Legal

Privacy Policy

How Nilescope Heritage Advisors collects, uses, and protects information you share through Egypt Pass. Last updated: 2 June 2026.

1. Who We Are

This Privacy Policy applies to Nilescope Heritage Advisors ("we", "our", "us"), a company registered in Egypt under GAFI Commercial Registry number 482936, with Egyptian Tax Authority Tax ID 643-817-205. Our registered office is at 14 Talaat Harb Street, 3rd Floor, Cairo 11511, Egypt. We operate the website egypt-pass.sbs (the "Site"), an independent informational guide to Egypt's archaeological sites, museums, and cultural heritage destinations.

We can be reached at [email protected] or by post at the address above. For general enquiries, write to [email protected] or call +20 2 2578 4391 during office hours (Monday to Friday, 09:00–17:00 Cairo time).

2. Scope of This Policy

This Policy describes our practices for personal data collected through the egypt-pass.sbs website — including its contact forms, membership enquiry flows, and any correspondence you initiate with us by email or telephone. It does not govern third-party websites linked from our pages; we have no control over the data practices of those sites and encourage you to read their own privacy notices.

We do not operate advertising trackers, retargeting pixels, or analytics platforms on this Site. We do not use Google Analytics, Meta Pixel, Google Tag Manager, Firebase, or any equivalent service. Our pages set no third-party cookies and transmit no visitor data to external advertising networks.

3. Personal Data We Collect

We collect only the information you voluntarily provide to us. The categories and specific fields we may hold are set out below.

3.1 Contact and Enquiry Forms

When you complete the enquiry form on our Contact page you are asked to supply your full name, email address, telephone number (optional), your preferred membership plan, and a free-text message describing your enquiry. This information is transmitted to us by secure POST submission and stored on our internal correspondence system. We do not use GET-method forms; your data does not appear in URLs or browser histories on our server side.

3.2 Email and Telephone Correspondence

If you write to us directly at [email protected] or telephone +20 2 2578 4391, we retain the content of that correspondence and any personal details you share within it. Telephone calls are not recorded. Email threads are retained for up to 36 months following the resolution of your enquiry.

3.3 Membership and Booking Records

Members of our Explorer, Scholar, or Expedition plans provide their name, contact details, travel dates, passport number (where required for site permit applications), institutional affiliation where applicable, and payment information. Payment data is processed by a PCI-DSS-compliant payment processor and is not stored on our own servers beyond a transaction reference number.

3.4 Server Logs

Our web hosting provider automatically records standard server-access data: the IP address from which a request originates, the date and time of the request, the URL requested, and the HTTP response code. These logs are retained for 30 days for security and uptime monitoring purposes. We do not correlate server logs with individual identities unless required to investigate a security incident.

4. How We Use Your Data

We use the personal data we collect for the following purposes, and only for these purposes:

  • Responding to your enquiries and providing the information or advisory service you have requested.
  • Processing membership subscriptions, issuing invoices, and facilitating site permit applications on your behalf.
  • Maintaining records of correspondence and service delivery as required by Egyptian commercial law.
  • Sending you transactional communications directly related to an active membership or ongoing enquiry — for example, confirmation emails, permit status updates, or itinerary amendments.
  • Diagnosing technical problems with our website or correspondence systems.
  • Complying with legal obligations, including tax record-keeping requirements under Egyptian Tax Authority regulations.

We do not use your personal data for automated decision-making or profiling. We do not sell, rent, or trade personal data to any third party. We do not use your data for direct marketing unless you have separately and explicitly consented to receive such communications in writing.

5. Legal Basis for Processing

Our processing of personal data is based on the following legal grounds, consistent with Egyptian Personal Data Protection Law No. 151 of 2020 and its executive regulations:

  • Performance of a contract: processing necessary to deliver a membership or advisory service you have requested.
  • Consent: processing based on your clear and informed agreement, for instance when you submit our contact form. You may withdraw consent at any time by writing to [email protected].
  • Legitimate interests: processing necessary for our legitimate business interests, including maintaining records of enquiries for quality-assurance purposes, provided these interests are not overridden by your rights.
  • Legal obligation: processing required to comply with Egyptian tax, commercial-registration, and financial-reporting obligations.

6. Data Sharing and Disclosure

We share personal data with third parties only to the extent strictly necessary and only in the following circumstances:

  • Service providers: our web hosting partner and email infrastructure provider process data on our behalf under contractual data-processing agreements. These providers are prohibited from using your data for any purpose other than providing the contracted service.
  • Egyptian government authorities: when facilitating access permits for restricted archaeological sites (such as the Valley of the Kings restricted zones, certain chambers at Saqqara, or special-access programmes at the Grand Egyptian Museum), we transmit the name, nationality, and passport number of applicants to the relevant ministry or Supreme Council of Antiquities office as required by the permit application process. You are informed of this transfer before we proceed.
  • Payment processors: payment information is transmitted directly to our PCI-DSS-compliant payment processor. We receive only a transaction reference confirming successful payment.
  • Legal disclosure: we may disclose personal data if required to do so by Egyptian law, court order, or regulatory authority, or to protect the rights, property, or safety of Nilescope Heritage Advisors, our clients, or the public.

We do not transfer personal data outside Egypt to third countries unless (a) you have explicitly consented, (b) the transfer is necessary to perform a service you have requested and the receiving country provides an adequate level of protection, or (c) we have implemented appropriate contractual safeguards.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, and thereafter for such period as we are required to keep it by law. Our standard retention periods are:

  • Enquiry correspondence: 36 months from the date of last contact, unless the enquiry leads to a membership.
  • Membership records: 7 years from the end of the membership period, as required by Egyptian commercial law for financial record-keeping.
  • Permit application records: 5 years, in line with requirements of the Supreme Council of Antiquities.
  • Server logs: 30 days on a rolling basis.

At the end of the applicable retention period, personal data is securely deleted or permanently anonymised so that it can no longer be attributed to an identifiable individual.

8. Your Rights

Under Egyptian Personal Data Protection Law No. 151 of 2020 you have the following rights with respect to personal data we hold about you:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may ask us to delete your personal data where we have no continuing legal basis to retain it.
  • Right to restriction: you may ask us to limit our processing of your data in certain circumstances.
  • Right to object: you may object to processing based on our legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to data portability: where technically feasible, you may request your data in a structured, machine-readable format.

To exercise any of these rights, write to [email protected] with the subject line "Data Rights Request". We will respond within 30 calendar days. We may need to verify your identity before processing a request. There is no charge for exercising your rights in ordinary circumstances.

9. Cookies and Tracking Technologies

Egypt Pass does not use cookies for tracking, analytics, or advertising. We do not deploy any third-party JavaScript libraries that set tracking cookies. Our website does not integrate with social-media platforms in ways that share your browsing activity with those platforms.

Certain browsers or devices may store session-state data locally (for example, in sessionStorage) to support in-page functionality such as form progress. This data never leaves your device and is automatically cleared when you close your browser tab.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. Our website is served exclusively over HTTPS. Access to our internal correspondence systems is restricted to authorised personnel, who are bound by confidentiality obligations. Payment data is never stored on our servers and is handled entirely by our PCI-DSS-compliant payment processor.

No method of electronic transmission or storage is completely secure. If you believe a security incident has affected your data, contact us immediately at [email protected].

11. Children's Privacy

Our services are directed at adults. We do not knowingly collect personal data from individuals under the age of 18. If you are a parent or guardian and believe your child has submitted personal data to us without your consent, contact us immediately at [email protected] and we will delete that data promptly.

12. Links to External Sites

Our pages may contain links to external websites — for example, the official websites of Egyptian museums, the Supreme Council of Antiquities, or independent archaeological publications. These links are provided for your convenience and information only. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy notices of any site you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the services we provide. When we make material changes we will update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically. Continued use of the Site after a change takes effect constitutes acceptance of the updated Policy.

14. Contact and Complaints

Questions about this Privacy Policy or how we handle your personal data should be directed to our privacy contact:

Nilescope Heritage Advisors — Privacy
14 Talaat Harb Street, 3rd Floor
Cairo 11511, Egypt
Email: [email protected]
Phone: +20 2 2578 4391
Tax ID (ETA): 643-817-205  |  GAFI Registry: 482936

If you are not satisfied with our response, you have the right to complain to the Egyptian Personal Data Protection Center (PDPC), the competent supervisory authority under Law No. 151 of 2020, at their published contact address.