What the Beni Suef desk records, what it deletes, and the rights you retain.
Last reviewed 2 June 2026. The Visitor Pass Registry — published by Beni Suef Cultural Records S.A.E. — collects personal information through three channels: the contact form, the subscription system and reader-observer reports.
1. The data controller.
Beni Suef Cultural Records S.A.E., an Egyptian joint-stock company registered at the Beni Suef Commercial Registry under number 51/2019, with Egyptian Tax Authority VAT 497-261-803, at 19 Sharia al-Tahrir, Suq district, Beni Suef 62511. Legal representative: Reem Sabbagh, founder and majority shareholder.
2. The data officer.
Yasser Kamel, resident-card editor, holds the data officer role since 2023. Reach him on [email protected] with subject "data request" or by office telephone during opening hours.
3. What we collect.
From the contact form: name, email, optional role/affiliation, optional tier, optional pass category, topic, message body. Lawful basis: consent and pre-contractual interest.
From subscriptions: name, email, institutional affiliation (if applicable), postal address for printed-digest subscribers, country, annual payment records. Lawful basis: contract.
From reader-observer reports: observer's name and contact details, the pass used, the museum or site, date of visit, the observation note, and the honorarium payment record. Lawful basis: contract. Identity removed from any published version unless consented.
From certificate bookings: requester's name and contact details, the pass category, the certificate-purpose statement, the written response. Lawful basis: contract.
From the website: standard request logs. Lawful basis: legitimate interest in server security. No cookies, no analytics scripts, no tracking pixels.
4. What we do not collect.
We do not collect payment instruments. We do not collect health data, religious affiliation, political views or other special-category data. We do not buy mailing lists. We do not collect children's data because the registry's subject matter is not addressed to children.
5. Who else sees this information.
Contact-form messages, subscription records and observer reports are visible to the four editors and the administrator. The mail server is hosted in Frankfurt by a German provider under written processor agreement. Payment records visible to Banque du Caire and PayPal.
6. International transfers.
Because the mail server is in Germany, email passes through the EU. Subscription records and corrections log held in Beni Suef on encrypted local storage with off-site Cairo mirror.
7. How long we keep your information.
Contact-form messages not leading to subscription or commission: twelve months, then deleted.
Subscription records: duration of subscription plus seven years (Egyptian commercial-law retention). After seven years personal name and postal address are erased.
Reader-observer reports: retained indefinitely as part of the editorial archive (the observation is the basis of a published reading). Identity removed from any published version unless explicitly consented.
Certificate files: retained for two years from the certificate date, then archived offline.
Email correspondence with subscribers: duration of subscription year plus two years, then offline archive; erased after seven years.
Server logs: fourteen days at the hosting provider.
8. Your rights.
Under Egyptian Personal Data Protection Law (Law 151/2020) and the EU GDPR where it applies, you have rights of access, portability, rectification, erasure, restriction, objection and withdrawal of consent. Yasser handles requests within thirty days, free of charge.
9. Security measures.
Encrypted disks at the Beni Suef office, encrypted off-site Cairo mirror, TLS for all client connections, encrypted backups, access-controlled to the chair and the data officer.
10. Cooperation with the Tourism Authority.
The cooperative shares aggregate data with the Tourism Authority records office as part of the collegial relationship described on the about page. Shared data: aggregate subscriber counts (by tier and country) and aggregate corrections-log statistics. No individual subscriber identities, no individual observer reports, no personally-identifying information.
11. Whistleblower protection.
Information from whistleblower sources — typically tourism-policy concerns from Tourism Authority staff or site-staff concerns about pass-handling practice — is held by the data officer separately with restricted access. Four such submissions since 2020.
12. Subscriber telemetry.
No read-receipt pixels, no engagement tracking, no individual-subscriber behavioural data. The only behavioural measure is the aggregate open-rate from the mail-server provider.
13. Data breaches.
If a breach occurs likely to result in a risk to your rights, we notify within seventy-two hours. One minor incident logged since 2020.
14. Cookies.
This website sets no cookies. No analytics, no consent, no preference cookies.
15. Profiling and automated decisions.
We do not run profiling. Every reply is composed by a human; every reading is verified by a human editor.
16. Reader-mail attributions.
Bulletin's reader-mail section attributes letters by first name and country only.
17. Annual external audit.
Since 2023 the cooperative commissions an annual external audit of its data-protection practice.
18. Changes to this notice.
Reviewed every June. Material changes notified to active subscribers at least thirty days before they take effect.
19. Cooperation framework with the Egyptian Tourism Authority.
The cooperative shares aggregate data with the Tourism Authority records office as part of the collegial relationship described on the about page. The shared data covers aggregate subscriber counts (how many travel-trade subscribers and how many Egyptian-resident subscribers), aggregate corrections-log statistics (how many corrections were issued in the year and against which pass categories), and the consolidated annual transparency note. The shared data does not include individual subscriber identities, individual observer-visit reports, or any personally-identifying information. The data-sharing arrangement is documented in writing and reviewed annually; the Tourism Authority does not have read access to the cooperative's editorial archive beyond the aggregate-summary level described.
20. Whistleblower protection.
The cooperative occasionally receives information through whistleblower channels — typically from Tourism Authority staff or site-staff with concerns about gate-handling practices. We treat such information sources with strict confidentiality. The data officer holds the whistleblower-channel records separately, with access restricted to the data officer and the chair. We have received four such submissions since 2020; two led to changed published readings in the registry (with the source unidentified). The whistleblower-protection protocol is in the cooperative's internal documents and is available to subscribers on request.
21. The cooperative's annual external data-protection audit.
Since 2023 the cooperative commissions an annual external audit of its data-protection practice by an independent Egyptian consultant. The audit reviews the cooperative's collection points (the contact form, the subscription system, the reader-observer report channel), the retention practice across the documented retention windows, the security measures (encrypted disks, TLS, access-controlled backups), the data-officer response record, and the cooperative's incident-handling process. The audit findings are summarised in the December transparency note each year and are available in full to the Egyptian Personal Data Protection Centre on request. The 2023, 2024 and 2025 audits have all returned positive findings; the audit panel's only substantive recommendation (in 2024) was to formalise the anonymous-channel protocol described in the contact page, which was done within ninety days of the audit's publication.
22. The cooperative's approach to anonymous correspondence.
The cooperative accepts anonymous correspondence through a documented anonymous-channel protocol. Anonymous correspondence does not enter the standard subscription or honorarium track because both systems require identification for tax-record and accounting purposes. Anonymous correspondence is processed as a separate editorial input and is held by the data officer under restricted access. The cooperative has received approximately fifty anonymous submissions since 2020; about one-third have informed published readings in the registry. The anonymous-channel protocol was formalised in 2024 following a recommendation from that year's external data-protection audit.
23. Subscriber-correspondence retention beyond the active subscription.
Where a subscriber's correspondence raises substantive editorial questions that inform the registry's continuing work — for instance, a travel agent's detailed report on a gate-applied variance at a specific site — the correspondence may be retained in the editorial archive beyond the standard two-year-plus-subscription-year window. Retention beyond the standard window is conditional on the subscriber's explicit consent at the time of correspondence; the cooperative does not retain correspondence beyond the standard window without consent. The editorial archive retention is for the duration of the relevant editorial work, typically five to seven years from the original correspondence.
26. Children's data — not applicable.
The cooperative's subject matter (Egyptian Tourism Authority entry passes) is not addressed to children and the cooperative is not knowingly subscribed by any reader under sixteen. We do not knowingly collect any children's personal data. Where a family group's pass purchase involves a child's identifier (the documentation of a child's age for the family-pack tier of the Combined Cairo-museum pass), the data is collected by the Tourism Authority's ticketing system, not by the cooperative; we do not handle such data ourselves.
27. Contact for any data question.
Yasser Kamel, data officer, Beni Suef Cultural Records S.A.E.
Email: [email protected] · subject "data request"
Telephone: +20 82 5318 947 · Tuesday, Thursday, Saturday 10:00–14:00 Cairo time
Postal: 19 Sharia al-Tahrir, Suq district, Beni Suef 62511, Egypt.