Journyx Privacy Statement
Journyx, Inc. (“Journyx”) is a leading provider of enterprise time tracking solutions for our customers, who include companies, schools, non-profits, and other organizations. Our offerings include cloud-based business software, and hardware and professional services directly related to our business software (collectively, the “Services”).
We do not sell the personal information of individuals.
What this Statement Describes
This Privacy Statement describes the information that Journyx and/or our Affiliates collects about you when you visit our websites or submit information to the Services, how we will use the information we collect, other parties with whom we may share the information, and your choices and rights with respect to the information that we collect or obtain. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with Journyx, Inc.
This statement does not apply to information that is processed by our software if it is installed and hosted on our customer’s premises and/or systems. The customer is responsible for all such information processing.
Personal information we collect may be stored and processed in the United States, the European Union, or in any other country where our Affiliates or third-party service providers maintain facilities. We follow applicable data protection laws when transferring and handling personal information.
This Privacy Statement distinguishes between our public-facing websites, which provide information about our offerings and related information of interest, and the Journyx Services, which are separate from our websites and available only to customers and certain prospective customers.
This Privacy Statement describes how we handle three categories of personal information:
- Personal information of customers, prospective customers, and other parties that may become prospective customers of the Services (such as business contact information), which we refer to here as “Relationship Management Information”.
- Personal information of our customers’ end users who use our Services, which includes the information end users enter into the Services, or information about end users that our customers enter into the Services (“Customer Services Data”).
- Information we process relating to the usage of the Services by customers and their end users (“Customer Usage Data”).
Controller and Processor Roles
Certain data protection and privacy laws differentiate between a “controller” and a “processor” of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of, and under the instructions of, a controller.
Purpose and Legal Basis of the Processing
When we process Relationship Management Information, we act as a controller. We use the information to further our legitimate interests to understand who our customers and potential customers are and their interest in our Services, to fulfill requests for information, and to communicate with individuals about our offerings in accordance with any marketing preferences that apply. We use the information to fulfill our contractual obligations to our customers by managing the customer account, carrying out necessary business operations such as accounting, taxes, and compliance, and by undertaking efforts to detect, prevent or investigate security incidents, fraud or misuse of our Services.
When we process Customer Services Data, we act as a processor to our customer (the controller). We process the data to fulfill our contractual obligations under our agreement with the customer. If you use our Services as an end user of one of our customers, that customer can provide more information about the personal information they are collecting and using in the Services.
When we process Customer Usage Data, we may do so as a processor to fulfill our contractual obligations to our customer to provide, optimize, and maintain the Services and data security; to investigate fraud, spam, wrongful or unlawful use of the Services, and to comply with applicable law, in accordance with the terms of our contract with the customer. We may also process Customer Usage Data as an independent controller to carry out necessary business functions required to fulfill our contractual and legal obligations such as accounting, tax, billing, audit, and compliance.
Personal Information in the Journyx Services (Customer Services Data and Customer Usage Data)
Journyx does not have a direct relationship with the end users of the Services.
Journyx customers and their end users may input Customer Services Data into the Journyx Services. Customer Services Data may contain personal information about a customer’s end users; the information entered into the Services is determined by the customer, as the controller. Journyx processes the data on our customers’ behalf. Customer Usage Data relate to customers’ and customers’ end users’ usage of the Services.
Journyx will use the Customer Services Data and Customer Usage Data only in accordance with the contractual agreement between Journyx and the customer, or as may be required by law. Customers are responsible for complying with applicable regulations and laws that govern their collection and use of data, including providing notice, disclosure, and/or obtaining consent before transferring the data to Journyx for processing.
If you are an end user of the Journyx Services, your use is governed by your organization’s policies. Your privacy questions or concerns should be directed to your organization’s Journyx administrators. Journyx cannot respond directly to your request.
Biometric Data in the Services
The customer, and not Journyx, administers and manages the customer’s data in the Services. Customers may elect to use terminals with a biometric information collection feature to collect certain employee data. The use of biometric features is undertaken and controlled by the customer. Customers collect such data and store it either on a customer-controlled site or on a secure site or sites (in accordance with applicable law) made available by Journyx in a cloud environment. We process such biometric data submitted to the Services by our customers as Customer Services Data.
The data, if collected and used by customers, is for employee verification in connection with timekeeping. The data are in the form of numerical templates and are not processed or retained in the form of a scanned image (for example, a fingerprint). The security measures we undertake for the secure space on which customers can store such data are described at https://journyx.com/legal/security-measures.pdf. The measures include strict controls on access to data; Journyx employees may not access such data unless at the customer’s express request (such as a technical support request). If access is granted upon such request, it is limited only to staff authorized to fulfill the request under the customer’s instructions and is revoked promptly after the purpose for access is satisfied. Customers are responsible for the destruction of employee biometric data they collect, control, process, or store on their premises and/or systems.
Certain mobile devices have a biometric authentication feature native to the device. The Journyx mobile apps may permit a user to use the feature to authenticate to the mobile app. Used in this way, the device biometric feature does not provide biometric data to the mobile app or transmit it to the Journyx Services. The app will receive only confirmation of authentication.
Questions regarding biometric data, including questions about retention schedule or deletion, should be directed to your employer.
Data Collected by the Mobile Application
The mobile apps are interfaces to the Journyx Services and do not operate separately from the Services. The personal information end users submit to the mobile apps is Customer Services Data that we will process in accordance with our contractual agreement with the customer.
If you use a Journyx mobile application, Journyx may obtain information from, or access data stored on your mobile device to deliver requested application services and to improve our mobile applications. For example, when you are using a Journyx mobile application, we may access your camera to allow you to upload photographs to the Journyx Services. If your organization elects to use a geo-fencing feature in a mobile app, the app will access your device’s location information. Journyx may also collect Customer Usage Data through the mobile application to monitor usage statistics and for security purposes.
To make the Services available to you through the mobile app, we will collect other Customer Usage Data from your mobile device, such as how often you use the application, the username you use to login to the application, the type of device and its operating system version, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.
Location of the Services Data Processing
We process Customer Services Data and Customer Usage Data in processing facilities located either in the United States or in the European Union, depending on the terms of our agreement with the customer.
Personal Information Collected by Journyx Outside the Services (Relationship Management Information)
Personal information we collect outside the Journyx Services is Relationship Management Information. You may provide your personal information to us directly, or we may collect it automatically when you interact with us, our websites, or our content. We may also collect personal information about individuals from publicly available sources.
Information You Share with Us Directly
Our customers and their end users may consent to provide us with personal information for purposes of managing our business relationship, such as contact information. We use this information to fulfill requests for information, and to exercise our rights and obligations under our contract with the customer.
On our websites, you may consent to provide us with personal information, such as your name, email address, company information, or telephone number. Some areas of our websites, such as the Journyx User Community, require that you have an account with a username and password. As part of your account in these website areas, you may consent to provide us with additional information.
Certain website features may enable you to submit requests to us. A “Contact Us” form, for example, allows you to request information or assistance from us. We will request from you the information necessary to fulfill your request. If you sign up to receive ongoing marketing communications from Journyx, you can choose to opt out of further communications through a preferences page available from our website; this page is also available using the “Unsubscribe” link included with marketing email messages.
If you register, on our website or by other means, to attend a Journyx-sponsored event, we will require information such as your name, email address, company name, or other contact information. For certain kinds of events, we may also require you to provide billing information (such as billing name and address).
When you provide personal information to Journyx directly outside the Journyx Services, such as on our website, by phone, by email or other means, you consent to the processing and transfer of your personal information within the United States and elsewhere worldwide.
You may post comments or questions in a user community forum on our websites. Your participation in a forum may require that you create a profile using your personal information. Information you provide in these public areas can be read and collected by others who access them. The content of postings by participants in an online forum reflect the participant’s own views, and not the opinion of Journyx.
Information we Collect Automatically
Information we collect automatically from website visitors and individuals who access our content– who may be our customers, our customers’ end users, prospective customers, or other individuals interested in our offerings — is Relationship Management Information.
Journyx or our service providers may observe your computer and connection information (such as an IP address), activities, interactions, preferences, and other information relating to your use of the Journyx websites or interaction with our email. We may collect and store this information and may also combine this information with other personal information provided to Journyx. Where permitted by law or with your consent, we also use information about your activity to send you information that we believe may be of interest to you. Such information may include newsletters, or product and event announcements.
In addition to the uses described in this section, there may be other uses for the information we collect, which we would disclose to you at the time of collection.
We may collect some Relationship Management Information automatically using cookies and similar tracking technologies. These technologies allow us to track email effectiveness, analyze web traffic, provide interest-based advertising, improve our products and services, and tailor content to your preferences.
Journyx uses tracking technologies as described in this privacy statement only with your consent where consent is legally required. You may obtain additional information about how we use these technologies here: https://journyx.com/cookie-policy.
Other Information we Collect
We may collect Relationship Management Information from publicly available sources so we can better understand our customers, prospective customers, and other parties that may be interested in our offerings. We may use publicly available information from services like LinkedIn or obtain information about your company from third party providers to better understand the customer base and markets we serve, such as industry, company size, and website URLs.
When and Why we Share Personal Information
Compliance with legal obligations. We may disclose our customers’ or their end users’ personal information to a third party if: (i) we believe disclosure is compelled by applicable law, regulation, legal process, or government request (such as a law enforcement request), (ii) to enforce our agreements and policies in order to comply with law, (iii) to meet legal obligations to protect the security or integrity of our products and services, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires that we disclose information to assist in preventing death or serious bodily injury. If Journyx is required by law to disclose your or your end users’ personal information, we will notify you of the disclosure requirement unless prohibited by law.
Business transfers. If Journyx goes through a business transition, such as a merger, acquisition, or sale of all or a portion of its assets, your personal information may be among the assets transferred so that we may continue to perform under our customer contracts and comply with legal requirements.
Other Journyx group entities. We may share your personal information within our group of companies, such as subsidiaries of Journyx, Inc. If your information is Relationship Management Information, the other group entities will only use the information as described in this notice. If your information is Customer Services Data, the other group entities will only use the information in accordance with our contract with the customer.
Service providers or consultants. We may share information with third parties contracted to provide services on our behalf. These third-party service providers may use the information only as instructed by us.
Subprocessors. Certain third parties are sub-processors who assist Journyx in providing the Journyx Services. Our sub-processors process Customer Services Data we provide to them only on our instructions; we instruct and contractually oblige sub-processors in accordance with applicable law and the terms of our contractual agreements with customers.
Information providers. We may offer information or events jointly with third parties or partners, such as webinars, whitepaper downloads, or other services related to our products and services. We may share Relationship Management Information, such as your contact information and information about your interests in such offerings or services, with these parties to communicate with you about Journyx.
Events we sponsor or participate in. If you provide your information as an attendee to events that we participate in or sponsor, your information may be shared with us, as well as with any partner or third party participating in that event. Your information may be shared with the entity sponsoring your attendance at the event. For example, we may use the information to understand who attended an event, and potentially follow up with you on relevant products or services. The handling of your information will be governed by privacy notice of the party producing the event.
Journyx takes reasonable and appropriate technical and organizational security measures to protect personal information from loss, unauthorized access, theft, and unintentional disclosure, modification, or destruction. We take measures to ensure service providers that process personal information on our behalf have appropriate controls in place. However, the security of information transmitted through the internet cannot be guaranteed.
The security of your password or your other forms of authentication is your responsibility. We recommend our customers enable two-factor authorization for user access to the Journyx Services.
We may suspend your use of a website without notice, pending an investigation, if necessary to investigate or respond to a suspected security breach, as required by law and our contractual obligations to safeguard data.
How to Make Choices about Your Personal Information
Information We Need to Respond to Your Inquiry
If you inquire of us about your personal information, we will need to collect certain information from you to respond to your inquiry and, in some cases, to verify your identity before we can provide a response or disclose personal information.
How to Inquire and Make Choices if You are a Journyx Customer or End User
Customer Services Data
If you are a Journyx customer, end users that you authorize to do so (a “Services Administrator”) can make various choices about the personal information contained in your Customer Services Data, using the self-service features of the Services. Certain Services features and reports may not work as intended if you delete or modify information. To understand the impact of your choices, consult the documentation provided with the Services. Customers may have obligations under applicable law that limit these choices; understanding and complying with such obligations is the responsibility of the customer.
If you are an end user of the Services, you must contact your organization’s Journyx Services Administrator to inquire about your choices with respect to your personal information within the Customer Services Data. Journyx cannot respond directly to your request.
Relationship Management Information
You may contact your Journyx Account Manager to request access, correction or removal of your personal information that is part of the Relationship Management Information. If you need to find out how to contact your Account Manager, email [email protected]. Journyx has a legitimate need to ensure that Relationship Management Information remains sufficient for us to exercise our rights and obligations under our contractual agreements with our customers. For example, we must retain information sufficient to permit us to bill our customers for our services. Therefore, Journyx may request from a customer the personal or non-personal information sufficient for such purposes. To the extent possible within our contractual rights and obligations, we will assist you in making such choices.
How to Inquire and Make Choices if You are not a Journyx Customer
If you are not our customer or a customer’s end user, you may inquire about access or request deletion or correction of your personal information that we may process using the form provided at https://journyx.com/data-request.
You may make choices about our marketing communications with you using our website’s preferences page at https://hs.journyx.com/subscriptions-page-email-entry. You may also use the Unsubscribe link in a marketing email to opt out or modify your preferences. To opt out of other, non-email marketing communications, or to be added to our Do Not Call list, you may contact [email protected]. We need to retain the information necessary to continue to honor your opt-out choices (such as a telephone number in a Do Not Call list).
To opt out of cookies that may be placed by our public-facing website, use the cookie icon hovering in the lower left corner of our website to set your cookie preferences.
We cannot offer opt-out choices with respect to the information that end users enter into our software-service. If you are an end user of the Journyx Services, please direct your privacy questions or concerns to your organization’s Journyx administrators.
Opt-out choices are not available for communications necessary to fulfill the terms of the agreement between Journyx and our customers, including accounting, customer support, and product communications, among others.
Do Not Track
Journyx does not currently respond to browser Do Not Track (DNT) signals. We will continue to monitor the progress of a DNT standard as it develops.
Our Retention of Personal Information
Customer Services Data entered into the Journyx Services is retained in accordance with the agreement between the Journyx customer and Journyx.
Journyx will store Relationship Management Information as long as needed to provide customers with our services and to operate our business. If you ask Journyx to delete specific personal information from your Relationship Management Information, we will honor the request unless such deletion prevents us from carrying out necessary business functions, like billing, calculating taxes, complying with legal requirements for information retention, or conducting required audits.
Journyx adheres to the principles of the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Journyx has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about our adherence to these principles, see our Privacy Shield Notice here.
In the context of an onward transfer, Journyx has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Journyx shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Although Journyx no longer relies on the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as a legal basis for transfers of personal information, with respect to personal data received or transferred pursuant to the Privacy Shield Framework, Journyx is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
Your Privacy Rights
Depending on where you are located, you may have certain legal rights in accordance with local privacy laws. We will use your personal information consistent with the purposes for which it was collected, as required or permitted by law, or with your prior or subsequent consent.
In accordance with applicable law, you may exercise some or all of the following rights regarding our collection, use, and sharing of your personal information:
- Access the personal information we hold about you;
- Update or correct any inaccurate or incomplete personal information we hold about you;
- Request that we delete the personal information we hold about you;
- Object to or restrict the processing of your personal information;
- Receive the personal information you have previously provided to us in a structured, commonly-used and machine-readable format;
- Opt out of the sale of your personal information. This right is applicable in certain jurisdictions; however, we do not sell your personal information.
- Object to the processing of your personal information under our legitimate interests and ask us to restrict the processing. Where Customer System Data is concerned, end users of our Services must contact their Journyx system administrator with any concerns or objections to our processing of their personal information included in their organization’s Customer System Data.
- Withdraw your consent at any time to our collection and processing of your personal information. Such withdrawal will not affect the lawfulness of any processing we conducted prior to withdrawal of your consent, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- Opt out of our marketing communications.
Exercising Your Rights
You may contact us with inquiries about the personal information we may hold about you, or if you would like to assert any of your rights discussed above. We take reasonable steps to protect your privacy and security by verifying a requester’s identity before granting access to any personal information. We will request certain information from you to allow us to adequately address your request. We will take steps to verify your identity, such as validating your name and the email you use when communicating with us. We will respond to your request within a reasonable timeframe, or as required by law. In the event we need additional time to fulfill a request, we will notify you. If we deny your request, we will provide you with reasons for our denial.
If your personal information was provided to us by or on behalf of a Journyx customer, please inquire with the applicable customer directly to exercise your rights.
With respect to the processing activities covered by this privacy statement, Journyx does not make decisions based solely on automated processing that results in legal or similarly significant effects.
Please direct your request to us using the form provided at https://journyx.com/data-request. Or you may contact us by mail at:
3800 N. Lamar, Suite 200
Austin, Texas 78756
Lodging a Privacy Complaint
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If you are located in the EEA or Switzerland, you have the right to lodge a complaint with the relevant EEA data protection authority (such as the supervisory authority for your place of residence) or the Swiss Federal Data Protection and Information Commissioner, as applicable.
Changes to This Privacy Statement
We reserve the right to change or update this Privacy Statement at any time. Changes to the Privacy Statement will be posted on this website. We encourage you to periodically review this Privacy Statement for any changes. For new users, changes or updates are effective upon posting. For existing users, changes or updates are effective 30 days after posting.
Last Updated: June 13, 2023