Muse Portal Canal guides · Port Said since 2014

Privacy policy

Effective 27 June 2026. Muse Portal Canal Guides LLC explains here how we handle personal data when you enquire about Suez Canal planning services. We align practices with Egypt Personal Data Protection Law No. 151 of 2020 and its executive regulations where applicable to our Port Said operations.

1. Data controller

The controller is Muse Portal Canal Guides LLC, 8 El-Gomhoria Street, Port Said 42511, Egypt. Tax ID (ETA): 738-492-617. GAFI Registry: 451823. Contact [email protected] or +20 66 332 1847 for privacy requests.

2. Scope

This policy covers data collected through muse-portal.xyz, email, telephone, and in-person visits to our El-Gomhoria office. It does not govern third-party escort guides, museums, ferry operators, or hotels we mention in itineraries—they maintain separate policies when you purchase their services directly.

3. Categories of data

Identity and contact: name, email, phone, nationality when relevant to permits. Trip details: travel dates, party size, mobility needs, vessel interests. Financial references: invoice names and payment confirmation references—not full card numbers, which our payment gateway processes separately. Technical: server logs with IP address, browser type, timestamps for security. Communications: message content you submit via forms or email.

4. Purposes and legal bases

We process data to respond to planning enquiries, deliver contracted itineraries, issue VAT invoices, coordinate escort introductions, and comply with Egyptian tax and commercial record obligations. Lawful bases include contract performance, legitimate interest in operating a travel planning desk, and legal obligation for accounting retention. Marketing emails are not sent without explicit opt-in; service-related updates about your active booking are not marketing.

5. Consent on the contact form

Submitting the contact form requires ticking consent linked to this policy. Consent covers initial enquiry handling. Separate consent may be requested before we forward passport copies to licensed escorts for permit drafts.

6. Retention periods

Enquiries that never convert to paid plans: deleted or anonymised within eighteen months. Completed planning contracts: itinerary files and correspondence kept seven years to satisfy Egyptian tax audit windows. Server security logs: rotated after ninety days unless investigating abuse.

7. Sharing and processors

We share necessary data with licensed escort partners only after you approve introduction. Hosting and email providers act as processors under written terms. We do not sell personal data. We do not use Facebook Pixel, Google Analytics, or advertising network trackers on this website.

8. International transfers

Primary storage stays in Egypt. If you request video briefings through platforms hosted abroad, that transmission is initiated by you clicking a meeting link we send; we minimise personal data in calendar invites to first name and appointment time.

9. Security measures

Office workstations use disk encryption and role-based access. Email mailboxes require two-factor authentication. Passport copies requested for permits are deleted from escort inboxes after permit decision unless law requires longer retention by the authority.

10. Your rights under Law 151/2020

Subject to applicable exceptions, you may request access, rectification, deletion, restriction, or portability of your personal data, and withdraw consent where processing relied on consent. Submit requests to [email protected] with identity verification. We respond within thirty days unless complexity requires extension permitted by law. You may lodge complaints with Egypt’s Personal Data Protection Centre when operational.

11. Children

Services target adults planning travel. We do not knowingly collect data from children under sixteen without guardian involvement. Family itineraries should list guardian contact as primary.

12. Cookies and local storage

This static site does not set advertising cookies. Browser local storage may remember form lane selection from URL parameters via our JavaScript prefill function—no cross-site tracking. You can clear site data through browser settings.

13. Changes

We update this policy when processing activities change materially. The effective date at the top reflects the latest revision. Continued use after notice constitutes acknowledgement for non-contract browsing; active clients receive direct email notice when changes affect retention or sharing.

14. Contact for privacy

Muse Portal Canal Guides LLC
8 El-Gomhoria Street, Port Said 42511, Egypt
Tax ID (ETA): 738-492-617
GAFI Registry: 451823
Email: [email protected]
Tel: +20 66 332 1847

15. Records of processing activities

We maintain an internal register listing each processing purpose, data category, recipient type, retention window, and security measure. Summaries available on request to corporate clients auditing vendor compliance. The register last updated June 2026 after adding video-briefing platform notes in section eight.

16. Automated decision-making

We do not use automated profiling or algorithmic pricing. Tier suggestions in replies are human judgments based on party size and permit complexity described in your message. Convoy spreadsheets assist planners but do not auto-send client-facing schedules without review.

17. Breach notification

If a personal data breach likely affects your rights, we notify affected individuals and relevant authorities as required by Law 151/2020 timelines. Notification includes breach nature, likely consequences, and mitigation steps such as password rotation for compromised mailboxes.

19. Sensitive categories

We do not seek sensitive categories such as health data except mobility notes you voluntarily provide for accessibility routing. Those notes delete with general enquiry records unless needed for active contract performance. Passport copies for permits are stored encrypted during processing then purged per section nine.

20. Employee access

Only four planners access client mailboxes. Karim alone handles passport attachments. Temporary interns never receive mailbox keys. Access logs reviewed monthly.

21. Paper records

Signed fleet contracts and VAT invoices exist in paper binders at El-Gomhoria office locked overnight. Paper shreds after digital scan unless tax law requires original retention seven years.

22. Law enforcement requests

We disclose personal data to Egyptian authorities only when presented with valid legal orders. Clients notified when law permits. No voluntary bulk sharing with marketing data brokers.

23. Data minimisation practice

Contact forms collect only fields needed to plan canal days. We do not ask birth dates unless permit templates require them. Optional phone field helps same-day convoy SMS but email-only workflows supported.

24. Training

Staff complete annual privacy refresh covering Law 151/2020 updates and phishing recognition because mailbox compromise would expose travel dates and passport scans.

Training logs retained three years for internal audit.

25. Supervisory authority contact

Egypt Personal Data Protection Centre accepts complaints when fully operational at addresses published by decree. We cooperate with lawful investigations and document client notification steps in our breach register.

18. Third-party links

Topic pages link to official Suez Canal Authority public sites and museum pages when URLs remain stable. Those sites operate independent policies once you leave muse-portal.xyz. We do not embed social widgets that track you back to our domain.

26. Data protection officer role

Yasmine El-Khouly serves internal data protection contact coordinating Law 151/2020 requests without separate DPO title because company size below mandatory appointment threshold. Reach [email protected] marked Privacy Request in subject line.

27. Vendor subprocessors

Hosting provider stores static website files without form backend—forms simulate client-side redirect. Email provider processes mailbox delivery under processor agreement reviewed 2025. Payment gateway tokenises cards without Muse Portal storing PAN data.

Internal privacy coordination

Yasmine El-Khouly coordinates Law 151/2020 responses internally. Mark emails Privacy Request in subject. Payment gateway tokenises cards; we never store full PAN. Hosting serves static files; form uses client-side redirect without server database of submissions in current architecture.

Encrypted mbox export within forty-five days on request. Opt out writing if anonymised convoy stats forbidden.

Retention challenge

Challenge retention by email with identity scan; we delete enquiry copies unless litigation hold applies under Egyptian commercial code obligations.

Paper consent forms signed fleet clients scanned then shredded within ninety days unless tax audit requires original; digital copy sufficient for most corporate compliance folders requesting wet signature images.

Mailbox retention syncs laptop and phone IMAP; wipe remote device reported stolen within hours to limit exposure travel dates contained in threads.

Telephone calls not recorded except voicemail greeting; if you leave voice message convoy dates on recording we treat as enquiry data same retention as email.

Newsletter does not exist; no mailing list signup on website reduces data categories we process overall.

Clients requesting deletion before eighteen month enquiry window ends receive confirmation email listing categories purged except VAT records law mandates longer.

Desk laptops auto lock ten minutes idle; client threads visible only after password re entry reducing shoulder surfing in shared office reception.

Form checkbox consent timestamp stored server side when backend enabled; current static site logs consent text version string only in email notification.

Printed privacy summary one page available office walk in; mirrors online policy sections one through thirteen condensed plain language.

We honour deletion requests even during active trip planning if no contract signed yet.