WAYF is 'data processor' on behalf of the institution where you log in.
WAYF does not store any person-identifiable data about users.
A user may ask WAYF to store information about what information pages he does not want to be re-displayed. This information is kept in an encrypted form which cannot, in any way, be made human-readable (one-way destructive encryption, so-called 'hash values').
When you log into a service through WAYF, the information about you released from your institution may be re-used for as long as you institution does not log you out, provided that you do not close your browser. This re-use of data enables 'single-sign-on', i.e. your ability to access any WAYF-enabled service through the browser once you have performed a single log-in at your institution's log-in page.