1. Introduction
Khoroum Valley / Zamna Festival ("we", "us", "our") is operated by MAXIMA FOR MANAGING TOURISTIC ENTITIES CO. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website khoroumvalley.com and use our services, including in connection with our festival events in Sharm El Sheikh, Egypt.
We process personal data in compliance with the European General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
MAXIMA FOR MANAGING TOURISTIC ENTITIES CO
9 El Sabaa St., Heliopolis
Cairo
Arab Republic of Egypt
Tax Card No.: 212-897-365
Email: contact@khoroumvalley.com
WhatsApp: +20 122 822 0601
3. Data We Collect
We may collect and process the following categories of personal data:
a) Data You Provide
- Contact information (email, phone, WhatsApp messages)
- Newsletter email address and preferred language when you sign up for updates
- Optional first name when you sign up for our newsletter (for personalized emails)
- Booking and reservation details (VIP tables, ticket purchases)
- Payment information (processed securely via third-party payment providers)
b) Automatically Collected Data
- IP address and browser type
- Device information and operating system
- Pages visited, time spent, and navigation patterns
- Referral source
- Essential cookies (see our Cookie Policy)
4. How We Use Your Data
We process your personal data for the following purposes:
- To provide and manage our services (ticket sales, VIP bookings)
- To send festival updates, lineup announcements, and ticket release notifications if you subscribe to our newsletter
- To respond to your inquiries and provide customer support
- To improve our website, services, and user experience
- To comply with legal obligations
- To ensure the security of our website and services
6. Legal Basis for Processing
We process your data based on the following legal grounds under the GDPR:
- Contract Performance (Art. 6(1)(b) GDPR): Processing ticket purchases and VIP reservations
- Consent (Art. 6(1)(a) GDPR): Sending newsletter and festival update emails
- Legitimate Interest (Art. 6(1)(f) GDPR): Fraud prevention and service improvement
- Legal Obligation (Art. 6(1)(c) GDPR): Tax and accounting requirements
7. Third-Party Services
We use the following third-party services that may process your data:
a) Ticket Tailor
Our ticketing is provided by Ticket Tailor. When purchasing tickets through our Ticket Tailor shop, your data is processed according to Ticket Tailor's Privacy Policy.
b) Stripe
Payment processing is handled by Stripe. Your payment data is processed securely according to Stripe's Privacy Policy.
c) WhatsApp (Meta)
When you contact us via WhatsApp, your messages and contact data are processed by Meta.
d) Supabase
Newsletter signups are stored in a database hosted by Supabase Inc. Supabase processes subscriber email addresses, language preferences, and signup timestamps on our behalf as a data processor.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specifically:
- Booking and transaction data: retained for the duration required by tax law (typically 7–10 years)
- Contact inquiries: 12 months after resolution
- Newsletter subscriptions: until you unsubscribe or request deletion
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access – Request a copy of the data we hold about you
- Right to Rectification – Request correction of inaccurate data
- Right to Erasure – Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing – Limit how we use your data
- Right to Data Portability – Receive your data in a structured, machine-readable format
- Right to Object – Object to processing based on legitimate interests
To exercise any of these rights, please contact us at contact@khoroumvalley.com. We will respond to your request within 30 days.
10. Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA), including in the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the EU-U.S. Data Privacy Framework.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include SSL encryption, secure hosting, and access controls.
12. Right to Lodge a Complaint
If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
