CroisiereCar on 03.08.2023
This privacy policy describes how we, the data controller CroisiereCar of Morocco (“CroisiereCar”, “we”, “us” or “our”) collect, store, and process information about individual visitors to this website. This policy applies only to the website of CroisiereCar on which this privacy policy is stored or referenced via a link (hereinafter: “website”). It does not apply to linked websites that are not owned or controlled by CroisiereCar.
Personal data is any information relating to an identified or identifiable individual, such as your name, date of birth, email address, postal address, telephone number, or online identifiers like your IP address. Information of a general nature that cannot identify you, such as the number of website users, is not personal data.
We process your personal data in accordance with Morocco’s Law n° 09-08 of 18 February 2009, Implementation Decree n° 2-09-165 of 21 May 2009, the EU’s General Data Protection Regulation (GDPR), and the Privacy and Electronic Communications Directive, as described in this policy. We may use your data for additional purposes if permitted or required by law or necessary to support legal or criminal investigations, with prior notification and consent where required.
We use your personal data for the following purposes and legal bases:
We collect access data (e.g., session data, IP address, browser version, operating system, cookie IDs, pixel IDs) automatically transmitted by your browser for technical reasons to provide the website. This data does not directly identify you and is processed to improve our website and defend against cyberattacks. The legal basis is our legitimate interest in optimizing the website and enabling server communication.
Contact form enquiries may include your name, address, email, phone number, pickup/drop-off locations, and other travel details. We process this data solely to respond to your enquiry. The legal basis is contractual/pre-contractual measures.
For bookings, we collect mandatory and optional data (e.g., name, address, email, phone, travel details) as per our booking form. Data entry is encrypted to prevent third-party access. The legal basis is our legitimate interest and contract fulfillment. Data is retained as necessary for contract execution, legal prosecution, or legal retention periods (e.g., tax).
Refer to our Cookie Policy for details on how we use cookies and similar technologies, which forms part of this privacy policy.
We process data for administrative tasks, financial accounting, and legal compliance (e.g., archiving). This includes data processed for contractual services. The purpose is to maintain business operations. We may disclose data to consultants (e.g., legal advisors, auditors) or payment providers. Supplier and partner data is stored permanently for future contact, based on our legitimate interest.
We do not disclose your personal data to third parties unless necessary for service performance, consented by you, or permitted by law. We may outsource data processing to external service providers (e.g., for website support, data management, marketing) acting as processors under strict contractual, technical, and organizational measures. Data may also be disclosed if legally required (e.g., by court order) or to support legal investigations.
We engage service providers (e.g., payment processors, technical support) to fulfill contracts, ensuring they meet data security standards. Examples include:
We store personal data only as long as necessary for the purposes collected or as required by statutory retention periods. Data is then deleted unless needed for legal claims or obligations (e.g., tax, law enforcement).
Our operations are based in Morocco, but data may be processed outside Morocco with appropriate security measures, using approved standard contractual clauses for transfers to third countries.
CroisiereCar does not engage in automated decision-making or profiling.
We use your data to fulfill contracts, respond to enquiries, or for marketing (e.g., bookings, quotations) if you have consented. You may withdraw consent via our contact form.
You have the following data subject rights:
Rights may be limited if they reveal another person’s data, conflict with legal obligations, or are overridden by compelling legitimate interests. Contact us with concerns about data processing.
We use industry-standard firewalls and password systems to protect data networks. We implement technical and organizational measures to safeguard your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction, ensuring its availability.
We maintain presences on social networks to communicate with users. We process data if you interact with us (e.g., posts, messages). Social media plugins use the Shariff method, establishing contact only when you click the share button, preventing automatic data collection.
We use Google Analytics with IP anonymization to prevent allocation. Your IP address is not merged with other Google data. Opt out at: Google Analytics Opt-out.
We use Facebook pixels to target ads to users interested in our website. Data is anonymous to us but may be linked to your Facebook profile. Opt out at: Facebook Ad Settings, US Opt-out, or EU Opt-out.
Our website may link to external sites. We are not responsible for their privacy practices. Review their privacy policies before use.
We may update this policy to reflect changes in our privacy practices. Review it regularly for updates.
Contact us with comments or concerns. If you believe we have not complied with this policy or data protection law, notify us for resolution.
