The General Data Protection Regulation is an EU regulation that was set up in 2016 and came into force on 25th May 2018. These rules give people the explicit right to know what websites and companies are doing with their personal information (e.g. how it is stored, how it is processed, or shared with third parties). These regulations also explicitly give people a say in how their information is used.
What data do we store?
On registration we ask for the following:
- Your username and E-mail address.
- Your first and last name.
- Your institution.
This is to allow us to contact you if there are any problems and to link any data you submit publicly to you. If you are a standard user, only your name and institute will be displayed within an isolate, sequence, or allelic profile record. If you are a curator, your E-mail address will be shown in order to facilitate queries from end users. We will not use this information for any other purpose.
How are passwords stored?
Passwords are stored within a relational database as salted hashes. Hashing is a one-way function where data is mapped to a fixed-length value primarily used for authentication. It is not possible for us to recover your password but you can reset an account.
Deletion from PubMLST
You can delete your account on request by contacting us. This will necessarily require the removal of any private data you have submitted. If your account is linked to records that are described in the published literature then we will need to maintain these records but can unlink them from your account.
Access logging
User access to the website and application programming interface (API) is logged for operational reasons. Your username, IP address, the page accessed, and timestamp are logged and retained for a maximum period of one month.