NM Nile & Museum Info Bureau

Privacy policy

Effective 27 June 2026. Nile & Museum Info Bureau LLC ("the Bureau," "we") operates muse-info.xyz from 14 El Merghany St, Heliopolis, Cairo 11341, Egypt. This policy explains how we handle personal data when you browse our guides or submit route requests.

1. Data controller

Nile & Museum Info Bureau LLC
14 El Merghany St, Heliopolis, Cairo 11341, Egypt
Tax ID (ETA): 674-218-539
GAFI Commercial Registry: 928471
Email: [email protected]
Tel: +20 2 2418 5567

2. Scope and Egyptian law

We align practices with Law No. 151 of 2020 on Personal Data Protection and implementing regulations issued by the Egyptian Data Protection Center. As an information-services LLC registered in Cairo, we process data necessary to respond to route inquiries, deliver paid dossiers, and maintain accounting records required by the Tax Authority.

Processing locations remain primarily Egypt. Cloud email transit may route through international servers—we select providers offering contractual safeguards where available.

3. Categories of data collected

Contact forms. Name, email, optional phone, selected planning tier, and free-text trip details you submit via forms marked for contact handling.

Commercial records. Invoice names, billing addresses when provided, bank transfer references, and correspondence related to Route Brief, Full Dossier, or Group Desk engagements.

Technical logs. Our static hosting may record server access logs (IP address, timestamp, requested URL, user agent) for security and abuse prevention. We do not deploy Google Analytics, Meta Pixel, or third-party advertising trackers on muse-info.xyz.

3. Purposes and legal bases

We process contact data to answer questions, prepare scoped quotes, deliver commissioned dossiers, and fulfill contractual obligations after you accept a tier. Legitimate interest covers limited server log retention to protect the site from automated abuse. Accounting data is retained to comply with ETA record-keeping rules.

4. Cookies and local storage

This site does not set marketing cookies or cross-site tracking identifiers. If your browser stores form autofill entries locally, that storage is controlled by your device settings—not by Bureau scripts. We do not operate a cookie consent banner because we do not use non-essential cookies.

5. Sharing and processors

We do not sell personal data. Limited sharing occurs with:

  • Our Egyptian bank for payment reconciliation on invoices you pay.
  • Email hosting provider delivering messages to and from [email protected].
  • Professional advisors (accountant, legal counsel) bound by confidentiality when required for compliance.

We do not transfer data outside Egypt except when you correspond from abroad—in that case email transit may cross international mail servers beyond our control.

6. Retention periods

General inquiries without paid engagement: email threads deleted or anonymized after twenty-four months unless you request earlier removal. Paid dossier clients: project files and invoices kept seven years per ETA guidance. Server access logs: rotated after ninety days unless needed for an active abuse investigation.

Dossier HTML links expire after ninety days from delivery; PDF copies remain yours locally without automatic deletion on our servers—we purge hosted HTML to reduce exposure surface.

7. Security measures

Forms submit over HTTPS. Internal dossier files live on password-protected editor workstations at our Heliopolis office—not in public cloud folders. Staff access follows need-to-know assignment by managing editor Yasmine El-Khouly.

8. Your rights

Under applicable Egyptian rules you may request access, correction, deletion where no legal hold applies, restriction of processing, or objection to processing based on legitimate interest. Submit requests to [email protected] with subject line "Data rights request." We respond within thirty days and may verify identity before releasing dossier copies.

Deletion requests cannot override ETA invoice retention for paid engagements completed within the seven-year tax window—we anonymize narrative trip content while preserving financial records.

9. Children

Our services target adult travelers and group chaperones. We do not knowingly collect data directly from minors under sixteen. Group Desk data should be submitted by institutional contacts, not students.

10. Third-party links

Guides link to official ministry and museum sites for ticket context. Those external sites operate under their own policies. Review their terms before submitting personal data there.

11. Changes

We post updates on this page with a revised effective date. Material changes affecting paid clients will also be emailed to active invoice contacts when feasible.

12. Complaints

Contact us first at [email protected]. You may escalate unresolved concerns to the Egyptian Data Protection Center according to procedures published on their official channels.

12. Contact for privacy matters

Email [email protected] or write Nile & Museum Info Bureau LLC, 14 El Merghany St, Heliopolis, Cairo 11341, Egypt. Phone +20 2 2418 5567 during Sunday–Thursday 09:00–17:00 Cairo time.

14. Automated decision-making

We do not use automated profiling or algorithmic pricing based on personal data. Planning tier suggestions in email replies are made by human editors reading your form submission.

15. Data breach notification

If a breach affecting your personal data occurs, we notify affected individuals and relevant authorities as required by Law 151 procedures, describing nature of data, likely consequences, and mitigation steps taken.

16. Marketing communications

We do not send promotional newsletters. Transactional email only: quote replies, invoice delivery, dossier links, and revision confirmations. You will not receive bulk marketing from third parties through our lists because we maintain no such lists.

17. Archival copies

Email servers may retain backup tapes with deleted messages for limited technical windows. Accounting PDFs stored for tax compliance are not used for marketing analytics.

18. Your responsibilities

Provide accurate contact details and avoid submitting third-party personal data without consent—especially when Group Desk forms list student names. You are responsible for securing devices used to access dossier HTML links.

19. Lawful basis summary table

ActivityData usedBasis
Reply to contact formName, email, messageContract / pre-contract steps
Deliver paid dossierTrip details, billing infoContract performance
ETA tax recordsInvoice identityLegal obligation
Server security logsIP, timestampLegitimate interest

20. Supervisory contact

The Egyptian Data Protection Center publishes updated complaint procedures on official government portals. Keep a copy of our reply to your rights request for reference if you escalate.

21. Version history

June 2026: initial publication for muse-info.xyz relaunch. Prior client data under legacy domains migrated with consent emails where required; unmigrated inactive threads were deleted per retention schedule above.

22. International data transfers

When you email from outside Egypt, message content transits provider networks that may store copies in data centers abroad. We choose email providers with published security practices but cannot control every hop. Dossier PDFs are delivered as attachments you store locally—hosted HTML links reside on Egyptian-configured hosting where contractually specified.

23. Access request procedure

Email [email protected] with subject "Data access request," include full name and approximate contact date. We match against inquiry and invoice archives, redact third-party data from shared threads, and send extract within thirty days. Complex Group Desk files may require additional verification of institutional authority.

24. Correction and deletion

Corrections to email or phone on active projects apply forward immediately; historical invoices retain original billing identity per tax law. Deletion after dossier delivery removes marketing use—we cannot erase line items on issued tax invoices until statutory period ends.

25. Processor agreements

Hosting, email, and accounting software vendors process data under our instructions for infrastructure only. We do not authorize processors to train AI models on client trip narratives or sell lists to tour operators.

26. Transparency report

We have not received government bulk surveillance orders as of June 2026. If lawfully compelled to disclose data, we notify affected clients when legal silence orders do not prohibit notice.

27. Contact data minimization

Forms collect only fields needed to scope routes—optional phone helps day-of clarification but is not mandatory. We do not require passport numbers, national IDs, or payment card data through website forms. Bank transfers settle offline after invoice.

28. Anonymized analytics

We do not operate client-side analytics scripts. Server log aggregation counts total page requests without building individual reader profiles or selling traffic data.

29. Data protection officer contact

Privacy inquiries may be addressed to the managing editor acting as data protection liaison at [email protected]. Formal DPO registration follows Egyptian Data Protection Center guidance as implemented for LLCs of our size.

30. Consent withdrawal

You may withdraw consent for optional phone follow-up anytime without affecting delivery of already-paid dossiers. Withdraw marketing—though we send none—by email with subject "Withdraw consent."

31. Glossary

Personal data means information identifying you directly or indirectly. Processing means any operation on data including storage and email reply. Controller means Nile & Museum Info Bureau LLC determining purposes of processing under this policy.

32. Effective acceptance

Using contact forms constitutes acknowledgment of this policy for data submitted therein. Browsing public sitelinks without submitting personal data falls under server log practices in section four only.

Plan my route