Privacy Policy

1. Who we are

This website is operated by:

Grand Pass Cultural Tours L.L.C.
14 El-Tahrir Square, Downtown
Qasr El Nil, Cairo 11511, Egypt
Commercial Registry: 184529
Tax ID (ETA): 624-857-193
Email: [email protected]
Phone: +20 2 2574 8316

Grand Pass Cultural Tours L.L.C. acts as the data controller for any personal data processed through this website.

2. Legal framework

Our processing of personal data complies with the Egyptian Personal Data Protection Law No. 151 of 2020 and its executive regulations. Where readers from the European Economic Area submit data through this site, we additionally apply the principles of the EU General Data Protection Regulation (GDPR) on a voluntary basis.

3. What data we collect

We collect only the data you provide when interacting with this website:

• Contact form data: full name, email address, optional phone number, selected Tour Plan, subject and message.
• Email correspondence: any data you choose to include when writing to [email protected].
• Technical logs: standard server access logs containing IP address, user-agent, requested URL and timestamp, kept by our hosting provider for security purposes only.

This website does not run third-party advertising trackers, social media pixels, behavioural analytics scripts or push-notification services.

4. Why we use this data

We process personal data only for the following purposes:

• To reply to your inquiry sent through the contact form or by email.
• To deliver the Tour Plan you have requested (Public Archive, Reader, Personalised Itinerary).
• To meet bookkeeping and tax obligations under Egyptian law in relation to paid plans.
• To protect the website and its readers against abuse and security incidents.

5. Legal basis

• Your consent: when you check the consent box on the contact form.
• Performance of a contract: when you subscribe to a paid Tour Plan.
• Legal obligation: for tax and accounting records under Egyptian law.
• Legitimate interest: for security logging and prevention of abuse.

6. Retention

Contact form submissions are kept for up to 24 months after the last interaction, then deleted. Invoicing records for paid plans are kept for the minimum period required by Egyptian tax law (currently 5 years). Server security logs are rotated automatically after 30 days.

7. Sharing

We do not sell, rent or trade personal data. We share data only with:

• Our hosting provider, strictly for the technical operation of this website.
• Our certified accountant in Cairo, strictly for the legally required handling of invoices.
• Egyptian authorities, where a formal legal request requires it.

8. Cookies

This website does not set marketing or analytics cookies. A single technical cookie may be used to remember whether you have already submitted the contact form during your session; it contains no personal data and expires when you close the browser.

9. Your rights

Under Egyptian Law No. 151 of 2020 you have the right to:

• Know what personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, where retention is no longer legally required.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with the Egyptian Personal Data Protection Centre.

To exercise any of these rights, write to [email protected]. We answer within 30 days.

10. Security

Personal data is stored on servers protected by encrypted connections (HTTPS/TLS) and access controls. Only authorised members of the editorial team handle reader inquiries. We do not transfer personal data outside Egypt except where it is technically required for the operation of the website (for example, email delivery through a regulated provider).

11. Children

This website is intended for adult readers. We do not knowingly collect personal data from children under 16. If you believe a minor has submitted data through this site, please contact us so we can delete it.

12. Changes to this policy

If we change this policy, the updated version will be published on this page with a new “last updated” date. Substantial changes are also announced on the home page for at least 30 days.

13. Definitions used in this policy

The terms used in this Privacy Policy follow the definitions established by Egyptian Law No. 151 of 2020. "Personal data" means any information that identifies or makes identifiable a natural person, directly or indirectly. "Processing" means any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, restriction, erasure or destruction. "Data controller" means the natural or legal person who determines the purposes and means of processing — in the context of this website, Grand Pass Cultural Tours L.L.C. "Data subject" means the natural person to whom the personal data relates — typically, the reader interacting with this website.

14. Data minimisation principle

In line with the data-minimisation principle of Egyptian Law No. 151 of 2020, we collect only the personal data necessary for the specific purpose stated in each interaction. The contact form collects the minimum fields required to send a meaningful reply: name, email address, the subject of the inquiry and the message body. Phone number is optional and only requested in cases where readers explicitly prefer a phone callback for Personalised Itinerary planning. We do not collect demographic data, browsing history, location data, device fingerprints or any other identifier beyond what is strictly required.

When a Tour Plan subscription is created, we collect the additional billing fields required by Egyptian tax law: full legal name, billing address and tax identification number where applicable. These are stored in our accounting system separately from editorial correspondence and access is restricted to the editor-in-chief and the certified accountant who files our quarterly tax returns. Payment card information is never stored on our servers — it is processed and tokenised by our regulated payment provider, and we hold only the last four digits of the card for reconciliation.

14. International transfers

Personal data submitted through this website is processed and stored on servers located in the Arab Republic of Egypt under our hosting agreement. Where a technical service provider operates infrastructure in another jurisdiction (for example, our email delivery service), we ensure that the transfer takes place under appropriate safeguards including encrypted transmission, contractual data-protection clauses and a documented data-processing agreement. We do not transfer reader data outside Egypt for any commercial purpose.

14. Automated decision-making

We do not use automated decision-making or profiling in any way that produces legal effects or otherwise significantly affects readers. All editorial decisions about reader inquiries, Tour Plan customisation and corrections are made by human staff. Algorithms used internally are limited to email-spam filtering and standard server security measures that do not involve personal data analysis.

15. Marketing communications

Grand Pass Cultural Tours does not run an email marketing programme. Subscribers to paid plans receive transactional communications only — invoices, plan updates, the monthly briefing PDF that is part of the Reader and Personalised Itinerary plans, and one-off security or service-related notices. We never share reader email addresses with third parties for marketing purposes and we never sell reader contact lists.

16. Data protection officer

Because of the small size of our editorial team and the limited scope of personal data processing on this website, we have not appointed a dedicated Data Protection Officer. The editor-in-chief acts as the single point of contact for data-protection inquiries under the responsibility provisions of Egyptian Law No. 151 of 2020. Inquiries may be addressed to [email protected] with the subject line beginning with the words "Data Protection".

17. Cooperation with authorities

We comply with lawful requests from Egyptian authorities under the framework of Egyptian Law No. 151 of 2020 and related criminal-procedure legislation. We do not disclose reader data voluntarily to law enforcement and require a formal written request specifying the legal basis. Where the law permits, we notify the affected reader before disclosing their data unless the request itself prohibits notification under judicial review.

18. Updates to reader rights

As Egyptian data-protection regulation evolves under the executive regulations of Law No. 151 of 2020, additional reader rights or notification requirements may become applicable. We commit to reviewing this Privacy Policy every six months and to updating it in line with new statutory requirements or guidance from the Egyptian Personal Data Protection Centre. Substantive updates are announced on the home page for at least thirty days before they take effect.

19. Contact

Questions about this Privacy Policy can be sent to [email protected] or by post to the office address listed above. We answer within thirty days as required by Egyptian law. For routine editorial questions that do not concern personal data, please use the contact page instead — this keeps the data-protection inbox focused on actual rights requests.