1. Introduction
Egypt Wonders Tours ("we," "us," or "our") is an enterprise-grade booking platform operated by Vyricon Capital, a subsidiary of Hexus Global Holdings, Inc.
About Vyricon Capital: Vyricon Capital is specialized in international capital management and financial operations subsidiary within the Hexus Global Holdings portfolio. Headquartered in Miami, Florida, Vyricon Capital manages payment processing, transaction orchestration, and financial services for Hexus's international enterprise platforms, including Egypt Wonders Tours.
About Hexus Global Holdings: Hexus Global Holdings, Inc. is a privately held American corporation incorporated in 2019, headquartered in Miami, Florida, with global offices in London (One Canada Square), Sweden, Switzerland, and forthcoming expansions in Dubai and Riyadh. Hexus functions as a parent entity overseeing an integrated network of advanced technology, venture investment, and creative development companies through its subsidiaries:
- Hexus Labs – AI research, software engineering, web and mobile development
- Hexus Ventures – Venture investment and portfolio management
- Hexus Studios – Creative development and marketing strategy
- Cerberus for Cybersecurity – Enterprise cybersecurity solutions
- Vyricon Capital – International Capital management and financial operations
At the core of the portfolio lies Theia AI Systems, Hexus's flagship AI platform built on proprietary GPU infrastructure leveraging quantum computational power, offered exclusively to enterprise clients.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform at egyptwonders.net (the "Platform") to book tours and experiences in Egypt.
We are committed to protecting your privacy and complying with applicable data protection laws, including:
- EU General Data Protection Regulation (GDPR) – EU Regulation 2016/679
- Egyptian Personal Data Protection Law (PDPL) – Law No. 151 of 2020
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) – California Civil Code §1798.100 et seq.
- US State Privacy Laws – Including Delaware, Maryland, Minnesota, Nebraska, New Jersey, Tennessee, Virginia, Colorado, and other applicable state privacy statutes
- Federal Trade Commission Act (FTC Act) – 15 U.S.C. §§ 41-58
- Payment Card Industry Data Security Standard (PCI DSS v4.0)
2. Data Controller and Data Protection Officer
Data Controller:
Vyricon Capital
c/o Hexus Global Holdings, Inc.
1200 Brickell Avenue, Suite 800
Miami, FL 33131, United States
Email: privacy@vyricon.com
Phone: +1 (866) 606-6606
Data Protection Officer (DPO):
Email: dpo@vyricon.com
Available Monday–Friday, 9:00 AM – 6:00 PM EST
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, Vyricon Capital acts as the data controller for personal data processed through the Platform. We have appointed a Data Protection Officer responsible for overseeing compliance with GDPR and responding to data subject requests.
3. Personal Information We Collect
3.1 Information You Provide Directly
Account Registration:
- Full name, email address, phone number, mailing address
- Date of birth (for age verification and tour eligibility)
- Password (encrypted), profile photo (optional)
Booking and Reservation Information:
- Tour selections and preferences
- Travel dates and itinerary
- Number of travelers
- Special requests (dietary restrictions, accessibility needs, language preferences)
- Emergency contact information
Payment Information:
- Credit/debit card information (collected and processed securely by Vyricon Capital)
- Billing address, transaction history
Payment Processing: Vyricon Capital processes all payment transactions for Egypt Wonders Tours in partnership with Stripe, Inc., a PCI DSS v4.0 Level 1 certified payment processor. Payment card data is never stored on Egypt Wonders Tours servers. All payment information is encrypted end-to-end using industry-standard encryption (TLS 1.3, AES-256).
3.2 Information We Collect Automatically
- IP address and geolocation data (city/country level)
- Device type, operating system, browser type
- Pages visited, time spent on pages, clickstream data
- Referral sources (how you arrived at our Platform)
- Cookies and similar tracking technologies (see Section 11)
3.3 Information from Third Parties
- Social Media Integration: If you create an account using Google, Facebook, or Apple Sign-In, we receive basic profile information as authorized by you
- Business Partners and Tour Operators: Confirmation of tour availability, pricing updates, and itinerary changes
- Payment Processors: Transaction confirmation, fraud detection signals, and payment verification status from Stripe, Inc.
4. Legal Basis for Processing (GDPR)
For users in the EEA, UK, or Switzerland, we process your personal information only when we have a lawful basis under GDPR Article 6:
| Purpose | Legal Basis |
|---|
| Account creation and management | Contractual necessity (GDPR Art. 6(1)(b)) |
| Processing bookings and payments | Contractual necessity (GDPR Art. 6(1)(b)) |
| Fraud prevention and security | Legitimate interests (GDPR Art. 6(1)(f)) |
| Marketing communications | Consent (GDPR Art. 6(1)(a)) or legitimate interests |
| Legal compliance (tax, AML, KYC) | Legal obligation (GDPR Art. 6(1)(c)) |
| Analytics and platform improvement | Legitimate interests (GDPR Art. 6(1)(f)) |
Withdrawal of Consent: You may withdraw consent at any time by contacting us at privacy@vyricon.com or through your account settings. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
5. How We Use Your Personal Information
5.1 Service Delivery
- Booking and Reservation Management: Process tour bookings, send confirmations, and manage itineraries
- Payment Processing: Facilitate secure payment transactions through Vyricon Capital's payment infrastructure in partnership with Stripe, Inc.
- Customer Support: Respond to inquiries, resolve issues, and provide assistance
- Tour Coordination: Share necessary information with tour operators, guides, and transportation providers
5.2 Platform Operations
- Account Management: Maintain user accounts, preferences, and booking history
- Security and Fraud Prevention: Detect and prevent fraudulent transactions, unauthorized access, and security threats
- Analytics and Improvement: Analyze usage patterns to improve platform performance and user experience
5.3 AI and Automated Decision-Making
We leverage Theia AI Systems, Hexus's proprietary AI platform built on proprietary GPU infrastructure and quantum computational power, to:
- Provide personalized tour recommendations based on your preferences and browsing history
- Optimize pricing and availability in real-time
- Detect fraudulent booking patterns and payment anomalies
Your Rights: Under GDPR Article 22 and CCPA, you have the right to opt out of automated decision-making, request human review of automated decisions, and challenge the accuracy or fairness of automated decisions.
6. How We Share Your Personal Information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share your information only in the following circumstances:
6.1 Within Hexus Global Holdings
- Hexus Labs: Provides cloud infrastructure, cybersecurity monitoring, and AI/ML services (Theia AI Systems)
- Cerberus for Cybersecurity: Provides threat detection, security monitoring, and incident response services
6.2 External Service Providers
- Payment Processing: Vyricon Capital partners with Stripe, Inc., a PCI DSS v4.0 Level 1 certified payment processor
- Tour Operators and Ground Services: We share booking details with licensed tour operators, guides, hotels, and transportation providers
- Customer Support: Third-party customer support platforms bound by data processing agreements
6.3 Legal and Compliance Disclosures
We may disclose your personal information when required by law, to respond to legal process, cooperate with law enforcement, or protect our rights.
7. International Data Transfers
Vyricon Capital and Hexus Global Holdings operate globally, with offices and data centers in the United States, United Kingdom (London, One Canada Square), Sweden, and Switzerland. Tour operators and service providers are located primarily in Egypt.
7.1 GDPR Safeguards (EEA/UK/Switzerland Users)
- Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses for transfers to third countries
- Adequacy Decisions: We transfer data to the UK and Switzerland under EU adequacy decisions
- Transfer Impact Assessments (TIAs): We conduct assessments for all third-country transfers
7.2 Data Storage Locations
- United States: Miami (HQ), AWS US-East-1 (Virginia), AWS US-West-2 (Oregon)
- European Union: London (One Canada Square), AWS EU-West-1 (Ireland)
- Egypt: Tour operator systems and local booking infrastructure
8. Your Privacy Rights
8.1 GDPR Rights (EEA/UK/Switzerland)
- Right of Access (Art. 15): Request a copy of the personal information we hold about you
- Right to Rectification (Art. 16): Correct inaccurate or incomplete personal information
- Right to Erasure (Art. 17): Request deletion of your personal information
- Right to Restriction (Art. 18): Request that we limit processing in certain circumstances
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to Object (Art. 21): Object to processing based on legitimate interests
- Right Not to Be Subject to Automated Decision-Making (Art. 22)
To Exercise Your Rights: Email dpo@vyricon.com with subject "GDPR Data Subject Request". We will respond within 30 days.
8.2 Egyptian PDPL Rights (Law 151/2020)
Under Egyptian law, you have the right to access, correct, delete, restrict, object to processing, withdraw consent, and be informed of data breaches. Email privacy-egypt@vyricon.com. We will respond within 15 days.
8.3 CCPA/CPRA Rights (California Residents)
- Right to Know (§1798.100): Request disclosure of personal information collected
- Right to Delete (§1798.105): Request deletion of personal information
- Right to Correct (§1798.106): Request correction of inaccurate information
- Right to Opt Out of Sale/Sharing (§1798.120): We do not sell personal information
- Right to Non-Discrimination (§1798.125)
Response Time: We will respond to verifiable requests within 45 days.
9. Data Retention
| Data Category | Retention Period |
|---|
| Account information | Duration of account + 3 years after closure |
| Booking and payment records | 7 years after transaction |
| Customer support communications | 5 years |
| Marketing communications | Until consent is withdrawn + 2 years |
| Technical logs and analytics | 26 months |
| Identity verification documents | 5 years after last booking |
After retention periods expire, we securely delete or anonymize personal information in accordance with industry best practices (NIST SP 800-88 media sanitization guidelines).
10. Data Security
Vyricon Capital and Hexus Global Holdings implement industry-leading technical and organizational measures to protect your personal information.
Technical Safeguards
- Encryption: TLS 1.3 with 256-bit AES encryption in transit; AES-256 encryption at rest with HSMs
- Payment Security: PCI DSS v4.0 Level 1 certified via Stripe; tokenization; no storage of full card numbers
- Infrastructure Security: AWS SOC 2 Type II certified data centers; MFA required for admin access; regular penetration testing by Cerberus
- Access Controls: Role-based access control (RBAC); audit logging; annual security training
Certifications and Audits
- SOC 2 Type II compliance (annual audits)
- ISO/IEC 27001 Information Security Management System (certification in progress)
- PCI DSS v4.0 compliance (via Vyricon Capital and Stripe)
- Annual third-party security assessments
11. Cookies and Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content.
Types of Cookies
- Essential Cookies (Required): Session management, authentication, security, and fraud prevention
- Analytics Cookies (Optional): Google Analytics 4, Mixpanel, Hotjar for traffic analysis and user behavior
- Marketing Cookies (Optional): Google Ads, Meta Pixel for personalized advertising
- Preference Cookies (Optional): Language selection, currency preferences, UI customization
Your Cookie Choices: Use our cookie consent banner to accept or reject non-essential cookies. You can update preferences anytime via the cookie settings panel.
Global Privacy Control (GPC): We honor GPC signals from your browser as an opt-out request for targeted advertising and data sharing.
12. Third-Party Links and Services
The Platform may contain links to third-party websites, services, or social media platforms. We are not responsible for the privacy practices, content, or security of third-party websites. Before providing personal information to third parties, review their privacy policies. Our Privacy Policy does not apply to third-party websites or services.
13. Children's Privacy
Egypt Wonders Tours does not knowingly collect personal information from children under the age of 16 (or the applicable age of digital consent in your jurisdiction, e.g., 13 in the US, 16 in the EU).
Parental Consent: If you are under 16, you may only use the Platform with the involvement and consent of a parent or legal guardian. Bookings for minors must be made by an adult. If we become aware that we have collected personal information from a child without parental consent, we will delete the information promptly. Parents or guardians may request deletion by contacting privacy@vyricon.com.
14. Marketing Communications and Opt-Out
We may send you marketing communications about new tours, special offers, and updates to our services.
- EU/EEA/UK: We send marketing emails only with your explicit opt-in consent (GDPR Art. 6(1)(a))
- US: We may send marketing to existing customers based on legitimate interests with easy opt-out (CAN-SPAM Act compliance)
- Egypt: We send marketing only with your prior consent (PDPL compliance)
Opt-Out: Unsubscribe via the link in any marketing email, update your account settings, or email unsubscribe@vyricon.com.
15. California "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request information about personal information shared with third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your explicit consent.
16. Nevada Privacy Rights
Nevada residents have the right to opt out of the "sale" of personal information to third parties. We do not sell personal information as defined by Nevada law (NRS 603A).
17. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or technological developments.
- Material Changes: We will notify you via email or prominent notice on the Platform at least 30 days before changes take effect
- Minor Changes: We will update the "Last Updated" date at the top of this Policy
Continued use of the Platform after changes take effect constitutes acceptance of the revised Privacy Policy. If you do not agree, discontinue use and contact us to close your account.
18. International Users
- European Union / EEA / UK: Your personal information is protected by GDPR. You have the right to lodge a complaint with your local Data Protection Authority.
- Egypt: Your personal information is protected by Law No. 151 of 2020 (PDPL). You may file complaints with the Egyptian Personal Data Protection Center at the Ministry of Communications and Information Technology.
- United States: If you are a California resident or resident of another US state with privacy laws, you have specific rights as described in Section 8.3 and 8.4.
- Germany: German users have additional rights under the Bundesdatenschutzgesetz (BDSG) and Telemediengesetz (TMG). Contact dpo-germany@vyricon.com.
- Switzerland: Swiss users are protected by the Federal Act on Data Protection (FADP). Contact dpo-switzerland@vyricon.com.
19. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Vyricon Capital
c/o Hexus Global Holdings, Inc.
1200 Brickell Avenue, Suite 800
Miami, FL 33131, United States
General Privacy Inquiries: privacy@vyricon.com
Data Protection Officer: dpo@vyricon.com
Egyptian Inquiries: privacy-egypt@vyricon.com
EU/EEA/UK Inquiries: privacy-eu@vyricon.com
Security Incidents: security@vyricon.com
Phone: +1 (866) 606-6606
20. Definitions
- Personal Information / Personal Data: Any information relating to an identified or identifiable natural person, including name, email, IP address, location data, online identifiers, and payment information.
- Processing: Any operation performed on personal data, including collection, storage, use, disclosure, transfer, or deletion.
- Data Controller: The entity that determines the purposes and means of processing personal data. Vyricon Capital, a Hexus Global Holdings subsidiary, is the data controller for Egypt Wonders Tours.
- Data Processor: An entity that processes personal data on behalf of a data controller (e.g., Stripe, AWS, Hexus Labs).
- Consent: Freely given, specific, informed, and unambiguous indication of the data subject's wishes by statement or clear affirmative action.
- Sensitive Personal Information: Health data, biometric data, precise geolocation, racial or ethnic origin, religious beliefs, or other categories specified by GDPR Art. 9 or CCPA §1798.140(ae).
- Sale (CCPA/CPRA Definition): Sharing personal information with third parties for monetary or other valuable consideration. We do not sell personal information.
This Privacy Policy is effective as of November 28, 2025, and supersedes all prior versions. By using Egypt Wonders Tours, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.
