PDPL Policy

PDPL Policy

Privacy & Data Protection Policy (Egypt — Dive Centre)

1. Introduction & Scope

[Circle Divers] (“we”, “us”, “our”) commits to protecting your personal data and privacy. This Policy explains how we collect, use, disclose, store, and protect your personal data when you use our website, programs, courses, or diving services in Egypt.

This Policy is based on Egypt’s Law No. 151 of 2020 on the Protection of Personal Data (PDPL) (in force since October 2020) and applicable Egyptian laws. 

This Policy applies to all personal data processed by us as a controller or processor inside or outside Egypt concerning data subjects in Egypt.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (e.g. name, contact details, health data, certification numbers). 

  • Sensitive Personal Data: Data that discloses health, biometric, financial, political, religious beliefs, etc. In PDPL, health and medical data are treated as sensitive data. 

  • Processing: Any operation performed on personal data (collection, storage, use, sharing, deletion). 

  • Controller / Data Controller: The entity deciding on the purposes and means of processing personal data. 

  • Processor: Any person or entity processing data on behalf of the controller. 

    Data Subject: The natural person whose personal data is processed.

  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to processing of personal data. 

3. Who We Are / Contact Details

  • Business Name: [Circle Divers]

  • Address: [Badawai Hotel, El Ferouseya Street, Hadaba, Sharm El Sheikh]

  • Email: [[email protected])

  • Phone: [+2 069 3666764]

  • Data Controller / Responsible Person: [Centre Manager or DPO]


4. Personal Data We Collect & Why

Below is the type of data we collect, and the purposes / legal bases for processing:

Category of Data Purposes of Use Legal Basis / Justification
Contact & identity info (name, address, email, phone) To manage bookings, courses, communication, registration Consent; performance of contract; legitimate interest
Booking & transaction info (course dates, equipment hire, payments) To fulfil contract obligations, manage payments Performance of contract
Health / medical information / emergency contacts To satisfy safety, insurance, dive-fit requirements Explicit consent (sensitive data)
Certification & training records (agency, qualification, number) To issue certification, maintain training logs Performance of contract; legal / regulatory compliance
Website usage / technical data (IP address, browser, cookies, analytics) To monitor, analyze, improve website & services Consent (for non-essential cookies); legitimate interest (for essential ones)
Marketing preferences To send promotional or informational materials Explicit consent (opt-in)


We collect only data necessary and relevant to those purposes (data minimisation).

5. Lawfulness & Conditions for Processing

Under Egypt’s PDPL:

  • We must obtain explicit consent from the data subject when processing personal or sensitive personal data, unless another legal basis exists. 

  • Processing must be for a specific, declared, and legitimate purpose

  • Data should be accurate, kept up to date, and corrected when needed. 

  • Data must not be retained longer than necessary; once purpose is fulfilled, data should be deleted or anonymised unless law requires retention. 

    We are accountable and must demonstrate compliance.

6. Data Storage, Security & Retention

  • All data will be stored securely (on encrypted servers, access controls, strict internal procedures).

  • Sensitive data (health, medical records) will be handled with heightened security and limited access.

  • Retention periods:
    – Booking, transaction, and contact data: up to 7 years (for legal / accounting / safety reasons)
    – Health / medical / safety data: until one year after last service, unless regulations require longer
    – Marketing consent and preference data: until consent is withdrawn

After the retention period, data will be securely anonymised or deleted.

7. Third-Party Sharing / Disclosures

We may share or disclose your data with:

  • Training / Certification agencies (e.g. PADI, SSI) to issue and verify certifications

  • Payment processors / banks to process payments

  • Insurance companies or authorities, in case of incidents, claims, accidents

  • Legal or regulatory authorities if required by Egyptian law or for compliance

  • Third-party service providers (hosting, analytics providers, marketing platforms) under contractual obligations and privacy safeguards

We do not sell your personal data.

When transferring data outside Egypt, we ensure there is an equivalent level of protection or explicit consent for such transfer. 

8. Rights of Data Subjects

Under PDPL, you have the following rights:

  • Access: Obtain a copy or view your personal data held by us

  • Rectification / Correction: Ask us to correct or update inaccurate or incomplete data

  • Erasure (“Right to be forgotten”): Request deletion of your data when there is no lawful reason to retain it

  • Restriction of Processing: Ask to limit how your data is used

  • Object: Object to certain types of processing (e.g. direct marketing)

  • Withdraw Consent: You may withdraw your consent at any time (for processing based on consent)

  • Right to be informed / Notification of Breach: We must notify you in case your data is breached and there is a risk to your rights & freedoms

You may exercise these rights by contacting us at [Contact Email / address]. We will respond within the statutory time frame (commonly 30 days or faster).

If you are not satisfied, you may lodge a complaint with Egypt’s Personal Data Protection Centre (PDPC)

9. Cookies & Similar Technologies

9.1. Overview

We use cookies and similar tracking technologies (pixel tags, web beacons) on our website to improve functionality, measure performance, and for marketing.

While Egypt’s law does not currently have specific cookie rules, cookies fall under general data processing rules in PDPL. For cookies collecting personal data, explicit consent is needed. 

We follow these principles:

  • Transparency: informing users about which cookies are used and why

  • Consent: obtaining explicit consent before placing non-essential cookies

  • Opt-out: letting users refuse or withdraw consent

  • Minimisation & retention: using only necessary cookies and retaining data only as long as needed

9.2. Types of Cookies We Use

Type Purpose Essential?
Strictly Necessary Cookies For core site functionality (login, sessions, navigation) Yes
Performance / Analytics Cookies To analyze usage, improve site performance (e.g. Google Analytics) No (requires consent)
Functional Cookies To remember preferences (language, local settings) No (requires consent)
Advertising / Marketing Cookies For personalized ads, retargeting No (requires consent)

9.3. Cookie Consent Banner & Controls

When you first arrive on the website, a cookie banner may appear, explaining that we use cookies, and asking your consent to non-essential cookies (analytics, marketing). You can accept or refuse. If you refuse, non-essential cookies will be disabled.

You may also change your cookie preferences at any time via a link in the footer (“Cookie Settings”) or via your browser settings.

9.4. Retention & Deletion

Cookies will remain active only for as long as necessary for their purpose (e.g. session cookies are deleted after session; analytics cookies may last 6–24 months). You can delete cookies via browser settings.

10. Direct Marketing & Communications

We will only send marketing or promotional messages (email, SMS, newsletters) if you have explicitly opted in (consented). You can withdraw or unsubscribe at any time.

We will respect your choice and cease marketing communications upon opt-out.

We keep a record of marketing consents and preferences.

11. Data Breach & Notification

In case of a personal data breach (unauthorised access, loss, leaking of personal data):

  • We will notify the PDPC and affected data subjects within 72 hours of becoming aware of the breach (if it poses a risk). 

  • We will provide information about the nature of the breach, likely consequences, and measures taken to mitigate it.

  • We will document the breach, the causes, the remedial steps taken, and improvements to avoid recurrence.

12. Cross-border Transfers

Transferring personal data outside Egypt is allowed only if:

  • The destination country ensures a level of data protection similar to Egypt, or

  • Explicit consent is obtained from the data subject, or

  • Other legal safeguards are in place. 

We will ensure contractual or technical safeguards (standard contractual clauses, encryption, etc.) for any such transfer.

13. Accountability & Documentation

We maintain records of our processing activities, decisions, data flows, consents, and security measures. We periodically review and audit our data practices.

If required, we will register or be licensed with the PDPC. 

14. Children’s Data

If we collect data about minors (under legal age), we will do so only with the explicit consent of a legal guardian. Also, children’s data is considered sensitive under PDPL. 

We shall take additional protections when handling children’s data, limiting access and storage.

15. Changes to This Policy

We may update this Policy from time to time (due to legal changes, business changes). The “Last updated” date will be shown at the top.

We may notify users of material changes (e.g. by email or highlight on site) where required.

16. Contact & Complaints

If you have questions, want to exercise your rights, or file a complaint:

  • Contact us: [[email protected]], [Circle Divers, Badawai Hotel, Al Ferouseya St, Hadaba, Sharm el Sheikh, 46619]

  • If unsatisfied, you can file a complaint with Egypt’s Personal Data Protection Centre (PDPC) or the competent regulatory body. 

Last updated: [10/10/25]


Whatsapp
Special Offer