Museum Info Desk
Sharm El Sheikh · Sinai route planners since 2015

Privacy policy

How Museum Info Desk Sharm LLC collects, uses, and protects personal data under Egyptian law.

Effective date: 27 June 2026. Controller: Museum Info Desk Sharm LLC, 17 Naama Bay Street, Sharm El Sheikh 46619, Egypt. Tax ID (ETA): 726-153-890. Email: [email protected].

1. Scope

This policy covers data collected through museum-info.cyou, email, phone, and walk-in forms at our Naama Bay office. It applies to travellers requesting Sinai route briefs, partners sending schedule updates, and job applicants.

2. Legal framework

We process data in line with Egypt's Law No. 151 of 2020 on Personal Data Protection and supplementary ETA guidance for commercial registries. Where EU visitors request briefs, we apply GDPR-compatible principles of minimisation and purpose limitation without duplicating EU representative requirements beyond what Egyptian law demands.

3. Categories collected

Identity: name, nationality when needed for checkpoint notes. Contact: email, phone, hotel name. Trip: dates, interests, mobility notes, tier selection. Technical: IP address and browser type in server logs for 30 days. Payment: bank transfer references, not card numbers—we do not process cards on this site.

4. How we collect

Directly from contact forms (POST), email threads, phone notes taken by coordinators, and optional walk-in worksheets you sign. Forms use client-side validation; submissions are handled by desk staff without third-party CRM plugins.

5. Purposes

Route planning and invoice delivery; revision of briefs within tier windows; legal accounting with ETA receipts; security logging against spam; improving FAQ content aggregated anonymously.

6. Legal bases

Contract performance for paid tiers; legitimate interest for answering pre-contract questions; consent for marketing postcards—which we send only if you opt in on paper at the desk.

7. Retention

Active trip data: until 90 days after your departure date. Invoices: seven years per Egyptian tax rules. Contact form spam: deleted within 14 days. Server logs: 30 days.

8. Sharing

We do not sell data. We share minimum details with monastery guesthouses or dive schools only when you ask us to make a reservation inquiry on your behalf. Egyptian tax authority receives invoice copies as required. No advertising networks receive pixels from this website.

9. International transfers

Email servers may route through EU providers. We choose providers with standard contractual clauses where available. Brief PDFs are stored on encrypted drives in Sharm.

10. Security

Office network uses WPA3 and disk encryption on coordinator laptops. Passwords rotate quarterly. Physical worksheets sit in locked cabinets overnight.

11. Your rights

Request access, correction, deletion, or restriction by emailing [email protected] with subject "Privacy request". We respond within 21 days. You may complain to Egypt's Personal Data Protection Centre.

12. Children

Services are directed at adults planning family travel. We do not knowingly market to children under 16. Parent contact details in briefs are deleted per retention schedule.

13. Cookies

This static site does not set marketing cookies. Local storage is not used. If we add analytics in future, this section will update with opt-out instructions.

14. Changes

Material updates appear on this page with a new effective date. Continued use after updates constitutes acknowledgement for non-contractual browsing.

15. Contact

Data protection inquiries: [email protected] or +20 69 360 1147. Postal: Museum Info Desk Sharm LLC, 17 Naama Bay Street, Sharm El Sheikh 46619, Egypt.

16. Processor agreements

Email hosting and encrypted backup vendors sign data processing terms limiting use to storage and transmission. We audit vendors annually for Egypt residency options where feasible.

17. Breach notification

If a breach likely affects your rights, we notify you and the Personal Data Protection Centre within seventy-two hours of discovery with mitigation steps taken.

18. Automated decision-making

We do not use automated profiling to price tiers. Coordinator judgment sets quotes based on trip complexity described in your form.

19. Marketing preferences

Opt out of printed postcards anytime by emailing "postcard stop". Transactional route emails continue until your brief expires regardless of marketing opt-out.

20. Data minimisation examples

We do not collect national ID numbers unless you request invoice details for corporate reimbursement. Children's names appear only when you ask for family pacing notes.

21. Archive access

Former clients may request PDF copies within retention windows. After ninety days post-travel, archives delete unless you purchase extended storage at EGP 200 per year—disclosed on invoice.

22. Supervisory contact

Egypt Personal Data Protection Centre inquiries may reference our GAFI registry 438621 and Tax ID 726-153-890 when filing complaints.

23. Law enforcement requests

Egyptian authorities may request invoice or contact data under lawful orders. We verify court references before disclosure and notify you when law permits. Checkpoint incident reports you voluntarily share may be forwarded to tourist police only with written consent.

24. Employee access controls

Coordinators see only active client folders assigned to them. Terminated staff credentials revoke within four hours. USB ports on office machines are disabled; briefs transfer via encrypted Wi-Fi to print queue.

25. Website logs

Hosting provider retains HTTP logs with IP and user agent. We do not merge logs with contact forms to profile visitors. Logs purge automatically after thirty days unless security investigation extends retention fourteen days maximum.

26. Third-party links

Our pages link to government park sites and monastery official hours pages. Those sites operate independent privacy policies. We recommend reviewing their terms before submitting personal data there.

27. Accessibility of this policy

Request this policy in large-print PDF or Arabic translation by email. We respond within ten business days without fee for registered clients.

28. Sensitive categories

We do not request health data except optional mobility notes you provide for route pacing. Religious dietary needs are stored only in trip briefs, not marketing databases. Delete mobility notes anytime by email.

29. Whistleblower protection

Employees reporting internal data mishandling may contact [email protected] with subject "internal report". Retaliation violates desk policy and may be reported to authorities.

30. Version history

Prior policy versions available on request dating to 2018 when the desk first published online forms. Changes track Egypt Law 151/2020 implementation milestones.

31. Data protection officer role

Coordinator Laila Hamed handles privacy requests when not on reef consult duty. Backup contact is [email protected] with subject "DPO". No third-party DPO firm is appointed; desk size does not require external officer under current Egyptian thresholds.

Training records for staff privacy briefings are kept five years. Topics include password hygiene, guest folder encryption, and recognising phishing posing as monastery authorities.

Guest survey comments stored anonymously after stripping names; quotes never appear in marketing without written permission separate from trip brief consent.

Backup tapes rotate offsite monthly to locked storage in Sharm commercial district with access log signed by two coordinators.

32. Joint controller situations

When you ask us to email a monastery guesthouse, that transmission shares name and dates with a third party—you initiate by written instruction. We log consent sentence from your email thread.

33. Retention disputes

If you disagree with deletion timing, reply with travel completion proof; we extend retention only when Egyptian tax audit is active, never for marketing reuse.

34. Public interest

Aggregated fee change statistics may appear in annual PDF desk report without personal identifiers—opt out via email if you prefer your trip excluded from counts.

Cookie-less design means no retargeting ads follow you after visiting museum-info.cyou.

Printed walk-in forms shredded within ninety days unless tied to active invoice; cross-cut shredder logged in office maintenance sheet.

16. Processor list

Email hosting provider stores messages in EU data centres under DPA. Local print shop receives only names when guests order paper copies—no email retention. Accounting software vendor holds invoices on Egyptian servers with AES-256 per their 2025 security whitepaper.

17. Data breach notification

If unauthorised access affects your itinerary data, we notify affected users within 72 hours with steps taken and hotline for questions. Egyptian PDPC notification follows when legally required.

18. Marketing preferences

Postcard mailers are opt-in only at desk clipboard. Email newsletters do not exist as of 2026. We will never buy mailing lists from hotels.

19. Automated decision making

We do not use algorithms to price tiers dynamically. Humans read every form. Spam filtering uses simple server rules without profiling.

20. Third-party links

Our site links to government tourism pages for convenience. Their policies apply when you leave museum-info.cyou. We do not embed social widgets.

21. Record keeping for disputes

Email threads about brief revisions are retained until one year after final revision to resolve billing disagreements. Court orders from Egyptian courts are complied with after legal review.

22. Employee access

Only assigned coordinators access your trip file. Part-time interns sign confidentiality agreements and may not export CSV dumps. Laptops lock after 10 minutes idle.