G
    Gemstickets
    Giza
    Legal

    Privacy Policy

    Last updated: 15 April 2026

    1. Who we are

    Gemstickets ("we", "us", "our") operates the online booking service for the Grand Egyptian Museum in Giza. We are the data controller responsible for personal information collected through this website.

    2. Information we collect

    • Identity & contact data: name, email, phone number, country.
    • Booking data: visit date, time slot, ticket categories, special needs.
    • Payment data: processed by our PCI-DSS compliant payment provider; we never store full card numbers.
    • Technical data: IP address, browser type, device, and analytics events.
    • Document data (optional): student or senior ID number for discounted tickets.

    3. How we use your data

    We use your information to:

    • Process your booking and deliver e-tickets.
    • Validate entry at the museum via QR code.
    • Send transactional emails (confirmation, reminders, refunds).
    • Provide customer support and handle refund requests.
    • Comply with legal and tax obligations under Egyptian law.
    • Send marketing communications — only with your explicit consent.

    4. Legal basis

    We process your data based on contract performance (booking), legitimate interest (fraud prevention, service improvement), legal obligation (tax records), and your consent (marketing).

    5. Data sharing

    We share data only with trusted processors: payment providers (Stripe, PayMob), email and SMS providers (SendGrid, Twilio), analytics tools (Google Analytics 4), and the museum's access control system for ticket validation. All processors are bound by data processing agreements.

    6. Data retention

    Booking records are retained for 7 years for accounting and tax purposes. Account data is kept until you delete your account. Marketing data is retained until you withdraw consent.

    7. Your rights

    Under GDPR and Egyptian Data Protection Law No. 151/2020 you have the right to access, rectify, erase, restrict, port your data, and object to processing. To exercise these rights, contact [email protected].

    8. Security

    We use TLS 1.3 in transit and AES-256 at rest, with regular penetration testing and strict access controls.

    9. Contact

    Questions about this policy? Reach our Data Protection Officer at [email protected].