Personal Data Notice

Notification regarding Personally Identifying Information according to the European General Data Protection Regulation (GDPR)

These details pertain to data related processes specific to OJS journals hosted by the University Library of Wuppertal.

For further information on settings and processes provided by the hosting institution, also refer to the general data protection statement (https://www.bib.uni-wuppertal.de/de/ueber-uns/rechtliches/dsgvo/) of the University Library or contact dsb@uni-wuppertal.de.

Website: https://www.bib.uni-wuppertal.de/de/ueber-uns/rechtliches/dsgvo/

Email: dsb@uni-wuppertal.de

1. Name and contact details of responsible person(s)/institution(s)

Responsibility in terms of the GDPR and other national data protection laws of member states jointly rests with the following institutions as stated below.

Technological responsibility for the internet pages of OJS

Universitätsbibliothek Wuppertal
Gaußstraße 20
42119 Wuppertal
Germany

2. Access to contents of the journal websites & related personal data

When you call up this website, the browser used on your end device automatically sends information to the server of our website. This data is only collected anonymously and therefore cannot be assigned to a specific person. For the purpose of analyzing the use and scope of our journal and the articles published here, we document and store access to the main page of the journal, to issues, articles, flags and additional files. All information is made anonymous. IP addresses are anonymized using a hash algorithm (SHA 256) in combination with a secure 64-character salt. The salt is automatically randomly generated and overwritten daily. In this way, IP addresses cannot be reconstructed afterwards.

In addition to the anonymized IP addresses, the following data is collected:

  • Type of access (e.g. administrative access)
  • Access time
  • accessed URL
  • HTTP Status Code
  • Browser

The information collected is only used to statistically evaluate the use of the content. There is no assignment of IP addresses to user IDs. It is technically impossible to subsequently trace a

Be aware, however, that OJS deposits cookies. You can prevent this by configuring your browser accordingly. Blocking cookies may mean that you may not be able to make use of all functionalities of the website. E.g., a session cookie is required, if you want to log in. For more information on this, please refer to the general data protection statement by the library (see link above).

A Guidebook regarding the GDPR and the OJS system, written by the PKP Project, is available here (see also https://openjournalsystems.com/cookie-policy/).

3. Editorial workflow

3.1 Contributor account metadata

Any journal using the editorial workflow will need to register contributor accounts as part of the publication process. These accounts will be created by the Managing Editor either for all contributors or for most contributors, with authors creating their own accounts on the respective journal’s website. Contributor roles can be author, reviewer, and editor.

3.1.1 Required data

Mandatory contributor information for self-registered accounts includes first name, affiliation, country, e-mail address, username, and a password (encrypted).

Mandatory contributor information for accounts registered by the Managing Editor includes first name, last name, e-mail-address, username, and a password (encrypted).

3.1.2 Recipient(s) of data

The data required for the respective account can be accessed and edited (with the exception of the username and dates) by the respective contributor, system administrators, and Managing Editors.

3.2 Workflow data

OJS tracks workflow information, mostly as submission-specific editorial history. The following information may be tracked:

  • All actions taken on a submission, and by whom;
  • All notifications sent regarding a submission (including who sent and received the notification);
  • All reviewer recommendations;
  • All editorial decisions;
  • All files uploaded as part of the submission process, including files that may have personally identifying information in the form of file metadata or in the files themselves.

The information in this part was taken (at times verbatim) from:
MacGregor, James: GDPR Guidebook for PKP Users, 2018, https://docs.pkp.sfu.ca/gdpr/en/, licensed under CC BY 4.0.

3.2.1 Recipient(s) of data

The data required for the editorial workflow is communicated between the contributors. Participants of the editorial workflow on OJS have access to different amounts of workflow data depending on their role. Managing Editors can access all submission data, section editors can access all submission data only for those submissions to which they have been assigned; authors have limited access to their own submissions and are only able to see the data they have supplied, or that editors have explicitly made available to them.

3.3 Purpose of processing data & legal basis

The purpose of processing the data mentioned above is the creation of a contributor account that enables the account holder to participate in the editorial workflow of the respective journal, as well as the general publication of articles in the journal. The legal basis for this processing is the agreement to become a contributor by creating an account, agreeing to have an account created for oneself, and/or taking part in the editorial workflow of any journal of OJS RUB. It is therefore grounded in consent (GDPR chapter  II, art. 6, 1, a).

Data that was entered during the process of registering an account or given to the Managing Editor for the purpose of creating an account will not be passed on to other parties and will be used only for the purpose for which it was provided.

Please note that contributor account metadata is different from article metadata, some of which will be displayed publicly. Refer to section 5 for information on article metadata.

3.4 Data storage

The data mentioned above is stored on servers of Ruhr-Universität Bochum, Germany, where the journal websites are hosted by the University Library.

4. OJS-internal statistics

For the purpose of statistics, OJS includes a statistical tool that allows authorized personnel in the University to generate an overview of article download numbers over different time spans. Information on the number of downloads is not combined with information on downloading parties. The data in question is used purely numerically for internal statistical purposes and not analysed or processed in any way that touches upon the identity of persons or parties using the website.

Furthermore, we collect anonymous usage data, including IP addresses. If you wish to opt-out of this process, please head to the respective journal’s privacy information page by using the link in the journal’s sidebar. There you will find more information on the types of data collected and how they are anonymised as well.

5. Metadata to articles and indexes

In the process of uploading articles for publication on the website of a journal, the Managing Editor will enter the e-mail address and current country of the author of the respective article into an upload form. This information is available to almost any participant of the article’s editorial workflow on OJS, excluding cases of blind peer review, but is not publicly visible, will not be disclosed and entering the address and country has purely technical reasons (compulsory field). If provided, the Managing Editor will also add information regarding the author’s affiliation to an institution or a place of work, which may also include the country, as well as their ORCID-ID to the upload form. The ORCID-ID and information regarding affiliation will be shown on the publication’s landing page. If an author does not wish to have their affiliation or ORCID-ID included in the metadata of their online article, they can inform the respective Managing Editor prior to publication.

Furthermore, some journals may require additional information of their authors as per the individual journal’s author guidelines, which can be found on the respective website. If authors do not wish to include additional information, for example a biographical statement, that is not required by the system they can inform the Managing Editor of the respective journal.

6. New issue alert

OJS automatically sends out a notification e-mail whenever a new issue has been published online. This message is sent to the address which is part of your user account. If you do not wish to receive this message, please use the link at the bottom of the message or contact the respective Managing Editor.

7. Contacting us by e-mail

If you write to any editorial e-mail address or contact the respective Managing Editor directly,your e-mail messages (e-mail address and further information you provide, including attachments) will be processed to respond to your query and will be stored on a server of the University of Wuppertal and archived there, as far as they pertain to the documentation of the peer review and editorial process that is required for the scholarly purposes and quality of the journal. This is granted by GDPR Recital 65.

Messages that are not required for these purposes of documentation will be stored for 5 years as University of Wuppertal retains documents of this kind for 5 years (required to fulfill its task, duration of storage according to regulation of the University of Wuppertal, legal grounds Art. 6, paragraph 1, letter e).

8. Information regarding rights

Be herewith informed that – as stipulated by the European General Data Protection Regulation (GDPR) – you are entitled to

  • receiving confirmation, whether data pertaining to your person is stored and processed by us
  • receiving information regarding the data stored and processed pertaining to your person from a responsible person or party (e.g. purpose of storage and processing, which data is stored and processed, origin of said data, recipient of said data, duration of storage),
  • access to said data
  • rectification of said data,
  • erasure of said data,
  • restriction of processing of said data,
  • data portability
  • object to storage and processing of said data
  • not to be subject to automated decision-making including profiling

You also have the right to appeal to a supervising body in case of complaint (Landesbeauftragte für den Datenschutz NRW, https://www.ldi.nrw.de/).

Consent to store and process the mentioned data for the purposes described above can be revoked by individuals or institutional representatives authorised to do so at any time and without statement of cause. This does not affect the legality of storing and processing said data prior to revocation of consent. If you wish to revoke your consent, please inform the Managing Editor of the journal in question in writing.

Be advised that – as far as the revocation of consent concerns data that is technically required to provide access to subscription content of some journals – retracting your consent to store and process the data will result in ending your access to that content.