Privacy information notice
Protecting your privacy and personal data is important to us. Please take a few moments to review this Policy.
(Last reviewed and updated: November 2023)
The Directory of Open Access Journals ("DOAJ"), managed independently by IS4OA, a CIC registered in the United Kingdom, is a free online directory that contains lists of peer-reviewed, open access journals. To ensure that every journal application and eventual entry in DOAJ can be vouched for by a representative of that journal and to maintain a high level of recency and accuracy, the DOAJ collects and stores two groups of email addresses: the person submitting an application (the applicant) and the account holder (the journal contact), if different from the applicant. DOAJ does not share any email addresses with anyone outside the organisation. DOAJ collects email addresses of volunteers and Ambassadors. DOAJ also collects email addresses of its team members and partners it works with.
Who to contact at DOAJ about protecting your privacy
The DOAJ Operations Manager, Dominic Mitchell, has assumed responsibility for the DOAJ data policy and implementing the changes required by the GDPR, which came into effect on 25th May 2018. If you have any questions or concerns about the information in this Notice or any other question about how DOAJ protects or uses your data, please email Dominic. Alternatively, you can write to him: Dominic Mitchell, IS4OA Denmark, c/o Joanna Ball, Bøgevej 33, DK-4000 Roskilde, DENMARK.
This is the website for Directory of Open Access Journals, which is managed by Infrastructure Services for Open Access, a UK-based Community Interest Company registered in the UK. The DOAJ does not have an app. The DOAJ uses WordPress for its blogs: News Service and DOAJ Best Practice Guide. This Privacy Information Notice pertains to this website (https://doaj.org) and its operations only.
1) The information we collect and how we use it
1a Journal applications
Before you submit an application, you must register an account or sign into your account. Your account stores:
Your name Your email address Your password
An account is created and stored in our User database. We need these details to process your application. You are the Account holder. We will use the email address you provided to contact you:
- to ask you about an update to the information we hold on the journal(s)
- to inform you that we have changed the status of the journal in DOAJ
- to inform you of any major changes that will affect how you carry out your tasks on the Publisher dashboard
- to inform you about a new feature or piece of functionality which affects the way you do your work in DOAJ
- to send you occasional DOAJ marketing emails*
- to contact you regarding a question on article metadata, which is linked to the journal in DOAJ
- to ask you questions about your application
*see section 7 below.
It is not technically possible for emails generated as part of the review process to be sent to Account holders from within the DOAJ system. Therefore, email addresses and names are copied into emails created in whatever email program the DOAJ Team member or Volunteer uses. DOAJ Team members use a dedicated DOAJ workspace via Google for Business and the email client is Gmail. DOAJ Team members and Ambassadors all use @doaj.org email addresses. Volunteers use their own email addresses.
You may access, review and edit your account details by logging into your DOAJ account. We will never share your email address with any 3rd party, and we never discuss the details of your account or journal applications with anyone apart from you or an authorised representative.
1b Volunteer applications
When someone applies to be a volunteer for DOAJ, we collect, via a Google Form:
Your name Your email Address Name and email address of your reference(s)
We use this information to contact you or your references regarding your application. If your application is successful, we will create an account for you in our User database. This allows applications to be assigned to you for review and to log in to your DOAJ workspace. You may access, review and edit these details by logging into your DOAJ account at any time. We have to retain your email address so that we can keep you up to date about your volunteer work.
1c Via cookies
We collect some information automatically via cookies in use on this site. See Section 3 below for full details.
1d A user account
Sometimes, we create a user account for individuals or organisations because they want to use our metadata services or they are a service provider operating on behalf of one or a group of publishers. We collect:
A name An email address A password
An account is created in our User database. This allows journals to be assigned to that account and for the Account Holder to find their API key or access special services. You may access, review and edit these details by logging into your DOAJ account at any time.
1e A record in Less Annoying CRM
1f A record in Billy
2) Why we need to collect personal data
DOAJ has a duty to its stakeholder groups to maintain its index's quality, security and recency. It also has a duty to keep its users informed of updates concerning user accounts, features and functionality, or policy changes. This is our legitimate business interest and why we need to collect a contact name and email address linked to each journal indexed in our database. We use those email addresses to keep our members informed and up-to-date. We use other platforms to inform users and stakeholder groups of our updates, such as WordPress for our blog or to send invoices to supporters.
We rarely send marketing emails, but you may opt out of Marketing emails at any time by logging into your DOAJ account.
2a Journals and uploading article metadata
Anything to do with a journal or uploading article metadata must be linked to an individual user account. All the journals indexed and publicly available in the DOAJ database (i.e. they have not been withdrawn) are administered via your Publisher dashboard. This dashboard is linked to your user account. The Publisher dashboard allows you to maintain journal information and upload article metadata.
2b Journal applications
Journal applications must include the name and email address of the applicant. We use this information to process the application effectively: we use the email addresses to make contact as part of the standard review process and to fulfil our obligation to you to process your application in an unbiased and timely manner.
Volunteer records must include a name and an email address so that we can assign applications to you, email you about changes to the Admin system where you do your work or other changes.
You may opt out of marketing emails by logging into your DOAJ account.
3) Which cookies are in use on this site and why
When you use DOAJ, cookies are set on your machine. The cookies we set are:
- doaj.org - a small number of required cookies for the application to function, for example, when you log in and click away the cookie consent banner.
- schema - if you upload article metadata to us via the Upload Article XML tab, we place a cookie on your machine which allows us to remember which XSD schema you used the last time you uploaded XML to us: doaj or Crossref
- hotjar - we sometimes use Hotjar to do unmoderated monitoring of user journeys through our site. We look at where they click on a page and where they stop in a process. This is only occasional. We always use a Hotjar widget to collect feedback on individual journal pages.
- twitter - on our homepage is an embedded X (Twitter) feed. This app comes with cookies to make X (Twitter) work, such as checking to see if you are logged in or whether you have specific advertising preferences.
You can disable these cookies at any time by using the privacy settings in your browser. However, the performance and some functions of the site may be affected.
4) How we store personal data
4a In journal applications
The journal applications are held in a database in the DOAJ Admin system, which is accessible only by the DOAJ Team, the DOAJ Ambassadors, the DOAJ Volunteers (collectively the DOAJ representatives) and our technical partners in site development and hosting, Cottage Labs. Different groups of DOAJ representatives have different levels of access to the database. The main reason and objective for accessing the database is to review journal records and applications.
4b In journal records
Your contact details are linked to journal and application records. Journal names and other journal details are searchable and displayed on our website; journal contact details are never displayed publicly and are not searchable.
4c In user accounts
User details (name, email address, password) are stored in a separate database, the User database, within the DOAJ Admin system. Sometimes, the DOAJ Team and, very rarely, Cottage Labs will access user accounts to make updates, reset passwords, reset an API key or delete the user account entirely. Neither DOAJ representatives nor Cottage Labs have access to users' passwords, which are encrypted. All personal data is encrypted when imported into a DOAJ test site or onto a developer's machine for development or testing.
4e In volunteer applications
Volunteer applications are collected in a Google Sheet and are stored securely in the DOAJ's Google workspace. The Sheet is only accessible by the DOAJ Team.
4f As the DOAJ team
The DOAJ User database contains the personal information of all users of the DOAJ Admin system. This includes the DOAJ Team. The personal data of DOAJ Team members is also stored in contracts and role profiles on Google Drive. DOAJ Team's banking details are held in Billy, our accounting software, to make payments.
4g in Less Annoying and Billy
If the journal contact is the same contact to whom we issue invoices, a name, email address, and organisation will be stored in Less Annoying CRM and Billy. Their privacy policies govern the protection of your data. Less Annoying Billy
5) How we process personal data
5a Account holders
DOAJ sometimes asks Cottage Labs to create an export of email addresses from the User database. We then import this list into Mailchimp, where it is password-secured. An example of this might be a list of all email addresses from accounts which have at least one journal indexed in DOAJ associated with them. We use this list to contact Account holders with important information about changes and updates to the DOAJ Publisher Area, which may affect their use. We also send out the occasional marketing email.
DOAJ maintains a list in Google Drive of all the active volunteers' names and email addresses. We use this list to coordinate volunteer activities, ensure that each Editorial Group has enough volunteers, and ensure a smooth flow of applications through the DOAJ workflow. DOAJ also sends out a volunteer newsletter: the recipient list for this is manually created in Gmail using the list in Google Drive. This newsletter contains important updates which help the volunteers carry out their work effectively.
6) How long do we store personal data and when do we delete data
6a Journal applications
DOAJ stores the personal data associated with a journal application and a journal record for as long as the journal is in DOAJ. If/when an application is rejected or a journal is removed from DOAJ, we usually delete the data after seven years. However, we do not delete personal data embedded in these records or delete the user's account from the User database if we need to refer to them to provide the history of a journal and DOAJ. We record notes in all our applications, and these Notes provide valuable information over time and help us to continue to meet high levels of quality.
6b User accounts
Users may request at any time that we delete all their personal data from our systems by submitting a Subject Access Request to us**. Every year, DOAJ asks Cottage Labs to produce a report of all the user accounts in the system that have no records associated with them and are more than seven years old. The last major overhaul of the DOAJ User database was when DOAJ migrated to its current platform at the end of 2013: we still have active user accounts pre-dating that time, which were migrated to the new platform.
6c Volunteer applications
DOAJ stores the personal data of applicants in a Google Sheet until we assess if a person is a suitable candidate. Old applications are struck through and archived in a secure Google Drive folder only accessible by the Operations Manager. Old applications are deleted after seven years. Volunteer applicants may request at any time that we delete all their personal data from Google Drive by submitting a Subject Access Request (SAR) to us**.
**see section 9 below.
7) Who do we share data with
DOAJ does not share personal data with any organisation or individual outside the immediate DOAJ organisation, nor will it grant requests from industry organisations for access to user data.
8) How to delete your account and request that personal data be deleted
8a How to delete your account
Individuals may request that DOAJ delete their user account from the DOAJ Admin system at any time. Do this by emailing Dominic Mitchell. Please note that it is not possible for journals to be indexed in DOAJ without being linked to a User account. If you want us to delete your account and it is linked to a journal or journals indexed in DOAJ, then we will need a replacement account. In these cases, it would be helpful if, when you contact us asking us to delete your account, you can provide a replacement's name and email address.
8b How to request that all personal data be deleted
To request that DOAJ delete all of the personal data we hold about you, please email the Operations Manager, Dominic Mitchell: [email protected].
9) Subject access request (SAR)
9a What is a subject access request (SAR)?
An SAR is the name given to the process by which a user can request to know details of a site's information about them and how it is being used. A full explanation is given here: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/subject-access-request/ but in summary: 'an individual who makes a written request and pays a fee is entitled to be: told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available)'. According to UK law, the recipient organisation of a SAR must respond within 40 calendar days.
9b How to make a SAR to DOAJ
You may submit a SAR to DOAJ by contacting the Operations Manager, Dominic Mitchell, directly: [email protected]. Any request in writing will be considered valid, whatever the format.
10) Withdrawing consent
As stated in Sections 7 and 8 above, you can withdraw your consent for us to store and process your personal data at any time by submitting an email to the Operations Manager.
You may also explicitly indicate that you do not want DOAJ to use your email address for marketing purposes. We have added consent checkboxes to all user accounts where you can opt in or out of these emails.
11) How to complain
If you need to complain about how DOAJ has handled an SAR or your request to withdraw consent, or any other aspect related to the information detailed in this Privacy Information Notice, please send an email to the DOAJ Operations Manager, Dominic Mitchell: [email protected]