Last updated December 2024
This Data Processing Agreement (“Agreement”) forms part of the Subscription Terms between JourneyCX (Pty) Ltd (“Processor”) and the subscribing organisation (“Controller”) to ensure lawful processing of Personal Information under POPIA and GDPR.
Customer Experience Platform
Purpose
The Processor will process Personal Information solely for:
- Delivery of JourneyCX CRM and communications services
- Customer support and platform operations
- Analytics and security monitoring
Roles
- Customer = Controller
- JourneyCX = Processor
- Sub-processors = third-party cloud, payment, telephony providers
Processor Obligations
JourneyCX agrees to:
- Process Personal Information only on documented instructions
- Implement appropriate security measures
- Maintain records of processing activities
- Ensure staff confidentiality obligations
- Assist Controller with data subject requests
Sub-Processors
We may engage sub-processors for hosting, messaging, payments, analytics. Customer will be notified of material changes.
International Transfers
Cross-border transfers are permitted only where:
- Adequacy provisions exist, or
- Standard contractual clauses are executed
Security Controls
JourneyCX maintains:
- Encryption in transit and storage
- Access logs
- Role-based access control
- Regular vulnerability scans
Breach Notification
We will notify the Controller within 72 hours of discovering a confirmed security incident.
Data Subject Rights
JourneyCX will assist with:
- Access
- Deletion
- Restriction
- Portability requests
Deletion or Return
Upon termination:
- Data exports are made available for 30 days
- After 30 days, secure deletion occurs
