What the Mansoura desk records, what it deletes, and the rights you retain.
Last reviewed 6 June 2026. Pharos Underwater Notes — published by Mansoura Marine Heritage S.A.E. of Mansoura, Egypt — collects personal information through three channels: the contact form, the subscription system and the editorial-consultation booking process. This notice describes what we collect, how long we keep it, who else sees it and the rights you retain. The data officer named at the foot of this page answers questions.
1. The data controller.
Mansoura Marine Heritage S.A.E., an Egyptian joint-stock company registered at the Dakahlia Commercial Registry under number 142/2017, with Egyptian Tax Authority VAT identifier 528-741-309, at 47 Sharia al-Hurriya, El-Madina district, Mansoura 35511. The company trades under the editorial title Pharos Underwater Notes. The legal representative is Tarek Ramadan, founder and majority shareholder.
2. The data officer.
Mahmoud el-Sherbini, managing editor, holds the data officer role at the journal since 2019 when the role was formalised under the Egyptian Personal Data Protection Law preparations. Reach him on [email protected] with subject line "data request" or by office telephone during opening hours. He handles access, correction, deletion and portability requests personally; the role is not delegated.
3. What we collect.
From the contact form: name, email, optional affiliation, optional subscription tier choice, site of interest where applicable, topic of message, message body. Lawful basis: consent (consent box required) and pre-contractual interest for subscriptions and consultation bookings. Used only to reply.
From subscriptions: name, email, optional institutional affiliation, postal address for institutional subscribers and printed-digest option, country, and a record of annual payments. Lawful basis: contract.
From consultation bookings: requester name, contact details, institutional affiliation, the specific question for consultation, the eventual written response, and a copy of the source citations supporting it. Lawful basis: contract.
From observation reports: the submitter's name and email, the site location, the observed material's description, the date and circumstances of the observation, and the institutional referral correspondence. Observation reports are forwarded to the relevant institutional dive coordinator with the submitter's identity unless the submitter has requested anonymity.
From the website: standard request logs at the hosting provider — IP address, timestamp, requested URL, referring page, user agent. Lawful basis: legitimate interest in server security. No cookies, no analytics scripts, no tracking pixels. There is no cookie consent banner because there is no cookie to consent to.
4. What we do not collect.
We do not collect payment instruments. Payments arrive by bank transfer or PayPal; payment details remain with the reader's bank or PayPal account. We do not collect health data (other than the standard dive-medical declarations from our own divers, held internally and not shared with the editorial system), religious affiliation or political views. We do not collect location data beyond the country the reader tells us. We do not buy mailing lists. We do not enrich your record with third-party data.
5. Who else sees this information.
Contact-form messages, subscription records and consultation files are visible to the four editors and the administrator named on the about page. The mail server is hosted in Frankfurt by a German provider under a written processor agreement; the provider's name is available on request. Subscription payment records are visible to the cooperative's bank (Banque du Caire, Mansoura branch) and, where applicable, to PayPal under their published terms. The Behaira Marine Heritage Foundation sees aggregate annual subscriber numbers in our grant reports, not individual identities. The Egyptian Tax Authority sees aggregate VAT filings, not individual reader records.
6. International transfers.
Because the mail server is in Germany, email passes through the European Union. The processor agreement reflects standard EU contractual clauses. Subscription records and the consultation archive are held in Mansoura on encrypted local storage with an off-site mirror in Cairo. There is no transfer outside Egypt for storage purposes.
7. How long we keep your information.
Contact-form messages that do not lead to a subscription or consultation booking are retained for twelve months and then deleted from the editorial mailbox at the next quarterly cycle. Earlier deletion on request within thirty days.
Subscription records are retained for the duration of the subscription and seven years thereafter (the Egyptian commercial-law retention requirement). After seven years the personal name and postal address are erased; the anonymised payment-flow record is retained for statistical purposes only.
Consultation files are retained for the duration of the journal's editorial archive because they form part of the documentary record. The requester's identity is removed from any published version unless they have consented to identification; the full record (including identity) is retained in encrypted local storage and is available only to the editorial board.
Observation reports are retained for the duration of the journal's editorial archive. The submitter's identity is included in the institutional referral unless the submitter has requested anonymity.
Email correspondence with subscribers is retained for the duration of the subscription year and the following two years, then archived offline; offline archives are erased after seven years.
Dive logs and photographic plates of identifiable institutional divers are retained with the consent recorded at the time of the dive. Where consent has not been recorded explicitly, identifiable individuals are obscured before publication and the unobscured original is erased within ninety days.
Server logs are kept by the hosting provider for fourteen days. Aggregate access counts are kept indefinitely with no identifying information.
8. Your rights.
Under Egyptian Personal Data Protection Law (Law 151/2020) and the EU General Data Protection Regulation where it applies, you have at any time the rights of access (ask what we hold), portability (receive a copy in machine-readable form), rectification (correct what is wrong), erasure (request deletion), restriction (pause processing while a question is resolved), objection (to legitimate-interest processing) and withdrawal of consent. The data officer handles requests within thirty days, in writing, free of charge.
9. Security measures.
The editorial server and the subscription archive run on encrypted disks at the Mansoura office, with the off-site Cairo mirror on similar encrypted storage. The mail server uses TLS for all client connections. Backups are encrypted at rest and access-controlled to the chair and the data officer. The office is locked outside opening hours.
10. Dive-photography of identifiable individuals.
Most published photographs in the journal are of submerged structures and finds, not of people. Where photographs include identifiable individuals (institutional divers working alongside, the journal's own dive team), publication is conditional on the individual's written consent for the specific use. The institutional teams' consent is obtained through the relevant dive coordinator on behalf of the team; our own divers' consent is recorded individually. Photographs without consent are obscured before publication and the unobscured original is erased within ninety days.
11. Dive-safety medical declarations.
Our own divers complete a dive-medical declaration before each dive season per Egyptian Maritime Authority requirements. These declarations contain health information and are held internally on encrypted paper records at the Mansoura office; they are not shared with the editorial system, not entered into any digital file, and not retained beyond the relevant dive season's conclusion. The Maritime Authority sees the aggregate declaration that the cooperative's divers are fit to dive, not the individual declarations.
12. Subscriber telemetry.
We do not embed read-receipt pixels in the monthly bulletin. We do not track which field files a subscriber opens. We do not maintain a subscriber-engagement score. The only behavioural measure is the aggregate open-rate of the monthly mailing, calculated by the mail-server provider as a single percentage with no identifying information.
13. Data breaches.
If a breach occurs and is likely to result in a risk to your rights, we notify you by email within seventy-two hours of becoming aware and notify the Egyptian Personal Data Protection Centre in the same window. One minor incident has been logged since 2017, involving a misaddressed bulletin (a single subscriber's name and country sent to another subscriber by mistake); the incident is summarised in the corresponding year's transparency note.
14. Cookies.
This website sets no cookies. There is no analytics cookie, no consent cookie, no preference cookie. The browser's session storage and local storage are not used. Standard HTTP cache headers are the only client-side state involved.
15. Children's data.
The journal is not addressed to children and is not knowingly subscribed by any reader under sixteen. The student half-price subscription is available to readers identified as university students through their student identifier.
16. Profiling and automated decisions.
We do not run profiling. We do not run automated decisioning. Every reply is composed by a human; every subscription action and every consultation dispatch is taken by a human. The field-report archive is curated by people.
17. Reader-mail and bulletin attributions.
The monthly bulletin's reader-mail section attributes letters by first name and institutional affiliation, or by first name and country where the writer has no institutional affiliation. Surnames, postal addresses and email addresses are never published. A subscriber who prefers not to be quoted should say so in the original message.
18. Changes to this notice.
This notice is reviewed every June. Material changes are notified to active subscribers by email at least thirty days before they take effect. The full history of changes since 2017 is held by the data officer and available on request.
19. Contact for any data question.
Mahmoud el-Sherbini, data officer, Mansoura Marine Heritage S.A.E.
Email: [email protected] · subject "data request"
Telephone: +20 50 2284 615 · Monday, Wednesday, Friday 10:00–14:00 Cairo time
Postal: 47 Sharia al-Hurriya, El-Madina district, Mansoura 35511, Egypt — mark "data officer".