PPelagia River NotesDamietta · Est. 2018

Privacy notice

What the Damietta desk records, what it deletes, and the rights you keep.

Last reviewed 12 June 2026. This notice describes how Pelagia River Notes — published by Mu'allimin Editorial S.A.E., Damietta, Egypt — collects, stores and erases the personal information you provide. The notice is written in plain language. If something is unclear, write to the data officer named at the foot of this page.

1. Who is the controller of your data.

Mu'allimin Editorial S.A.E., a joint-stock company registered in Egypt at the Damietta Commercial Registry under number 47/2018, with Egyptian Tax Authority VAT identifier 475-829-163, at 14 Sharia al-Mu'allimin, Damietta 34511. The company trades under the editorial title "Pelagia River Notes". The legal representative is Mahmoud Daghestani, founder and majority shareholder.

2. The data officer.

Yasmin al-Naggar, managing editor, holds the data officer role at the desk. Reach her on [email protected] with the subject line "data request" or by telephone during Tuesday and Friday hours. She handles requests for access, correction, deletion and portability. No request is delegated to an external processor.

3. What we collect and why.

From the contact form: name, email address, country, optional subscription tier choice, the topic of your message and the message text. The lawful basis is consent (you tick the box before submitting) and pre-contractual interest where the message concerns a subscription. We use these only to reply to you and to deliver the subscription if you become a subscriber.

From subscriptions: name, email address, postal address (if you opt into the printed digest), country, and a record of payments made. The lawful basis is contract — you have entered into a subscription with us. We use these to deliver the monthly issue, to send the renewal courtesy reminder, and to keep accounting records for the Egyptian Tax Authority.

From the website itself: the web server records standard request logs — IP address, timestamp, requested URL, referring page and user-agent. The lawful basis is legitimate interest in keeping the server secure and in producing aggregate traffic statistics. We do not run cookies, analytics scripts, advertising trackers or third-party measurement code on any page. There is no cookie banner because there is no consent decision to take.

From email correspondence: the content of the messages you send us and our replies. The lawful basis is the same as the contact form. Email is retained for as long as is useful for the editorial relationship; see retention below.

4. What we do not collect.

We do not collect payment instruments. Subscription payments are processed by bank transfer or PayPal; the payment details remain with your bank or PayPal account, not with us. We do not collect health data, religious affiliation, political views, criminal records or any other special-category data. We do not collect location data beyond the country you tell us. We do not buy mailing lists. We do not enrich your record with data from third parties.

5. Who else sees this information.

The contact-form messages and subscription records are visible to the five editors and the administrator named on the about page. The mail server is hosted in Frankfurt by a German provider under a written processor agreement that prohibits secondary use; you can request the name of the provider by writing to the data officer. Payment confirmations are visible to the journal's bank (a private commercial bank in Cairo) and, for PayPal, to PayPal under their published terms. The Egyptian Tax Authority sees the aggregate subscription revenue in our quarterly VAT filings, not individual reader records.

6. International transfers.

Because the mail server is in Germany, your email passes through the European Union when sent to or from the desk. The processor's data-handling agreement reflects standard EU contractual clauses. Subscription records are held in Damietta on encrypted local storage that is mirrored to an off-site backup in Cairo; there is no transfer outside Egypt for storage purposes. Email-server logs are kept by the provider in Germany for fourteen days as a security measure and are not made available to us beyond aggregate counts.

7. How long we keep your information.

Contact-form messages that do not result in a subscription are retained for twelve months from the date of the reply and then deleted from the editorial mailbox and from the local backup at the next quarterly cycle. If you ask us to delete sooner, we do so within thirty days.

Subscription records are retained for the duration of the subscription and for seven years thereafter — the retention period prescribed by Egyptian commercial law for accounting documentation. After seven years the personal name and postal address are erased; the anonymised payment-flow record is kept for statistical purposes.

Email correspondence with subscribers is retained for the duration of the subscription year and the following year, then archived in plain text on encrypted offline media and erased from the live mail system. Offline archives are erased after seven years.

Server logs are kept by the hosting provider for fourteen days. Aggregate access counts (per page per month) are kept by the desk indefinitely; these contain no identifying information.

Postal address records for printed-digest subscribers are erased six months after the last digest sent to that address, unless the reader has explicitly requested a re-send.

8. Your rights.

Under Egyptian Personal Data Protection Law (Law 151/2020) and the EU General Data Protection Regulation where it applies to readers based in the European Union, you have the following rights at any time: to ask what we hold about you, to receive a copy of it in machine-readable form, to ask us to correct anything that is wrong, to ask us to delete what we hold, to restrict our processing while a question is being resolved, to object to processing on legitimate-interest grounds, and to withdraw a consent you previously gave us. Requests are handled by the data officer within thirty days, free of charge, in writing.

You also have the right to lodge a complaint with the Egyptian Personal Data Protection Centre under Law 151/2020, or with the data protection authority of your own country if you are based outside Egypt. We would prefer to address your concern directly first; the regulator is your fallback.

9. Security measures.

The editorial server and reader-archive system run on encrypted disks (LUKS) on hardware physically located at the Damietta office, with the off-site mirror in Cairo on similar encrypted storage. The mail server is operated by a German hosting provider on encrypted disks under TLS for all client connections. Email between the desk and readers uses STARTTLS where the receiving server supports it. Backups are encrypted at rest and access-controlled to the founder and the data officer. The office is locked outside working hours and has an alarm system; the building is shared with the stationery shop on the ground floor and a textile importer on the first.

10. Data breaches.

If a breach occurs and is likely to result in a risk to your rights, we will notify you by email within seventy-two hours of becoming aware. We will also notify the Egyptian Personal Data Protection Centre within the same window. Three minor incidents have been logged in the journal's eight-year history — two involved misaddressed emails (a single reader's name and country sent to another reader by mistake) and one involved a brief unauthorised access attempt to the mail server that was blocked by the provider. Each was logged and is summarised in the December transparency note.

11. Subscriber telemetry.

We do not embed read-receipt pixels in the monthly issue. We do not track which articles you open. We do not maintain a subscriber-engagement score. The only measure we keep of subscriber behaviour is the aggregate open-rate of the monthly mailing, calculated by the mail-server provider as the percentage of recipients who opened at least one message in the past three months; this is a single number per month and contains no identifying information about you specifically.

12. Photographs.

Photographs in the journal are taken by editors in the course of their visits. Guests visible in cabin or shore photographs are blurred before publication if identifiable. Crew members are photographed only with consent and named only when they have given consent. Captains who decline photographic identification are described in the journal without their photograph. If you find your image in our archive and would like it removed, write to the data officer and it will be removed from the next monthly issue and from the back-issue archive within thirty days.

13. Reader-mail section.

The monthly reader-mail section publishes selected reader letters, attributed by first name and country only. We do not publish surnames, email addresses, postal addresses or city of residence in the reader-mail section. If you write to the desk and would prefer that your message not appear even in this redacted form, say so in the message; we always honour the request. Our default is that a question raised by a reader is of interest to other readers; we will not publish anyway over your stated preference.

14. Children.

The journal is not addressed to children and is not knowingly subscribed by any reader under sixteen. If a parent writes to ask us whether a subscription has been placed in their child's name, we will check and respond. We do not knowingly accept correspondence from a child without a parent or guardian's identifiable involvement.

15. Profiling and automated decisions.

We do not run profiling. We do not run automated decisioning. Every reply to a reader is composed by a human editor; every subscription action is taken by the administrator. The journal is published by hand on a fixed schedule. We do not use machine-learning systems on reader data of any kind.

16. Changes to this notice.

This privacy notice is reviewed every June. Changes that affect what we collect or how we use it are notified to active subscribers by email at least thirty days before they take effect. The full history of changes since 2018 is held by the data officer and available on request; the current version is always the one published here, with the review date at the top of the page.

17. Cookies.

This website sets no cookies. There is no analytics cookie, no consent cookie, no preference cookie. The browser's session storage is not used. The local storage is not used. The standard HTTP cache headers are the only client-side state involved. If you have a browser extension that warns you about trackers, it should report zero on every page of this site; if it does not, please tell us at the data officer's email address — we have configured the site carefully and would want to know.

18. Contact for any data question.

Yasmin al-Naggar, data officer, Mu'allimin Editorial S.A.E.
Email: [email protected] · subject line "data request"
Telephone: +20 57 2261 408 · Tuesday 10:00–13:00, Friday 14:00–17:00 Cairo time
Postal: 14 Sharia al-Mu'allimin, Damietta 34511, Egypt — mark the envelope "data officer"