Privacy Policy
Effective date: 01-10-2025

At Moroccaly (“we”, “our”, or “the platform”), we are committed to protecting your privacy. This Policy explains how we collect, use, share, and safeguard your personal data when you use our website, applications, and services (collectively, the “Site” or the “Services”). By using them, you agree to the practices described herein. If you do not agree, please do not access the Site.

1) Data Controller
The data controller responsible for personal data processing is Moroccaly.
Contact: support@moroccaly.com – Tel.: +212 600 000 000.

2) Scope of Application
This Policy applies to all users of the Site, including bookings, user accounts, newsletters, contact forms, reviews, and any other interactions.

3) Data We Collect
a) Data provided by the user
Identification and contact details: name, surname, email, phone number, address.
Booking details: participants, dates, preferences, language, special requirements.
Payments: payment gateway token and status (card data are processed securely by third parties such as Stripe, Wise, or PayPal).
User-generated content (UGC): reviews, ratings, photos, comments.

b) Data collected automatically
IP address, browser type, operating system, device, and app version.
Session and navigation data: pages viewed, searches, time spent, referrers.
Approximate location (if you grant permission).
Cookies and similar technologies (see Section 8).

c) Data from third parties
Tour providers: booking confirmation, incidents, service performance.
Payment gateways: confirmation/status of transactions.
Social login: basic identifiers (Google, Apple, Facebook) if you choose to log in this way.

4) Purposes and Legal Bases
Manage bookings and customer support (contract performance).
Process payments and prevent fraud (contract performance / legitimate interest / legal obligation).
Send operational communications (confirmations, reminders) (contract performance).
Improve the Site, analytics, and security (legitimate interest).
Marketing and newsletters (consent; you may unsubscribe at any time).
Legal compliance (tax, accounting, or regulatory obligations).

5) Data Recipients
Tourism providers (guides, agencies, transport companies, hotels) to deliver the contracted service.
Technology processors (hosting, CDN, analytics, transactional email).
Payment gateways (Stripe, PayPal, Wise, Revolut).
Public authorities and law enforcement agencies when legally required.
Corporate transactions (mergers or acquisitions) in compliance with applicable law.

We never sell your personal data to third parties for commercial purposes.

6) International Data Transfers
If any provider or processor handles data outside the EEA, we will apply appropriate safeguards (e.g., EU Standard Contractual Clauses) and complementary security measures.

7) Data Retention Periods
User accounts: while active and for the time necessary to comply with legal obligations.
Bookings and billing: at least 5 years (applicable tax/accounting regulations).
Marketing: until consent is withdrawn or after defined periods of inactivity.

8) Cookies and Advertising
We use first-party and third-party cookies to remember preferences, measure performance (e.g., Google Analytics, Matomo), and, if you consent, display personalized advertising (Google, Meta, or others). You can manage your preferences from the consent banner or your browser settings. Please refer to our specific Cookie Policy if available.

9) Security
TLS/SSL encryption in transit.
Restricted and controlled data access.
Backups and monitoring.
Minimal retention and pseudonymization when applicable.

No system is 100% infallible, but we apply industry best practices to safeguard your data.

10) Your Rights (GDPR and Similar Laws)
Right of access, rectification, and erasure.
Right to restrict or object to processing.
Right to data portability.
Right to withdraw consent (e.g., for marketing) without retroactive effect.
Right to lodge a complaint with your data protection authority (e.g., the AEPD in Spain).

To exercise these rights, contact us at support@moroccaly.com. We may request identity verification.

11) Minors
Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from minors.

12) Changes to This Policy
We may update this Policy from time to time. The new version will be published with its effective date. Continued use of the Site implies acceptance of any changes.

13) Contact
Moroccaly – Privacy Team
Email: support@moroccaly.com
Website: www.moroccaly.com