Scholaris is a shared opt-in institutional repository service for participating Canadian universities and research organizations that supports the open discovery, sharing, stewardship, and preservation of Canadian scholarship. The service uses open source DSpace software and the infrastructure is hosted by the University of Toronto Libraries (UTL) in Ontario, Canada. DSpace is currently guided by LYRASIS and associated governance groups and supported by DSpace community members around the world.
The Service is operated by UTL through Scholars Portal (taken together, the “Service Provider”) on behalf of “Participating Institutions”" across Canada. Participating Institutions are post-secondary academic institutions and research organizations that have a contractual agreement with the Service Provider, and through their consortia, to use the Service. A Participating Institution with which you are affiliated may also be referred to as your “Home Institution.”
This privacy statement explains what data are collected by the Service Provider, how this information is treated, and for what purpose. By using a Scholaris Site (i.e. a DSpace repository for your Home Institution), you acknowledge and accept these privacy practices governing the Service. Please note that the Service Provider is not responsible for the privacy practices of third-party websites or applications that may link to or from Scholaris Sites.
All information provided by you while using the Site (such as your name and email address) can only be accessed by the Scholaris team and by designated Repository, Community, or Collection Administrators from your Home Institution. The data are collected for the purposes of registration, enabling and administering access to the service, and management of the repository and institutional collections. The Service Provider and your Home Institution are required to act in accordance with applicable provincial privacy legislation.
Questions about institutional privacy practices should be directed to the Repository Administrator(s) at your Home Institution.
All content on the Scholaris website is public. When you access the Scholaris website, our web server software records the IP address of your computer and any activity in web server logs.
We publish Service documentation and administrative information on SPOTDocs, the organizational wiki for Scholars Portal and the Ontario Council of University Libraries (OCUL). Some pages of the wiki are public, while others are log-in restricted to authorized library staff in Canada.
During onboarding to the Service, the Service Provider creates SPOTDocs accounts for Repository Administrators and other designated staff and grants access to Scholaris content. When a SPOTDocs account is created, the Service Provider records the user’s first and last name and email address. SPOTDocs users have the option to edit their SPOTDocs profile and add their institutional affiliation and position title. User profiles are visible only to other registered SPOTDocs users but are not publicly discoverable or indexed in the wiki search.
To register a DSpace user account with your Home Institution, the Site collects the following information:
First and last name (Only visible to users with administrative privileges and the Service Provider. Used for the purpose of managing groups and permissions)
Email address (Only visible to users with administrative privileges and the Service Provider.)
Date of last activity (Automatically recorded in the database and only visible to the Service Provider.)
Optional information (users can choose to add this information to their Site profile):
Telephone number (Only visible to users with administrative privileges and the Service Provider.)
Preferred language (Only visible to users with administrative privileges and the Service Provider.)
User account information, including roles, permissions, and hashed passwords, is stored in the Site database. Repository Administrators at your Home Institution may register users or allow users to self-register through the Site interface.
Your Home Institution may provide the option to log in using an institutional account via an external authentication system. If you select this login option, you will be temporarily redirected to your Home Institution’s authentication interface to complete the authentication process. Once authenticated, the system will send specific attributes back to the Site, and you will be automatically redirected and logged into the Site. Depending on the type of external authentication method, these attributes may include your first and last name, email address, and institutional credentials (e.g. user ID, affiliated roles). Institutional attributes are only used for authentication and are not visible through the Site interface.
Questions about authentication services used by your Home Institution should be directed to Repository Administrator(s) at your institution.
Information about repository content, user accounts, access policies, and item states are stored in a dedicated database for each Participating Institution. Access to the database is restricted to the Service Provider. Database queries can be performed by the Service Provider and provided to Repository Administrators for their Site upon request. DSpace also records event activity in audit logs, including item creation, deletion, and processing tasks. Log files can be provided to Repository Administrators for their Site upon request. Additionally, the DSpace REST API allows for programmatic access to Site data and is publicly accessible. Administrator privileges are required to perform certain requests, such as creating, modifying, or deleting content.
DSpace uses cookies to maintain a user’s session once authenticated and ensure the platform functions correctly. A cookie is a small text file stored on your computer or mobile device to facilitate website functionality and enhance your browsing experience. The cookies collected by DSpace include functional (required) cookies for authentication, saving your preferences, and acknowledgements, as well as cookies for access, navigation, and usage tracking. When visiting the Site for the first time or using an incognito browser, a pop-up will appear requesting your consent to use cookies. Your browser may also provide options to decline or restrict the collection of certain types of cookies. Please note that doing so may impact the access or use of the Site.
Browsing and downloading content from the Site does not typically require login unless the content is restricted. Access to restricted materials requires account login or authentication. Consult the Scholaris Terms of Use for more information.
Scholaris only records and processes data necessary for specific purposes.
Site account information is collected for the purposes of granting access, providing user support, and managing the repository. We use actions recorded in Site databases and audit logs for diagnosing and resolving issues reported by Repository Administrators on behalf of their Home Institution user community.
We monitor Site traffic, including IP addresses and user agents, for each Site to identify unwanted or high-volume activity and improve Site performance.
We may request IP addresses to help diagnose problems with our servers and to administer access to the Development instance of the Site.
We use Matomo Analytics to aggregate traffic and usage data on how our users are using the Scholaris website and SPOTDocs.
We do not share any data we collect from or develop about our users to any third parties for any purpose unless required by law. Any reports we may share externally use unidentifiable, aggregated data.
DSpace records page views and file downloads and dynamically displays this information for items, collections, and communities via the “Statistics” menu in the Site interface. No individual user data is displayed, and geographic location data (if recorded) is limited to city- and country-level visits. Your Home Institution may choose to customize or restrict the display of statistics on their Site, and can request custom statistical reports and usage metrics for their Site from the Service Provider.
Your Home Institution may use Google Analytics to collect and analyze traffic and usage data for their Site. This feature can be set up by the Service Provider at the request of Participating Institutions. Repository Administrators at your Home Institution have access to the data.
If you have questions about how your Home Institution collects and uses these data, please contact the Repository Administrator(s) at your Home Institution.
Scholaris secures your information to prevent misuse or unauthorized access. In principle, your data are not retained any longer than is necessary to achieve the purpose for which the personal data are collected.
Scholaris instances of DSpace software are located on servers at the University of Toronto Libraries. Data centres at the University of Toronto follow both the Policy on Information Technology and the Policy on Information Security and the Protection of Digital Assets. All digital assets at the University of Toronto are required to follow the Information Security Standard, which provides a set of baseline controls and minimum standards for information security at the University. These standards are endorsed by the University’s Information Security Council and are aligned with the National Institute of Standards and Technology (NIST) 800-171 for the protection of data. These standards also include an Incident Security Response Plan.
UTL commits to maintaining an information technology environment that appropriately protects the availability, privacy, confidentiality, and integrity of all content and personal information. Visit the University of Toronto’s Information Security Guidelines for more information.
Scholaris may revise this privacy statement at its sole discretion. Please check this page regularly for our current practices. If you have any questions about any information outlined in this statement, please contact the Scholaris team.