What we record about visiting families, what we delete and the rights you keep.
Last reviewed 10 June 2026. Compass & Camel Trails Cooperative S.A.E. handles personal information from contact-form enquiries, memberships and on-trail photography. This notice describes what we collect, how long we keep it, who else sees it, and the rights you retain. It is written in plain language; if anything is unclear, write to the named data officer at the foot of this page.
1. The data controller.
Compass & Camel Trails Cooperative S.A.E., a registered Egyptian agricultural-tourism cooperative (registration number 11/2007), with Egyptian Tax Authority VAT identifier 612-738-294, at 31 Sharia al-Sayyad, Tunis Village, Fayoum 63511. The cooperative is the controller of all data processed in the course of running the office, managing memberships and matching visiting families with member-family guides.
2. The data officer.
Salma Abu Hashem, cooperative secretary, holds the data officer role. Reach her on [email protected] with the subject line "data request" or by office telephone on +20 84 6629 318 during office hours. She processes access, correction, deletion and portability requests personally; the role is not delegated.
3. What we collect.
From the contact form: name, email, country, trail of interest, membership tier choice if joining, topic of message, approximate travel dates, party composition (number and ages of children), and the message body. Lawful basis: consent (the consent box is required) and pre-contractual interest for trail bookings and memberships. We use the information only to reply and to arrange the trail or membership.
From memberships: name, email, postal address, country, and a record of annual payments. Lawful basis: contract. We use this to deliver the seasonal updates, to keep accounting records for the Egyptian Tax Authority, and to send the November and March printed updates.
From the website: standard request logs at the hosting provider — IP address, timestamp, requested page, referrer, user-agent. Lawful basis: legitimate interest in server security and aggregate traffic measurement. We do not run analytics scripts, no cookies, no advertising trackers, no third-party measurement tools. There is no cookie consent banner because there is no consent decision to take.
From on-trail photography: photographs taken by the guide family during the trail. Photographs that include identifiable visiting family members are stored only with the family's written consent; we ask at the start of the trail. Photographs published in the December update or on this website are either of cooperative members, of consenting visiting families, or framed so that no visiting family member is identifiable.
4. What we do not collect.
We do not collect payment cards or bank details. Membership payments arrive by direct bank transfer or PayPal; the payment details remain with your bank or PayPal account, not with the cooperative. Trail-fee payments are paid in cash to the guide family on the day of the walk and leave no electronic record with the cooperative office. We do not collect health data, religious affiliation or political views. We do not buy mailing lists. We do not enrich your record with third-party data.
5. Who else sees this information.
Contact-form messages and membership records are visible to Salma Abu Hashem (office secretary and data officer), to the member family relevant to the message, and to the cooperative chair on request. The mail server is hosted in Frankfurt by a German provider under a written processor agreement; the provider's name is available on request to the data officer. Payment records are visible to the cooperative's bank (Banque Misr in Cairo) and, where applicable, to PayPal under their published terms. The Egyptian Tax Authority sees aggregate annual revenue in the cooperative's filings, not individual member records.
6. International transfers.
Because the mail server is in Germany, your email passes through the European Union when sent to or from the cooperative office. The processor agreement reflects standard contractual clauses. Membership records and contact-form archive are held in Tunis Village on encrypted local storage with an off-site mirror in Cairo. There is no transfer of personal data outside Egypt for storage purposes.
7. How long we keep your information.
Contact-form messages that do not lead to a booking or membership are retained for twelve months and then deleted from the editorial mailbox at the next quarterly cycle. If you ask us to delete sooner, we do so within thirty days.
Trail-booking enquiries are retained for two years — long enough for the family to return for a second visit without needing to re-supply context — and then erased unless the family has become a member.
Membership records are retained for the duration of the membership and for seven years thereafter, the retention period required by Egyptian commercial law for accounting documentation. After seven years the personal name and postal address are erased; the anonymised payment-flow record is kept for statistical purposes.
On-trail photographs that include identifiable visiting families are retained for the duration the visiting family consented to. If no specific duration was agreed, the default is five years, after which the cooperative re-asks for consent or erases the image.
Server logs are kept by the hosting provider for fourteen days and are not made available to the cooperative beyond aggregate counts. Aggregate access counts (per page per month) are kept indefinitely; these contain no identifying information.
8. Your rights.
Under Egyptian Personal Data Protection Law (Law 151/2020) and the EU General Data Protection Regulation where it applies, you have the following rights at any time: access (ask what we hold), portability (receive a copy in machine-readable form), rectification (correct what is wrong), erasure (deletion of what we hold), restriction (pause processing while a question is resolved), objection (to legitimate-interest processing) and withdrawal of consent previously given. Requests are handled by the data officer within thirty days, free of charge, in writing.
9. Security measures.
The office computer and the membership archive run on encrypted disks; the off-site Cairo mirror is on similar encrypted storage. The mail server runs over TLS for all client connections. Backups are encrypted at rest and access-controlled to the chair and the data officer. The office is locked outside hours and shares the El-Sayyad family residence's security arrangements; no external storage is unattended outside the premises.
10. Children's data.
Because the cooperative's catalogue is family-rated, we routinely receive the number and ages of children in a visiting party. This information is used to match the family with the right guide and right trail; it is not used for any other purpose, is not shared outside the cooperative, and is retained only as long as the related booking record. We do not knowingly subscribe a child to the membership list. If a parent finds that a child has been recorded against their wishes, they may write to the data officer at any time and the record will be erased within thirty days.
11. On-trail photography — the consent process.
At the start of every trail the guide family asks the visiting party whether photography is acceptable, whether photographs may be used in the cooperative's December update and on this website, and whether the visiting family's faces may be visible. Three answers are recorded: yes-yes-yes, yes-yes-but-not-faces, or no. The answer is noted in the day's logbook. Photographs filed under "not faces" are framed so that no visiting family member is identifiable — silhouettes, hands holding objects, back of heads on a sand crest, that kind of thing. Photographs filed under "no" are taken only if requested by the family and are sent to the family rather than retained by the cooperative.
12. Annual updates and reader contributions.
The cooperative's December update names contributing members and patrons (with their consent) on the contributors page; that consent is asked at the membership-renewal step each year. Reader letters published in the update are attributed by first name and country only; surnames, postal addresses and email addresses are not published. A reader who prefers not to be quoted even in this redacted form should say so in the original message; we always honour the preference and do not publish over a stated wish.
13. Data breaches.
If a breach occurs and is likely to result in a risk to your rights, we notify you by email within seventy-two hours of becoming aware and notify the Egyptian Personal Data Protection Centre in the same window. One minor incident has been logged since 2018 — a member newsletter sent to an address with a typo, returned by the postal service to the office; no further consequence followed. The annual transparency note summarises any incidents from the previous year.
14. Cookies and trackers.
This website sets no cookies. There is no analytics cookie, no consent cookie, no preference cookie. The session storage and the local storage are not used. The standard HTTP cache headers are the only client-side state involved. If a browser extension that monitors trackers reports anything on a page of this site, please tell the data officer; we have configured the site carefully and would want to know.
15. Profiling and automated decisions.
We do not run profiling and do not run automated decisioning. Every reply is composed by a human at the office or by a member family; every membership action is taken by the secretary. The catalogue is curated by people. We do not use machine-learning systems on personal data of any kind.
16. Changes to this notice.
This notice is reviewed every June. Material changes are notified to active members by email at least thirty days before they take effect. The full history of changes since the cooperative's first online presence in 2009 is held by the data officer and available on request. The current version is the one published here, with the review date at the top.
17. Contact for any data question.
Salma Abu Hashem, data officer, Compass & Camel Trails Cooperative S.A.E.
Email: [email protected] · subject line "data request"
Telephone: +20 84 6629 318 · Sunday–Thursday 10:00–14:00 Cairo time
Postal: 31 Sharia al-Sayyad, Tunis Village, Fayoum 63511, Egypt — mark the envelope "data officer".