Drafted in accordance with Egyptian Data Protection Law No. 151 of 2020. Last revised: 14 March 2025.
The data controller for this notice is Mus Passes, a cultural-tourism office registered in the Arab Republic of Egypt under commercial registration number 165221, with offices at Building 7B, Garden City, 12 Ibrahim Naguib Street, Cairo 11451. The office's appointed privacy steward may be reached at [email protected].
This notice is written in accordance with the Egyptian Personal Data Protection Law, Law No. 151 of 2020, and its implementing regulations. Where the traveller is resident in the European Union, United Kingdom, or another jurisdiction with analogous data-protection rules, we also observe the parallel obligations arising under those frameworks. In the event of a conflict, the higher standard applies.
To issue a credential, we collect: the name exactly as it will be checked at the gate, a valid email address, a billing address, a payment instrument (processed by our licensed Egyptian payment partner — we do not retain full card numbers), the tier selected, the dates of travel and, for the Student Pass, a verification document. For our own operational records we log the time and location of each credential scan at a partner gate. That is the entirety of the customer file.
We process personal data on one of three bases: (a) performance of the purchase contract, for the issuing and honouring of the pass; (b) legal obligation, for the records required by Egyptian tax and antiquities authorities; and (c) legitimate interest, for the modest aggregated statistics we share with partner museums. We do not rely on consent as a primary basis, because the other three suffice for a travel-admission product.
Customer records relating to an active pass are retained for the duration of the pass plus one year, after which personal identifiers are anonymised and only aggregated figures remain. Accounting records are retained for the statutory seven years required by Egyptian tax law. Email correspondence with the registrar is retained for two years and then deleted.
We share the traveller's name and the fact of a valid admission with the partner museum whose gate is presented to. We share aggregated visit counts, without names, with the Supreme Council of Antiquities for the quarterly reconciliation. We do not sell personal data, ever, and we have no advertising partners to whom data might flow for marketing purposes. We decline requests for data from third parties in the absence of a proper legal order.
Under Egyptian Law 151/2020 and the parallel frameworks mentioned above, the traveller is entitled to: access a copy of the file we hold; request correction of inaccurate data; request deletion, subject to our accounting obligations; object to specific processing; and lodge a complaint with the Egyptian Data Protection Centre. To exercise any of these rights, write to [email protected]. We will respond within thirty days.
The site sets one technical session cookie (to preserve your choices as you move between the Passes and Contact pages) and one analytics cookie (for aggregated visitor statistics; the identifier is hashed and cannot be reversed to identify a visitor). We do not set advertising cookies of any kind.
When we revise this notice, we post the new version here and update the "Last revised" date at the top. Material changes are additionally communicated to active pass-holders by email.