Privacy notice

What this site collects, and why almost nothing.

Short version: this is a personal notebook with no advertising and no tracking, and we collect only what is needed to run the site and to answer letters.

Last updated: 30 April 2026.

Who we are

Pass Museum Online is published by Nadia Farouk, a private individual based in Cairo, Egypt. There is no company, no parent group, no investor. The site is hosted under the domain pass-museum-online.lat.

For the purposes of the EU General Data Protection Regulation (GDPR), Nadia Farouk is the data controller. For the purposes of Egyptian Personal Data Protection Law No. 151 of 2020 (and the executive regulations issued under it), Nadia Farouk is the data controller and processes only the categories of personal data listed below.

What we collect

  1. Server logs. The hosting provider records the IP address, the date and time of each request, the URL requested, the referrer (if any), and the browser user agent. These logs are kept for thirty (30) days for diagnostic purposes and are then deleted automatically. Lawful basis: legitimate interest in operating the site safely (Art. 6(1)(f) GDPR; Art. 2 of Law 151/2020 for ordinary personal data).
  2. Messages from the contact form and direct emails. If you write to us, we keep your name, email address, and the contents of your message for as long as the correspondence is open, plus a further twelve (12) months in case you write again. Lawful basis: consent and the legitimate interest in replying.
  3. No tracking cookies, no analytics. The site does not set tracking cookies. It does not embed Google Analytics, Meta Pixel, TikTok Pixel, Hotjar, Clarity, or any comparable product. There is no advertising network on this site. There are no remarketing pixels.

What we do not do

  • We do not run advertising of any kind.
  • We do not sell data, rent it, or pass it to a third-party data broker.
  • We do not use your data to build profiles or to train machine learning models.
  • We do not transfer personal data outside of Egypt or the EEA except to deliver email replies through ordinary email infrastructure.

Fonts and embedded resources

The site loads two fonts — DM Serif Display and IBM Plex Sans — from Google Fonts. When your browser requests a font file, Google may receive your IP address as part of the request. We do not receive that information ourselves. If this concerns you, most browsers offer a setting to disable third-party requests; the site falls back to a system serif and sans-serif and remains fully readable.

Your rights

Under GDPR and under the Egyptian Personal Data Protection Law, you have the right to:

  • Ask what personal data we hold about you (right of access).
  • Correct inaccurate personal data (rectification).
  • Ask us to delete personal data we no longer need (erasure).
  • Object to processing on the basis of legitimate interest.
  • Withdraw your consent at any time, where consent is the basis.
  • Lodge a complaint with the supervisory authority — in Egypt, the Personal Data Protection Center (المركز المصري لحماية البيانات الشخصية); in the EU, the data protection authority of your country.

To exercise any of these rights, write to [email protected]. We try to reply within thirty (30) days.

Children

The site is intended for an adult readership. We do not knowingly collect personal data from anyone under sixteen (16). If you believe a child has sent us a message, please write and we will delete it.

Security

The site is served over HTTPS. Email is delivered through a standard provider with TLS in transit. We do not store your message on a public server.

Changes

If this notice changes, we update the date at the top. Material changes are flagged on the home page for thirty days.

Questions: [email protected].