✦ Skip The Line — Instant E-Tickets ✦ Official Partner Museums Egypt & UAE ✦ Secure Payment — Visa & Mastercard ✦ Expert-Led Guided Tours Available ✦ 60,000+ Happy Visitors Served ✦ 4.9 ★ Average Rating ✦ 24/7 Customer Support ✦ Skip The Line — Instant E-Tickets ✦ Official Partner Museums Egypt & UAE ✦ Secure Payment — Visa & Mastercard ✦ Expert-Led Guided Tours Available ✦ 60,000+ Happy Visitors Served ✦ 4.9 ★ Average Rating ✦ 24/7 Customer Support
Legal

Privacy Policy

Last updated: 1 January 2025

Last updated: 1 January 2025. This policy applies to grandmuseum.biz and all associated services operated by Grand Museum FZ-LLC.

1. Who We Are

Grand Museum FZ-LLC ("Grand Museum", "we", "us", "our") is a company registered in the Dubai International Financial Centre (DIFC), UAE (DED License 986145), with offices at Office 2204, Burj Daman Tower, DIFC, Dubai, UAE. We operate the website grandmuseum.biz and provide museum ticket booking, guided tour, and audio guide services for cultural sites in Egypt and the United Arab Emirates.

We are committed to protecting your personal data and complying with applicable privacy legislation, including the EU General Data Protection Regulation (GDPR) where applicable to EU residents, the UK GDPR, and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

For questions about this policy or our privacy practices, please contact our Data Protection Officer at: [email protected] or in writing at the address above.

2. Data We Collect

We collect the following categories of personal data:

  • Account and booking data: name, email address, telephone number, billing address, and payment method details (processed by our secure payment partner — we do not store full card numbers).
  • Transaction data: details of tickets and services purchased, booking references, date and time of purchase.
  • Communication data: records of messages, emails, or chat conversations between you and our team.
  • Technical data: IP address, browser type and version, time zone, operating system, device information, and pages visited on our website, collected automatically via cookies and similar technologies.
  • Usage data: information about how you use our website, which pages you visit, how long you spend on pages, and what you click on.

We do not collect or process any special categories of personal data (including health data, religious beliefs, or biometric data) unless you voluntarily provide such information in the context of accessibility requests.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To process and fulfil your ticket or service booking and deliver your e-ticket by email.
  • To communicate with you about your booking, including confirmation, amendments, cancellations, and support.
  • To process refunds or handle complaints.
  • To comply with legal and regulatory obligations, including fraud prevention and anti-money laundering requirements.
  • To improve our website and services through analytics (using anonymised or aggregated data where possible).
  • To send you marketing communications about our services, where you have given consent to receive such communications. You may withdraw consent at any time.

4. Legal Basis for Processing

Our legal bases for processing your personal data are: (a) contract performance — processing is necessary to fulfil your booking and deliver the services you have purchased; (b) legal obligation — where we are required by law to process your data; (c) legitimate interests — for security, fraud prevention, and improvement of our services, where such interests are not overridden by your rights; and (d) consent — for marketing communications and non-essential cookies.

5. Cookies

We use cookies and similar tracking technologies on our website. Cookies are small text files placed on your device that help us provide and improve our services. We use the following types of cookies: essential cookies (required for the website to function — no consent needed); analytics cookies (help us understand how visitors use our site — require consent); and preference cookies (remember your settings and choices — require consent).

You can control cookie preferences through our cookie consent banner, which appears on your first visit. You can also manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

6. Data Sharing

We share your personal data with the following third parties only where necessary to deliver our services:

  • Museum and site operators — to validate your ticket at the point of entry (name and booking reference only).
  • Payment processors — to process your transaction securely. Our payment partner is PCI-DSS compliant.
  • Email delivery providers — to send your e-ticket and booking confirmation.
  • Analytics providers — using anonymised or pseudonymised data only.
  • Legal and regulatory authorities — where required by law or legal process.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

7. International Transfers

Some of our service providers may process data outside the UAE or the EEA. Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms. Egypt is not currently an adequacy country under EU GDPR; we ensure all transfers to our Cairo office are covered by appropriate contractual protections.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, and thereafter for as long as required by applicable law. Booking records are typically retained for seven years for tax and accounting purposes. Marketing preferences are retained until you withdraw consent. Technical and analytics data is retained for a maximum of 26 months.

9. Your Rights

Depending on your location, you may have the following rights in relation to your personal data: right of access (to receive a copy of your data); right of rectification (to correct inaccurate data); right of erasure (to request deletion of your data in certain circumstances); right to restrict processing; right to data portability; right to object to processing based on legitimate interests; and right to withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your relevant data protection authority — in the UAE, this is the UAE Data Office; in the EU, your relevant national supervisory authority.

10. Security

We implement industry-standard technical and organisational measures to protect your personal data, including SSL/TLS encryption for all data transmitted to and from our website, access controls limiting staff access to personal data on a need-to-know basis, and regular security reviews of our systems and processes. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page and, where the changes are significant, notify you by email. We encourage you to review this policy periodically.