Privacy Notice

Important clarification: Grand Egyptian Museum Guide L.L.C. is an independent information service. We are not the Grand Egyptian Museum, its operator, its ticketing platform, or any affiliated body. We do not process ticket purchases, receive payment card data, or handle any financial transaction relating to museum entry. If you have a question about a ticket purchase, that enquiry belongs with the museum's own channels, not with us.

1. Who we are

The data controller for all personal data collected via grand-egyptian.xyz is:

Grand Egyptian Museum Guide L.L.C.
21 Alexandria Desert Road, Kafr Nassar
Giza 12557, Egypt
Tax ID (ETA): 716-489-302 | Commercial Registry: 389145
Email: [email protected]
Telephone: +20 2 3855 7210

We are a limited liability company registered under Egyptian law. Our principal activity is the publication of visitor guidance and travel information relating to the Grand Egyptian Museum at Giza.

2. What data we collect and where it comes from

We collect personal data through two channels on this website:

Contact form: When you submit the enquiry form on our contact page, we receive the fields you completed: your full name, email address, an optional intended visit date, your selected planning option, and the free-text message you composed. We also receive the timestamp of submission and your IP address, which is retained in server logs for security purposes.

Direct email: If you write to [email protected], we receive the contents of your message and the metadata your email client attaches to it (sender address, date, subject line).

We do not embed forms that collect financial data, identity documents, or health information. We do not operate a user-account system, so there is no registration data, password storage, or session-based profile on this site.

3. How we use your data

We use the data you submit solely to respond to your enquiry. In practice this means: reading your message, preparing a visit recommendation or answer, and replying to you at the email address you provided. We do not use your data to build a profile, to infer interests beyond what you have stated, to target you with advertising, or to pass your details to any marketing or data-brokering service.

We may retain a record of the correspondence to allow us to follow up on a previous exchange if you write back. We do not aggregate enquiry data to identify trends or publish any statistics derived from it.

4. Legal basis for processing

Our processing of your personal data rests on two grounds under the EU General Data Protection Regulation (GDPR Article 6) and Egyptian Data Protection Law No. 151 of 2020:

Your consent (GDPR Art. 6(1)(a); PDPL Art. 4): Before submitting the contact form you tick a checkbox confirming that you accept this Privacy Notice and that you agree to us using your details to respond to your enquiry. That tick constitutes informed, specific and freely given consent. You may withdraw it at any time by emailing [email protected] — though withdrawal will prevent us from continuing any open correspondence.

Legitimate interests (GDPR Art. 6(1)(f); PDPL Art. 4): We retain server logs containing IP addresses for up to 90 days as a standard security measure to detect and respond to abuse of our systems. Our legitimate interest in basic site security outweighs the minimal privacy impact of retaining this technical data for a limited period.

5. How long we keep your data

Enquiry emails and contact form submissions are stored in our email system for 17 months from the date of first receipt. After that period, correspondence is permanently deleted unless there is an active unresolved query, in which case we retain it until the matter is closed and then delete it promptly.

Server access logs are purged after 90 days. We do not maintain a separate CRM database; all stored correspondence lives within our email infrastructure.

If you ask us to delete your data before the end of the 17-month period, we will do so within 30 days of receiving your request (see section 9 for how to request this).

6. Who we share your data with

We do not sell, licence, or otherwise transfer your personal data to third parties for commercial purposes. The only recipients of your data are:

• Our email hosting provider, which operates the infrastructure on which [email protected] runs. This provider acts as a data processor under a contractual arrangement that prohibits any independent use of your data.
• Our web hosting provider, which retains server logs as described in section 5.
• Law enforcement or regulatory bodies, if we receive a lawful and properly documented request requiring us to disclose specific data. We would notify you of any such request to the extent permitted by the applicable legal order.

We do not share your data with the Grand Egyptian Museum, any ticket reseller, tour operator, or travel agency, regardless of whether we mention those parties in our guidance content.

7. International transfers

Our business is based in Egypt. If your email or form submission is processed by a hosting or infrastructure provider whose servers are located in the European Economic Area, your data may be transferred to Egypt, which the European Commission has not designated as a country providing an adequate level of data protection. In such cases, the transfer is protected by the standard contractual clauses approved by the European Commission (Commission Implementing Decision 2021/914/EU), which our processor agreements incorporate. You may request a copy of the relevant safeguards by writing to [email protected].

If you are resident in Egypt and your data is transferred outside Egypt to an EEA-based server, that transfer is conducted under equivalent contractual commitments consistent with PDPL requirements.

8. Cookies and tracking

This website does not install advertising cookies, behavioural tracking scripts, social media pixels, or any third-party analytics code. We do not use Google Analytics, Meta Pixel, TikTok Pixel, or any equivalent service.

The only cookies this site may set are session-level technical cookies used by the web server to manage your connection during a single browsing session. These cookies contain no personal identifiers, are never transmitted to third parties, and expire immediately when you close your browser tab. No consent banner is displayed because no persistent or tracking cookies are placed.

9. Your rights

Under GDPR and Egyptian PDPL No. 151/2020, you have the following rights in relation to your personal data:

• Access: You may ask us to confirm whether we hold data about you and to provide a copy of it.
• Rectification: You may ask us to correct inaccurate data or complete incomplete data.
• Erasure: You may ask us to delete your data. We will comply within 30 days unless retention is required by law.
• Restriction: You may ask us to suspend processing while we verify a rectification request or assess an objection.
• Objection: You may object to processing based on legitimate interests. We will cease unless we can demonstrate a compelling reason that overrides your interests.
• Withdrawal of consent: You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
• Data portability: For data processed on the basis of consent, you may ask us to provide it in a structured, machine-readable format.
• Complaint: You may lodge a complaint with the Egyptian Personal Data Protection Centre (PDPC) or, if you are in the EU, with your local supervisory authority.

To exercise any of these rights, write to [email protected] with "Data rights request" in the subject line. We aim to acknowledge all requests within five working days and resolve them within 30 days.

10. Children's data

This website is intended for adults planning visits on behalf of themselves or their family groups. We do not knowingly invite children under 16 to submit personal data directly through the contact form. If you are a parent or guardian and you believe a child under 16 has submitted data to us, please contact us at [email protected] and we will delete that data promptly.

11. Data security

All communications between your browser and this website are encrypted using TLS (Transport Layer Security). Access to our email system is protected by strong authentication, and we do not store contact form data in any publicly accessible location. Our staff are instructed to treat enquiry data as confidential and to use it only for the purpose of responding to the relevant message.

No method of electronic transmission is completely secure. In the event of a data breach that is likely to affect your rights, we will notify you and the relevant supervisory authority within the timescales required by applicable law.

12. Third-party links

Our guide pages contain links to external websites — the Grand Egyptian Museum's official site, Egypt's ticketing platforms, transport services, and similar. Once you follow a link away from grand-egyptian.xyz, this Privacy Notice no longer applies. Those sites have their own privacy policies, and we have no control over, or responsibility for, the data practices of any external operator. We recommend reviewing the relevant privacy policy before submitting personal data on any site other than this one.

13. Payments and ticket transactions

For the avoidance of doubt: we do not handle any ticket purchase, payment card, or financial transaction connected with entry to the Grand Egyptian Museum or any other venue. Any financial data you enter on the museum's official website or its authorised booking partners is processed by those organisations under their own privacy policies. We have no visibility of, access to, or responsibility for that data.

14. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our data practices, in applicable law, or in the services we provide. When we make a material change, we will update the "Last reviewed" date below and, where the change is significant, post a brief note on our home page for 30 days. Continued use of the contact form after a notice update constitutes acceptance of the revised terms.

If you have an open enquiry at the time of an update and the change materially affects how we handle your data, we will notify you directly by email.

15. Contact and supervisory authority

For any question, concern, or rights request relating to this Privacy Notice, contact us at:

Grand Egyptian Museum Guide L.L.C.
Data enquiries: [email protected]
Telephone: +20 2 3855 7210
21 Alexandria Desert Road, Kafr Nassar, Giza 12557, Egypt

If you consider that your data has been handled unlawfully and you are not satisfied with our response, you have the right to lodge a complaint with the Egyptian Personal Data Protection Centre (PDPC), the supervisory authority established under Law No. 151/2020. If you are in the European Union, you may also contact your national data protection supervisory authority.

Last reviewed: 11 June 2026