What the atlas records about readers and specimen owners, and the rights you retain.
Last reviewed 7 June 2026. Sycamore Numismatic Atlas — published by Suez Canal Editorial S.A.E. of Ismailia — collects personal information through three channels: the contact form, the subscription system and the specimen-ID request channel. This notice describes what we collect, how long we keep it, who else sees it and the rights you retain. Plain language; the data officer named at the foot of this page answers questions.
1. The data controller.
Suez Canal Editorial S.A.E., a registered Egyptian joint-stock company at 9 Sharia Sultan Hussein, El-Salam district, Ismailia 41511, registered with the Egyptian Commercial Registry under number 211/2015 and with the Egyptian Tax Authority under VAT 847-203-516. The company trades under the editorial title Sycamore Numismatic Atlas.
2. The data officer.
Mostafa Selim, photographic and digital editor of the atlas, holds the data officer role at the desk. Mostafa was a junior editor when the atlas appointed its first data officer in 2018; he has held the role since 2021. Reach him on [email protected] with subject line "data request" or by office telephone during opening hours. He handles access, correction, deletion and portability requests personally; the role is not delegated to an external processor.
3. What we collect.
From the contact form: name, email, optional affiliation (institution name), optional subscription tier choice, topic of message, message body. Lawful basis: consent (consent box required) and pre-contractual interest for subscription and specimen-ID enquiries. Used only to reply.
From subscriptions: name, email, optional institutional affiliation, postal address for institutional and printed-digest subscribers, country, and a record of annual payments. Lawful basis: contract. Used to deliver the monthly bulletin, the corrections register, the XML export, and to keep accounting records for the Egyptian Tax Authority.
From specimen-ID requests: the requester's name, contact details, the specimen's photographic plates if supplied digitally, the declared provenance, the requester's interest (private, academic, institutional), and the eventual attribution note. The attribution note is added to the atlas's supplementary corpus with the requester's identity removed unless they have explicitly consented to identification. Lawful basis: contract.
From the website itself: standard request logs at the hosting provider — IP address, timestamp, requested URL, referring page, user agent. Lawful basis: legitimate interest in server security. No cookies, no analytics scripts, no tracking pixels, no third-party measurement code on any page. There is no cookie consent banner because there is no cookie to consent to.
4. What we do not collect.
We do not collect payment instruments. Subscriptions are paid by direct bank transfer or PayPal; payment details remain with the reader's bank or PayPal account, not with us. We do not collect health data, religious affiliation, political views or any other special-category data. We do not collect location data beyond the country the reader tells us. We do not buy mailing lists. We do not enrich your record with data from third parties. We do not track which catalogue entries a reader opens; the editorial position is that catalogue use is not the atlas's business to observe.
5. Who else sees this information.
Contact-form messages, subscription records and specimen-ID files are visible to the five editors and the administrator named on the about page. The mail server is hosted in Frankfurt by a German provider under a written processor agreement; the provider's name is available on request to the data officer. Subscription payment records are visible to the cooperative's bank (Banque du Caire, Ismailia branch) and, where applicable, to PayPal under their published terms. The Cairo Numismatic Society sees aggregate annual subscriber numbers in our grant reports, not individual subscriber identities. The Egyptian Tax Authority sees aggregate quarterly VAT filings, not individual reader or requester records.
6. International transfers.
Because the mail server is in Germany, email passes through the European Union. The processor agreement reflects standard EU contractual clauses. Subscription records and the supplementary corpus are held in Ismailia on encrypted local storage with an off-site mirror in Cairo on similar encrypted storage. There is no transfer outside Egypt for storage purposes. The Frankfurt mail-server logs are kept by the provider for fourteen days and are not made available to the atlas beyond aggregate counts.
7. How long we keep your information.
Contact-form messages that do not lead to a subscription or specimen-ID request are retained for twelve months and then deleted from the editorial mailbox at the next quarterly cycle. Earlier deletion on request within thirty days.
Subscription records are retained for the duration of the subscription and seven years thereafter — the retention period required by Egyptian commercial law for accounting documentation. After seven years the personal name and postal address are erased; the anonymised payment-flow record is retained for statistical purposes only.
Specimen-ID records are retained indefinitely as part of the editorial archive because the attribution note, once issued, becomes a permanent reference document. The requester's identity is removed from the published version unless they have consented to identification; the original full record (including identity) is retained in encrypted local storage and is available only to the editorial board.
Email correspondence with subscribers and requesters is retained for the duration of the relationship and the following two years, then archived offline and erased from the live mail system; offline archives are erased after seven years.
Server logs are kept by the hosting provider for fourteen days. Aggregate access counts are kept indefinitely with no identifying information.
8. Your rights.
Under Egyptian Personal Data Protection Law (Law 151/2020) and the EU General Data Protection Regulation where it applies, you have at any time the rights of access (ask what we hold), portability (receive a copy in machine-readable form), rectification (correct what is wrong), erasure (request deletion), restriction (pause processing while a question is resolved), objection (to legitimate-interest processing) and withdrawal of consent. The data officer handles requests within thirty days, in writing, free of charge.
9. Security measures.
The editorial server and the subscription archive run on encrypted disks (LUKS) at the Ismailia office, with the off-site Cairo mirror on similar encrypted storage. The mail server uses TLS for all client connections. Backups are encrypted at rest and access-controlled to the founder and the data officer. The office is locked outside opening hours and shares the building's security arrangements with the ground-floor violin workshop. No personal data is held in cloud services outside our direct administration; we do not use Dropbox, Google Drive, OneDrive or comparable consumer cloud storage for any subscriber or requester information.
10. Photographic policy.
The atlas's photographic plates are of coins and seals — not of people. The plates show the obverse and reverse of each specimen against a calibrated colour reference; nothing else is captured. Specimens supplied by private owners for specimen-ID may include the owner's holding hand, or a backdrop that identifies a private collection; in such cases we recompose or mask the image before adding it to the supplementary corpus, and we do not retain the unmasked original beyond ninety days of the attribution being closed.
11. Specimens and the antiquities-law context.
Egypt's antiquities law (Law 117/1983 and subsequent amendments) restricts trade in archaeological material and the atlas operates entirely within the bounds of that law. We do not catalogue specimens whose ownership history is undocumented in the post-1970 window; this rule pre-dates the broader UNESCO 1970 convention obligations and applies regardless of the specimen's numismatic interest. Where a requester provides an undocumented specimen for ID, we may decline to issue an attribution note or may issue one with an explicit caveat about the provenance question; the atlas reserves the right to refer suspected illicit material to the Egyptian Antiquities Authority under its statutory obligation, although this has happened only twice in twelve years.
12. Subscriber telemetry.
We do not embed read-receipt pixels in the monthly bulletin. We do not track which catalogue entries a subscriber opens. We do not maintain a subscriber-engagement score. The only behavioural measure we keep is the aggregate open-rate of the monthly mailing, calculated by the mail-server provider as a single percentage per month with no identifying information.
13. Data breaches.
If a breach occurs and is likely to result in a risk to your rights, we notify you by email within seventy-two hours of becoming aware and notify the Egyptian Personal Data Protection Centre in the same window. Two minor incidents have been logged since 2014, both involving misaddressed bulletins (a single subscriber's name and country sent to another subscriber by mistake); both were resolved and are summarised in the corresponding year's transparency note.
14. Reader-mail and bulletin attributions.
The monthly bulletin includes a reader-mail section attributing letters by first name and institutional affiliation (where the writer has one) or by first name and country of residence (where they do not). Surnames, postal addresses and email addresses are never published. A subscriber who prefers not to be quoted should say so in the original message; we always honour the preference. We do not publish over a stated wish.
15. Children's data.
The atlas is not addressed to children and is not knowingly subscribed by any reader under sixteen. The student half-price subscription is available to readers identified as university students through their student identifier; we do not knowingly accept correspondence from a child without a parent or guardian's identifiable involvement.
16. Profiling and automated decisions.
We do not run profiling. We do not run automated decisioning. Every reply is composed by a human at the office or by a member editor; every subscription action and every specimen-ID dispatch is taken by a human. The catalogue is curated by people. We do not use machine-learning systems on personal data; we do use computer-assisted image-comparison for die work but the comparison is of coin obverses to coin obverses, not of any personal information.
17. Cookies.
This website sets no cookies. There is no analytics cookie, no consent cookie, no preference cookie. The browser's session storage and local storage are not used. The standard HTTP cache headers are the only client-side state involved. If you have a browser extension that monitors trackers, it should report zero on every page; if it does not, please tell the data officer.
18. Changes to this notice.
This notice is reviewed every June. Material changes are notified to active subscribers by email at least thirty days before they take effect. The full history of changes since 2018 is held by the data officer and available on request; the current version is the one published here, with the review date at the top.
19. Contact for any data question.
Mostafa Selim, data officer, Sycamore Numismatic Atlas (Suez Canal Editorial S.A.E.)
Email: [email protected] · subject "data request"
Telephone: +20 64 3940 271 · Sunday, Tuesday, Thursday 10:00–15:00 Cairo time
Postal: 9 Sharia Sultan Hussein, El-Salam district, Ismailia 41511, Egypt — mark "data officer".