Privacy Notice

1. Who we are

The data controller for this website is Red Reef Dive Collective L.L.C., registered under Commercial Registry number 381276, with Tax ID (ETA) 729-806-413. Our registered office is at 9 Sheraton Road, Ad Dahar, Hurghada 84511, Egypt. You can reach us by email at [email protected] or by telephone on +20 65 3447 920 (Saturday to Thursday, 08:00–18:00 Hurghada time).

We operate egyptpass.sbs as an independent diving information and advisory website. We do not operate dive boats, sell certifications or process payments through this website. The site's sole commercial function is to provide information and to handle planning enquiries submitted through the contact form.

2. What data we collect and where it comes from

We collect personal data only when you voluntarily provide it. There are two points of collection on this website:

Contact and enquiry form (on the Contact page): When you submit a dive planning enquiry, the form collects your full name, email address, an optional certification level or notes, your choice of trip type from the dropdown, and the free-text message you write. Submission also records a timestamp and the HTTP origin of the request. No payment data is collected anywhere on this site.

Dive finder widget (on the home page): The finder widget on the front page collects your experience level and base location selections to display matching results. This interaction is handled entirely within the page using local JavaScript and no data from it is transmitted to our servers or stored beyond your browser session.

We do not use third-party analytics, advertising pixels, heatmap tools, session recorders or any other tracking technology. We do not buy or obtain personal data from data brokers or third-party sources.

3. How we use your data

The data submitted through the contact form is used solely to respond to your enquiry. Specifically, we use your name to address you personally in our reply, your email address to send that reply, your certification level and trip type to prepare a relevant list of matched dive sites and centres, and your message to understand what you are looking for. We do not use your data to build audience profiles, create segments for advertising, derive inferences about you beyond what is stated in your message, or share your details with dive centres or any other third party without your explicit instruction.

If, after we respond to your enquiry, you ask us to pass your contact details to a specific dive centre you have chosen, we will do so — but only at your direction, not as a default part of our process.

4. Legal basis for processing

Under GDPR Article 6, the legal basis for processing your enquiry data is Article 6(1)(b) — processing is necessary to take steps at your request prior to entering into a contract, or to provide the information service you have requested. We consider the processing necessary and proportionate to the purpose: you have asked for a dive recommendation, and the data you provide is the minimum required to give you a useful answer.

Under Egyptian Data Protection Law No. 151/2020, we process your data on the basis of your informed consent given at the point of form submission, as indicated by the consent checkbox. You may withdraw that consent at any time by writing to [email protected].

5. How long we keep your data

Enquiry records are retained for 14 months from the date of submission. This period allows us to handle any follow-up questions from the same trip, to refer back if you contact us again the following season, and to satisfy any reasonable audit or dispute-resolution need. After 14 months, records are deleted from our email system and from any internal logs. We do not archive enquiry data to any secondary storage after deletion.

If you ask us to delete your data before the 14-month period ends, we will do so within five working days, subject to any overriding legal obligation to retain specific records.

6. Who we share data with

We do not sell, rent or share your personal data with any third party for their own purposes. The only parties who may see your data as a necessary part of delivering our service are:

• Our email hosting provider, who stores the mailbox at [email protected]. We use a provider whose servers are located in the European Economic Area and who operates under a data processing agreement.
• Web hosting infrastructure, which processes HTTP requests when you load or submit a page. The hosting provider does not retain request logs beyond 30 days for security purposes.

We do not use customer relationship management (CRM) platforms, cloud databases or marketing automation tools that would ingest your data. There are no advertising networks, affiliate tracking systems or data sharing arrangements with dive operators, tour companies or any other commercial entity on this website.

7. International data transfers

Our email hosting infrastructure operates within the European Economic Area. If you are writing to us from outside Egypt or the EEA, your message will travel across international networks as a normal part of email delivery; we have no control over the routing of email in transit, but the content is transmitted over encrypted SMTP connections (TLS). Once received, your data is held on servers in the EEA under the data processing agreement described in Section 6. We do not transfer your data to countries without adequate data protection frameworks outside of this arrangement.

8. Cookies and local storage

This website does not set any persistent cookies. We do not use session-tracking cookies, advertising cookies, analytics cookies or social media cookies. The dive finder widget on the home page uses your browser's JavaScript session context to remember your selections within a single page visit; this data is discarded when you navigate away or close your browser tab. No data from the finder widget is written to storage or transmitted to our servers. If you block JavaScript entirely, the finder widget will not function, but all other page content will remain accessible.

Some browsers may store a cached copy of this page's assets (CSS, JavaScript, images) in their local cache for faster loading on repeat visits. This is standard browser behaviour outside our control and does not involve us reading or writing any data about you.

9. Your rights

Under both Egyptian Data Protection Law No. 151/2020 and the GDPR, you have the following rights regarding the personal data we hold about you:

• Right of access: You may request a copy of the personal data we hold about you, along with an explanation of how it is used.
• Right to rectification: If data we hold about you is inaccurate or incomplete, you may ask us to correct it.
• Right to erasure: You may ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.
• Right to restrict processing: You may ask us to pause our use of your data while a dispute about its accuracy or our legal basis is resolved.
• Right to data portability: Where processing is based on consent and carried out by automated means, you may ask us to provide your data in a structured, machine-readable format.
• Right to object: You may object to processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, write to us at [email protected] with the subject line "Data rights request". We will acknowledge your request within two working days and respond in full within 30 days.

10. Data security

We take reasonable technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. Specifically: our website is served over HTTPS (TLS 1.2 or higher); our email hosting enforces TLS for both inbound and outbound message delivery; access to the mailbox is protected by a strong, unique password and two-factor authentication; and only the two team members responsible for dive enquiries have access to the mailbox.

No method of electronic transmission or storage is completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required, the relevant supervisory authority, within 72 hours of becoming aware of the breach.

11. Children's data

This website is directed at adults aged 18 and over. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe that a child under 16 has submitted data to us through the contact form, please contact us at [email protected] and we will delete the data promptly.

Note that scuba diving itself carries minimum age requirements set by certification agencies (typically 10–15 years depending on the programme and the agency's junior diver rules). Families enquiring about introductory snorkelling or shallow reef trips involving minors are welcome to contact us; we simply ask that the enquiry is submitted by an adult.

12. Supervisory authority and complaints

If you are a resident of Egypt and believe we have not handled your personal data in accordance with Egyptian Data Protection Law No. 151/2020, you may lodge a complaint with the Personal Data Protection Centre (PDPC) of the Egyptian Ministry of Communications and Information Technology.

If you are an EEA resident and believe we have not complied with the GDPR, you have the right to lodge a complaint with the supervisory authority in your country of residence or the member state where the alleged infringement took place.

We would, however, appreciate the opportunity to address any concern directly before you escalate to a supervisory authority. Please contact us first at [email protected].

13. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or the website's functionality. When we make changes, we will update the "Last updated" date at the top of this page. We will not reduce your rights under this notice without providing prominent notice on the website. If changes are material — for example, if we introduce a new type of data processing — we will take reasonable steps to inform users who have previously submitted enquiries, using the email address provided.

We recommend checking this page periodically if you use the website regularly. The current version is always accessible at egyptpass.sbs/privacy.html.

14. How to contact us about data matters

For any question, request or concern relating to this Privacy Notice or the way we handle personal data, you can reach us through any of the following:

Email: [email protected] — use the subject line "Privacy" so your message is routed correctly.
Telephone: +20 65 3447 920 (Saturday to Thursday, 08:00–18:00 Hurghada time).
Post: Red Reef Dive Collective L.L.C., 9 Sheraton Road, Ad Dahar, Hurghada 84511, Egypt.

We aim to acknowledge all privacy-related correspondence within two working days and to provide a full response within 30 calendar days. If the matter is complex or requires us to retrieve archived records, we will let you know if more time is needed, and the maximum extension under the GDPR is a further 60 days.

If you submitted a dive enquiry through our contact page and have a question about that specific submission, include the date you submitted it and the email address you used — this helps us locate the record quickly.