Privacy policy
How Museum Info Desk Sharm LLC collects, uses, and protects personal data under Egyptian law.
Effective date: 27 June 2026. Controller: Museum Info Desk Sharm LLC, 17 Naama Bay Street, Sharm El Sheikh 46619, Egypt. Tax ID (ETA): 726-153-890. Email: [email protected].
1. Scope
This policy covers data collected through museum-info.cyou, email, phone, and walk-in forms at our Naama Bay office. It applies to travellers requesting Sinai route briefs, partners sending schedule updates, and job applicants.
2. Legal framework
We process data in line with Egypt's Law No. 151 of 2020 on Personal Data Protection and supplementary ETA guidance for commercial registries. Where EU visitors request briefs, we apply GDPR-compatible principles of minimisation and purpose limitation without duplicating EU representative requirements beyond what Egyptian law demands.
3. Categories collected
Identity: name, nationality when needed for checkpoint notes. Contact: email, phone, hotel name. Trip: dates, interests, mobility notes, tier selection. Technical: IP address and browser type in server logs for 30 days. Payment: bank transfer references, not card numbers—we do not process cards on this site.
4. How we collect
Directly from contact forms (POST), email threads, phone notes taken by coordinators, and optional walk-in worksheets you sign. Forms use client-side validation; submissions are handled by desk staff without third-party CRM plugins.
5. Purposes
Route planning and invoice delivery; revision of briefs within tier windows; legal accounting with ETA receipts; security logging against spam; improving FAQ content aggregated anonymously.
6. Legal bases
Contract performance for paid tiers; legitimate interest for answering pre-contract questions; consent for marketing postcards—which we send only if you opt in on paper at the desk.
7. Retention
Active trip data: until 90 days after your departure date. Invoices: seven years per Egyptian tax rules. Contact form spam: deleted within 14 days. Server logs: 30 days.
8. Sharing
We do not sell data. We share minimum details with monastery guesthouses or dive schools only when you ask us to make a reservation inquiry on your behalf. Egyptian tax authority receives invoice copies as required. No advertising networks receive pixels from this website.
9. International transfers
Email servers may route through EU providers. We choose providers with standard contractual clauses where available. Brief PDFs are stored on encrypted drives in Sharm.
10. Security
Office network uses WPA3 and disk encryption on coordinator laptops. Passwords rotate quarterly. Physical worksheets sit in locked cabinets overnight.
11. Your rights
Request access, correction, deletion, or restriction by emailing [email protected] with subject "Privacy request". We respond within 21 days. You may complain to Egypt's Personal Data Protection Centre.
12. Children
Services are directed at adults planning family travel. We do not knowingly market to children under 16. Parent contact details in briefs are deleted per retention schedule.
13. Cookies
This static site does not set marketing cookies. Local storage is not used. If we add analytics in future, this section will update with opt-out instructions.
14. Changes
Material updates appear on this page with a new effective date. Continued use after updates constitutes acknowledgement for non-contractual browsing.
15. Contact
Data protection inquiries: [email protected] or +20 69 360 1147. Postal: Museum Info Desk Sharm LLC, 17 Naama Bay Street, Sharm El Sheikh 46619, Egypt.
16. Processor agreements
Email hosting and encrypted backup vendors sign data processing terms limiting use to storage and transmission. We audit vendors annually for Egypt residency options where feasible.
17. Breach notification
If a breach likely affects your rights, we notify you and the Personal Data Protection Centre within seventy-two hours of discovery with mitigation steps taken.
18. Automated decision-making
We do not use automated profiling to price tiers. Coordinator judgment sets quotes based on trip complexity described in your form.
19. Marketing preferences
Opt out of printed postcards anytime by emailing "postcard stop". Transactional route emails continue until your brief expires regardless of marketing opt-out.
20. Data minimisation examples
We do not collect national ID numbers unless you request invoice details for corporate reimbursement. Children's names appear only when you ask for family pacing notes.
21. Archive access
Former clients may request PDF copies within retention windows. After ninety days post-travel, archives delete unless you purchase extended storage at EGP 200 per year—disclosed on invoice.
22. Supervisory contact
Egypt Personal Data Protection Centre inquiries may reference our GAFI registry 438621 and Tax ID 726-153-890 when filing complaints.
23. Law enforcement requests
Egyptian authorities may request invoice or contact data under lawful orders. We verify court references before disclosure and notify you when law permits. Checkpoint incident reports you voluntarily share may be forwarded to tourist police only with written consent.
24. Employee access controls
Coordinators see only active client folders assigned to them. Terminated staff credentials revoke within four hours. USB ports on office machines are disabled; briefs transfer via encrypted Wi-Fi to print queue.
25. Website logs
Hosting provider retains HTTP logs with IP and user agent. We do not merge logs with contact forms to profile visitors. Logs purge automatically after thirty days unless security investigation extends retention fourteen days maximum.
26. Third-party links
Our pages link to government park sites and monastery official hours pages. Those sites operate independent privacy policies. We recommend reviewing their terms before submitting personal data there.
27. Accessibility of this policy
Request this policy in large-print PDF or Arabic translation by email. We respond within ten business days without fee for registered clients.
28. Sensitive categories
We do not request health data except optional mobility notes you provide for route pacing. Religious dietary needs are stored only in trip briefs, not marketing databases. Delete mobility notes anytime by email.
29. Whistleblower protection
Employees reporting internal data mishandling may contact [email protected] with subject "internal report". Retaliation violates desk policy and may be reported to authorities.
30. Version history
Prior policy versions available on request dating to 2018 when the desk first published online forms. Changes track Egypt Law 151/2020 implementation milestones.
31. Data protection officer role
Coordinator Laila Hamed handles privacy requests when not on reef consult duty. Backup contact is [email protected] with subject "DPO". No third-party DPO firm is appointed; desk size does not require external officer under current Egyptian thresholds.
Training records for staff privacy briefings are kept five years. Topics include password hygiene, guest folder encryption, and recognising phishing posing as monastery authorities.
Guest survey comments stored anonymously after stripping names; quotes never appear in marketing without written permission separate from trip brief consent.
Backup tapes rotate offsite monthly to locked storage in Sharm commercial district with access log signed by two coordinators.
32. Joint controller situations
When you ask us to email a monastery guesthouse, that transmission shares name and dates with a third party—you initiate by written instruction. We log consent sentence from your email thread.
33. Retention disputes
If you disagree with deletion timing, reply with travel completion proof; we extend retention only when Egyptian tax audit is active, never for marketing reuse.
34. Public interest
Aggregated fee change statistics may appear in annual PDF desk report without personal identifiers—opt out via email if you prefer your trip excluded from counts.
Cookie-less design means no retargeting ads follow you after visiting museum-info.cyou.
Printed walk-in forms shredded within ninety days unless tied to active invoice; cross-cut shredder logged in office maintenance sheet.