The names and email addresses entered in the Clean Air Journal website will be used exclusively for the stated purposes of this journal, and will not be made available for any other purpose or to any other party. Personal data collected is dealt with in accordance with the South African POPI Act, South Africa's equivalent of the EU GDPR.
How we protect personal and other data
The Clean Air Journal platform was built using the Public Knowledge Product (PKP) Open Journal Systems (OJS) open source software. Additional measures taken to make sure the platform and the data it contains remain safe, include:
- PKP OJS core, plugins, and the theme are kept up to date with the most recent versions running. This is crucial for the security and stability of the OJS site. The current version installed is PKP OJS Version 3.3.0-7.
- Users – when registering – are required to use strong and unique usernames and passwords, and to keep those safe.
- This platform is hosted by xneelo, which continuously monitors the server on which the website is hosted for suspicious activity. xneelo further has tools in place to prevent large scale DDOS attacks. They keep their server software and hardware up to date to prevent hackers from exploiting vulnerabilities, and they have ready to deploy disaster recovery and accident plans which allows them to protect data in case of major events. Read more about security and reliability as applied to xneelo servers: https://xneelo.co.za/help-centre/products-and-services/security-and-reliability/
- A monitoring system keeps track of all activity on the website, including file integrity monitoring, failed login attempts, malware scanning, etc.
- A web application firewall (WAF) blocks all malicious traffic before it reaches the website.
- The website runs on SSL (Secure Sockets Layer)/HTTPS, which is a protocol that encrypts data transfer between the website and your browser. This encryption makes it harder for someone to sniff around and steal information from the website.
- File editing has been disabled, through applying the hardening feature part of the monitoring system.
- PHP file execution was disabled in directories where it’s not needed, through applying the hardening feature part of the monitoring system.
- The number of failed login attempts have been limited.
- A two-factor authentication technique has been implemented, for new users registering on the website.
- All logins to the system are subjected to a reCaptcha challenge to make sure only human users are allowed to log into the application.
- Idle users are automatically logged out of the website, after a certain period of time.
What personal data do we collect
- Registering on the platform is free of charge, and completely voluntary. When registering on this platform, users agree that submitted data can be included in the platform and made searchable. The data in this platform will not be sold or made available to any third party, except for what can be accessed via the end-user interface.
- If the information requested during registration is of a too personal nature for you, rather refrain from registering. We further comply with global data protection laws – especially the GDPR and the POPI Act.
- The following fields are mandatory when completing the registration form: country, email, username and password.
- Optional information to be completed include: first name, last name and organization.
- All fields except the password field can only be accessed by the platform administrator, and will never be released publicly or to any third party.
- The mentioned personal data is collected for purposes of the e-workflow which is one of the feautures offered by the system, and which makes it highly effective. Journals further collect data for reporting purposes, but the data will always be anonymised in case of the latter.
The systems does not allow users visiting the platform to leave any comments.
Contacting a journal or the platform
When contacting the journal or platform, all communication will be treated as confidential. All communication between the different role players part of the e-workflow are required to occur through the system.
Embedded content from other websites
Items on this platform may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
Data submitted to the platform is preserved for the unforeseeable future.
For users that register on the platform, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have a profile with a journal/s on this platform, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
We do not export any data, unless when a journal is migrated to another platform, on request of the Editors/Editorial Board. Harvesters/search engines/aggregators are requested to only harvest publicly accessible data, and to never duplicate data.
Your contact information
Your contact information will be used for purposes of advancing the purpose of this platform and individually published journals only, and will not be shared with any 3rd parties without your consent.