyx Services administrator to inquire about your choices with respect to your personal information within the Services.
Customer Account Information. You may contact your Journyx Account Manager to request access, correction or removal of your personal information that is part of the Customer Account Information. If you need to find out how to contact your Account Manager, email firstname.lastname@example.org. Journyx has a legitimate need to ensure that Customer Account Information remains sufficient for us to exercise our rights and obligations under our contractual agreements with our customers. For example, we must retain contact information sufficient to permit us to bill our customers for our services. Therefore, Journyx may request from a customer additional or alternate personal information such as contact information for billing purposes. To the extent possible within our contractual rights and obligations, we will assist you in making such choices.
How to Inquire and Make Choices if You Are Not a Journyx Customer
Marketing or other information. If you are not our customer or a customer’s end user, and you wish to inquire about access or make choices about deletion or correction of your personal information that we may process for marketing purposes, you may contact us using the form provided at https://journyx.com/data-request.
To opt out of marketing email communications, you may use the Unsubscribe link in the email to opt out or modify your preferences. To opt out of other, non-email marketing communications, or to be added to our Do Not Call list, you may contact email@example.com. We need to retain the information necessary to continue to honor your opt-out choices (such as a telephone number in a Do Not Call list).
To opt out of targeted advertising, please click here (if you are located in Switzerland or the European Union, please click here). Please note, this does not opt you out of being served advertising. You will continue to receive generic ads.
Opt-out choices are not available for communications necessary to fulfill the terms of the agreement between Journyx and our customers, including accounting, customer support, and product communications, among others.
Do Not Track
Journyx does not currently respond to browser Do Not Track (DNT) signals. We will continue to monitor the progress of a DNT standard as it develops.
Our Retention of Personal Information
Customer Services Data entered into the Journyx Services is retained in accordance with the agreement between the Journyx customer and Journyx. This means we retain the data for a certain amount of time beyond termination of the agreement, after which time the data are removed.
Journyx will store Customer Account Information as long as needed to provide customers with our services and to operate our business. If you ask Journyx to delete specific personal information from your Customer Account Information, we will honor the request unless such deletion prevents us from carrying out necessary business functions, like billing, calculating taxes, or conducting required audits.
Changes to This Privacy Statement
We reserve the right to change or update this Privacy Statement at any time. Changes to the Privacy Statement will be posted on this website. We encourage you to periodically review this Privacy Statement for any changes. For new users, changes or updates are effective upon posting. For existing users, changes or updates are effective 30 days after posting.
Data Subject Rights
Depending on where you are located, you may have certain legal rights in accordance with local privacy laws. We will use your personal information consistent with the purposes for which it was collected, as required or permitted by law, or with your prior or subsequent consent.
In accordance with applicable law, you may exercise some or all of the following rights regarding our collection, use, and sharing of your personal information:
- Access the personal information we hold about you;
- Update or correct any inaccurate or incomplete personal information we hold about you;
- Request that we delete the personal information we hold about you;
- Object to or restrict the processing of your personal information;
- Receive the personal information you have previously provided to us in a machine-readable format, enabling you to transfer that personal information to another organization at your discretion;
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; and
- File a complaint directly with the relevant Supervisory Authority about how we process your personal information.
Exercising Your Rights
We take reasonable steps to protect your privacy and security by verifying your identity before granting access to your personal information. We will request certain information from you to allow us to adequately address your request. We will respond to your request within a reasonable timeframe, or as required by law.
You may contact us with inquiries about the personal information we may hold about you, or if you would like to assert any of your data subject rights discussed above. Please direct your request to us using the form provided at https://journyx.com/data-request. Journyx will respond to your request within a reasonable timeframe, or as required by law.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Journyx is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. You also have the right to lodge a complaint with the relevant EU data protection authority, United Kingdom data protection authority, or the Swiss Federal Data Protection and Information Commissioner, as applicable.
Last Updated: June 13, 2022