Privacy Policy — Nusafir

Last Updated: April 20, 2025

        Nusafir for Verification Services ("Nusafir", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website nusafir.com and our verification services. Please read this policy carefully. By accessing or using our services, you consent to the practices described in this policy.
    

1. Information We Collect

1.1 Information You Provide to Us

Account Information: When you register as a company, embassy, or ministry, we collect your organization name, registration number, address, contact person name, email address, phone number, and password.
Verification Request Data: Candidate information including full name, date of birth, national ID number, educational certificates, employment history, criminal record references, and any other data required to complete the requested verification.
Payment Information: When you make a payment, our payment gateway partners collect billing details, card information, and transaction history. Nusafir does not store full credit card numbers.
Communications: Information you provide when contacting our support team, responding to surveys, or submitting feedback.

1.2 Information Automatically Collected

Usage Data: IP address, browser type, operating system, referring URLs, pages viewed, time and date of access, and other diagnostic data.
Cookies & Tracking Technologies: We use cookies to remember your preferences, analyze site traffic, and improve your experience. You can disable cookies in your browser settings.
Device Information: Information about the device you use to access our services (e.g., device model, unique device identifiers).

1.3 Sensitive Data

We may collect biometric data (fingerprints) as part of our fingerprint capture service. This data is handled under strict security protocols authorized by the Egyptian Ministry of Higher Education and is never stored longer than necessary for the specific verification request.

2. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To process verification requests, communicate with educational institutions and government bodies, and deliver reports.
Account Management: To create and maintain your account, authenticate users, and provide customer support.
Payment Processing: To facilitate payments through our secure payment gateways.
Legal Compliance: To comply with Egyptian laws, including PDPL No. 151 of 2020, anti-fraud regulations, and anti-money laundering requirements.
Improvement & Analytics: To analyze usage patterns, improve our website and services, and develop new features.
Communications: To send service updates, invoices, security alerts, and respond to inquiries.
Security: To detect, prevent, and investigate security incidents, fraud, or violations of our Terms of Service.

3. Legal Basis for Processing (for GDPR/International Clients)

For individuals in jurisdictions requiring a legal basis for data processing, we rely on:

Contractual Necessity: Processing is necessary to perform our contract with your organization.
Legal Obligation: Processing is required to comply with Egyptian law.
Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, analytics).
Consent: Where you have given explicit consent (e.g., for certain marketing communications).

4. Sharing Your Information

We do not sell your personal data. We may share information in the following circumstances:

4.1 Third-Party Service Providers

Payment Gateways: Stripe, PayPal, PayMob, or other processors to handle transactions. These providers are PCI-DSS compliant.
Verification Partners: Egyptian universities, government databases, and criminal record authorities to complete verification checks.
Cloud Hosting & Security: Secure hosting providers and security monitoring services.
Analytics: Google Analytics and similar tools to understand website usage (anonymized where possible).

All third-party providers are contractually obligated to protect your data and use it only for the specified services.

4.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, including to comply with Egyptian national security or law enforcement obligations.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you of any such change.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Account Data: Retained for the duration of your active account plus 5 years for legal and audit purposes.
Verification Reports: Retained for 7 years from the date of completion to comply with record-keeping regulations.
Biometric Data: Deleted immediately after the verification request is completed, unless otherwise required by law.
Payment Records: Retained for 10 years to comply with Egyptian tax and anti-fraud laws.
Marketing Data: Retained until you unsubscribe or request deletion.

You may request deletion of your data by contacting info@nusafir.com. However, we may retain certain information as required by law or for legitimate business purposes.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data transmitted between your browser and our servers uses TLS 1.2+ encryption. Stored data is encrypted at rest using AES-256.
Access Controls: Only authorized personnel have access to personal data, and access is logged and monitored.
Secure Payment Processing: Payment data is handled directly by PCI-DSS Level 1 certified payment gateways. Nusafir never stores full card numbers or CVV codes.
Regular Audits: We conduct security assessments and vulnerability scans regularly.
Employee Training: All staff receive data protection and privacy training.

While we strive to protect your information, no transmission over the internet is 100% secure. You use our services at your own risk.

7. Your Rights (Egyptian PDPL & International)

Under Egyptian Personal Data Protection Law No. 151 of 2020 and similar international laws, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
Right to Restrict Processing: Limit how we use your data in certain circumstances.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent: Withdraw previously given consent at any time.

To exercise these rights, contact us at info@nusafir.com. We will respond within 30 days as required by Egyptian law.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. Types of cookies we use:

Essential Cookies: Required for site functionality (e.g., login sessions, shopping cart).
Preference Cookies: Remember your settings and preferences.
Analytics Cookies: Help us understand how visitors use our site (Google Analytics).
Marketing Cookies: Used to deliver relevant advertisements (only with your consent).

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect site functionality.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. International Data Transfers

Nusafir operates primarily within Egypt. However, we may use third-party service providers located outside Egypt (e.g., cloud hosting, payment gateways). When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, in compliance with Egyptian PDPL.

11. Third-Party Links

Our website may contain links to external sites (e.g., payment gateways, government portals). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available at nusafir.com/privacy.php. Material changes will be notified via email or a prominent notice on our website. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with this Privacy Policy and Egyptian PDPL. You may contact our DPO at:

Email: dpo@nusafir.com
Phone: +201210345630
Address: Data Protection Officer, Nusafir, Mansoura, Egypt

14. Complaints

If you believe we have violated your privacy rights, you may file a complaint with us at info@nusafir.com. You also have the right to lodge a complaint with the Egyptian Data Protection Center (the supervisory authority under PDPL) once established.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@nusafir.com
Phone: +201210345630
Address: Nusafir for Verification Services, Mansoura, Egypt