Open Christian Press (OCP) - Data Privacy Policy

Privacy Statement
Last updated 2 November 2025

Open Christian Press (“we,” “our,” “us”) administers its journals through Open Journal Systems (OJS), an open-source publishing platform developed by the Public Knowledge Project, and hosts them on GDPR-compliant servers provided by OJSCloud.¹ We regard personal data as a trust from God that must be stewarded with transparency and care. This statement explains how we collect, use, store and disclose information when you register, submit a manuscript or browse our site. By continuing to use the platform you acknowledge that you have read and understood these terms.

1 What we collect

When you create an account or submit work, OJS records your name, institutional affiliation, country, e-mail address, ORCID iD, biographical note and, if supplied, postal or telephone details. The platform also logs IP addresses, browser information and session cookies needed for security, analytics and user navigation.²

2 Why we process your data

We process personal data solely to manage user accounts, facilitate peer review, publish and disseminate scholarship, generate aggregated usage statistics, improve site performance and comply with legal obligations. We never sell or rent your information.

3 Our legal bases

Processing rests on your explicit consent (given during registration or submission), the contractual necessity of preparing and publishing scholarly work, our legitimate interest in operating an academic journal and any statutory duties that apply—including the EU General Data Protection Regulation for users in the European Economic Area.³

4 Storage and security

All data reside on OJSCloud servers, encrypted in transit and at rest, with daily backups and disaster-recovery protocols. Access is limited to editors, reviewers and technical staff who are under strict confidentiality. OJSCloud acts as a data processor; Open Christian Press remains the data controller.⁴

5 International transfers

Should data be transferred outside your jurisdiction, we rely on Standard Contractual Clauses or equivalent safeguards to ensure an adequate level of protection.⁵

6 Retention

Submission metadata form part of the permanent scholarly record and are retained indefinitely unless a legal obligation requires removal. User profiles remain active while you hold an account; inactive accounts may be anonymised or deleted after five years. Routine server logs are purged within twelve months.

7 Sharing

Personal data are shared only with reviewers, editors, indexing and archiving services (e.g., Crossref, DOAJ, LOCKSS/CLOCKSS) or trusted IT providers to the extent necessary for publication and preservation. All third parties must demonstrate comparable privacy and security standards.⁶

8 Cookies

OJS places functional cookies (e.g., OJSSID) essential for login and navigation, plus optional analytics cookies that help us understand aggregated readership. You may disable cookies in your browser, though some features may not function properly.

9 Your rights

You may request access to, rectification or erasure of, and restriction or portability of your personal data, and you may withdraw consent or object to processing at any time. We will respond within thirty days. If you believe we have not handled your data lawfully, you may lodge a complaint with your local supervisory authority.

10 Children

Our journals are intended for users aged 16 and above. We do not knowingly collect personal data from children. If we learn that such data have been collected inadvertently, we will delete them promptly.

11 Updates

We may revise this statement to reflect regulatory changes or service improvements. Material amendments will be announced on our homepage and, where practicable, by e-mail.

12 Contact

For questions, concerns or requests, please write to:Editor@openchristian.education

We prayerfully commit to honouring your privacy in all our publishing ministry.

For details about our major data stakeholders:

¹ OJS privacy practices emphasise data minimisation and controller–processor distinctions [Link]
² Typical automated logs include IP and browser details [Link]
³ GDPR identifies consent, contract, legitimate interest and legal duty as valid bases [Link)
⁴ Hosting providers act as processors in the shared-responsibility model [Link]
⁵ Cross-border transfers require adequate safeguards under GDPR [Link]
⁶ Indexing and archiving services receive only the metadata needed for dissemination and preservation[Link]