African Scientists Directory Data Privacy Policy & Security
Who we are?
Our website address is: https://africanscientists.africa The African Scientists Directory is funded by the South African Dept. of Science and Innovation (DSI), and managed and maintained by the Academy of Science of South Africa (ASSAf). See Collaborators and Other Partners.
How do we protect your data (technical measures)?
The directory was built using WordPress. Additional measures taken to make sure the directory and the data it contains will remain safe, include:
- WordPress core, plugins, and the theme are kept up to date with the most recent versions running. This is crucial for the security and stability of the WordPress site.
- Users – when registering – are required to use strong and unique usernames and passwords, and to keep those safe.
- This website is hosted by xneelo, which continuously monitors the server on which the website is hosted for suspicious activity. Xneelo further has tools in place to prevent large scale DDOS attacks. They keep their server software and hardware up to date to prevent hackers from exploiting vulnerabilities, and they have ready to deploy disaster recovery and accident plans which allows them to protect data in case of major events. Read more about security and reliability as applied to xneelo servers: https://xneelo.co.za/help-centre/products-and-services/security-and-reliability/
- A full-site backup is made to a remote site (in the cloud), on a weekly basis.
- A monitoring system keeps track of all activity on the website, including file integrity monitoring, failed login attempts, malware scanning, etc.
- A web application firewall (WAF) blocks all malicious traffic before it reaches the website.
- The website runs on SSL (Secure Sockets Layer)/HTTPS, which is a protocol that encrypts data transfer between the website and your browser. This encryption makes it harder for someone to sniff around and steal information from the website.
- File editing has been disabled, through applying the hardening feature part of the monitoring system.
- PHP file execution was disabled in directories where it’s not needed, through applying the hardening feature part of the monitoring system.
- The number of failed login attempts have been limited.
- A two-factor authentication technique has been implemented, for new users registering on the website.
- Idle users are automatically logged out of the website, after a certain period of time.
What personal data do we collect and why do we collect it?
- Data is submitted to the directory on a voluntary basis, and free of charge. When scientists submit their data, they further agree that it can be included in the directory and made searchable. The data in this directory will not be sold or made available to any third party, except for what can be accessed via the end-user interface.
- If the information requested at Create Listing/Submit is of a too personal nature for you, rather refrain from registering. We further comply with global data protection laws – especially the GDPR and the POPI Act.
- The following fields are mandatory when completing the listing form: research disciplines, surname, full first name/s, professional title (prof/dr), gender, age-range, academic qualifications, brief biography, ORCiD, professional affiliation, job title, primary organisation, website for primary organisation, primary phone number, primary email address, African country, and African region.
- Optional information to be completed include: date of birth, LinkedIn, ResearchGate, Twitter, date of employment, profile photo.
- The following fields can only be accessed by the database administrator, and will never be released publicly or to any third party: phone numbers, email addresses, date of birth, age range, gender, other dates.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. Although comments are accepted, they would be for information for the administrator only, and will not be published on the directory website.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Information submitted through contact forms will be kept confidential and not shared with any 3rd parties. Where a specific scientist is contacted via the directory, a copy of the initial communication will be sent to the directory administrator. The email address for the sender will be displayed to the recipient (scientist), who can then choose to continue the communication through his/her default personal email platform, outside/independent of the directory.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
This website has integrated Google Analytics to track usage and impact. Please refer to the Google Privacy Policy Terms & Conditions for more information.
Who we share your data with
Data is shared with trusted WordPress compliant plugins, for added functionality to the directory. Data will never be shared with any other 3rd parties or commercial entities.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you login/edit your profile/ leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish a listing, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the listing ID you just edited. It expires after 1 day.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Your contact information will be used for purposes of advancing the purpose of this directory only, and will not be shared with any 3rd parties without your consent.