Legal

Privacy Policy

Effective date: 1 June 2025. Issued by Nile Heritage Consulting LLC, Cairo, Egypt.

1. Introduction and Scope

Nile Heritage Consulting LLC ("we", "us", "our"), operating under Tax Identification Number 672-814-309 and GAFI Commercial Registry Number 384951, operates the website histor-pass.sbs (the "Website"). This Privacy Policy explains how we collect, use, store, protect, and share personal data submitted through this Website. It applies to all visitors, enquirers, and clients who interact with the Website or our services.

We are committed to handling personal data with care and transparency. We do not sell, rent, or share personal information with third-party marketers. We do not operate advertising networks or tracking pixels on this Website. This Policy governs our practices in accordance with Egyptian data protection legislation and internationally recognised best practices for handling personal information.

2. Data We Collect

We collect personal data only when you voluntarily provide it. The categories of data we may collect include:

  • Contact information: your full name, email address, and optionally your telephone number, submitted through the enquiry form on the Contact page.
  • Enquiry content: the text of any message you send us, including travel dates, group size, interests, and any other information you choose to include in your enquiry.
  • Service preferences: the consultation plan you select in the enquiry form, which allows us to route your request to the appropriate team member.
  • Technical data: your IP address, browser type, and approximate geographic region, collected automatically by our web server logs for security and operational purposes. This data is not used for tracking individual users or behavioural profiling.

We do not collect payment card details through this Website. Payment is processed via third-party providers (bank transfer, Wise, PayPal) whose separate privacy policies apply to those transactions.

3. How We Use Your Data

Personal data submitted through the enquiry form is used exclusively for the following purposes:

  • To respond to your enquiry and provide the consultation service you requested.
  • To deliver written itinerary materials, video call links, or other service deliverables to your email address.
  • To send service-related communications such as invoice confirmation, revision offers, and responses to follow-up questions.
  • To maintain internal records of client engagements for accounting and administrative purposes.

We do not use your personal data for marketing purposes without your express consent. If you wish to receive periodic updates about significant changes to Egyptian heritage sites, you may opt in at the time of your enquiry. You may withdraw this consent at any time by emailing [email protected].

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Performance of a contract: when you request a consultation service, processing your contact details is necessary to deliver the service.
  • Legitimate interests: maintaining server logs for security and fraud prevention constitutes a legitimate operational interest, provided it does not override your privacy rights.
  • Consent: where we ask for your consent (for example, to send site-update notifications), we will record that consent and only process data for the consented purpose.

5. Data Retention

We retain personal data for the following periods:

  • Enquiry correspondence and consultation deliverables: five years from the date of the enquiry, to allow for follow-up queries and accounting compliance.
  • Invoice records: seven years, as required under Egyptian commercial accounting law.
  • Server log data: 90 days, after which logs are automatically purged.
  • Opted-in update subscriber data: until consent is withdrawn or three years have elapsed without contact, whichever is earlier.

When retention periods expire, data is securely deleted or permanently anonymised so it can no longer be associated with any individual.

6. Data Sharing and Third Parties

We do not sell or share your personal data with third parties for commercial purposes. We may share data in the following limited circumstances:

  • Service delivery: if you have engaged the Explorer or Full Journey consultation plan, your enquiry details may be shared internally with the licensed Egyptologist or field researcher assigned to your case. All team members are bound by confidentiality obligations.
  • Payment processing: your name and email address are shared with our payment processor solely to facilitate the invoice you have agreed to pay. We use Wise and PayPal as processors; their respective privacy policies govern data handling during payment.
  • Legal obligation: if we receive a valid legal order from an Egyptian court or competent regulatory authority requiring disclosure of your data, we will comply and, where legally permitted, notify you before doing so.

We do not use Google Analytics, Facebook Pixel, Google Tag Manager, or any other behavioural tracking or advertising technology on this Website.

7. Cookies and Local Storage

This Website does not set third-party cookies. Our server may set a session cookie solely to manage form state during your visit; this cookie contains no personal information, does not persist beyond your browser session, and is not shared with any third party. We do not use persistent tracking cookies, fingerprinting scripts, or any technology designed to identify you across browsing sessions or across other websites.

8. Data Security

We implement reasonable technical and organisational measures to protect the personal data we hold. These include encrypted email transmission (TLS), access controls on internal email accounts and document stores, and a policy limiting data access to team members who require it for service delivery. No Internet transmission is perfectly secure, and we cannot guarantee absolute security; however, we treat the protection of your data as a professional obligation and act promptly on any discovered security issues.

9. Your Rights

You have the following rights regarding personal data we hold about you:

  • Access: you may request a copy of the personal data we hold about you.
  • Correction: you may request correction of inaccurate or incomplete data.
  • Deletion: you may request deletion of your data, subject to our retention obligations under applicable law.
  • Restriction: you may request that we restrict processing of your data while a dispute is resolved.
  • Portability: you may request that we provide your data in a structured, machine-readable format.
  • Objection: you may object to processing based on legitimate interests; we will cease processing unless we demonstrate compelling grounds.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We do not charge a fee for reasonable requests.

10. Children's Privacy

This Website is not directed at children under the age of 16 and we do not knowingly collect personal data from anyone under that age. If you believe a child has submitted personal data to us, please contact us immediately and we will delete it promptly.

11. International Data Transfers

Our principal place of business is in Cairo, Egypt. Personal data you submit may be processed on servers operated by our hosting provider, which may be located in the European Union or the United States. In each case, we ensure that data transfer arrangements comply with applicable data protection requirements, including through standard contractual clauses or the provider's certified compliance frameworks.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we offer. The effective date at the top of this page will always indicate when the current version was issued. For material changes, we will make reasonable efforts to notify active clients by email. Continued use of the Website after a policy update constitutes acceptance of the revised policy.

12a. Automated Decision-Making

We do not use automated decision-making or profiling in any form. All responses to enquiries are written by human team members. No algorithmic system determines the content of our consultation deliverables or assigns priority to your enquiry. The selection of a consultation plan is made by you through the enquiry form and confirmed by us in direct correspondence.

12b. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms — for example, unauthorised access to our email systems containing client correspondence — we will notify affected individuals within 72 hours of becoming aware of the breach, to the extent that we are able to identify affected parties. We will describe the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures we have taken to address it. We maintain an incident response log for all security events, regardless of whether they constitute reportable breaches.

12c. Specific Provisions for EU/UK Residents

If you are a resident of the European Union or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR, as applicable, provides you with enhanced rights regarding your personal data. These include the right to lodge a complaint with your national supervisory authority (such as the Information Commissioner's Office in the UK, or the relevant DPA in your EU member state) if you believe we have processed your data unlawfully. We have taken reasonable steps to ensure our practices align with GDPR principles, including data minimisation, purpose limitation, and storage limitation, regardless of where a visitor is based.

13. Contact and Complaints

For privacy-related enquiries, data subject requests, or complaints about our data handling practices, contact us at:

Nile Heritage Consulting LLC
14 Talaat Harb Street, 4th Floor
Cairo 11511, Egypt
Tax ID: 672-814-309
Registry No.: 384951
Email: [email protected]
Phone: +20 2 2579 4431

If you are not satisfied with our response to a privacy complaint, you may refer the matter to the Egyptian National Telecom Regulatory Authority or the relevant data protection authority in your country of residence.