Privacy Policy
Effective 27 June 2026 · Quick Egypt Luxor Routes LLC
1. Data controller
Quick Egypt Luxor Routes LLC, registered with GAFI under commercial registry 524891 and ETA tax ID 813-926-475, operates from 7 Khaled ibn al-Walid Street, Luxor, Luxor Governorate 85511, Egypt. Email: [email protected] · Phone: +20 95 2378 4610.
2. Scope
This policy covers personal data submitted through our website contact form, email, phone, and walk-in consultations for Luxor route planning services. It does not govern third-party monument ticket vendors, balloon operators, or cruise lines you pay separately.
3. Categories collected
Identity and contact: name, email, phone. Travel context: dates, hotel or cruise name, mobility notes, tomb preferences. Technical: browser type and timestamp when forms submit—no advertising cookies or cross-site trackers are installed.
4. Purposes and legal basis
We process data to draft route sheets, invoice planning fees, and provide optional same-day hotline support. Processing relies on contractual necessity when you purchase a plan and legitimate interest when you make pre-contract inquiries we answer.
5. Retention
Active client folders remain seven years for Egyptian tax record requirements. Marketing-only inquiries delete within eighteen months unless you become a client. Route sheets containing tomb preferences purge GPS-free location notes three years after travel completion.
6. Sharing
We do not sell personal data. Limited sharing occurs with licensed drivers when you request Arabic brief cards containing first name and hotel zone only. Balloon operators receive pickup details only if you authorize coordination.
7. International transfers
Email servers may route through European providers with adequacy or standard contractual clauses. Route PDFs store on encrypted Luxor office drives with nightly off-site backup within Egypt.
8. Security
Office networks use WPA3, disk encryption, and role-based access. Staff sign confidentiality agreements covering tomb preferences and health mobility notes. Website forms use HTTPS; submissions are not appended to URL query strings.
9. Your rights
You may request access, correction, deletion where law permits, or object to processing for direct marketing—of which we send none. Contact [email protected]; we respond within thirty days.
10. Children
Services are directed at adults planning family travel. We process child ages only when you supply them for tomb suitability. We do not knowingly collect data from minors without guardian involvement.
11. Automated decisions
No fully automated decisions affect legal rights. Route suggestions are human-written by Luxor planners.
12. Third-party links
Our pages link to Ministry of Antiquities resources and transport references. Their policies apply when you leave quick-egypt.cyou.
13. Changes
Material updates post here with a revised effective date. Continued use after changes constitutes acknowledgment for non-contractual browsing; contracted clients receive email notice.
14. Contact and complaints
Privacy questions: [email protected]. You may lodge complaints with the Egyptian Personal Data Protection Centre when operational.
15. Cookies and analytics
We do not install Google Analytics, Meta Pixel, or advertising cookies. The site uses no third-party JavaScript beyond locally hosted main.js. Server logs may record IP addresses for security—rotated after ninety days.
16. Data minimization examples
We do not collect passport numbers unless you request invoicing that requires them under Egyptian tax law. Health data limited to mobility notes you volunteer for tomb suitability. We delete balloon voucher photos after your travel dates unless you request archival for future trips.
17. Processor list
Email hosting provider (EU servers with SCCs), Luxor office backup vendor (Egypt-only datacenter), bank for invoice settlement. No CRM SaaS with US marketing sub-processors.
18. Breach notification
Material breaches affecting contact details trigger email notice within seventy-two hours of confirmation and documentation for Egyptian authorities as required.
19. Previous versions
Prior policy versions available on request. First web policy effective 27 June 2026 superseding informal email-only notices used 2016–2025.
20. Lawful disclosure
We disclose personal data when Egyptian law compels—tax audits referencing client invoices, court orders, or tourism authority investigations into licensed guide pairings you authorize. We contest overbroad requests where counsel advises.
21. Marketing
No newsletter, no retargeting ads, no sale of email lists. Post-trip follow-up emails occur only if you opt in on a separate checkbox—not the contact form consent, which covers planning correspondence only.
22. Training
Staff annual privacy training covers mobility data sensitivity and secure deletion of driver briefs after travel completion. Yusuf Nagi maintains access logs for form submissions.
23. Controller representative
EU visitors may contact [email protected] for GDPR-style inquiries—we respond using Egyptian Personal Data Protection Centre guidance as local law develops.
24. Cookies table
None set by design. Browser local storage unused. Manifest icons cached by browser per normal PWA behavior without tracking identifiers.
25. Subject access procedure
Email [email protected] with subject Access Request. We verify identity via reply-from-same-email or passport number last four digits you originally provided. Export includes form submissions, route PDFs, and invoice metadata within thirty days.
26. Erasure procedure
Post-travel erasure requests delete marketing notes immediately and route preferences after tax retention window unless litigation hold applies. Tomb photos you email us delete within fourteen days unless embedded in delivered PDF you keep.
27. Consent withdrawal
Withdraw consent for planning processing by email—we stop work and delete drafts not yet invoiced. Work already delivered and paid remains governed by invoice terms.
28. Contact form legal basis detail
Checkbox links to this policy version dated 27 June 2026. Submitting without checkbox blocks form in browser. Consent text: processing travel dates and contact details to prepare route quotes and optional contracts.
Driver brief cards delete Arabic name copies thirty days after travel unless you book follow-up trip referencing prior sheet identifiers stored under hashed reference codes.
Office Wi-Fi separates guest consultation VLAN from staff payroll systems and consultation laptops wipe browser cache nightly through automated script.
Invoice PDFs avoid embedding message textarea verbatim when it contains unrelated third-party phone numbers because Yusuf redacts before archival per minimization policy.
Legal holds pause erasure when Egyptian tax audit requests client-year folders until authority closure letter scanned to archive and hold lifted manually.
WhatsApp voice notes delete from staff phones after transcription to route PDF unless you request verbatim retention in writing for accessibility reasons.
Walk-in visitors sign paper consent sheet mirroring web checkbox text—scanned copies destroy after seven years matching digital retention schedule.
Driver brief cards delete Arabic name copies thirty days after travel unless you book follow-up trip referencing prior sheet identifiers stored under hashed reference codes.
Office Wi-Fi separates guest consultation VLAN from staff payroll systems and consultation laptops wipe browser cache nightly through automated script.
Invoice PDFs avoid embedding message textarea verbatim when it contains unrelated third-party phone numbers because Yusuf redacts before archival per minimization policy.
Legal holds pause erasure when Egyptian tax audit requests client-year folders until authority closure letter scanned to archive and hold lifted manually.
WhatsApp voice notes delete from staff phones after transcription to route PDF unless you request verbatim retention in writing for accessibility reasons.
Walk-in visitors sign paper consent sheet mirroring web checkbox text—scanned copies destroy after seven years matching digital retention schedule.
Driver brief cards delete Arabic name copies thirty days after travel unless you book follow-up trip referencing prior sheet identifiers stored under hashed reference codes.
Office Wi-Fi separates guest consultation VLAN from staff payroll systems and consultation laptops wipe browser cache nightly through automated script.
Invoice PDFs avoid embedding message textarea verbatim when it contains unrelated third-party phone numbers because Yusuf redacts before archival per minimization policy.
Legal holds pause erasure when Egyptian tax audit requests client-year folders until authority closure letter scanned to archive and hold lifted manually.
WhatsApp voice notes delete from staff phones after transcription to route PDF unless you request verbatim retention in writing for accessibility reasons.
Walk-in visitors sign paper consent sheet mirroring web checkbox text—scanned copies destroy after seven years matching digital retention schedule.
Driver brief cards delete Arabic name copies thirty days after travel unless you book follow-up trip referencing prior sheet identifiers stored under hashed reference codes.
Office Wi-Fi separates guest consultation VLAN from staff payroll systems and consultation laptops wipe browser cache nightly through automated script.
Invoice PDFs avoid embedding message textarea verbatim when it contains unrelated third-party phone numbers because Yusuf redacts before archival per minimization policy.
Legal holds pause erasure when Egyptian tax audit requests client-year folders until authority closure letter scanned to archive and hold lifted manually.
WhatsApp voice notes delete from staff phones after transcription to route PDF unless you request verbatim retention in writing for accessibility reasons.
Walk-in visitors sign paper consent sheet mirroring web checkbox text—scanned copies destroy after seven years matching digital retention schedule.