1. Purpose of This Policy
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including:
- Providing our verification services to you or your organization
- Complying with legal and regulatory obligations under Egyptian law
- Resolving disputes and enforcing our agreements
- Preventing fraud and ensuring security
- Legitimate business interests such as improving our services
2. Data Retention Periods
The following table summarizes our retention periods for different categories of personal data:
| Data Category | Retention Period | Reason for Retention |
|---|---|---|
| Account Information (company name, email, phone, address) |
Duration of active account + 5 years after account closure | Legal compliance, audit trails, and potential re-activation |
| Verification Request Data (candidate name, ID, certificates, etc.) |
7 years from completion of verification | Legal retention under Egyptian record-keeping laws; ability to re-verify if needed |
| Verification Reports (final reports delivered to client) |
7 years from date of report | Client reference, dispute resolution, and regulatory requirements |
| Biometric Data (fingerprints) |
Deleted immediately after verification request is completed (max 30 days) | Sensitive data requires minimal retention; security approval purposes only |
| Payment Information (transaction records, billing details) |
10 years from transaction date | Egyptian tax law (Law No. 206 of 2020) and anti-fraud regulations |
| Communication Logs (support emails, chat transcripts) |
3 years from last communication | Customer service improvement and dispute resolution |
| Website Usage Data (IP addresses, analytics, cookies) |
14 months for analytics; session cookies deleted when browser closes | Performance improvement and security monitoring |
| Marketing Data (email subscriptions, preferences) |
Until you unsubscribe or request deletion, plus 1 year for records | Consent management and legal proof of opt-out |
| Security Logs (login attempts, access records) |
1 year | Security incident investigation and fraud prevention |
3. Data Deletion Procedures
3.1 Automated Deletion
Where retention periods expire, data is automatically deleted or anonymized through our secure data deletion processes. This includes:
- Biometric data deletion upon verification completion
- Session cookie expiration
- Anonymization of analytics data after 14 months
3.2 Manual Deletion Requests
You may request early deletion of your data by contacting info@nusafir.com. However, we may be required to retain certain information for legal or legitimate business purposes, including:
- Ongoing legal proceedings or disputes
- Tax or audit requirements
- Fraud investigations
- Compliance with court orders or government requests
3.3 Account Closure
When you close your Nusafir account:
- Your account will be deactivated immediately
- You will no longer be able to access your account or past reports
- Your personal data will be retained for the periods specified above
- After the retention period expires, your data will be permanently deleted
4. Data Anonymization
In some cases, we may anonymize personal data rather than delete it. Anonymized data can no longer be linked to an identifiable individual and may be retained indefinitely for statistical research, business analysis, and service improvement.
5. Third-Party Data Retention
We engage third-party service providers who may store data on our behalf. These providers have their own retention policies, but we contractually require them to delete or return data upon termination of services. Key third parties include:
- Payment Gateways (Stripe, PayPal, PayMob): Retain transaction data per their policies (typically 7-10 years for compliance).
- Cloud Hosting Providers: Retain backups as per their retention schedules.
- Verification Partners (Universities, Government Databases): We do not control their retention policies but ensure data is used only for the specific verification.
For details, please review the privacy policies of those third parties.
6. Your Rights Regarding Data Retention
Under Egyptian Personal Data Protection Law No. 151 of 2020, you have the right to:
- Request deletion of your personal data (subject to legal retention requirements)
- Request restriction of processing while retention disputes are resolved
- Object to retention based on legitimate interests
- Receive confirmation of whether your data is being retained
To exercise these rights, contact our Data Protection Officer at dpo@nusafir.com.
7. Data Retention for Candidates (Individuals Verified)
If you are an individual whose data was submitted by a client company or embassy for verification:
- You have the right to request information about what data we hold about you
- You may request deletion of your data, but note that your data may be retained as required by law or under our client's instructions
- Verification reports are considered the property of the client who requested them, subject to data protection laws
Please contact us at info@nusafir.com for assistance.
8. Data Breach Notification & Retention
In the event of a data breach, we retain relevant logs and evidence for a minimum of 3 years after resolution of the incident, or as required by law. This may include extended retention of affected data for investigation and notification purposes.
9. Changes to This Policy
We may update this Data Retention Policy from time to time. The latest version will always be available at nusafir.com/data-retention.php. Material changes will be notified via email or website notice.
10. Contact Information
For questions about data retention, deletion requests, or this policy:
- Email: info@nusafir.com
- Data Protection Officer: dpo@nusafir.com
- Phone: +201210345630
- Address: Nusafir for Verification Services, Mansoura, Egypt
- Shortest: Biometric data (deleted within 30 days)
- Medium: Account and verification data (5-7 years)
- Longest: Payment records (10 years for tax compliance)
- Permanent: Anonymized statistical data (indefinite)