This policy applies when we process personal data. Personal data means any information relating to an identified or identifiable natural person. It typical includes names, addresses, email addresses and contact details.
JourneyApps provides technology products and related services to our Customers.
We process personal data for purposes of our Customer relationships as a Data Controller.
As part of providing our technology products and related services to Customers, we process personal data of Users (typically our customers’ employees or other third parties related to our Customers) as received from our Customers or from Users directly. When we do this, we do it as a Data Processor for the purpose of providing our technology products and related services to our Customers.
Where we process personal data as a Data Processor, our Customer as the Data Controller will also be responsible for implementing appropriate data privacy practices.
We collect data, which may include personal data of individuals , in one of three ways:
Data collected through our Website
When an individual clicks on “Contact Us”, we collect their full name, phone number, email address, company name (if applicable) and online identifier information.
Data collected through our Platform and customer support and interaction channels
When an individual signs up to use our Platform, or any ancillary service used to access the Platform or administer a Solution, we collect their name, email address and online identifier.
We use a number of channels to provide application development services and technical support to Customers and Users and to contact Customers and Users with important information regarding the Platform and Customers’ Solutions. When we interact with Users in this way, we collect the User’s name and relevant contact information.
Data collected through Customers’ Solutions
We use our Platform to develop, operate and host custom software applications for our Customers, which we call “Solutions”. Each Solution is developed according to a Customer’s specifications and therefore the personal data collected using the Solution varies depending on the Solution’s purpose and the Customer’s requirements.
Solutions are rarely used to collect personal data, and where personal data is collected it is seldom sensitive. Personal data collected from Users is typically, but not always, limited to a User’s name, email address, phone number, address, employee or contractor identification number and the location where the Solution is used and the device used to access the Solution.
The personal data we collect is used for purposes of our contractual relationship with our Customers, including responding to pre-contractual queries, registration for our technology products and related services, administering our agreement, ongoing Customer relationship management and direct marketing.
We also use personal data for purposes of business analysis, statistics, product development, legal requirements and compliance.
The personal data of Users that we collect and process on behalf of our Customers will depend on our Customers’ requirements and we do not control these requirements.
Customers have complete access to all data that their Users enter using a Customer’s Solution. We have no obligation to maintain or monitor any data entered by a User using a Solution or the Customer’s account on our Platform, unless expressly stated otherwise in a written agreement between us and that Customer.
Our Customer may also elect, at their sole discretion, to make all data entered by a User freely available to all other Users existing under the Customer account or Solution, or to restrict the availability of such data within the Customer account or Solution in any manner it sees fit.
Like most software companies, we collect non-personally-identifying data of the sort that web browsers, platforms and software applications and servers typically make available, such as the browser type, language preference, referring website or application, and the date and time of each visitor request. Our purpose in collecting non-personally identifying data is to better understand how our Visitors, Customers and Users use our Website, our Platform and our Solutions. From time to time, we may release non-personally-identifying data in the aggregate, e.g., by publishing a report on trends in the usage of our products and services.
We never collect any financial or payment information, such as credit card information or bank details, from our Visitors, Customers or Users.
Our basis for collecting and processing personal data is one of the following:
When we process personal data as a Data Processor on behalf of our Customer, the Customer is responsible for determining the legal basis for processing. This may include that the Customer may require consent from a User before processing the information or sharing it with us for purposes of processing in terms of our agreement with the Customer.
We do not sell personal data. We disclose personal data to our employees, contractors and affiliated organizations who need to know that information in order to process it on our behalf or to otherwise assist us in providing the our technology products and related services, and who have agreed not to disclose it to others.
We may share personal data with regulators if required by any governmental regulatory authorities in terms of applicable law. We may also share it with law enforcement agencies if required in law.
You have certain rights in respect of your personal data. As available and except as limited under applicable law, where the General Data Protection Regulation (“GDPR”) applies, you have the following rights specifically in terms of the GDPR:
Where you have provided consent to process your personal data, you may also withdraw your consent where our processing is based on your consent. However, we may continue to process your information if another legal justification exists for the processing.
Each of our Customers may specify for how long we may retain the personal data collected from their Users. Unless specified otherwise in an agreement between us and a Customer, we retain personal data collected from that Customer’s Users for up to 3 years or, if earlier, for a maximum period of 60 days after our agreement with that Customer ends. If requested to do so, we provide Customers with a copy of the personal data. Thereafter, we permanently and securely delete the personal data.
We are committed to ensuring that your personal data is safe and secured, and implement appropriate technical and other security measures to protect the integrity and confidentiality of your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law.
We employ administrative, physical, and electronic measures designed to protect the personal data we store and process.
We use industry-standard technological means to protect personal data when stored on a User’s device, while in transit through the internet and when stored on our servers. We use encryption and a comprehensive authentication protocol to provide reasonable security. However, please remember that no security system on the internet is perfect.
Where you access the Platform or a Solution using a username and password, please ensure that you always keep these safe and confidential and never share it with any third party. We will never ask you for your password. If someone contacts you, claiming to represent JourneyApps and requests your information, it is always best to request that you contact that person by first getting in touch with JourneyApps through a known and published communication channel such as our support desk, or telephone number and confirming that person’s identity.
You can get more information about our data security practices in our Data Security Whitepaper.
Our website does not use any cookies.
We exercise reasonable efforts to safeguard the security and confidentiality of your personal data; however, transmissions protected by industry standard technology and administered by humans cannot be guaranteed to be secure in all circumstances. We will not be liable for unauthorized disclosure of personal data that occurs through no fault of JourneyApps including, but not limited to, errors in transmission, uses of your data by a third party, and your failure to comply with your security obligations.
We do not collect personal data from children under the age of 16. If you believe that a child has provided us with personal data without the consent of his or her parent or guardian, please contact us immediately at firstname.lastname@example.org. If we become aware that a child under age 16 has provided us with personal data, we will delete such data.
As Data Controller we do not intentionally collect sensitive personal data. Where we process sensitive personal data as a Data Processor for our Customer, the Customer is responsible to ensure lawful processing and to obtain consents where required.
We make use of third party service providers as sub-processors and may transfer data cross border if our service provider conducts business in another jurisdiction. We only use reputable sub-processors who maintain rigorous security standards.
Any personal data transferred cross border will only be transferred in terms of a written agreement requiring the recipient of the data to comply with all applicable requirements in respect of data privacy.
In terms of applicable laws, you may have the right to formally lodge a complaint about how we handle your personal data with your relevant regulatory authority in terms of the applicable law that applies to you.
If the GDPR applies to you, you may lodge a complaint with the European Commission by using the European Commission online complaint procedure or writing to the European Commission, Secretary-General B-1049 Brussels, BELGIUM, or sending a fax to +32 229 64 335.
If you have any questions, comments, concerns, complaints or claims with respect to our Website, our Platform or a Solution, if your User account has been compromised by a hacker or scammer, if another User is abusing, harassing, or stalking you, if you find that certain content displayed on the Website, the Platform or a Solution is inappropriate or prohibited by these terms, or if you have any other concern, please contact us by email at email@example.com or write to: Data Processing Officer, JourneyApps, 1614 15th Street, Denver, CO 80202, United States of America . We will investigate and attempt to resolve the matter.