Privacy Policy

1. Scope and Application

This Privacy Policy applies to all personal data collected by Nile Chronicle Research Centre Ltd (hereinafter "the Centre", "we", "us", "our") through the website located at egypt-hist.xyz and through related email correspondence and service engagements. It governs how we process information about identified and identifiable natural persons ("data subjects") who interact with our site or services.

We are committed to processing personal data lawfully, fairly and transparently. This policy is written in plain language to ensure that all users — regardless of legal background — can understand how their data is handled. If any part of this policy is unclear, please contact us at [email protected] for clarification.

By submitting personal data through our website forms or by engaging our subscription services, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please do not submit personal data to us.

2. What Data We Collect

We collect only the personal data that is necessary for the purposes described in this policy. The categories of data we collect are:

Contact enquiry data: When you submit our contact form, we collect your full name, email address, and the content of your message. If you voluntarily provide a phone number, we collect that as well. We do not require more information than is necessary to process your enquiry.

Subscription account data: For paid subscribers (Researcher or Institutional plan), we collect the name, email address, organisation name (if applicable), billing address and, for institutional invoicing, company registration details and VAT number. We do not collect or store payment card details — all invoicing is handled by bank transfer and no card processing takes place on our systems.

Technical usage data: Our web server logs record the IP address, browser type, operating system and pages requested by each visitor as a standard part of HTTP server operation. This data is retained for a maximum of 90 days and is used solely for server security and fault diagnosis. We do not use analytics services (no Google Analytics, no third-party tracking scripts). We do not place advertising cookies or tracking cookies of any kind.

Correspondence data: Email correspondence with our team is retained in our mail system as described in Section 5.

3. Purposes and Legal Bases for Processing

We process personal data for the following purposes, each supported by a specific legal basis:

Responding to enquiries (Legal basis: legitimate interests / contract performance): When you submit a contact form, we use your name and email address to reply to your enquiry. This is necessary for the purpose for which you submitted the form. We retain this correspondence for the period described in Section 5.

Managing subscription services (Legal basis: contract performance): For paid subscribers, we process account and billing information to deliver the agreed services, issue invoices, manage subscription renewals and provide subscriber support. This data is processed for as long as the subscription is active and for the mandatory statutory retention period thereafter.

Server security and fault diagnosis (Legal basis: legitimate interests): Technical log data is processed to identify and respond to security incidents, diagnose server errors and maintain the integrity of the website. This processing is necessary for the legitimate interest of operating a secure and reliable website and does not outweigh data subjects' rights because the data is minimally personal (IP addresses only), retained briefly (90 days) and not used for profiling or behavioural analysis.

We do not process personal data for marketing purposes, profiling, automated decision-making or any purpose other than those described above.

4. Cookies and Tracking Technologies

This website does not use cookies for tracking, analytics or advertising purposes. The website operates without any third-party tracking scripts, social media buttons, embedded content from advertising networks or pixels of any kind. No information about your visit to this website is shared with third-party advertising or analytics platforms.

Our web server may set a technically necessary session identifier in limited circumstances (for example, if you access a subscriber-only page). This identifier is deleted when you close your browser and is not used for tracking across visits or sessions. No persistent tracking cookies are placed on your device.

The Google Fonts service is referenced in our page headers to load the Roboto Slab typeface. This involves a connection to Google's servers, which may log your IP address as part of normal HTTP request processing. If you wish to avoid this connection, you may block fonts.googleapis.com in your browser settings without affecting your ability to read our content.

5. Data Retention

We apply the following retention periods to each category of personal data:

Contact form submissions and enquiry correspondence: Retained for 24 months from the date of the last exchange, after which messages are deleted from our mail system. If a correspondence leads to a subscription, it is retained for the duration of the subscription plus 36 months.

Subscriber account and billing records: Retained for the duration of the subscription plus the period required by Egyptian commercial law for accounting records (currently five years from the end of the financial year in which the contract was active).

Server access logs: Retained for 90 days and then deleted automatically by our hosting infrastructure. These logs are not archived or backed up beyond this period.

When data reaches the end of its retention period, it is deleted from active systems. Backup copies on our hosting infrastructure are overwritten on a rolling 30-day cycle, so deleted data is fully removed within 30 days of scheduled deletion.

6. Data Sharing and Third Parties

We do not sell, rent or trade personal data to any third party for commercial purposes. We share personal data with third parties only in the following limited circumstances:

Hosting infrastructure: Our website and email are hosted on servers provided by a commercial hosting company. The hosting provider has access to server data as part of its infrastructure management role and is contractually bound to process this data only as instructed. No subscriber or enquirer data is independently accessed or used by the hosting provider.

Legal compliance: We may disclose personal data to Egyptian law enforcement or judicial authorities if required by a valid legal obligation, court order or governmental request. We will disclose only the minimum data required to satisfy the legal obligation and will notify affected individuals where legally permitted to do so.

We do not use third-party customer relationship management (CRM) systems, cloud email marketing platforms, or any other service that would process subscriber or enquirer data on third-party infrastructure beyond the hosting arrangement described above.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or disclosure. These measures include:

All data transmitted between your browser and our server is encrypted using Transport Layer Security (TLS). Our server infrastructure is maintained with current security patches. Access to personal data within our organisation is restricted on a need-to-know basis — only staff directly involved in responding to an enquiry or managing a subscription account have access to the relevant personal data. Staff are trained on data handling procedures and aware of their obligations under this policy.

No security measure is entirely infallible. In the event of a data breach that is likely to result in risk to individuals, we will notify the relevant regulatory authority and affected individuals in accordance with applicable legal requirements and as promptly as the circumstances allow.

8. International Data Transfers

Personal data submitted to us is stored on servers located within the European Economic Area or in Egypt. We do not routinely transfer personal data to countries outside these regions. In the event that an enquiry or subscription engagement requires correspondence with a team member located in another jurisdiction, any data shared will be limited to the minimum necessary and will be transmitted through encrypted channels.

9. Your Rights

You have the following rights in relation to personal data that we hold about you. To exercise any of these rights, contact us at [email protected] with the subject line "Data Rights Request". We will respond within 30 days.

Right of access: You may request a copy of the personal data we hold about you, together with information about how it is processed.

Right to rectification: If any data we hold about you is inaccurate or incomplete, you may request that it be corrected or completed.

Right to erasure: In certain circumstances you may request that we delete personal data we hold about you. This right is subject to exceptions where we have a legal obligation to retain the data.

Right to restrict processing: You may request that we restrict the processing of your personal data while a correction request or objection is being considered.

Right to data portability: Where we process data by automated means on the basis of your consent or contract performance, you may request a copy of your data in a structured, commonly used and machine-readable format.

Right to object: Where we process data on the basis of legitimate interests, you may object to that processing. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

10. Children's Data

Our services are directed at adults. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have received personal data from a child under 16, we will delete that data promptly. If you believe that a child has submitted data to us, please contact us at [email protected].

11. Links to Third-Party Sites

Our website contains links to external websites, including those of heritage institutions, excavation projects and scholarly resources. We are not responsible for the privacy practices of those sites. This policy applies only to egypt-hist.xyz. We encourage you to review the privacy policies of any external site before submitting personal data to it.

12. Changes to This Policy

We review this Privacy Policy at least annually and update it as required by changes in our data processing activities or applicable law. The "Last reviewed" date at the top of this page indicates when the policy was most recently updated. Where changes are material, we will draw attention to them in our site notices. Continued use of the website following any update constitutes acceptance of the revised policy.

13. Contact and Complaints

For any questions about this Privacy Policy or about how we handle your personal data, contact us at:

Nile Chronicle Research Centre Ltd
Attention: Data Privacy Officer
14 Talaat Harb Street, Cairo Downtown, Cairo 11111, Egypt
Tax ID (ETA): 632-847-091  |  GAFI Registry: 218473
Email: [email protected]
Tel: +20 2 2574 8830

If you believe that we have failed to process your data in accordance with this policy or with applicable law, and we have not resolved your concern within 30 days of your request, you have the right to lodge a complaint with the relevant data protection authority in your country of residence.