Privacy information notice
Protecting your privacy is important to us. Please take a few moments to review this Policy.
The Directory of Open Access Journals ("DOAJ"), managed independently by IS4OA, a CIC registered in the United Kingdom, is a free online directory that contains lists of peer-reviewed, open access journals. In order to ensure that every journal application and eventual entry in DOAJ can be vouched for by a representative of that journal, and to maintain a high level of recency and accuracy, the DOAJ collects and stores two groups of email addresses: of the person submitting an application (the applicant) for a journal to be indexed in DOAJ and of the person registered in the application as the journal contact (the journal contact). Both of those email addresses are stored in the application and, if an application is successful, a user account is created which contains the email address of the journal contact. DOAJ does not share any email addresses with anyone outside the organisation.
Who to contact at DOAJ about protecting your privacy
The DOAJ Operations Manager, Dom Mitchell, has assumed responsibility of the DOAJ data policy and implementing the changes required by the GDPR which came into effect on 25th May 2018. If you have any questions or concerns about any of the information laid out in this Notice, or any other question about how DOAJ protects or uses your data, please send an email to Dom. Alternatively, you can write to him: Dom Mitchell, c/o DOAJ, IS4OA, Sandløkken 9, 2791 Dragør, DENMARK.
This is the website for Directory of Open Access Journals, which is a website managed by Infrastructure Services for Open Access, a UK-based Community Interest Company, registered in the UK. The DOAJ does not have an app. The DOAJ uses WordPress for its blogs: News Service and DOAJ Best Practice Guide. This Privacy Information Notice pertains to this website (https://doaj.org) and its operations only.
1) The information we collect and how we use it
1a Journal applications
Before you submit an application, you must register or sign in. In that process, we collect:
Your name Your email address
An account is created for you in our User database. We need these details to process your application. You are the Account holder. We will use the email address you provide to contact you:
- to ask you about an update to the information we hold on the journal(s)
- to inform you that we have changed the status of the journal in DOAJ
- to inform you of any major changes that will affect how you carry out your tasks on the Publisher dashboard
- to inform you about a new feature or piece of functionality which affects the way you do your work in DOAJ
- to send you occasional DOAJ marketing emails*
- to contact you regarding a question on article metadata which is linked to the journal in DOAJ
- to ask you questions about your application
*see section 7 below.
It is not technically possible for emails, generated as part of the review process, to be sent to Account holders from within the DOAJ system. Therefore email addresses and names are copied into emails, created in whatever email program the DOAJ Team member or Volunteer uses. DOAJ Team members use a dedicated DOAJ workspace, via Google Workspace and the email client is with Gmail. DOAJ Team members and Ambassadors all use @doaj.org email addresses.
You may access, review and edit your account details by logging into your DOAJ account. We will never give out your email address to any 3rd party and we never discuss the details of your account or journal applications with anyone apart from you or a representative who we have confirmed is from your organisation.
1b Volunteer applications
When someone applies to be a volunteer for DOAJ, we collect, via a Google Form:
Your name Your email Address Name and email address of the applicant's references
We use this information to contact you or your references regarding your application. If your application is successful, we create an account for you in our User database. This allows applications to be assigned to you for you to review and for you to log in to your DOAJ workspace. You may access, review and edit these details by logging into your DOAJ account at any time.
1c Via cookies
We collect some information automatically via cookies in use on this site. See Section 3 below for full details.
1d A user account
Sometimes we create a user account for individuals or organisation becaue they want to use our API or they are a service provider operating on behalf of one or a group of publishers. We collect:
A name An email address
An account is created in our User database. This allows journals to be assigned to that account, or for the account to generate an API key. You may access, review and edit these details by logging into your DOAJ account at any time.
1e Our business updates newsletter
We have a newsletter, powered by Mailchimp, which individuals can sign up to voluntarily. In that process, we collect:
Your name Your email address
Personal data collection in the newsletter is governed by Mailchimp's privacy practices.
2) Why we need to collect personal data
DOAJ has a duty to its stakeholder groups to maintain the quality, security and recency of the database. It also has a duty to keep its users informed of updates concerning user accounts, features and functionality, or policy changes. This is our legitimate business interest and why we need to collect a contact name and email address linked to each journal indexed in our database. We use those email addresses to keep our members informed and up-to-date. We use other platforms to keep users and stakeholder groups aware of our updates, such a Wordpress, for our blog, and Mailchimp, for our newsletter.
2a Journals and uploading article metadata
Anything to do with a journal or uploading article metadata must be linked to an individual user account. All the journals indexed and publicly available in the DOAJ database (i.e. they have not been withdrawn) are administered via your Publisher dashboard. This dashboard is linked to your user account. The Publisher dashboard allows you to maintain journal information and upload article metadata.
2b Journal applications
Journal applications must include the name and email address of the applicant. We use this information to process the application effectively: we use the email addresses to make contact as part of the standard review process and to fulfill our obligation to you to process your application in an unbiased and timely manner.
2c Business updates newsletter
Mailchimp requires that an email address be registered for the newsletter to be delivered.
3) Which cookies are in use on this site and why
When you use DOAJ, cookies are set on your machine. There are 3 sites currently setting cookies:
- Google Analytics - we track usage of this site using Google Analytics. We do not track individuals but general paths through the site.
- doaj.org - a small number of required cookies for the application to function, for example when you log in and when you click away the cookie consent banner.
- schema - if you upload article metadata to us via the Upload Article XML tab, we place a cookie on your machine which allows us to remember which XSD schema you used the last time you uploaded XML to us: doaj or Crossref
- hotjar - we use hotjar to do unmoderated monitoring of users journeys through our site. We look at where they click on a page, where they stop in a process (such as submitting an application) and we collect feedback via the Hotjar chat app.
- twitter - on our homepage is an embedded Twitter feed. This app comes with cookies so make Twiiter work, such as checking to see if you are logged in, or whether you have specific advertising preferences.
You can disable these cookies at any time by using the privacy settings in your browser however the performance and some functions of the site may be affected.
4) How we store personal data
4a Journal applications
The journal applications are held in a database in the DOAJ Admin system which is accessible only by the DOAJ Team, the DOAJ Ambassadors, the DOAJ Volunteers (collectively the DOAJ representatives) and our technical partners in site development and hosting, Cottage Labs. Different groups within the DOAJ representatives have varying levels of access to the database. The main reason and objective for accessing the database is to process journal applications.
4b Journal records
Journal names and other journal details are searchable and displayed on our website; journal contact details are never displayed publicly and are not searchable.
4c User accounts
User details (name, email address) are stored in a separate database, the User database, within the DOAJ Admin system. Sometimes, the DOAJ Team and, very rarely, Cottage Labs, will access user accounts to make updates, reset passwords, reset an API key or delete the user account entirely. Neither DOAJ representatives or Cottage Labs have access to users' passwords which are encrypted. All personal data is encrypted when it is imported into the DOAJ test site or onto a developer's machine for development or testing.
4b Volunteer applications
Volunteer applications are collected in a Google Sheet and are stored securely in the DOAJ's Google workspace. The Sheet is only accessible by the DOAJ Team (5 DOAJ managers and 6 DOAJ managing editors).
4c DOAJ team
The DOAJ User database contains the personal information of all users of the DOAJ Admin system. This includes the DOAJ Team. The DOAJ Team's personal data is also stored in your contracts and role profiles on the Google Drive. DOAJ Team's banking details are held by the Managing Director to make payments.
5) How we process personal data
5a Account holders
DOAJ sometimes asks Cottage Labs to create an export of email addresses from the User database. We then import this list into Mailchimp, where it is password-secured. An example of this might be a list of all email addresses from accounts which have at least 1 journal indexed in DOAJ associated with them. We use this list to contact Account holders with important information about changes and updates to the DOAJ Publisher Area which may affect their use of it. We also send out the occasional marketing email.
DOAJ maintains a list in Google Drive of all the active volunteers' names and email addresses. We use this list to coordinate volunteer activities, ensure that each Editorial Group has enough volunteers, and to ensure a smooth flow of applications through the DOAJ workflow. DOAJ also sends out a volunteer newsletter: the recipient list for this is manually created in Mailchimp using the list in Google Drive. This newsletter contains important updates which help the volunteers carry out their work effectively.
6) How long we store personal data for and when we delete data
6a Journal applications
DOAJ stores the personal data associated with a journal application and a journal record for as long as the journal is in DOAJ. If/when an application is rejected or a journal is removed from DOAJ, we will usually delete the data after 7 years. However, we do not delete personal data embedded in these records, or delete the user's account from the User database if we need to refer to them to provide the history of a journal and DOAJ. We record notes in all our applications and these Notes provide valuable information over time and help us to continue to meet high levels of quality.
Users may request at any time that we delete all their personal data from our systems by submitting a Subject Access Request to us**. Every year, DOAJ asks Cottage Labs to produce a report of all the user accounts in the system which have no journal associated with them and which are more than 7 years old. We last did this in October 2020. The last major overhaul of the DOAJ User database was when DOAJ migrated to its current platform at the end of 2013: we still have active user accounts pre-dating that time which were migrated to the new platform.
6b Volunteer applications
DOAJ stores the personal data of applicants in a Google Sheet until we assess if a person is a suitable candidate. Old applications are struck through and archived in a secure Google Drive folder which is only accessible by the Operations Manager. Volunteer applicants may request at any time that we delete all their personal data from the Google Drive by submitting a Subject Access Request (SAR) to us**.
**see section 9 below.
7) Who we share data with
DOAJ does not share personal data with any organisation or individual outside the immediate DOAJ organisation, neither will it grant requests from industry organisations for access to user data.
DOAJ has a Mailchimp account (https://mailchimp.com) into which we occasionally import email addresses (see section 4 above)
8) How to delete your account and request that personal data is deleted
8a How to delete your account
An individual may request at any time that DOAJ deletes their user account from the DOAJ Admin system. Do this by using our Contact form. Please note that it is not possible for journals to be indexed in DOAJ without being linked to a User account. If you want us to delete your account and it is linked to a journal or journals which are indexed in DOAJ, then we will need to link the journal(s) to another individual's account. In these cases it would be helpful if, when you contact us asking us to delete your account, you can provide the name and email address of a replacement.
8b How to request that all personal data is deleted
To request that DOAJ deletes all of the personal data that we hold about you, please send an email to the DOAJ Operations Manager, Dom Mitchell: [email protected].
9) Subject access request (SAR)
9a What is a subject access request (SAR)?
An SAR is the name given to the process by which a user can request to know details of the information that a site holds about them and how it is being used. A full explanation is given here: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/subject-access-request/ but in summary: 'an individual who makes a written request and pays a fee is entitled to be: told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available)'. The recipient organisation of an SAR must respond, according to UK law, within 40 calendar days.
9.b How to make an SAR to DOAJ
You may submit an SAR to DOAJ by contacting the DOAJ Operations Manager, Dom Mitchell, directly: [email protected] Any request in writing will be considered valid, whatever the format.
10) Withdrawing consent
As stated in Sections 7 and 8 above, you can withdraw your consent for us to store and process your personal data at any time by submitting an email to the DOAJ Operations Manager.
You may also explicitly indicate that you do not want DOAJ to use your email address for marketing purposes. We have added consent checkboxes to all user account where you can opt in or opt out of these emails.
11) How to complain
If you need to complain about how DOAJ has handled an SAR or your request to withdraw consent, or any other aspect related to the information detailed in this Privacy Information Notice, please send an email to the DOAJ Operations Manager, Dom Mitchell: [email protected]