Privacy Policy

1. Who runs this website

This website is published and operated by:

Gran Museu Tourism Notes L.L.C.
9 Mostafa Kamel Street
Alexandria 21532, Egypt
Commercial Registry: 215984
Tax ID (ETA): 593-682-471
Email: [email protected]
Phone: +20 3 4847 2519

Gran Museu Tourism Notes L.L.C. acts as the data controller for any personal data processed through this website and through the printed quarterly Mediterranean note service. Questions about this policy can be sent to the same email address as general inquiries; we respond within thirty days as required by Egyptian law, and usually considerably faster.

2. Applicable legal framework

Our processing of personal data complies with Egyptian Personal Data Protection Law No. 151 of 2020 and its executive regulations. Where readers in the European Economic Area, the United Kingdom or Switzerland submit personal data through our forms, we additionally apply the EU GDPR, the UK GDPR and the Swiss Federal Act on Data Protection on a voluntary basis. Compliance with one framework is enough to satisfy the others in nearly every practical case, but if a tension arises we apply whichever is more protective of the reader.

3. What personal data we collect

We collect only the personal data you provide when interacting with the site or with the editorial desk by email:

• Contact-form data: full name, email address, optional phone number, selected plan, subject line and message body.
• Email correspondence: personal data you include voluntarily when writing to [email protected].
• Subscription data: name, billing address, email, and the minimum information required by the payment processor to charge a card legally. Card numbers are tokenised and never visible to us.
• Postal subscribers: postal address for the printed quarterly Mediterranean note, kept on a single offline list inside the office for printing the envelopes.
• Server access logs: standard logs at the hosting provider with IP address, user-agent, requested URL and timestamp, kept for security and abuse-prevention purposes only.

This site does not run third-party advertising trackers, social-media pixels, behavioural analytics scripts, push-notification services or any other tracking mechanism that profiles readers. We do not maintain a tracking pixel of our own.

4. Why we use this data

We process personal data only for these clearly defined purposes:

• To answer the inquiry you sent through the contact form or by direct email.
• To deliver the reader plan you have subscribed to — Open Archive, Notes Subscriber or Itinerary Note.
• To send transactional emails such as invoices and renewal notices.
• To meet the bookkeeping and tax obligations imposed on an Egyptian L.L.C. under Egyptian law.
• To protect the site and its readers against abuse, automated attacks and security incidents.

We do not use personal data for marketing, profile building, lookalike audiences or any form of cross-site advertising. We do not sell, rent, lease or trade personal data to any third party for any purpose.

5. Legal basis

• Your consent: when you tick the consent box on the contact form.
• Performance of a contract: when you subscribe to a paid plan.
• Compliance with legal obligations: tax, accounting and L.L.C. recordkeeping under Egyptian law.
• Legitimate interest: security logging, prevention of abuse and direct replies to unsolicited inquiries you sent us.

6. Retention periods

Different categories of data are kept for different periods:

• Contact-form submissions and the thread of correspondence that follows them are kept for up to twenty-four months after the last interaction, then deleted.
• Invoicing and accounting records linked to paid plans are kept for the minimum period required by Egyptian tax law — currently five years from the end of the relevant tax year.
• Postal-subscriber addresses are deleted from the printing list within thirty days of the end of the paid subscription period.
• Server security logs are rotated automatically after thirty days unless they contain evidence of a security incident that requires longer retention.

We do not aggregate, anonymise or repurpose personal data for any secondary use such as audience research, lookalike modelling or sale to data brokers. Data is used for the specific purpose it was collected and then deleted on the schedule above.

7. Sharing personal data with third parties

We share personal data only with the providers we genuinely cannot avoid in order to operate the site and the subscription system:

• Our hosting provider, strictly for the technical operation of this website.
• Our certified accountant in Alexandria, strictly for the legally required handling of invoices and tax returns.
• The payment processor we use for card transactions, strictly for processing your payment.
• The Alexandria print partner used for the printed quarterly Mediterranean note.
• The Egyptian postal service for delivering the printed quarterly note to subscribers.
• Egyptian authorities, where a formal legal request requires disclosure.

None of these third parties is permitted to use the personal data we share with them for any purpose other than performing the specific service we have contracted them for.

8. Cookies and similar technologies

This site does not set marketing cookies, analytics cookies, profiling cookies or any cookies operated by third parties. A single first-party technical cookie may be used to remember whether you have already submitted the contact form within the current browser session. The cookie contains no personal data, expires when you close the browser, and is not shared with any third party.

9. Your rights

Under Egyptian Law No. 151 of 2020 you have, at all times, the right to:

• Know what personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, where retention is no longer legally required.
• Withdraw your consent at any time, without affecting prior lawful processing.
• Object to processing based on legitimate interest where your situation justifies the objection.
• Lodge a complaint with the Egyptian Personal Data Protection Centre.

If you are a reader in the European Economic Area, the United Kingdom or Switzerland, you also have the right to data portability and the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, write to [email protected]. We respond within thirty days and never charge for a reasonable, identifiable request.

10. International data transfers

Personal data submitted through this site is stored on servers physically located within Egypt. Some technical providers we rely on may process metadata outside Egypt for routing purposes; in those cases we use providers that comply with recognised international data-protection frameworks. We do not transfer reader personal data to advertising networks or analytics companies, inside or outside Egypt.

11. Security

Personal data is stored on servers protected by encrypted connections (HTTPS/TLS) and access controls. Only authorised members of the editorial team are able to read reader inquiries, and only the editor-in-chief and the accountant have access to invoicing records. Postal-subscriber lists are kept on a single offline list inside the office. We maintain reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access and unlawful disclosure.

12. Children

This website is intended for adult readers interested in Egyptian heritage. We do not knowingly collect personal data from children under sixteen years of age. If you believe a minor has submitted personal data through this site, please write to us and we will delete it promptly.

13. Changes to this policy

If we update this privacy policy, the updated version is published on this page with a new "last updated" date at the top of the page. Substantial changes are additionally announced on the home page for at least thirty calendar days from the date of the change, and existing subscribers are notified by direct email so they have time to consider their position before the new version takes effect.

14. Contact for privacy matters

Questions about this Privacy Policy or about how we handle your personal data can be sent to [email protected] or by post to the office address listed at the top of this page. Our published response time for privacy matters is the same as for general editorial inquiries, with a maximum of thirty days as required by Egyptian law. We treat privacy requests as full editorial priority work rather than as a separate compliance backlog, and reply windows are normally well inside the legally permitted maximum.