Last updated April 2025
JourneyCX (“JourneyCX”, “we”, “us”, “our”) is committed to safeguarding the privacy and security of personal information processed through our Customer Experience Platform, CRM suite, web applications, and related digital services (collectively, “Services”).
We comply with applicable data protection legislation including, where applicable:
- Protection of Personal Information Act (POPIA) – South Africa
- General Data Protection Regulation (GDPR) – European Union
- Electronic Communications and Transactions Act (ECTA)
- Other relevant local frameworks
This Privacy Policy explains how we collect, use, share, store, and protect personal information, and outlines your rights as a data subject.
Scope
This policy applies to all personal information processed by JourneyCX where we act as:
- Responsible Party / Data Controller (when determining processing purposes)
- Operator / Data Processor (when processing on behalf of our customers)
What Personal Information We Collect
We collect information through:
Voluntary Submission
Provided directly by you:
- Full name, job title, company details
- Contact information (email, phone, address)
- Account login credentials
- Documents uploaded, forms completed
- Support interactions and feedback
- Billing and invoicing information
Automatic Collection
When interacting with our website/app:
- Device and browser data
- IP address and geolocation
- Cookies and session identifiers
- Interaction logs and usage analytics
Platform Generated Data
From platform features:
- Ticket records
- CRM activity logs
- Task assignments and timestamps
- Voice and call metadata (where used)
Third-Party Sources
We may receive limited information from:
- Payment gateways
- Identity verification systems
- Business directories
- Communication integration APIs (e.g., telephony, WhatsApp)
Voice & Audio Data Collection
JourneyCX may provide optional call-handling or voice-interaction modules.
Where enabled:
We may process:
- Voice recordings
- Transcriptions
- Call metadata (duration, device, caller ID)
- AI-generated sentiment analysis summaries
Used for:
- Quality assurance
- Training & coaching insights
- Compliance documentation
- Customer experience analytics
We do not process biometric identifiers for identification.
Customers enabling voice features remain responsible for informing end-users and must ensure lawful recording consent.
Legal Basis for Processing
We process personal information on one or more legal bases:
- Performance of a contract
- Compliance with legal obligations
- Legitimate business interests
- Protection of vital interests
- Public interest
- Consent where required
For GDPR users, consent may be withdrawn at any time.
Purpose of Processing
We process personal information to:
- Deliver CRM and CX platform functionality
- Manage billing and licensing
- Support authentication and account security
- Improve usability and performance
- Provide customer support
- Send system notifications and security alerts
- Conduct analytics and reporting (aggregated where possible)
- Comply with legal and regulatory requirements
Personal information is not used for automated decision-making that produces legal effects without human review.
Direct Marketing
We may send platform-relevant marketing messages about JourneyCX features or services.
You can unsubscribe via:
- Email footer links, or
- Support request to privacy@journeycx.net
Marketing is always reasonable, relevant, and non-intrusive.
Mandatory vs. Voluntary Provision
Certain information is mandatory in order to:
- Register an account
- Issue invoices
- Provide platform access
- Comply with South African legislation (e.g., VAT, record-keeping)
Optional information will be indicated as such.
Failure to provide mandatory data may prevent service delivery.
Children
JourneyCX does not knowingly collect personal information from individuals under 18.
Parents/guardians may request deletion.
Cookies
We use:
Necessary Cookies – authentication, security, navigation
Functional Cookies – preferences, interface customisation
Analytical Cookies – usage statistics (aggregate only)
Users may control cookies via browser settings.
Data Transfers Outside South Africa
When transferring data internationally, we apply protection aligned with:
- POPIA
- GDPR Chapter V
- Standard Contractual Clauses (SCCs)
We use only trusted vendors meeting industry security standards.
Sharing of Personal Information
- Affiliated Companies / Partners
Assisting in provision of services. - Authorised Service Providers
Including:
- Hosting providers
- Cloud backup vendors
- Communication APIs
- Payment processors
Bound by confidentiality and security measures.
- Legal and Regulatory Authorities
Where required to comply with law. - Fraud, Safety & Security Prevention
Where reasonably necessary to protect rights, property, or safety.
We do not sell personal information.
Security Measures
We implement appropriate organisational and technical safeguards including:
- Access controls & authentication
- Data encryption (at rest and in transit)
- Role-based permissions
- Incident logging
- Regular vulnerability assessments
Employees receive POPIA-aligned training.
Data Retention
We retain personal information only as long as necessary to:
- Fulfil the purpose of processing
- Meet legal retention requirements
- Resolve disputes
Upon expiry, data is securely deleted or anonymised.
Automated Processing & Profiling
The platform may provide optional analytics including:
- Sentiment scoring
- Conversation tagging
- Quality scoring
- Satisfaction predictions
A human review is always available upon request.
No automated processing produces legal or employment-related decisions without human input.
Your Rights (POPIA & GDPR)
You may request:
- Access to your personal information
- Correction of inaccurate data
- Deletion or restriction (where applicable)
- Objection to processing for direct marketing
- Data portability (GDPR regions)
- Withdrawal of consent
Requests may be submitted to:
privacy@journeycx.net
Data Subject Complaints
If you believe your rights are infringed:
South Africa (POPIA) Regulator:
Information Regulator (South Africa)
EU GDPR Supervisory Authorities:
Contact details available per EU member state.
We encourage direct resolution first.
Third-Party Links
Our website may contain links to external websites.
We are not responsible for their content or privacy practices.
Changes to this Policy
We may update this Privacy Policy periodically.
We will notify users via:
- Platform notifications, or
- Email announcements
Continued use indicates acceptance.
Contact Information
JourneyCX Software (a brand of Dansen Invest)
Email: privacy@journeycx.net
Website: www.journeycx.net
