Privacy policy

Effective 27 June 2026 · Downtown Cairo Pass Guides LLC · Tax ID 794-682-153

1. Who we are

Downtown Cairo Pass Guides LLC operates the MuseumPass website at museumpass.cyou and a planning office at 22 Bab al-Louq Street, Downtown Cairo, Cairo Governorate 11511, Egypt. We are registered with GAFI under number 508294. For privacy questions contact [email protected] or +20 2 2395 4820.

2. Scope

This policy covers personal data collected through our contact forms, email, phone, and in-office consultations when you request Coptic, Islamic, Khan el-Khalili, or downtown museum route planning. It does not govern third-party museum ticket portals you use independently.

3. Data we collect

Identity and contact: name, email, phone, country of residence. Trip context: travel dates, group size, mobility requirements, plan selection (coptic-explorer, islamic-walker, downtown-coordinator), free-text messages about must-see sites. Payment records: invoice name, transfer reference, amount paid—never full card numbers because in-office card terminals tokenize data with our bank. Technical: server logs with IP address, browser type, timestamp, and pages viewed without cross-site tracking cookies.

4. Legal bases

We process inquiry data to perform pre-contract steps at your request and to deliver paid route packs. Invoice data satisfies Egyptian tax and commercial record obligations under ETA rules. We rely on consent for optional marketing emails about hour-matrix updates; you may withdraw consent anytime.

5. How we use data

Staff use your details to draft walking sequences, call you when mosque hours change, and email PDF deliverables. Payment data appears on VAT invoices. Aggregated, anonymized statistics about popular sites help us update guides—we never sell personal profiles to hotels or tour resellers.

6. Storage and retention

Active client folders live on encrypted office drives at Bab al-Louq. Email threads sync to secure mail hosting in the EU with standard contractual clauses. Inquiry forms that do not convert to paid plans delete within eighteen months. Paid client records retain seven years for tax audit. Server logs rotate after ninety days.

7. Sharing

We share data only with: our Egyptian bank for settlement, our email host for delivery, and licensed Egyptologists when you explicitly ask for an introduction. We do not use Facebook Pixel, Google Analytics, or advertising networks. Law enforcement receives data only when Egyptian law compels disclosure.

8. International transfers

If you reside outside Egypt, your email may be stored on EU mail servers. We document transfer safeguards in our vendor agreements. Route PDFs deliver directly to your chosen inbox without passing through social media platforms.

9. Security

Office networks use WPA3, disk encryption, and role-based access so only assigned coordinators view your itinerary. Forms transmit over HTTPS. Staff laptops require screen locks. We train employees annually on phishing and do not store passport images unless a documentary permit explicitly requires it—and then only until the shoot concludes.

10. Your rights

You may request access, correction, deletion, or export of your personal data by emailing [email protected] with subject line Privacy Request. We respond within thirty days. You may object to marketing emails via unsubscribe links. Deletion may be limited where tax law requires invoice retention.

11. Children

Services target adults planning family travel. We do not knowingly collect data from children under sixteen without a parent or guardian copied on the inquiry. School groups must name a responsible teacher on forms.

12. Cookies and tracking

We do not deploy analytics or advertising cookies. The site may store strictly necessary session data for form security. Your browser may cache CSS locally. We do not operate a cookie banner because we do not set non-essential cookies.

13. Form consent

Contact and hero forms require a checkbox linking to this policy. Submitting without consent blocks delivery. Consent text: you agree that Downtown Cairo Pass Guides LLC processes your details to prepare route proposals and invoices.

14. Changes

We post revisions on this page with a new effective date. Material changes email active clients when we still hold their address. Continued use after posting constitutes acceptance for non-material edits.

15. Contact and complaints

Data controller: Downtown Cairo Pass Guides LLC, 22 Bab al-Louq Street, Downtown Cairo, Cairo Governorate 11511, Egypt. Email [email protected], phone +20 2 2395 4820. You may escalate unresolved concerns to the Egyptian Data Protection Center when applicable regulations enter force.

16. Processor and sub-processor list

Email hosting provider processes message bodies and attachments under DPA terms updated annually. Payment bank stores transaction records required by Central Bank of Egypt rules. No sub-processor may use your data for model training or advertising profiles. We review subprocessors when contracts renew each April.

17. Data minimization in route packs

PDF deliverables include only names and party size needed for driver cards—never passport numbers unless documentary permits require temporary storage noted in section nine. We delete ad-hoc WhatsApp voice notes after trips conclude unless you request archival for repeat bookings.

18. Breach notification

If encrypted office systems suffer unauthorized access, we notify affected clients within seventy-two hours with described data categories and remediation steps. Egyptian ETA tax records follow separate breach rules; we coordinate dual notifications when both travel and invoice data overlap.

19. Marketing preferences

Hour-matrix newsletter emails are optional and sent at most six times per year. Unsubscribe links remove you within forty-eight hours. Transactional emails about your active booking ignore marketing unsubscribes because they fulfill contract obligations.

20. Record of processing activities

We maintain an internal register listing purposes, categories, retention, and legal bases—available in summary form upon written request. Register updates occur when we add payment methods or new consultation channels.

21. Automated decision-making

We do not use automated profiling or AI scoring on inquiry forms. Humans read every message. Spam filters may quarantine suspicious attachments; legitimate clients whose emails bounce should call +20 2 2395 4820.

22. Third-party sites linked from PDFs

Route packs link only to official museum portals or government hour pages when necessary. We are not responsible for privacy practices on those external domains once you leave museumpass.cyou.

23. Data retention for unresolved inquiries

Prospects who never purchase receive deletion reminders at eighteen months unless they opt into newsletters. Partial payments trigger full commercial retention until refund windows close plus tax statutory periods.

24. Employee access controls

Only four staff accounts access client folders. Departing employees lose credentials within twenty-four hours. Password rotation occurs quarterly on office systems handling invoice data.

25. Your responsibilities

Provide accurate email addresses and notify us when contact details change mid-trip so revised PDFs reach you before gate times shift. Do not forward route packs to commercial tour operators for resale—we license documents to named purchasers only.

26. Supervisory authority contact

Downtown Cairo Pass Guides LLC falls under Egyptian commercial and tax law via GAFI registration 508294 and ETA Tax ID 794-682-153. Privacy inquiries unrelated to travel planning may be copied to our registered auditor when legally required.

27. Language of policy

This policy is authored in English; Arabic translation available on request for local partners. Conflict between translations defaults to English version unless Egyptian consumer law mandates otherwise.

28. Incident log access

Clients may request summary of any privacy incidents affecting their data within past twenty-four months. We maintain incident register even when zero breaches occurred—response confirms clean record.

29. Consent withdrawal effects

Withdrawing marketing consent does not delete trip records required for tax retention. Withdrawing processing consent before PDF delivery cancels active planning contract and triggers refund per pricing page terms.

30. Policy version history

Version 2026-06-27 initial publication replacing informal office notices. Prior verbal assurances superseded by this document. Archive copies stored seven years for regulatory inspection.

31. Data portability format

Export requests receive ZIP with JSON metadata plus PDF copies of delivered route packs. Machine-readable fields include name, email, trip dates, plan tier, and invoice numbers—no proprietary formats lock you in.

32. Complaint resolution timeline

We acknowledge privacy complaints within five business days and aim to resolve within thirty. Escalation contact remains [email protected] with subject Privacy Escalation if initial response unsatisfactory.

33. Minimization review cadence

Quarterly internal audits delete fields no longer needed for active planning—obsolete phone numbers, expired passport copies from documentary jobs, duplicate email threads merged into single client record.

Anonymous analytics derived from aggregate route popularity never identify individual travelers or link to advertising networks of any kind.

Questions about this policy reach [email protected] with response target of five business days maximum during standard office hours at Bab al-Louq.

Return to contact or read about our company.