Privacy Policy

1. Who We Are

This website, visit-muse.sbs, is operated by Nile Heritage Advisory Ltd., a company registered under Egyptian law with the General Authority for Investment and Free Zones (GAFI). Our registered address is 14 Talaat Harb Street, 4th Floor, Cairo 11511, Egypt. Tax Identification Number: 642-318-907 (issued by the Egyptian Tax Authority). GAFI Commercial Registry Number: 384917.

For all data protection enquiries, contact us at [email protected] or by post to the registered address above.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through the visit-muse.sbs website, through our contact form, through membership correspondence conducted by email, and through any ancillary communications. It does not apply to third-party websites linked from our pages.

This policy is written to meet the requirements of Egyptian Law No. 151 of 2020 on the Protection of Personal Data (the Egyptian Data Protection Law) and, where applicable to visitors resident in the European Economic Area, the General Data Protection Regulation (GDPR) as incorporated into the domestic law of EEA member states.

3. What Data We Collect

We collect personal data only when it is voluntarily provided to us or necessarily generated by your use of the website. The categories of data we collect are as follows:

Contact form submissions: Full name, email address, and the content of your message. Optionally: travel dates and the membership plan you selected. We do not collect telephone numbers through the form.

Membership correspondence: If you proceed to purchase a membership plan, we collect your email address and the transaction reference provided by our payment processor. We do not store credit card numbers, bank account details, or any payment instrument data on our servers; this is handled entirely by our PCI-DSS compliant payment processor.

Server logs: When you visit visit-muse.sbs, our hosting provider's server automatically logs your IP address, browser type, operating system, referring URL, and the pages requested. This data is retained for 30 days for security and diagnostic purposes and is not linked to any individual's name or email address.

No tracking technologies: We do not use cookies, browser fingerprinting, tracking pixels, or any other technology to identify returning visitors or to monitor behaviour across websites. We do not operate a Google Analytics, Facebook Pixel, or similar analytics account for this site.

4. How We Use Your Data

We use personal data collected through the contact form solely to respond to your enquiry. We do not use your name or email address for any marketing purpose, and we do not add you to any mailing list without your explicit consent.

If you purchase a membership plan, we retain your email address to send you the access link, update notifications relevant to guides you have accessed, and a renewal reminder when your period is approaching expiry. You may opt out of renewal reminders at any time by emailing us.

Server log data is used only for security monitoring and resolving technical faults. It is not analysed for commercial purposes and is not shared with any third party except the hosting provider responsible for its collection.

We do not engage in automated decision-making or profiling.

5. Legal Basis for Processing

Under Egyptian Law No. 151 of 2020 and, where applicable, the GDPR, we rely on the following legal bases to process personal data:

Performance of a contract or pre-contractual steps: When you enquire about or purchase a membership plan, processing your name and email is necessary to fulfil that contract.

Legitimate interests: Server log retention for 30 days serves our legitimate interest in maintaining a secure, functional website. This retention is proportionate and does not override the interests of individual visitors.

Consent: Where we send update notifications to members beyond those strictly necessary for the membership service, we rely on your consent, which you may withdraw at any time.

6. Data Sharing and Transfers

We do not sell, rent, or otherwise provide personal data to third parties for their own marketing purposes. Data may be shared in the following limited circumstances only:

Payment processor: When you make a payment, we provide your email address to our payment processor solely for the purpose of issuing a payment confirmation. The processor operates under a data processing agreement and may not use this data for any other purpose.

Hosting provider: Server logs are held by our hosting provider. They process this data as a data processor under our instructions and under a contractual obligation of confidentiality.

Legal obligation: We will disclose personal data if required to do so by a valid court order, subpoena, or written demand from a competent Egyptian law enforcement authority, or if disclosure is necessary to prevent fraud or protect the safety of an individual.

Our hosting infrastructure is located in the European Union. Where personal data originating in the EEA is transferred to this infrastructure, the transfer is governed by Standard Contractual Clauses approved by the European Commission.

7. Data Retention

Contact form enquiries that do not result in a membership purchase are retained for a maximum of 12 months from the date of receipt, after which they are permanently deleted. This period allows us to reference earlier correspondence if you contact us again about the same subject.

Membership records, including your email address, the plan purchased, the access period, and the payment transaction reference, are retained for 7 years from the date of the transaction in accordance with Egyptian commercial record-keeping requirements.

Server logs are automatically deleted after 30 days.

8. Your Rights

Under Egyptian Law No. 151 of 2020 and, where applicable, the GDPR, you have the following rights with respect to personal data we hold about you:

Right of access: You may request a copy of the personal data we hold about you.

Right to rectification: You may request that we correct inaccurate data.

Right to erasure: You may request deletion of personal data we hold about you, subject to our legal obligation to retain certain records.

Right to restriction: You may request that we restrict processing in certain circumstances.

Right to data portability: Where processing is based on consent or contract, you may request your data in a structured, commonly used, machine-readable format.

Right to object: You may object to processing based on legitimate interests.

To exercise any of these rights, email [email protected] with the subject line "Data Rights Request". We will respond within 30 days.

9. Security Measures

visit-muse.sbs is served exclusively over HTTPS with TLS 1.2 or higher. This encrypts all data in transit between your browser and our server. Contact form submissions are transmitted over encrypted connections.

Access to correspondence data is restricted to members of the Visit Muse research team by role-based access controls. We do not use shared or generic credentials for accessing correspondence systems.

In the event of a personal data breach that poses a risk to individuals, we will notify the Egyptian Personal Data Protection Centre (PDPC) within 72 hours of becoming aware of the breach and will notify affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms.

10. Children's Privacy

This website and our membership service are directed at adults. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected data from a minor without verifiable parental consent, we will delete it promptly. If you believe we have inadvertently collected data from a child, please contact us at [email protected].

11. Links to Third-Party Sites

Our guides may contain links to external websites — for example, official museum ticketing pages or government tourism authority pages. When you follow such a link, you leave visit-muse.sbs and are subject to the privacy policy of the destination site. We have no control over the data practices of linked sites and accept no responsibility for them.

12. Supervisory Authority

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the Egyptian Personal Data Protection Centre (PDPC), which is the competent supervisory authority under Egyptian Law No. 151 of 2020. EEA residents also retain the right to complain to their local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of visit-muse.sbs after a change is posted constitutes your acceptance of the revised policy.

14. Contact for Data Queries

All data protection enquiries should be addressed to: