JEPM is an online publishing platform based on an open source system developed by Public Knowledge Project, a nonprofit research organisation from Canada. The system which JEPM implement is:
- Open Journal System, version 3
Because of its open source nature, the abovementioned system was adapted for use in the University of East Sarajevo, Faculty of Technology Zvornik. The changes were mostly of aesthetic nature, but there is a number of background changes as well. The advantage of using an open source system is that visitors and registered users always know how the system works and how it saves their data. In this Statement, we will explain in detail the specifics of handling user data on the JEPM platform.
- JEPM only implements open-source software with an exception of Google Analytics.
We use the information we collect, including Personal Data and Usage Data:
- to enable you to use our JEPM, to create an account or profile, to process the information you provide via our JEPM (including verifying that your email address is active and valid) and to process your submissions;
- to provide related service and care, including responding to your questions, complaints, or comments and sending surveys (with your consent) and processing survey responses;
- to provide you with information, that you have requested;
- with your consent, to provide you with information, that we otherwise believe will interest you, including special opportunities from us;
- for internal business purposes, such as to improve our JEPM;
- to administer and the process of publishing;
- to comply with regulatory and legal obligations; and
Our Information Sharing Practice
- We share Non-Personal Data, including Usage Data, de-identified Personal Data and aggregated user statistics, with third parties in our discretion. We share User Information, including Personal Data, as otherwise described in this Policy, and under the following circumstances:
- Other Disclosure Scenarios. We reserve the right, and you hereby expressly authorize us, to share User Information: (i) in response to subpoenas, court orders, or legal process, or to establish, protect, or exercise our legal rights or defend against legal claims; (ii) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person or property; (iii) if we believe it is necessary to investigate, prevent, or take action regarding significant abuse of the JEPM infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of information); (iv) to protect and defend our legal rights or property, our services or their users, or any other party, and to protect the health and safety of our users or the general public.
When we use the term "anonymous data," we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third-party. We may create anonymous data from the Personal Data we receive about you and other individuals whose Personal Data we collect. Anonymous data will include analytics information and information collected by us using cookies. We make Personal Data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze usage patterns in order to make improvements to our JEPM. Unregistered visitors to the platform (hereafter visitors) leave on the platform a number of data. The data which JEPM collects from visitors is:
- Time of visit
- Duration of visit
- Viewed pages
- Visitor's country
- Type of visitor's device (e.g. personal computer, smartphone, etc.)
- Screen resolution of visitor's device
- The page from which the visitor arrived on JEPM
- Visitor's browser (e.g. Google Chrome, Mozilla Firefox, etc.)
- Visitor's operating system (e.g. Windows, Linux, iOS, etc.)
- Extensions and additions to the visitor's browser (e.g. Flash, Java, etc.)
In order to track each consecutive visitor's visit, JEPM assigns a cookie and collects the abovementioned data on each consecutive visit. The gathered data mainly serves the purpose of making statistics for further development of the platform. For example, if we notice that most visitors have a screen resolution of 1920x1080 pixels, we might adjust the functionality and design of the platform to that screen resolution.
In order to be able to analyze usage and impact of our journal and the published articles, we collect and log access to the journal’s homepage, issues, articles, galleys and supplementary files. In the process, all data is anonymized. No personal information is logged. IP addresses are anonymized by being hashed (using SHA 256) in combination with a secure 64 characters long salt that is automatically randomly generated and overridden on a daily basis. Therefore IP addresses cannot be reconstructed.
The following information is collected next to the anonymized IP addresses:
- Access type (i.e. administrative)
- Request time
- Requested URL
- HTTP status code
The collected data is only used for evaluation purposes. No IP addresses are mapped to user IDs. It is technically impossible to trace a specific set of data to a specific IP address.
When someone visits our website (https://jepm.tfzv.ues.rs.ba) we make use of the Google Analytics service to collect standard information about visitors to the sites and their behavior (e.g. what pages they viewed). The data provided by Google Analytics is anonymized and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit.
- JEPM collects a lot of non-identifiable data on visitors for the purpose of statistics collection and further development of the platform. To gather the visitor's data, we use Google Analytics.
Users Outside of the Bosnia and Herzegovina and Consent to Transfer
The JEPM are operated in the Bosnia and Herzegovina. If you are located in another jurisdiction, please be aware that information you provide to us will be transferred to, stored and processed in the Bosnia and Herzegovina. By using the JEPM or providing us with any information, you consent to this transfer, processing, and storage of your information in the Bosnia and Herzegovina, a jurisdiction in which the privacy laws are not as comprehensive as those in the country where you reside or are a citizen such as the European Union. To ensure that appropriate and suitable safeguards and technical measures are in place to protect your personal data, we make use of standard contractual clauses that have been approved by the European Commission, or we implement other similar measures required by laws around the world.
- Data gathered from visitors is stored on University of East Sarajevo servers in Bosnia and Herzegovina. By using the JEPM, you Consent to Transfer.
How We Respond to "Do Not Track" Signals
Internet browsers can be configured to send the "Do Not Track" signals to the online services that you visit. JEPM respects the Do-Not-Track procedure if the visitors has it enabled in their browser.
If you are a resident of the European Economic Area (EEA), you have the right to: (a) request access to your Personal Data and rectification of inaccurate Personal Data; (b) request erasure of your Personal Data; (c) request restrictions on the processing of your Personal Data; (d) object to processing your Personal Data; and/or (e) the right to data portability ("collectively, "Requests"). We can only process Requests from a user whose identity has been verified. To verify your identity, please provide your email address or [URL] when you make a request. For more information about how to get access to Personal Data and for exercising your rights, you can submit a request here by naming subject "I am an EU resident and would like to exercise my individual rights" option. You also have the right to lodge a complaint with a supervisory authority.
While we strive to protect your User Information, we cannot guarantee its security. You use the JEPM and provide us with information at your own initiative and risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us of the problem by contacting us using the details in the Contact Us section.
- We have implemented commercially reasonable and appropriate technical and organizational security measures to help protect your Personal Data from accidental or unlawful destruction, loss, alteration, misuse, or unauthorized access or disclosure; unfortunately, however, no data transmission over the Internet can be guaranteed to be 100% secure.
Collecting, Retaining, Modifying and Deleting Your Personal Data
Except for being an online site where one can browse the publishing production of the Journal of Engineering & Processing Management, JEPM also serves as a platform for most of the publishing procedures. As such, in JEPM it is possible to perform the procedures of article submission, article review, issue, volume editing, etc. In order to enable those procedures, JEPM allows user registration. A registered user can have one or more of the following roles:
- Subscription Manager
- Section Editor
- Journal Manager
- In order to uniquely confirm their identity and to avoid identity theft, the user is required to leave the following data when registering:
- E-mail address
- Working languages
- Other data which the user can, but is not required to fill out, are:
- Salutation (e.g. dr., ph.D., etc.)
- Middle name
- Affiliation (institution)
- ORCID identifier*
- URL of a personal website
- Reviewing interests
- Mailing address
- Bio Statement
* ORCID uniquely identifies the author. JEPM has no control over data stored in the ORCID database because such data is in the power of the author who created the ORCID identifier of their own free will. Therefore, one has to keep in mind that, if authors write their ORCID identifier in JEPM, visitors and subscribers could find more data on the author through it, data which the authors didn't store in JEPM (e.g. affiliation, country, papers written in other journals, etc.).
For the roles of reader, reviewer and subscription manager, the abovementioned data is only visible to the journal managers and platform administrators. For the roles of author, editor, section editor and journal manager, because of the nature of their job, it is possible that all the data they provided will be displayed publically (with the exception of password).
Registered users can, at any moment, change their data (with the exception of username and e-mail address) and delete their non-mandatory data. In that context, registered users can anonymize the data which uniquely identifies them (e.g. name and surname) at any moment. However, we recommend that author, reviewer and editor data remain valid and up-to-date in order to allow the Journal of Engineering & Processing Management to continue providing publishing procedures undisturbedly and in order to keep the Journal of Engineering & Processing Management 's scientific production and credibility intact. Registered users can (in addition to having an insight into personal data collected about them) also delete their user account by sending a request for deletion to email@example.com (the request must be sent from the e-mail address the user used on registration).
As it is extremely important for scientific and research papers to be visible to the science and research community in the context of scientific publishing, such papers are commonly exported into a number of repositories, portals and databases (e.g, DOAJ, Crossref, etc.). Except for the papers themselves, the data about the author(s) is, of course, exported as well. JEPM will not be held accountable for data exported to abovementioned websites, even if they were originally made in JEPM. In some cases, like in the case of Crossref database, a change or pseudonymization of data can be possible, while in other cases the author of the paper will have to contact the websites in question themselves.
Since JEPM is an open-access platform, it is technically possible that any website or scientific paper aggregate or crawler "picks up" the author data.
Users registered as authors are therefore the ones most exposed in the context of providing their personal data. Nevertheless, it is our stance that it is in the author's interest for their papers to be read and cited and we, therefore, recommend to authors that they leave as much data as possible. Data like ORCID identifiers and affiliation significantly improve the overall impression of the paper and inform the reader about the author's previous experience in the paper's field of study.
- Registered users are in control of their data on JEPM. Authors' data might be exported to science repositories or databases.
When we were importing the scientific papers (journal issues published before JEPM launched) into the OJS system, we entered certain data about papers' authors. The entered data was always available publically, so the data in question was mostly names, surnames and affiliations of authors. E-mail addresses were never entered during the first import. Authors of abovementioned papers are therefore not registered users, but their data is visible on the platform nonetheless, so they can be considered non-registered authors (hereafter).
Non-registered authors have the same rights of insight and management of their own data (even though they haven't entered the data themselves). Since they are not able to login into the system and change their data by themselves, they can contact the platform administrator on firstname.lastname@example.org who will do it for them. This also applies to anonymization and pseudonymization of their data.
Platform administrators can also register the authors in the system and assign them their data so they can manage it themselves. If they already registered, platform administrators can assign the existing account to their data so the can manage it themselves.
- Authors whose data we've entered in the system ourselves can contact us in order to manage their data.
Personal data entered into JEPM has no specific expiration date or the date when it's deleted, in accordance with the General Data Protection Regulation's Recital 65 and Article 17, Paragraph 3. In most cases, the University of East Sarajevo, Faculty of Technology will keep the data for as long as it can. The reason for that is to protect the consistency, credibility and validity of the University of East Sarajevo, Faculty of Technology 's scientific production. Detailed data about visitors (described in chapter Visitors) will be kept for 5 years. General and anonymous data about visitors, older than 5 years, will be kept (e.g. number of visits per month, device statistics, etc.) while the detailed data relating to cookies and specific visitors' page-paths will be deleted.
- Registered users' data is saved indefinitely. Visitors' data is saved for 5 years.
JEPM administrators keep the right of making changes (mostly corrections) to personal data, especially authors if we ascertain that the data is incorrect, outdated or similar. Administrators will change the incorrect personal data on JEPM if they determine that it is necessary to do so in order to keep the consistency, credibility and validity of the platform.
It is in the publishing nature, and the nature of all public academic and university institutions to ensure the storage of all content that the institution creates. In that regard, JEPM platform implements a number of steps in creating security backup copies. Visitors databases and registered users databases are backed up daily and weekly to University of East Sarajevo servers. All data backed up on the abovementioned servers is encrypted with a 2048-bit RSA (Rivest-Shamir-Adleman) keypair. The data is also periodically saved on a physical. The data backed up on those servers is also encrypted with the abovementioned method.
- JEPM backs up your data offsite and on a physical medium. All backups are securely encrypted.
At court's request, the JEPM can provide all data relating to the court order, personal or otherwise, stored on the JEPM platform. In the case of a security breach resulting in a personal data breach on JEPM, the University of East Sarajevo, Faculty of Technology will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.
Sensitive Personal Data
Subject to the following paragraph, we ask that you not send us, and you not disclose, any sensitive personal data as this term is defined under applicable data protection and privacy laws (for example, social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the JEPM or otherwise to us.
Choice/Opt-Out From Communications
People who receive our newsletters
For delivering our email newsletters, we use MailChimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. As noted on their website above newsletters make use of a tracking cookie to track the way our newsletters are read. Every time you receive our email newsletter we will include a link to enable you to unsubscribe should you wish to stop receiving them. We honor such requests. This includes keeping a record of your request indefinitely so that we can respect your request in future. For more information about newsletter service please read https://mailchimp.com/legal/privacy/
The Services contain links to other websites that we do not control, and the Services contain videos, advertising and other content hosted and served by third parties. We are not responsible for the privacy practices of any third-party.
Version 1.0 (Last edited 03/09/2018)