Data Privacy Policy
General
The names and email addresses entered in the Khulisa Journals platform website will be used exclusively for the stated purposes of this platform and for the stated purposes of the individual journals hosted on this platform, and will not be made available for any other purpose or to any other party. Personal data collected is dealt with in accordance with the South African POPI Act, South Africa's equivalent of the EU GDPR.
Who we are
Khulisa Journals is a federated journal management platform, managed and hosted by the Academy of Science of South Africa (ASSAf). ASSAf aspires to be the apex organisation for science and scholarship in South Africa, recognised and connected both nationally and internationally.
Through its Membership which represents the collective voice of the most active scholars in all fields of scholarly enquiry, ASSAf aims to generate evidence-based solutions to national problems.
How we protect personal and other data
The platform was built using the Public Knowledge Product (PKP) Open Journal Systems (OJS) open source software. Additional measures taken to make sure the platform and the data it contains remain safe, include:
- PKP OJS core, plugins, and the theme are kept up to date with the most recent versions running. This is crucial for the security and stability of the OJS site. The current version installed is PKP OJS Version 3.3.0-7.
- Users β when registering β are required to use strong and unique usernames and passwords, and to keep those safe.
- This platform is hosted by xneelo, which continuously monitors the server on which the website is hosted for suspicious activity. xneelo further has tools in place to prevent large scale DDOS attacks. They keep their server software and hardware up to date to prevent hackers from exploiting vulnerabilities, and they have ready to deploy disaster recovery and accident plans which allows them to protect data in case of major events. Read more about security and reliability as applied to xneelo servers: https://xneelo.co.za/help-centre/products-and-services/security-and-reliability/
- A monitoring system keeps track of all activity on the website, including file integrity monitoring, failed login attempts, malware scanning, etc.
- A web application firewall (WAF) blocks all malicious traffic before it reaches the website.
- The website runs on SSL (Secure Sockets Layer)/HTTPS, which is a protocol that encrypts data transfer between the website and your browser. This encryption makes it harder for someone to sniff around and steal information from the website.
- File editing has been disabled, through applying the hardening feature part of the monitoring system.
- PHP file execution was disabled in directories where itβs not needed, through applying the hardening feature part of the monitoring system.
- The number of failed login attempts have been limited.
- A two-factor authentication technique has been implemented, for new users registering on the website.
- All logins to the system are subjected to a reCaptcha challenge to make sure only human users are allowed to log into the application.
- Idle users are automatically logged out of the website, after a certain period of time.
What personal data do we collect
- Registering on the platform is free of charge, and completely voluntary. When registering on this platform, users agree that submitted data can be included in the platform and made searchable. The data in this platform will not be sold or made available to any third party, except for what can be accessed via the end-user interface.
- If the information requested during registration is of a too personal nature for you, rather refrain from registering. We further comply with global data protection laws β especially the GDPR and the POPI Act.
- The following fields are mandatory when completing the registration form: given name, affiliation, country, email, username and password.
- Optional information to be completed include: family name.
- All fields except the password field can only be accessed by the platform administrator, and will never be released publicly or to any third party.
- The mentioned personal data is collected for purposes of the e-workflow which is one of the feautures offered by the system, and which makes it highly effective. Journals further collect data for reporting purposes, but the data will always be anonymised in case of the latter.
Comments
The systems does not allow users visiting the platform to leave any comments.
Contacting a journal or the platform
When contacting the journal or platform, all communication will be treated as confidential. All communication between the different role players part of the e-workflow are required to occur through the system.
Embedded content from other websites
Items on this platform may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
In addition to the PKP OJS generated statistics, this platform has integrated Google Analytics to track usage and impact. Please refer to the Google Privacy Policy Terms & Conditions for more information.
How long we retain your data
Data submitted to the platform is preserved for the unforeseeable future.
For users that register on the platform, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have a profile with a journal/s on this platform, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
We do not export any data, unless when a journal is migrated to another platform, on request of the Editors/Editorial Board. Harvesters/search engines/aggregators are requested to only harvest publicly accessible data, and to never duplicate data.
Your contact information
Your contact information will be used for purposes of advancing the purpose of this platform and individually published journals only, and will not be shared with any 3rd parties without your consent.