SafeMoroccoTours respects your privacy. This Privacy Policy explains what personal data we collect when you visit our website, how we use it, who we share it with, and what rights you have under the European General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. Who we are
Data controller: SafeMoroccoTours, a family-run tour operator based in Erfoud, Tafilalet region, Morocco.
Address: Centre Erfoud, Drâa-Tafilalet 52200, Morocco.
Contact email: contact@safemoroccotours.com
WhatsApp: +212 635 097 576
For any privacy-related question, request or complaint, please contact us using the email address above. We respond within 7 business days.
2. What data we collect
2.1 Information you provide directly
- Email correspondence: when you write to us via email, we receive your email address, name (if provided) and the content of your message.
- WhatsApp messages: when you contact us via WhatsApp, we receive your phone number, profile name (if public) and message content.
- Booking information: if you book a tour, we collect the data required to deliver the service: full name, nationality, passport number (for hotel registration as required by Moroccan law), arrival/departure dates, dietary or health requirements you choose to share, and payment details.
2.2 Information collected automatically
- Browsing data (Google Analytics): pages visited, time spent, referring source, approximate location (country/region only), device type, browser, and language. We do not collect your exact IP address — IP anonymization is enabled.
- Cookies and similar technologies: see Section 6 below.
- Server logs: our hosting provider (Hostinger) records technical access logs for security purposes (anonymized IP, timestamp, user agent). These logs are kept for 30 days.
3. Why we use your data (purposes and legal basis)
- To respond to your enquiries and provide a quote — legal basis: pre-contractual measures and our legitimate interest in operating a tour business.
- To deliver your booked tour — legal basis: performance of the travel contract.
- To comply with Moroccan tourism and tax regulations — legal basis: legal obligation (record-keeping of guest registration, invoicing).
- To improve our website (analytics) — legal basis: your consent (via the cookie banner). You can withdraw consent at any time.
- To prevent fraud, spam and abuse — legal basis: our legitimate interest in protecting our service.
4. Who we share your data with
We do not sell or rent your personal data. We share strictly necessary information with the following categories of service providers:
- Google LLC (Google Analytics 4, Google Fonts, Google Tag Manager) — analytics and site rendering. Data may be processed on servers located in the United States, under the EU-US Data Privacy Framework.
- Hostinger (web hosting) — based in Lithuania (EU).
- Meta Platforms (WhatsApp) — if you contact us via WhatsApp; Meta is the controller of the WhatsApp service. See WhatsApp Privacy Policy.
- Hotels, riads and local partners — when you book a tour, we share the strict minimum required for your reservation (name, dates, dietary needs).
- Moroccan authorities — when required by law (guest registration, tax records, judicial requests).
5. How long we keep your data
- Analytics data: 14 months (Google Analytics 4 default).
- Email and WhatsApp correspondence (enquiries only, no booking): 24 months after last contact, then deleted.
- Booking records: 10 years after the end of the tour (Moroccan tax law).
- Server access logs: 30 days.
6. Cookies
Our website uses cookies and similar technologies. You can manage your preferences at any time using the cookie banner displayed on your first visit, or by clicking "Cookie settings" in the footer.
Essential cookies (always active)
- LiteSpeed cache cookies (server-side performance): no personal data.
- Language preference cookie: remembers your selected language.
Analytics cookies (consent required)
- Google Analytics 4 (
_ga,_ga_*): measures site usage, traffic sources, and helps us improve the website. Anonymized IP, 14-month retention.
We do not currently use advertising cookies or third-party marketing pixels (Facebook Pixel, Google Ads conversion tags). If we add them in the future, this policy will be updated and you will be asked for consent.
7. Your rights under GDPR
If you are located in the European Union, the United Kingdom, or in any country with similar privacy laws, you have the following rights:
- Right of access — obtain a copy of the data we hold about you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion when no longer necessary.
- Right to restrict processing — pause our use of your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — oppose processing based on legitimate interest.
- Right to withdraw consent — for any processing based on consent (e.g. analytics cookies).
- Right to lodge a complaint — with your national data protection authority (e.g. CNIL in France, ICO in the UK, AEPD in Spain). In Morocco: CNDP.
To exercise any of these rights, email contact@safemoroccotours.com. We respond within 30 days.
8. Data transfers outside the EU/EEA
Some of our service providers (notably Google) may process data on servers located outside the European Economic Area, particularly in the United States. These transfers are protected by Standard Contractual Clauses approved by the European Commission and, where applicable, by the EU-US Data Privacy Framework.
Our own operations take place in Morocco. Morocco is recognized by the Moroccan Data Protection Authority (CNDP) as having an adequate level of data protection under Law 09-08.
9. Children
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, please contact us and we will delete it.
10. Security
We take reasonable technical and organizational measures to protect your data, including HTTPS encryption on all pages, strong password policies on our admin systems, restricted access to booking data, and encrypted email transmission (SPF, DKIM, DMARC).
No system is 100% secure. If you become aware of a security issue, please report it confidentially to contact@safemoroccotours.com or via our security.txt.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page indicates the latest revision. Significant changes will be highlighted on our homepage for at least 30 days.
12. Contact
Email: contact@safemoroccotours.com
WhatsApp: +212 635 097 576
Postal: SafeMoroccoTours, Centre Erfoud, Drâa-Tafilalet 52200, Morocco.