Privacy Information Notice

Protecting your privacy is important to us. Please take a few moments to review this Policy as we have updated and expanded it to include information on:

  1. the information we collect from you and how we use it;
  2. why we need to collect personal data;
  3. how we store personal data;
  4. how we process it;
  5. for how long we store that data and when we delete data;
  6. who we share data with;
  7. how to delete your account and request that your personal data is deleted;
  8. how to submit a subject access request (SAR) to us;
  9. how to withdraw consent;
  10. how to complain.

Summary

The Directory of Open Access Journals ("DOAJ"), managed independently by IS4OA, a CIC registered in the United Kingdom, is a free online directory that contains lists of peer-reviewed, open access journals. In order to ensure that every journal application and eventual entry in DOAJ can be vouched for by a representative of that journal, and to maintain a high level of recency and accuracy, the DOAJ collects and stores two groups of email addresses: of the person submitting an application (the applicant) for a journal to be indexed in DOAJ and of the person registered in the application as the journal contact (the journal contact). Both of those email addresses are stored in the application and, if an application is successful, a user account is created which contains the email address of the journal contact. DOAJ does not share any email addresses with anyone outside the organisation.

Who to contact at DOAJ about protecting your privacy

The DOAJ Operations Manager, Dom Mitchell, has assumed responsibility of the DOAJ data policy and implementing the changes required by the GDPR which comes into effect on 25th May 2018. If you have any questions or concerns about any of the information laid out in this Notice, or any other question about how DOAJ protects your data, please send an email to Dom: dom@doaj.org. Alternatively, you can write to him: Dom Mitchell, c/o DOAJ, IS4OA, Sandløkken 9, 2791 Dragør, DENMARK.

The Policy

This is the website for Directory of Open Access Journals, which is a web site managed by Infrastructure Services for Open Access, a UK-based Community Interest Company, registered in the UK. The DOAJ does not have an app. The DOAJ uses WordPress for its blogs: News Service and DOAJ Best Practice Guide. This Privacy Information Notice pertains to this website and its operations.

1) THE INFORMATION WE COLLECT AND HOW WE USE IT

1.a. Journal Applications

When someone applies for a journal to be in DOAJ, we ask them to provide two different sets of contact details: one for the Applicant and one for the Journal Contact. Those details are:

Name

Email Address

We must have these details to process the application. If an application is successful, a user account is created which stores the journal contact's email address and their name. We will use that email address to contact you from time to time for the following reasons:

  1. to ask you about an update to the information we hold on the journal(s).
  2. to inform you that we have changed the status of the journal in DOAJ.
  3. to inform you of any major changes that will affect how you carry out your tasks in the Publisher Area (where you log into DOAJ with your DOAJ account.)
  4. to ask you to complete our Publishers' Survey, in Mailchimp, which we send out occasionally.*
  5. to contact you regarding a question on article metadata which is linked to the journal in DOAJ.

*see section 4 below.

It is not possible for the review emails, created by the DOAJ Team and Volunteers, to be sent to Applicants or Journal Contacts from within the system. Therefore email addresses and names are copied into emails, created in whatever email program the DOAJ Team member or Volunteer uses. All DOAJ Team members use a dedicated DOAJ workspace, provided by Google and the email client is Gmail. Gmail automatically saves email addresses that we send emails to. Our use of Gmail and the protection of your personal data within it is governed by Google's Privacy Policy, Data Processing Amendment for G Suite, and Data Processing and Security Terms for Google Cloud Platform.

You may access, review and edit your account details by logging into your DOAJ account. We will never give out your email address to any 3rd party and we never discuss the details of your account or journal applications with anyone apart from you or confirmed representatives from your organisation.

1.b. DOAJ Volunteer Applications

When someone applies to be a volunteer for DOAJ, we collect, via a Google Form:

Name

Email Address

We use this information to contact you regarding your application to become a DOAJ Volunteer. If your application is successful, we create an account for you in the User database. This allows applications to be assigned to you for you to review and for you to carry out your duties as a volunteer effectively. You may access, review and edit these details by logging into your DOAJ account at any time.

2) WHY WE NEED TO COLLECT PERSONAL DATA

2.a Journals and Uploading Article Metadata

Anything to do with a journal or uploading article metadata must be linked to an individual's user account. All journals in the DOAJ system (i.e. they have a record in DOAJ, whether they are actually in or not in DOAJ) are administered via a Publisher Area. This Publisher Area is linked to a user account. The Publisher Area allows users to maintain their journal information, their personal account details and upload article metadata.

2.b Journal Applications

Journal applications must include the name and email address of the main contact for the journal being suggested, and the name and email address of the person completing the application. We use this information to process the application effectively: we use the email addresses to make contact as part of the standard review process and to fulfill our obligation to you to process your application in an unbiased and timely manner.

3) HOW WE STORE PERSONAL DATA

3.a Journal Applications

The journal applications are held in a database in the DOAJ Admin system which is accessible only by the DOAJ Team, the DOAJ Ambassadors, the DOAJ Volunteers (collectively the DOAJ representatives) and our technical partners in site development and hosting, Cottage Labs. Different groups within the DOAJ representatives have varying levels of access to the database. The main reason and objective for accessing the database is to process journal applications. Journal names and other journal details are searchable and displayed on our website; journal contact details are never displayed publicly and are not searchable.

User details (name, email address) are stored in a separate database, the User database, within the DOAJ Admin system. Sometimes, the DOAJ Team and, very rarely, Cottage Labs, will access user accounts to make updates, reset passwords, reset an API key or delete the user account entirely. Neither DOAJ representatives or Cottage Labs have access to users' passwords which are encrypted.

3.b DOAJ Volunteer Applications

DOAJ Volunteer applications are collected in a Google Sheet and are stored securely in the DOAJ's Google workspace. The Sheet is only accessible by the DOAJ Team (5 DOAJ managers and 6 DOAJ managing editors).

3.c DOAJ Team

The DOAJ User database contains the personal information of all users of the DOAJ Admin system. This includes the DOAJ Team.

4) HOW WE PROCESS PERSONAL DATA

4.a Journal Contacts

DOAJ sometimes asks Cottage Labs to create an export from the User database. We then import this list into Mailchimp, where it is password-secured. An example of this might be a list of all email addresses from accounts which have at least 1 journal indexed in DOAJ associated with them. We use this list to contact Journal Contacts with important information about changes and updates to the DOAJ Publisher Area which may affect their use of it. We also send out the occasional survey.

4.b DOAJ Volunteers

DOAJ maintains a list in Google Drive of all the active volunteers' names and email addresses. We use this list to coordinate volunteer activities, ensure that each Editorial Group has enough volunteers, and to ensure a smooth flow of applications through the DOAJ workflow. DOAJ also sends out a volunteer newsletter: the recipient list for this is manually created in Mailchimp using the list in Google Drive. This newsletter contains important updates which help the volunteers carry out their work effectively.

5) HOW LONG WE STORE PERSONAL DATA FOR AND WHEN WE DELETE DATA

5.a Journal Applications

DOAJ stores the personal data associated with a journal application and a journal record for as long as the journal is in DOAJ. If/when an application is rejected or a journal is removed from DOAJ, we will usually delete the data after 7 years. However, we do not delete personal data embedded in these records, or delete the user's account from the User database if we need to refer to them to provide the history of a journal and DOAJ. We record notes in all our applications and these Notes provide valuable information over time and help us to continue to meet high levels of quality.

Users may request at any time that we delete all their personal data from our systems by submitting a Subject Access Request to us**. DOAJ last reviewed the User accounts it holds when it undertook the Reapplications project. This project completed in 2017. During that project we deleted very many user accounts. Every year, we ask Cottage Labs to produce a report of all the user accounts in the system which have no journal associated with them and which are ore than 7 years old. We then ask Cottage Labs to delete those accounts. The last major overhaul of the DOAJ User database was when DOAJ migrated to its current platform at the end of 2013: we still have active user accounts pre-dating that time which were migrated to the new platform.

5.b DOAJ Volunteer Applications

DOAJ is in the lucky position where it receives far more applications from people wanting to volunteer than it has use for. Therefore we store the personal data in the Google Sheet until it is time to review the applications and assess if a person is a suitable candidate. Old applications are struck through and archived in a secure Google Drive folder which is only accessible by the Operations Manager. Volunteer applicants may request at any time that we delete all their personal data from the Google Drive by submitting a Subject Access Request (SAR) to us**.

**see section 8 below.

6) WHO WE SHARE DATA WITH

DOAJ does not actively share personal data with any organisation or individual outside the immediate DOAJ organisation.

DOAJ has a Mailchimp account (https://mailchimp.com) into which we occasionally import email addresses (see section 4 above)

7) HOW TO DELETE YOUR ACCOUNT AND REQUEST THAT PERSONAL DATA IS DELETED

7.a How to delete your account

An individual may request at any time that DOAJ deletes all the personal data and the user account from the DOAJ Admin system. Do this by using our Contact Us form. Please note that it is not possible for journals to be indexed in DOAJ without being linked to a User account. If you want us to delete your account and it is linked to a journal or journals which are indexed in DOAJ, then we will need to link the journal(s) to another individual's account. In these cases it would be helpful if, when you contact us asking us to delete your account, you can provide the name and email address of a replacement.

7.b How to request that all personal data is deleted

To request that DOAJ deletes all of the personal data that we hold about you, please send an email to the DOAJ Operations Manager, Dom Mitchell: dom@doaj.org.

8) SUBJECT ACCESS REQUEST (SAR)

8.a What is a subject access request (SAR)?

An SAR is the name given to the process by which a user can request to know details of the information that a site holds about him or her and how it is being used. A full explanation is given here: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/subject-access-request/ but in summary: 'an individual who makes a written request and pays a fee is entitled to be: told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available)'. The recipient organisation of an SAR must respond, according to UK law, within 40 calendar days.

8.b How to make an SAR to DOAJ

You may submit a SAR to DOAJ by contacting the DOAJ Operations Manager, Dom Mitchell, directly: dom@doaj.org. Any request in writing will be considered valid, whatever the format.

9) WITHDRAWING CONSENT

As stated in Sections 7 and 8 above, you can withdraw your consent for us to store and process your personal data at any time by submitting an email to the DOAJ Operations Manager. You may also request that we do not export your email address into Mailchimp.

10) HOW TO COMPLAIN

If you need to complain about how DOAJ has handled an SAR or your request to withdraw consent, or any other aspect related to the information detailed in this Privacy Information Notice, please send an email to the DOAJ Operations Manager, Dom Mitchell: dom@doaj.org.