Hrvatski | English

Privacy statement

Introduction

Morepress is an online publishing platform based on two open source systems developed by Public Knowledge Project, a nonprofit research organisation from Canada. The two systems which Morepress implements are:

Because of their open source nature, the abovementioned systems were adapted for use in University of Zadar. The changes were mostly of aesthetic nature, but there is a number of background changes as well. The entire codebase (not including the data stored in the system) is available on GitHub.

The advantage of using an open source system is that visitors and registered users always know how the system works and how it saves their data. In this Statement, we will explain in detail the specifics of handling user data on the Morepress platform.

In short

Morepress only implements open-source software and is open-source itself.

Visitors

Unregistered visitors of the platform (hereafter visitors) leave on the platform a number of data. The data which Morepress collects from visitors is:

  • Time of visit
  • Duration of visit
  • Viewed pages
  • Visitor's country
  • Type of visitor's device (e.g. personal computer, smartphone, etc.)
  • Screen resolution of visitor's device
  • The page from which the visitor arrived on Morepress (when following a link)
  • Visitor's browser (e.g. Google Chrome, Mozilla Firefox, etc.)
  • Visitor's operating system (e.g. Windows, Linux, iOS, etc.)
  • Extensions and additions to the visitor's browser (e.g. Flash, Java, etc.)

In order to track each consecutive visitor's visit, Morepress assigns a cookie and collects the abovementioned data on each consecutive visit.

The gathered data mainly serves the purpose of making statistics for further development of the platform. For example, if we notice that most visitors have a screen resolution of 1920x1080 pixels, we might adjust the functionality and design of the platform to that screen resolution.

To gather the visitor's data, we use Matomo, an open source software, whose codebase is available on Github.


Data gathered from visitors is stored on University of Zadar's servers, while backup copies are saved on University Computing Centre's servers in Zagreb and other locations (see chapter Backups for details).

Morepress respects the Do-Not-Track procedure if the visitors has it enabled in their browser.

In short

Morepress collects a lot of non-identifiable data on visitors for the purpose of statistics collection and further development of the platform.

Cookies

Morepress implements entirely its own cookies, meaning we don't use third-party cookies. Besides the abovementioned Matomo cookie, we also make use of Open Journal System and Open Monograph Press cookies which track user sessions. They serve the purpose of improving user experience of visitors and registered users. The user session cookies keep track of login status, user interface language choice, etc.

In short

Morepress doesn't use third-party cookies.

Security backup copies

It is in the publishing nature, and the nature of all public academic and university institutions to ensure the storage of all content that institution creates. In that regard, Morepress platform implements a number of steps in creating security backup copies. Visitors databases and registered users databases are backed up daily and weekly to University Computing Centre's virtual servers. All data backed up on the abovementioned servers is encrypted with a 2048-bit RSA (Rivest-Shamir-Adleman) keypair.

The data is also periodically saved on a physical medium and a remote virtrual server in Frankfurt, property of DigitalOcean, inc. The data backed up on those servers is also encrypted with the abovementioned method.

In short

Morepress backs up your data offsite and on physical medium. All backups are securely encrypted.

Registered users

Except for being an online site where one can browse the publishing production of the Univeristy of Zadar, Morepress also serves as a platform for most of publishing procedures. As such, in Morepress it is possible to perform the procedures of article submission, article review, issue, volume editing, etc. In order to enable those procedures, Morepress allows user registration. A registered user can have one or more of the following roles:

  • Reader
  • Author
  • Reviewer
  • Subscription Manager
  • Editor
  • Section Editor
  • Journal Manager

In order to uniquely confirm their identity and to avoid identity theft, the user is required to leave the following data when registering:

  • Name
  • Surname
  • Username
  • Password
  • E-mail address
  • Working languages

Other data which the user can, but is not required to fill out, are:

  • Salutation (e.g. dr., ph.D., etc.)
  • Middle name
  • Gender
  • Initials
  • Affiliation (institution)
  • Signature
  • ORCID identifier*
  • URL of personal website
  • Phone
  • Fax
  • Reviewing interests
  • Mailing address
  • Country
  • Bio Statement

* ORCID uniquely identifies the author. Morepress has no control over data stored in the ORCID database because such data is in the power of the author who created the ORCID identifier of their own free will. Therefore, one has to keep in mind that, if authors write their ORCID identifier in Morepress, visitors and subscribers could find more data on the author through it, data which the authors didn't store in Morepress (e.g. affiliation, country, papers written in other journals, etc.).

For the roles of reader, reviewer and subscription manager, abovementioned data is only visible to the journal managers and platform administrators. For the roles of author, editor, section editor and journal manager, because of the nature of their job, it is possible that all the data they provided will be displayed publically (with the exception of password).

Registered users can, at any moment, change their data (with the exception of username and e-mail address) and delete their non-mandatory data. In that context, registered users can anonymise the data which uniquely identifies them (e.g. name and surname) at any moment. However, we recommend that author, reviewer and editor data remain valid and up-to-date in order to allow the University to continue providing publishing procedures undisturbedly and in order to keep the University's scientific production and credibility intact. Registered users can (in addition to having an insight into personal data collected about them) also delete their user account by sending a request for deletion to [email protected] (the request must be sent from the e-mail address the user used on registration).

As it is extremely important for scientific and research papers to be visible to the science and research community in the context of scientific publishing, such papers are commonly exported into a number of repositories, portals and databases (e.g. HrĨak, DOAJ, Crossref, etc.). Except for the papers themselves, the data about the author(s) is, of course, exported as well. Morepress will not be held accountable for data exported to abovementioned websites, even if they were originally made in Morepress. In some cases, like in the case of Crossref database, a change or pseudonymization of data can be possible, while in other cases the author of the paper will have to contact the websites in question themselves.

Since Morepress is an open access platform, it is technically possible that any website or scientific paper aggregate or crawler "picks up" the author data.

Users registered as authors are therefore the ones most exposed in the context of providing their personal data. Nevertheless, it is our stance that it is in the author's interest for their papers to be read and cited and we therefore recommend to authors that they leave as much data as possible. Data like ORCID identifiers and affiliation significantly improve the overall impression of the paper and inform the reader about the author's previous experience in the paper's field of study.

In short

Registered users are in control of their data on Morepress. Authors' data might be exported to science repositories or databases.

Non-registered authors

When we were importing the scientific papers (journal issues published before Morepress launched) into the OJS system, we entered certain data about papers' authors. The entered data was always available publically, so the data in question was mostly names, surnames and affiliations of authors. E-mail addresses were never entered during the first import. Authors of abovementioned papers are therefore not registered users, but their data is visible on the platform nontheless, so they can be considered non-registered authors (hereafter).

Non-registered authors have the same rights of insight and management of their own data (even though they haven't entered the data themselves). Since they are not able to login into the system and change their data by themselves, they can contact the platform administrator on [email protected] who will do it for them. This also applies to anonymization and pseudonymization of their data.

Platform administrators can also register the authors in the system and assign them their data so they can manage it themselves. If they already registered, platform administrators can assign the existing account to their data so the can manage it themselves.

In short

Authors whose data we've entered in the system ourselves can contact us in order to manage their data.

Additional notes

How long we keep the data

Personal data entered into Morepress has no specific expiration date or the date when it's deleted, in accordance with the General Data Protection Regulation's Recital 65 and Article 17, Paragraph 3 and the Law on personal data protection, Articles 6 and 7. In most cases, the University will keep the data for as long as it can. The reason for that is to protect the consistency, credibility and validity of the University's scientific production. Detailed data about visitors (described in chapter Visitors) will be kept for 5 years. General and anonymous data about visitors, older than 5 years, will be kept (e.g. number of visits per month, device statistics, etc.) while the detailed data relating to cookies and specific visitors' page-paths will be deleted.

In short

Registered users' data is saved indefinitely. Visitors' data is saved for 5 years.

Providing data to authorities

At court's request, the University can provide all data relating to the court order, personal or otherwise, stored on the Morepress platform.

Personal data breach

In the case of a security breach resulting in a personal data breach on Morepress, the University of Zadar will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.

When we change the data

Morepress administrators keep the right of making changes (mostly corrections) to personal data, especially authors, if we ascertain that the data is incorrect, outdated or similar. Administrators will change the incorrect personal data on Morepress if they determine that it is necessary to do so in order to keep the consistency, credibility and validity of the platform.