Privacy Policy

Serenity Morocco Tours SARL ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

• Visit our website at serenitymoroccotours.com
• Use our mobile applications
• Make bookings for our tours, transfers, or other services
• Contact us via email, phone, or social media
• Subscribe to our newsletters or marketing communications
• Participate in surveys, promotions, or contests

By using our services, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use our services.

Serenity Morocco Tours SARL is the data controller responsible for your personal data. Our contact details are:

For EU residents, you may also contact our appointed EU representative:

3.1 Information You Provide

We collect information that you voluntarily provide to us:

• Identity Data: First name, last name, title, date of birth, nationality
• Contact Data: Email address, phone number, postal address
• Booking Data: Travel dates, destination preferences, number of travelers, special requirements
• Payment Data: Credit card details, billing address (processed securely by our payment provider)
• Travel Documents: Passport details, visa information (when required for booking)
• Communication Data: Correspondence with our team, feedback, and reviews
• Profile Data: Account preferences, marketing preferences, wishlist items

3.2 Information Collected Automatically

When you visit our website, we automatically collect:

• Technical Data: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, time spent on pages, click patterns, search queries
• Location Data: General geographic location based on IP address
• Referral Data: How you arrived at our website (search engine, social media, etc.)

3.3 Information from Third Parties

We may receive information about you from:

• Travel agents or tour operators who book on your behalf
• Social media platforms (if you interact with us there)
• Business partners and affiliates
• Credit reference and fraud prevention agencies

We use your personal data for the following purposes:

4.1 Service Delivery

• Processing and managing your bookings
• Arranging tours, transfers, and accommodations
• Communicating important travel information
• Providing customer support and responding to inquiries
• Personalizing your experience and recommendations

4.2 Business Operations

• Processing payments and preventing fraud
• Maintaining records for legal and accounting purposes
• Analyzing usage patterns to improve our services
• Training staff and quality assurance

4.3 Marketing (with your consent)

• Sending newsletters and promotional offers
• Providing personalized recommendations
• Inviting you to participate in surveys or research
• Sharing news about new destinations and services

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

4.4 Legal Compliance

• Complying with legal obligations and regulations
• Responding to lawful requests from authorities
• Protecting our rights, property, and safety
• Detecting and preventing illegal activities

Under GDPR, we process your personal data based on the following legal grounds:

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device.

6.1 Types of Cookies We Use

6.2 Managing Cookies

You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

Most browsers allow you to:

• View what cookies are stored on your device
• Delete all or specific cookies
• Block third-party cookies
• Block all cookies from specific sites
• Accept cookies from all sites

6.3 Do Not Track

Some browsers offer a "Do Not Track" feature. Our website does not currently respond to DNT signals, but you can use the cookie management options described above.

We may share your personal data with third parties in the following circumstances:

7.1 Service Providers

We share data with partners who help us deliver services:

• Hotels and Riads: To confirm your accommodations
• Transportation providers: To arrange transfers and tours
• Payment processors: To securely process your payments (Stripe, PayPal)
• Email service providers: To send transactional and marketing emails
• Cloud hosting: To store data securely (AWS, Vercel)
• Customer support: To manage inquiries and support tickets

7.2 Legal Requirements

We may disclose data when required by law:

• To comply with legal process or government requests
• To protect our rights, privacy, safety, or property
• To investigate potential violations of our terms
• To protect against legal liability

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.

7.4 With Your Consent

We may share your data for other purposes with your explicit consent.

As we operate internationally, your data may be transferred to and processed in countries outside your country of residence, including Morocco and other countries where our service providers are located.

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Adequacy decisions: Transfers to countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contract terms with our partners
• Binding Corporate Rules: Internal policies for multinational organizations
• Consent: Your explicit consent for specific transfers

Morocco is recognized by the EU as providing adequate data protection under Law 09-08 on the Protection of Individuals with Regard to Personal Data Processing.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Retention periods are determined by:

• The nature of the data and purpose of processing
• Legal, regulatory, and contractual requirements
• Our legitimate business interests

Typical Retention Periods

After the retention period expires, data is securely deleted or anonymized.

Under the GDPR and applicable data protection laws, you have the following rights:

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@serenitymoroccotours.com. We will respond within 30 days. We may need to verify your identity before processing your request.

For EU residents, you also have the right to lodge a complaint with your local data protection authority.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

• Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
• Access Controls: Role-based access, strong authentication, and regular access reviews
• Infrastructure: Secure cloud hosting with SOC 2 compliance
• Monitoring: Continuous security monitoring and intrusion detection
• Training: Regular security awareness training for all staff
• Incident Response: Documented procedures for security incident handling
• Vendor Management: Security assessments of all third-party providers

While we strive to protect your data, no method of transmission over the Internet is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately.

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children without parental consent.

When a family books our services, the parent or guardian provides information for all travelers, including children. This information is used solely for tour arrangements and safety purposes.

If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. If you believe we may have data about a child, please contact us.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on our website
• Obtain your consent where required by law

We encourage you to review this policy periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.