1. General Statement on Privacy
On behalf of our clients, who own the journals for which we provide editorial office and peer review management services, as well as production and consultation services, Origin and its subcontractors use the clients’ contracted submission and peer review sites, such as Editorial Manager, eJournal Press, and Scholar One, and email sites, to manage the process of peer review for scholarly manuscripts. This includes checking in manuscripts and ensuring they meet the journals’ author guidelines; assigning papers to editors and reviewers; sending reminder emails to authors, reviewers, and editors; checking in revised manuscripts; handing accepted papers off to production; managing production processes toward the publication of accepted articles online and in print; and liaising with all stakeholders (e.g., authors, reviewers, editors, societies, publishers, readers), mostly through email, sometimes by phone and online conferencing. As part of these processes, we have access to the names, email addresses, ORCID IDs, social media account information, institutional (more rarely personal) addresses, country of residence, and phone numbers of the individual stakeholders, as provided in the systems or by email exchange with the individuals, as well as the content in the submitted manuscripts, reviews, and decision letters. We recognize the importance of privacy for all personal and confidential information and use commercially reasonable efforts to implement and maintain security measures to protect this information against misuse and accidental loss. These measures are detailed below. Please see the individual journals / societies / publishers / system vendors’ privacy policies regarding the information that is collected and stored in their submission and peer review, and other, sites. Origin Editorial, itself, does not share your personal information with anyone, unless required by law to do so.
2. Personal Computers
Origin Editorial’s senior partners and contractors use personal computers to perform the services that they provide in managing editorial offices, peer review, production, and consultation. These computers are specific to each user and not shared. Each user has a password to sign in to their computers, and each computer is kept up to date with virus protection software to prevent the transmission of malware to Clients’ systems via file uploads. As part of the provided services, the senior partners and contractors sometimes download documents from the clients’ systems to edit/review/compare/check and then upload back into the systems. The downloaded files are placed in the trash and permanently deleted on a regular basis. At the termination of a contract with a contractor or client, the contractor, if requested to do so, will certify that all files/ data have been permanently deleted.
3. Access to Client Systems
The editorial and production services provided by Origin Editorial are performed within our clients’ journal email systems and contracted submission, peer review and production systems. Clients provide access to those systems via user names and passwords for each individual and the individual must keep this information confidential and not disclose to any person except for such individual to perform his editorial functions. Only those Contractors contracted to provide services for the specific Client will have access to the Client’s databases. Contractors will only access the systems for the purposes of performing the contracted services and shall not seek access to any portions of the system or materials stored in the system that are not required for the performance of the contracted services. All persons working in the clients’ systems on behalf of Origin shall comply with any other additional policies, procedures, guidelines and instructions, concerning access to and use of the systems that may be provided by the Client. If Origin terminates a contractor’s agreement prior to the termination of Origin’s agreement with the Client, Origin will alert the client to the change so that the user name(s) and password(s) can be nullified.
4. Origin / Contractors’ Business Email
Origin Editorial’s senior partners and contractors use client-provided email accounts, as well as individual business (e.g., @origineditorial.com) accounts, for communicating with journal stakeholders (i.e., authors, reviewers, editors, societies, publishers, and readers). Email communication is considered to be private and confidential and will not be shared with anyone not directly involved in the specific discussion.
5. Transfer of Documents
Origin Editorial’s senior partners and contractors transfer documents by email to journal stakeholders (i.e., authors, reviewers, editors, societies, publishers, and readers) as part of their contracted services. These documents may contain personal information such as names, email addresses, ORCID IDs, social media account information, institutional (more rarely personal) addresses, country of residence, and phone numbers or journal stakeholders (e.g., authors, reviewers, editors, societies, publishers, and readers). Origin Editorial's senior partners and contractors will use commercially reasonable efforts to ensure that these documents are transferred only to the appropriate journal stakeholders involved in the specific task. When necessary, as determined in the sole discretion of Origin Editorial, documents will be transferred using a secure transfer service that provides the intended user with a link for access.
Origin Editorial’s senior partners and contractors use the prepared reports in the clients’ contracted systems as part of the contracted services. At times, data are downloaded onto the partners or contractors’ computers, from the systems, into .csv files so the data can be manipulated and analyzed in Excel, or Origin Reports (https://originreports.org), and charts made for presentation. Reporting is important for analyzing journal health and ensuring efficient provision of contracted services. With a client’s permission, we may sometimes use de-identified data to present new theories, workflows, tools, etc. at publishing industry meetings for the purpose of improving peer review.
7. File Storage
Data files that are stored on Origin Editorial’s senior partners and contractors’ computers are protected by password-required access. Data files that are stored for future use, instead of being immediately and permanently deleted, will be permanently deleted when the contract with the client or the contractor is concluded.
8. Policies and Procedures for Data Breach
All data breaches must be reported immediately to Kristen Overstreet, Senior Partner, or Jason Roberts, Senior Partner. The Senior Partner and Contractor will determine the reason for the breach and cease any activity, if possible, that caused the breach or continues to allow unwarranted access to clients’ data (e.g., stolen user name and password). The Contractor will cease working until the issue is resolved and the Senior Partners determine there is no further concern. If the Contractor is at fault for the data breach, the Contractor’s agreement with Origin will be terminated immediately.
The Senior Partner(s) will, as soon as reasonably practicable, notify the client(s) of any inappropriate or unauthorized or inadvertent access, disclosure or acquisition of Clients’ data or systems and/or any compromise of a Senior Partner or Contractor’s security for their computers and provide all relevant information available. The Senior Partners and Contractors will only provide information about a data breach to the Client and any third party as authorized and directed by the Client.
The Senior Partner(s) will submit a report to the Client(s) detailing the problem and the resolution.