The British University in Egypt — Services Help Desk

Policies & Legal

The following policies govern your use of the BUE Service Desk. They are designed to comply with the laws of the Arab Republic of Egypt (including Personal Data Protection Law No. 151 of 2020) and the United Kingdom (UK GDPR and the Data Protection Act 2018), reflecting the dual regulatory context of The British University in Egypt.

Privacy Notice

Effective date: 11/05/2026

This Privacy Notice explains how The British University in Egypt (“BUE”, “we”) processes personal data through the BUE Service Desk. It is issued in accordance with Egypt’s Personal Data Protection Law No. 151 of 2020 (the “PDPL”), the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018, as applicable.

1. Controller

The data controller is The British University in Egypt, El Sherouk City, Cairo, Egypt. You can contact our Data Protection Officer at dpo@bue.edu.eg.

2. Personal data we collect

  • Identity & contact: name, BUE email, role, department, mobile (optional).
  • Account: hashed password, language preference, MFA status, profile photo (optional).
  • Service data: tickets, comments, attachments, approvals, ratings.
  • Technical: IP address, device, browser, audit logs, timestamps.

3. Purposes & legal bases

PurposeLegal basis (UK GDPR)PDPL basis
Operate the Service Desk and resolve your requestsContract / legitimate interestsNecessary for performance of the relationship and for legitimate interests
Authentication & securityLegitimate interests / legal obligationLegal obligation & legitimate interests
Notifications about your ticketsContractNecessary for performance
Analytics & service improvement (aggregated)Legitimate interestsLegitimate interests
Compliance with regulators & auditorsLegal obligationLegal obligation

4. Sharing

Personal data is shared only with: (a) BUE staff who need it to deliver the Service; (b) approved processors (hosting, email delivery, analytics) under written contracts; and (c) public authorities where legally required. We do not sell personal data.

5. International transfers

Some processors operate outside Egypt. Where personal data of Egyptian residents is transferred cross-border, we rely on the licensing and adequacy mechanisms of the PDPL and obtain explicit consent where required. For UK data subjects we use UK International Data Transfer Agreements (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

6. Retention

  • Account data: for the duration of your relationship with BUE plus 7 years.
  • Tickets & audit logs: 7 years from closure (financial / regulatory record-keeping).
  • Marketing or optional preferences: until you withdraw consent.

7. Your rights

You may exercise the following rights, free of charge:

  • Access, rectification, erasure, restriction and objection.
  • Data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the Egyptian Personal Data Protection Centre or the UK Information Commissioner’s Office (ICO).

To exercise rights, contact dpo@bue.edu.eg. We respond within 30 days (UK GDPR) and within the period required by the PDPL.

8. Security

We apply technical and organisational measures including encryption in transit (TLS), hashed credentials, role-based access control, audit logging, vulnerability management and incident response. We notify you and the relevant authority of any personal data breach without undue delay where required by law.

9. Children

The Service is not directed at children under 18.

10. Changes

We will notify you of material changes via the Service or by email.