Skip to main content
Legal

Privacy Policy

Last updated: 2 June 2026. This policy governs personal data handling by Nile Heritage Consultants at museum-visit.xyz.

1. Controller Identity

The data controller for this website is:

Nile Heritage Consultants
14 Sherif Street, Downtown Cairo, 11111, Egypt
Tax ID (ETA): 672-481-039 | GAFI Registry: 841563
Email: [email protected]
Phone: +20 2 2574 6830

2. What Personal Data We Collect

We collect personal data only when you actively provide it. The categories of data we process are:

  • Contact data: Your name, email address, telephone number (if provided), and country of residence, submitted through our contact form.
  • Enquiry content: The text of your message, including any travel dates, site interests, or accessibility requirements you describe.
  • Plan preference: Your selected membership plan, used to route your enquiry to the appropriate team member and to set up your account if you proceed.
  • Account credentials: For members, we maintain a username and hashed password to secure your guide access portal. We do not store plaintext passwords.
  • Payment references: Transaction reference numbers from our payment processor. We do not store card details, bank account numbers, or full payment card data on our systems at any point.
  • Visitor feedback: If you submit post-visit notes through your member account, those notes are stored and may be used (in anonymised form) to update our site guides.

3. How We Use Your Data

We use the data you provide for the following purposes, each with the legal basis shown:

  • Responding to enquiries — Legal basis: Legitimate interest (our interest in responding to communications directed to us) and, where relevant, pre-contractual measures.
  • Administering memberships — Legal basis: Performance of a contract (delivering the guide access service you have purchased).
  • Processing payments — Legal basis: Performance of a contract; compliance with Egyptian financial record-keeping obligations.
  • Improving our guides — Legal basis: Legitimate interest, using anonymised and aggregated visitor feedback to improve the accuracy and usefulness of published content. No individual is identifiable in published material.
  • Compliance with legal obligations — Legal basis: Legal obligation under Egyptian law, including the Protection of Personal Data Law No. 151 of 2020 and associated executive regulations.

4. Legal Framework

Nile Heritage Consultants processes personal data in accordance with Egyptian Law No. 151 of 2020 on the Protection of Personal Data and its implementing regulations issued under Ministerial Decree No. 130 of 2021. Where we serve individuals resident in the European Economic Area, we additionally comply with the relevant provisions of the General Data Protection Regulation (GDPR) to the extent applicable.

We do not process special categories of personal data (health information, biometric data, political views, religious beliefs, etc.) in the ordinary course of our business. If you voluntarily mention accessibility requirements in your enquiry, this information is used solely to provide relevant guidance and is not retained beyond the resolution of your enquiry.

5. Data Sharing

We do not sell, rent, or trade personal data. We do not share your data with third parties for their own marketing purposes. We share data only in the following limited circumstances:

  • Payment processing: When you make a payment, transaction data is shared with our PCI DSS-certified payment gateway provider. That provider processes the transaction under its own privacy terms and is contractually prohibited from using your data for any other purpose.
  • Legal requirements: If required by Egyptian law, court order, or a lawful request from a competent authority, we will disclose the minimum data necessary to comply.
  • Professional advisers: In the context of an audit, legal proceeding, or compliance review, our legal or financial advisers may have access to data. They are bound by professional confidentiality obligations.

We do not use cloud analytics platforms, advertising networks, social media tracking pixels, or session recording tools on this website. No third-party scripts are loaded by our web pages beyond the core functionality you see.

6. International Transfers

Our primary data storage is on servers located in Egypt. If any data is processed in another jurisdiction — for example, if a member of our team accesses data while travelling — we ensure that appropriate safeguards are in place. If you are resident in the EEA and your data is transferred outside the EEA, we rely on standard contractual clauses or equivalent mechanisms recognised under GDPR.

7. Data Retention

We retain personal data for the following periods:

  • Enquiries that did not result in a membership: Email correspondence is retained for 12 months, then deleted, unless there is an ongoing matter requiring its retention.
  • Active member accounts: Data is retained throughout your membership and for 24 months after the final expiry or cancellation of your account, to enable renewal and to respond to any disputes about service delivery.
  • Payment references: Retained for 7 years in accordance with Egyptian financial record-keeping requirements.
  • Anonymised feedback: Feedback used to improve guides is anonymised before incorporation into our research records and is retained indefinitely in that anonymised form.

8. Your Rights

Under applicable Egyptian and European data protection law, you have the following rights regarding your personal data held by us:

  • Right of access: To request a copy of the personal data we hold about you.
  • Right of rectification: To request correction of inaccurate or incomplete data.
  • Right to erasure: To request deletion of your data, subject to our retention obligations under applicable law.
  • Right to restriction: To request that we restrict processing of your data in specified circumstances.
  • Right to portability: To receive your data in a structured, machine-readable format for transfer to another controller, where technically feasible.
  • Right to object: To object to processing carried out on the basis of legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email protected] with the subject line "Data Rights Request". We will respond within 30 days.

9. Cookies and Website Tracking

This website does not set advertising cookies, analytics cookies, or social media tracking cookies. We use a single session-management cookie that enables the navigation and form functionality of this website. This cookie contains no personal identifiers, is not transmitted to any third party, and expires when you close your browser.

No consent banner is displayed because we do not set cookies that require consent under applicable law. If this changes, we will update this policy and introduce appropriate consent mechanisms before deployment.

10. Security Measures

We implement the following technical and organisational measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Passwords are stored using a one-way hashing algorithm with a unique salt per account.
  • Access to personal data is restricted to team members who require it to perform their role.
  • Payment card processing is entirely handled by our PCI DSS-certified gateway. Card details never pass through or rest on our servers.
  • Our email system uses TLS encryption for delivery where supported by the recipient's mail server.
  • We conduct an annual review of data processing practices and update our security measures in response to identified risks.

11. Children's Privacy

Our services are directed at adults making travel planning decisions. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted data to us without parental consent, please contact us and we will delete it promptly.

12. Third-Party Links

Our site guides may contain references to third-party websites such as official site ticketing pages, Egyptian government ministry pages, or museum websites. We do not control the privacy practices of these external websites and are not responsible for their content or data handling. We recommend reading the privacy policy of any external site before submitting personal data to it.

13. Changes to This Policy

We may update this policy from time to time. Changes will be published on this page with an updated "Last updated" date at the top. For material changes that affect how we process your data, we will notify active members by email. Your continued use of our services after a material change constitutes acceptance of the revised policy.

14. Complaints

If you have a complaint about how we have handled your personal data, please contact us first at [email protected] — we will make every effort to resolve the matter directly. If you are not satisfied with our response, you have the right to lodge a complaint with the Egyptian Personal Data Protection Centre (established under Law No. 151 of 2020) or, if you are resident in the EEA, with your national data protection supervisory authority.

Questions about this policy can be sent to: [email protected]Nile Heritage Consultants, 14 Sherif Street, Downtown Cairo, 11111, Egypt. Tax ID: 672-481-039.