Privacy notice

1. The data controller

The data controller for this site is Sikka Press L.L.C., registered at 27 Sharia al-Nahas Pasha, Tanta 31511, Gharbia Governorate, Egypt, under Tax ID (ETA) 904-651-378. The standing day-to-day controller is Ahmed El-Sharif. Address any data-protection enquiry to [email protected] with the subject line "Data protection". We acknowledge receipt within four working days.

2. The legal frameworks that apply

The desk operates under Egyptian Data Protection Law no. 151 of 2020 and its implementing regulations. Where a subscriber or correspondent is established in the European Union or the European Economic Area, the European General Data Protection Regulation (EU) 2016/679 applies in parallel. UK-resident subscribers benefit from the UK GDPR. In a conflict between regimes we apply the standard most favourable to the data subject.

3. What categories of personal data we collect

We collect three categories. Correspondence data: name, email, message body of anyone who writes to the desk through the contact form, by email, or by post. Subscription data: in addition to correspondence data, billing address, chosen tier, currency of payment, and most recent successful payment reference. Technical access logs: IP address, requested page, response code and timestamp of every public-site request, retained briefly for security. No advertising, behavioural or analytics cookies.

4. Why each category is collected

Correspondence data is collected to reply to your enquiry; that is the only purpose. Subscription data is collected to issue the invoice, process payment, ship the printed Timetable Notebook where the tier requires it, and provide subscriber access to the protected resources. Access logs are kept solely to detect and respond to attempts to disrupt the site. None of the data is used for marketing without your explicit prior opt-in.

5. The legal basis for processing

Correspondence is processed on the basis of your consent. Subscription data is processed on the basis of the contract between you and Sikka Press L.L.C. Access logs are processed on the basis of our legitimate interest in maintaining the integrity of the website.

6. How long we keep each category

Correspondence is kept for an active period of twenty-four months from the date of the last exchange and then deleted from the active mailbox. Subscription data is kept for the duration of the subscription plus the seven-year tax retention period required by Egyptian law. Access logs are kept for fifteen days from the date of the entry and are then overwritten.

7. Who can read your data

Inside the desk, only the three resident editors (Ahmed El-Sharif, Dr. Yasmin Tantawi, Marc Delacroix) have access to the correspondence and subscription mailboxes. The two contributors on the rotating bench do not. Our accountant in central Cairo, Mr. Wagih Andraos, has access to subscription invoicing data only, under standing confidentiality clause. The hosting provider in Frankfurt has technical access to access logs under a written processor agreement.

8. Disclosure to public authorities

We disclose personal data to a public authority only in response to a written request that meets the requirements of Egyptian Data Protection Law 151/2020. No such request has been received since the desk was founded in 2016.

9. International transfers

The hosting infrastructure is in Frankfurt, Germany. Personal data of subscribers outside the EEA is therefore transferred into the EEA for technical processing. For correspondents and subscribers inside the EEA the data does not leave the EEA.

10. Cookies and tracking

The site does not set advertising cookies, behavioural-tracking cookies, third-party analytics cookies, or social-media embed cookies. The only cookie the site may set is a strictly-necessary session cookie used to remember whether you have closed the mobile menu on a small screen; it carries no identifying value and is deleted when you close the browser. We do not embed Google Analytics, the Facebook Pixel, Google Tag Manager, or any equivalent. There is no cookie banner because there are no cookies that require consent under Egyptian or EU law.

11. The rights you hold

You have the right to ask what personal data we hold about you, to receive a copy in a readable format, to ask for it to be corrected if it is wrong, to ask for it to be deleted where there is no longer a lawful basis, to ask for processing to be restricted while a dispute is resolved, and to object to processing carried out on the basis of legitimate interest. EEA and UK residents additionally have the right to data portability. We respond to a rights request within one calendar month. No charge.

12. How to exercise a right

Write to [email protected] with the subject line "Rights request" and specify the right you wish to exercise. We reply within two working days asking for identifying information sufficient to confirm you are the data subject — typically the email address you used previously. We do not require notarised identity documents for routine requests.

13. Complaints

If you believe we have not handled your personal data correctly, the first step is to write to the desk so that we can address the matter directly. If we cannot resolve it to your satisfaction, you may lodge a complaint with the Egyptian Personal Data Protection Centre, or, if you are an EEA resident, with the supervisory authority of your home member state. UK residents may complain to the Information Commissioner's Office. The supervisory authority for the hosting infrastructure is the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

14. Changes to this notice

The date at the head of this page is the date of the last review. Substantive changes are notified to active subscribers by email at least thirty days before they take effect; informational corrections are made without notice. An internal change log is maintained and is available on written request.

15. Subscriber-specific notes

If you cancel your subscription, your correspondence record is moved out of the active mailbox at the end of the paid period, but billing invoices are retained under section 6 above for the duration of the tax retention window. If you wish to be removed from the Annual Digest acknowledgements list (Field tier), tell the desk in writing at least one calendar month before the digest goes to press. If you have an unfulfilled service order at the time of a deletion request, we will complete the order before erasing the related data; alternatively you can terminate the order and we erase immediately.

16. Security measures

The correspondence and subscription mailboxes are protected by two-factor authentication for every authorised editor. Backups are taken nightly to an encrypted volume held on the same Frankfurt infrastructure as the live data; retention on the backup volume matches the active retention windows in section 6. Physical access to the Tanta office is controlled by lock-and-key with three sets of keys held by the three resident editors only; archival paper records of correspondence are not kept on the premises.

17. Photograph handling

The arrival-board photographs that form the desk's underlying timetable verification archive are taken by the editors during normal scheduled-service train journeys. The photographs do not contain identifying details of individual passengers — they capture the platform information displays and the train side-numbering, and the framing is chosen specifically to exclude any incidental passenger faces. Where a passenger has been incidentally photographed (typically in the background, walking past the camera), the editor blurs the face during the same-day photograph-processing routine before the file is added to the subscriber archive. The blurring is irreversible. We have not had a complaint about photograph handling since the archive opened in 2019.

18. Subscriber-platform telemetry

The subscriber resources (the gated PDFs, the booking-procedure walkthroughs, the bibliographic concordance) are served through the same Frankfurt hosting infrastructure as the public site and are protected by basic HTTP authentication rather than by a dedicated subscription-management platform. We do not run client-side telemetry on subscriber downloads: there is no usage-tracking code embedded in the gated PDFs, no per-subscriber download counter, and no retention of which subscriber accessed which file beyond the same fifteen-day access-log window applied to the public site. The minimal telemetry footprint is by design; a more sophisticated subscriber-management platform would offer better marketing analytics but would also create persistent records of individual subscriber reading patterns that we do not need and would not be able to defend on principle.