Nomadly Maroc

Privacy Policy – Nomadly Morocco

Last updated: April 8, 2026

Introduction

Nomadly Morocco, a platform specializing in real estate rental and travel organization in Morocco, places the utmost importance on protecting your personal data and respecting your privacy.

This privacy policy aims to inform you clearly and transparently about:

  • The personal data we collect
  • The purposes for which we use it
  • Your rights regarding your data
  • The security measures we have implemented

This policy applies to all services offered on www.nomadlymaroc.com (hereinafter "the Site") and through our mobile application.

1. Data Controller Identity

Field Information
Company name Darna Safar
Legal form SARL (Limited Liability Company)
Registered address 7 rue moulay Rachid, Hassan. 10000 Rabat
SIRET 003840284000094
Email contact@nomadlymaroc.com

2. Personal Data Collected

2.1 Data collected directly from you

When creating your account:

  • Title (Mr./Ms.)
  • First and last name
  • Email address
  • Password (encrypted)
  • Phone number
  • Date of birth
  • Nationality
  • Preferred language

When booking a property or stay:

  • Full postal address
  • Date and place of birth
  • Identity document number (passport, ID card)
  • Number of travelers and their information (first name, last name, age)
  • Travel preferences
  • Special requests (dietary requirements, accessibility, etc.)

When making a payment:

  • Bank card information (number, expiry date, security code)
  • Billing address
  • Transaction history

As a property owner:

  • Property information (address, photos, description, amenities)
  • Bank details (account number/IBAN for payments)
  • Company registration number (for professional rentals)
  • Copy of identity document
  • Proof of ownership

During exchanges with our customer service:

  • Content of your messages
  • Phone recordings (with your prior consent)
  • Attachments and documents submitted

When publishing reviews and comments:

  • Username or name
  • Profile picture (optional)
  • Review content
  • Rating given

2.2 Automatically collected data

Browsing data:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Navigation path on the Site
  • Referral source
  • Date and time of connection

Location data:

  • Approximate location via IP address
  • Precise location (with your consent) for nearby property searches

Cookies and similar technologies:

  • Session identifiers
  • User preferences
  • Analytical data
  • Advertising identifiers

3. Purposes and Legal Bases for Processing

3.1 Performance of a contract

Booking management:

  • Processing your booking requests
  • Transmitting your contact details to property owners
  • Confirming and tracking your bookings
  • Issuing invoices and receipts

Travel organization:

  • Planning your trip to Morocco
  • Booking accommodations and activities
  • Coordinating with our local partners
  • Providing assistance during your stay

Payment processing:

  • Collecting payments
  • Processing refunds where applicable
  • Fraud prevention
  • Accounting

Legal basis: Performance of the contract concluded between you and Nomadly Morocco (Article 6.1.b of the GDPR)

3.2 Compliance with legal obligations

Accounting and tax obligations:

  • Retaining invoices
  • Tax and social declarations
  • Anti-money laundering compliance

Regulatory obligations:

  • Identity verification
  • Retention of transaction evidence
  • Responding to judicial requisitions

Legal basis: Legal obligation (Article 6.1.c of the GDPR)

3.3 Legitimate interests

Service improvement:

  • Statistical analysis of Site usage
  • Identifying malfunctions
  • Optimizing user experience

Security and fraud prevention:

  • Detecting fraudulent activity
  • Protection against cyberattacks
  • Managing security incidents

Dispute management:

  • Gathering evidence
  • Defending our rights in legal proceedings

Legal basis: Legitimate interest of Nomadly Morocco (Article 6.1.f of the GDPR)

3.4 Consent

Marketing communications:

  • Sending newsletters
  • Personalized promotional offers
  • Property and stay recommendations

Targeted advertising:

  • Displaying personalized advertisements
  • Remarketing

Non-essential cookies:

  • Analytical cookies
  • Advertising cookies
  • Social media cookies

Reviews and testimonials:

  • Publishing your reviews and photos on the Site
  • Use for promotional purposes

Legal basis: Explicit consent (Article 6.1.a of the GDPR) — You may withdraw your consent at any time.

4. Recipients of Your Data

4.1 Internally

  • Authorized Nomadly Morocco staff (customer service, accounting, marketing)
  • Access strictly limited on a need-to-know basis

4.2 Property owners and hosts

For property bookings, we share with owners:

  • Your first and last name
  • Your contact details
  • The number of travelers
  • Specific requests related to the stay

4.3 Service providers

Technical providers:

  • Site hosting: OVH
  • Cloud infrastructure provider
  • Email service provider
  • Customer relationship management (CRM) system

Payment providers:

  • PayPal
  • Banking institutions

Marketing providers:

  • Advertising platforms (Google Ads, Facebook Ads)
  • Audience analytics tools (Google Analytics)

Tourism partners in Morocco:

  • Tour guides
  • Transport agencies
  • Restaurants and activity providers
  • Concierge services

4.4 Public authorities

In the event of a legitimate request:

  • Tax authorities
  • Judicial authorities
  • Law enforcement
  • CNIL (French National Commission for Information Technology and Civil Liberties)

4.5 Authorized third parties (with your consent)

  • Commercial partners for promotional offers
  • Social media platforms (content sharing)

All our service providers are contractually required to guarantee the security and confidentiality of your data.

5. Data Transfers Outside the EU

Some of our service providers may be located outside the European Union, particularly in Morocco.

In such cases, we ensure that:

  • The country benefits from an adequacy decision from the European Commission, OR
  • Appropriate safeguards are in place (standard contractual clauses from the European Commission), OR
  • Your explicit consent has been obtained

Transfers to Morocco: Your data may be transferred to Morocco for:

  • Property management and on-site reception
  • Coordination with our local partners
  • Logistical organization of your stay

These transfers are governed by contractual clauses guaranteeing a level of protection equivalent to the GDPR.

6. Data Retention Periods

We retain your personal data only for as long as necessary for the purposes for which it was collected, in compliance with legal obligations.

Data category Retention period Legal basis
Active user account Duration of the contractual relationship Contract performance
Inactive account 3 years after last login Legitimate interest
Booking data 10 years Accounting and tax obligation
Payment data Transaction duration + 13 months Legal obligation
Bank card data Not retained (tokenized by PSP) Security
Reviews and comments Publication period + archiving Legitimate interest
Prospecting data (with consent) 3 years from last contact Consent
Prospecting data (without consent) Immediate deletion upon request Legitimate interest
Cookies 13 months maximum Consent
Connection logs 12 months Legal obligation (security)
Phone recordings 6 months Consent

At the end of these periods, your data is:

  • Either permanently deleted
  • Or anonymized (for statistical purposes)
  • Or securely archived (for legal obligations)

7. Data Security

Nomadly Morocco implements all appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

7.1 Technical measures

Encryption:

  • SSL/TLS encryption (HTTPS) for all communications
  • Encryption of sensitive data in the database
  • Backup encryption

Network security:

  • Configured firewall
  • Intrusion detection and prevention system
  • Anti-DDoS protection
  • VPN for administrator access

Authentication:

  • Passwords hashed with the bcrypt algorithm
  • Two-factor authentication (2FA) available
  • Strong password policy
  • Automatic logout after inactivity

Backups:

  • Automated daily backups
  • Secure storage on separate servers
  • Regular restoration tests
  • Backups retained for 30 days

7.2 Organizational measures

Data access:

  • Principle of least privilege
  • Individual authentication for each employee
  • Logging of access to sensitive data
  • Immediate revocation of access upon departure

Staff awareness:

  • Mandatory GDPR training for all employees
  • Signed confidentiality charter
  • Regular awareness sessions on cyber risks

Incident management:

  • Data breach management procedure
  • Notification to the CNIL within 72 hours in the event of a breach
  • Notification to affected individuals where necessary

Regular controls:

  • Annual security audits
  • Penetration testing
  • Regular system updates
  • Continuous vulnerability monitoring

7.3 Commitments from our subcontractors

All our service providers and partners contractually commit to:

  • Guaranteeing the security and confidentiality of data
  • Processing data only on Nomadly Morocco's instructions
  • Notifying any data breach
  • Complying with GDPR principles

8. Your Rights

In accordance with the General Data Protection Regulation (GDPR) and applicable data protection law, you have the following rights regarding your personal data:

8.1 Right of access (Article 15 GDPR)

You have the right to obtain:

  • Confirmation that your data is being processed
  • Access to your personal data
  • Information about the processing carried out

8.2 Right to rectification (Article 16 GDPR)

You may request the correction of inaccurate or incomplete data. You may also update your information directly from your personal account.

8.3 Right to erasure / Right to be forgotten (Article 17 GDPR)

You may request the deletion of your data in the following cases:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent
  • You object to the processing
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Limitation: This right does not apply if retention is necessary to comply with a legal obligation or to establish, exercise, or defend legal claims.

8.4 Right to restriction of processing (Article 18 GDPR)

You may request restriction of the processing of your data in the following cases:

  • You contest the accuracy of your data (during verification)
  • The processing is unlawful but you do not wish for erasure
  • We no longer need the data but you need it for a legal claim
  • You have objected to the processing (during verification)

8.5 Right to data portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

This right applies to data:

  • That you have provided to us
  • Whose processing is based on your consent or a contract
  • Carried out by automated means

8.6 Right to object (Article 21 GDPR)

Objection to processing on grounds relating to your particular situation: you may object to processing based on Nomadly Morocco's legitimate interest.

Objection to commercial prospecting: you may object at any time to receiving marketing communications:

  • Via the unsubscribe link in each email
  • From your personal account
  • By contacting us directly

8.7 Right to withdraw consent

For processing based on your consent (newsletters, non-essential cookies, etc.), you may withdraw your consent at any time. This withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

8.8 Right to define post-mortem directives

You have the right to define directives regarding the fate of your personal data after your death. These directives may be:

  • General (registered with a trusted digital third party)
  • Specific (relating specifically to Nomadly Morocco)

8.9 How to exercise your rights

By email: contact@nomadlymaroc.com
Subject: "Exercising my GDPR rights"

Information to provide:

  • First and last name
  • Email address associated with your account
  • Nature of your request (access, rectification, erasure, etc.)
  • Signed copy of an identity document (to prevent impersonation)

Response time: We commit to responding within one month of receiving your request. This period may be extended by two months in cases of complexity or a high volume of requests.

Free of charge: Exercising your rights is free of charge. However, in the event of manifestly unfounded or excessive requests, we may charge a reasonable fee or refuse to act on the request.

This website uses cookies.

We use cookies to enhance your browsing experience and provide personalized content. By continuing, you agree to our use of cookies. Learn more in our Cookie Policy.