The following applies to the databases available from https://data.cerl.org.
In order to run this service and to ensure the best possible user experience for you, we need to store some data about you and how you do use this application, what you have searched for etc. We try to keep this to the absolute minimum possible and will delete any data that we don't need any longer as soon as possible.
The application stores data on your computer in the form of an http session cookie, in the database itself and in separate logfiles. We will explain here what data it stores, why and for how long.
The following applies to users without an account (which is only needed for editing) and who are not logged in. If you create a user account there are a few more chunks of data we need to store in addition to those described here.
When you browse or search one of our databases, we keep data about
The data pertaining to your search history (d) and bookmarks (e) are stored on the server using the session id (f) to figure out to which user this data belongs, the other information (a - c and f) is stored in a session cookie on your computer. The session will expire after two hours and ten minutes after your last request to the server or at any time before that if you manually delete the session cookie using your browsers "delete cookies" function.
The search history is stored with an expiry date, which is 2 hours and 10 minutes after the last item had been added. A regular process checks all stored search histories every two hours and deletes those that have expired. The same applies to the bookmarks stored with your session id. (Bookmarks can also be deleted manually from the web interface at any time).
We don't store any personal information like IP addresses with the session data and the data on the server can only be identified as yours as long as the corresponding cookie with the session id exists on your computer.
We are logging the use of our databases on two levels. Firstly, there is the webserver's logfile that contains all requests sent by your browser to our server. It contains your IP address and the date and time when that request was made (and a few other chunks of information, see here: https://en.wikipedia.org/wiki/Common_Log_Format).
We start a new logfile every week. In order to be able to detect possible attempts to attack our technical infrastructure we will keep each logfile for another week and then will anonymise it (by changing the last three bytes of each IP-Address to 0) and keep it for statistical analyses at a later point in time. This means, your IP Address will be kept for a maximum of two weeks in our webserver's logfile.
Secondly, there is the logfile which the application keeps itself. Here we make an entry when
This entry contains the date and time when the request was made and the dataset for which it was made. We collect this data to provide real-time statistics on how our databases are used. Our application does not store IP addresses or session ids so this information is completely anonymous and cannot be linked to any particular person or institution.
We will not share our logfiles with any third party unless we are legally obliged to do so.