MPMuseum Pro
Legal

Privacy Policy

Last updated: 12 February 2026. This page explains what personal data Museum Pro Heritage Publishing L.L.C. collects, why we collect it, how long we keep it, and how to exercise your rights under Egyptian Law No. 151 of 2020 and, where applicable, the EU General Data Protection Regulation.

1. Who runs this website

This website is published and operated by:

Museum Pro Heritage Publishing L.L.C.
42 Cleopatra Street, Heliopolis
Cairo 11341, Egypt
Commercial Registry: 289621
Tax ID (ETA): 826-471-590
Email: [email protected]
Phone: +20 2 2418 5302

Museum Pro Heritage Publishing L.L.C. acts as the data controller for any personal data processed through this website and through the printable resource pack service. Questions about this policy can be sent to the same email address as general inquiries; we respond within thirty days as required by Egyptian law, and usually considerably faster.

2. Applicable legal framework

Our processing of personal data complies with Egyptian Personal Data Protection Law No. 151 of 2020 and its executive regulations. Where readers and institutional subscribers in the European Economic Area, the United Kingdom or Switzerland submit personal data through our forms, we additionally apply the EU GDPR, the UK GDPR and the Swiss Federal Act on Data Protection on a voluntary basis. Compliance with one framework is enough to satisfy the others in nearly every practical case, but if a tension arises we apply whichever framework is more protective of the reader.

3. What personal data we collect

We collect only the personal data you provide when interacting with the site or with the editorial desk by email:

  • Contact-form data: full name, email address, optional organisation name, selected plan, subject line and message body.
  • Email correspondence: personal data you include voluntarily when writing to [email protected].
  • Subscription data: name, billing address, email, organisation name (for Institutional plans), and the minimum information required by the payment processor to charge a card legally. Card numbers are tokenised and never visible to us.
  • Institutional subscriber rosters: additional email addresses for multi-recipient invoicing within an Institutional plan.
  • Server access logs: standard logs at the hosting provider with IP address, user-agent, requested URL and timestamp, kept for security and abuse-prevention purposes only.

This site does not run third-party advertising trackers, social-media pixels, behavioural analytics scripts, push-notification services or any other tracking mechanism that profiles readers. We do not maintain a tracking pixel of our own.

4. Why we use this data

We process personal data only for these clearly defined purposes:

  • To answer the inquiry you sent through the contact form or by direct email.
  • To deliver the subscription plan you have signed up to — Free Reading, Reader or Institutional.
  • To send transactional emails such as invoices, renewal notices and onboarding materials.
  • To meet the bookkeeping and tax obligations imposed on a Cairo L.L.C. under Egyptian law.
  • To protect the site and its readers against abuse, automated attacks and security incidents.

We do not use personal data for marketing, profile building, lookalike audiences or any form of cross-site advertising. We do not sell, rent, lease or trade personal data to any third party for any purpose.

5. Legal basis

  • Your consent: when you tick the consent box on the contact form.
  • Performance of a contract: when you subscribe to a paid plan.
  • Compliance with legal obligations: tax, accounting and L.L.C. recordkeeping under Egyptian law.
  • Legitimate interest: security logging, prevention of abuse and direct replies to unsolicited inquiries you sent us.

6. Retention periods

Different categories of data are kept for different periods:

  • Contact-form submissions and the thread of correspondence that follows them are kept for up to twenty-four months after the last interaction, then deleted.
  • Invoicing and accounting records for paid plans are kept for the minimum period required by Egyptian tax law — currently five years from the end of the relevant tax year.
  • Institutional subscriber rosters are deleted within thirty days of the end of the paid subscription period.
  • Server security logs are rotated automatically after thirty days unless they contain evidence of a security incident that requires longer retention.

We do not aggregate, anonymise or repurpose personal data for any secondary use such as audience research, lookalike modelling or sale to data brokers. Data is used for the specific purpose for which it was collected and then deleted on the schedule above.

7. Sharing personal data with third parties

We share personal data only with the providers we genuinely cannot avoid:

  • Our hosting provider, strictly for technical operation.
  • Our certified accountant in Cairo, strictly for the legally required handling of invoices and tax returns.
  • The payment processor we use for card transactions, strictly for processing payments.
  • The Cairo print partner used for the educator resource pack — for printed subscribers only.
  • Egyptian authorities, where a formal legal request requires disclosure.

None of these third parties is permitted to use the personal data we share with them for any purpose other than performing the specific service we have contracted them for.

8. Cookies and similar technologies

This site does not set marketing cookies, analytics cookies, profiling cookies or any cookies operated by third parties. A single first-party technical cookie may be used to remember whether you have already submitted the contact form within the current browser session. The cookie contains no personal data, expires when you close the browser, and is not shared with any third party.

9. Your rights

Under Egyptian Law No. 151 of 2020 you have, at all times, the right to:

  • Know what personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data, where retention is no longer legally required.
  • Withdraw your consent at any time, without affecting prior lawful processing.
  • Object to processing based on legitimate interest where your situation justifies the objection.
  • Lodge a complaint with the Egyptian Personal Data Protection Centre.

If you are a reader in the European Economic Area, the United Kingdom or Switzerland, you also have the right to data portability and the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, write to [email protected]. We respond within thirty days and never charge for a reasonable, identifiable request.

10. International data transfers

Personal data submitted through this site is stored on servers physically located within Egypt. Some technical providers we rely on may process metadata outside Egypt for routing purposes; in those cases we use providers that comply with recognised international data-protection frameworks. We do not transfer subscriber personal data to advertising networks or analytics companies, inside or outside Egypt.

11. Security

Personal data is stored on servers protected by encrypted connections (HTTPS/TLS) and access controls at the database level. Only authorised members of the editorial team are able to read reader inquiries, and only the editor-in-chief and the accountant have access to invoicing records. Institutional subscriber rosters are stored in an access-controlled database with full audit logging of every read and write operation. We maintain reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access and unlawful disclosure.

12. Children

This website is intended for adult readers and for institutional clients of legal capacity such as universities, museum-studies programmes, heritage agencies and professional travel-planning firms. We do not knowingly collect personal data from children under sixteen years of age. If you believe a minor has submitted personal data through this site, please write to us at the address above and we will delete it promptly.

13. Changes to this policy

If we update this privacy policy, the updated version is published on this page with a new "last updated" date at the top of the page. Substantial changes are additionally announced on the home page for at least thirty calendar days from the date of the change, and existing subscribers are notified by direct email so they have time to consider their position before the new version takes effect.

14. Contact for privacy and data-protection matters

Questions about this Privacy Policy or about how we handle your personal data can be sent to [email protected] or by post to the office address listed at the top of this page. Our published response time for privacy matters is the same as for general editorial inquiries, with a maximum of thirty days as required by Egyptian law. We treat privacy requests as full editorial priority work rather than as a separate compliance backlog, and reply windows are normally well inside the legally permitted maximum.