Graf Morocco takes the protection of your personal data as the Data Controller very seriously. We treat your personal data confidentially and in accordance with the provisions of data protection law. This privacy statement informs you about how, to what extent and for what purposes we process the personal data of customers using the Graf Morocco website and App.
Version No.: 1.0
- SUBJECT OF DATA PROTECTION
Subject of data protection is personal data. Data is personal if it can be assigned to an identified or identifiable natural person. This includes information such as names, addresses, email addresses and telephone numbers.
- COLLECTION, PROCESSING AND USE OF PERSONAL DATA ON REQUEST
The use of our website and App is generally possible without providing personal data. You are neither obliged to visit this website nor to provide any personal data. If you do not provide us with personal data, you might not be able to use individual functionalities of this website. Otherwise there will be no consequences for you. The collection of users’ personal data on our site is always on a voluntary basis, except in the cases described in the following. We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.
We collect, process and use your personal data, which you have provided us with when booking or registering an account for our member area, to the extent necessary in each case for the following purposes:
- Registration and execution of the contract
» Data that you provide when setting up an account, such as your name, email address, telephone number, mobile phone number, address and data which will be provided depending on the service you use
» We collect, process and use transaction data regarding your activities on the websites (e.g. purchases, content that you generate or that relates to your account)
» Billing and other data you provide for the purchase
» Data collected in the context of reviews, chats and correspondence on the website or by email, fax and post
» Other personal data that we may ask you to provide for special purposes
» If you voluntarily provide us with additional personal data during registration, this data will also be used for the implementation of the usage relationship.
- Contact establishment
If you provide us with personal data for the purpose of contacting us, this data will be used by us as this is necessary for the purpose of the respective communication.
- Marketing and Opinion Research
3.1 Graf Morocco may process and use your personal data for marketing and opinion research purposes, e.g. to send emails with general information or of an advertising nature (newsletter), on the basis of the declaration of consent you have given us. You can revoke the declarations of consent granted to us in this regard at any time with effect for the future.
3.2 In addition to that, if you are already our customer, we may send emails of an advertising nature regarding products similar to the ones you already booked, on the basis of Graf Morocco legitimate interest. You can opt-out of receiving these emails at the moment of booking or at any time after that.
3.3 If you wish to revoke your declaration of consent to receiving e-mails from us (3.1) or wish to opt-out (3.2), please follow the instructions contained in an applicable email you receive from us in order to revoke your consent or opt-out. In that case, you will no longer receive these types of email communications from us (after a short period in which your revocation or opt-out is technically processed). In addition, you can object to the use of your personal data for marketing purposes based on legitimate interests, e.g. in case of marketing e-mails to existing customers (3.2) or in case of postal marketing measures. In both cases, an email to the following address is sufficient: firstname.lastname@example.org.
Exercising your right to revoke consent, to opt-out or to object against the use of your data for marketing purposes is free of charge.
- Information you provide to Payment Processors
All payments made are processed by a PCI/DSS-compliant (these are payment card industry security standards) payment processing service engaged by us. All information collected by these third-party providers for purposes of processing your payments is not available to us unless you have otherwise provided this in-formation to us in connection with your use of the Websites or our products and services.
- Aggregate Information
We may share your information with affiliated or unaffiliated third parties on an anonymous, aggregate basis. While this information will not identify you personally, in some instances these third parties may be able to combine this aggregate information with other data they have about you, or that they receive from third parties, in a manner that allows them to identify you personally.
III. DATA PROCESSING TO ENABLE THE USE OF THE WEBSITE
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to users’ preference. This data is always deleted as soon as it is no longer required and if there are no storage obligations. For information on the processing of pseudonymous usage profiles, see item VII.
- DATA PROCESSING FOR MOBILE APPLICATIONS AND DEVICES
When you download data, use our mobile applications or access one of our websites optimized for mobile devices, we may collect information about you and your mobile device as described above in this statement. This can include location data, for example, if you release it for our mobile application. We use this information to provide you with location-based services such as search results and other personalized content, if approved by you and your device. You can control or deactivate location services from the settings menu on most mobile devices. If you have questions about deactivating location services on your device, we recommend that you contact your mobile service provider or the manufacturer of your device.
If we collect other personal data that is transferred as a result of your use of our mobile applications or your access to our website with a mobile device, we will obtain your express consent in advance.
- DATA COLLECTED FROM OTHER SOURCES
We may obtain additional information about you from third parties to supplement our account information to the extent permitted by law. This includes demographic and navigation data, credit check data and other information from credit agencies, to the extent permitted by law.
When you visit our website, information may be stored on your computer in the form of a cookie.
- What are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a certain webpage. Cookies are then sent back to the originating webpage on each subsequent visit, or to another webpage that recognizes that cookie. Cookies are widely used to make our website work, or to work more efficiently, as well as to provide information to the owners of the website.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. Cookies may tell us, for example, whether you have visited our website before or whether you are a new visitor. They can also help to ensure that adverts you see online are more relevant to you and your interests.
There are two broad categories of cookies:
» first party cookies served directly by us to your computer or mobile device;
» third party cookies, which are served by a third party on our behalf. We may use third party cookies for functionality, performance/analytics, advertising/tracking and social media purposes.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are session cookies, meaning that they are stored only temporarily during a browsing session and expire when you close your browser. Other cookies are persistent cookies, meaning that they are saved on your computer or mobile device for a fixed period and are not deleted when browser is closed. They can be used by our website to recognize your computer or mobile device when you open your browser and browse the Internet again.
» enable, facilitate and streamline the functioning of and your access to our website;
» track traffic flow and patterns of travel in connection with our website;
» understand the total number of visitors to our Website on an ongoing basis and the types of internet browsers (e.g. Firefox, Chrome or Internet Explorer) and operating systems (e.g. Windows or Mac OS) used by our visitors;
» monitor the performance of our website and continually improve it;
» customize and enhance your online experience.
- What types of Cookies do we use?
The types of cookies used by us and our partners in connection with our website can be classified into one of five categories, namely “cookies necessary for essential Our purposes”, “functionality cookies”, “performance and analytics cookies”, “advertising and tracking cookies”, and “social media cookies’. We have set out some further information about each category, and the purposes of the cookies we and third parties set in the following table.
Cookies necessary for our essential purpose:
These cookies are essential in providing you with our website and all services available through the website. These cookies also support with features, such as access to secure areas. Without these cookies, services you have asked for, such as transactional pages and secure login accounts, would not be possible.
Functionality cookies record information about choices you have made and allow us to tailor our website to you. These cookies mean that when you continue to use or come back to the website, we can provide you with our services as you have asked for them to be provided. For example, these cookies allow us to:
— Save your location preference if you have set your location on your homepage, and, if applicable, to receive a local weather forecast;
— Remember settings you have applied, such as layout, text size, preferences, and colors;
— Show you when you are logged in;
— Store accessibility options
Performance and Analytics Cookies:
We use performance/analytics cookies to analyze how our website is accessed, used, or is performing to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to:
— Better understand the visitors of our website in order to improve and insure present and relevant content;
— Test different design ideas for particular pages, such as our homepage;
— Collect information about our website visitors, such as where they are located and what browsers they are using;
— Determine the number of unique users that visit our website;
— Improve our website by measuring any errors that occur;
— Conduct research and diagnostics to improve product offerings.
Advertising and Tracking Cookies:
We may allow third party companies, including advertising companies (such as Google), to place cookies on our website. These cookies enable such companies to track your activity across various sites where they display ads and record your activities, so they can show ads that they consider relevant to you as you browse the Internet. These Cookies store information about the content you are browsing together with an identifier linked to your device or IP address.
These Cookies also allow us and third parties to know whether you’ve seen an ad or a type of ad, and how long it has been since you’ve last seen it. This information is used for frequency capping purposes, to help tailor the ads you see, and to measure the effectiveness of ads.
Third Party Cookies:
There are various pages on our website where third parties provide applications of their own cookies to track the success of their services (applications) or customize applications for you. Due to how these cookies work, we cannot access the cookies, nor can the third parties access the data in cookies used by us. Some pages of our website may also contain embedded content and these third-party sites may set their own cookies.
- How to control or delete Cookies
You have the right to accept or stop cookies from being stored on your device at any time by modifying the settings in your web browser to reflect your cookie preferences.
Please be aware that you may not be able to use all the interactive features of the website and/or online courses and content once cookies are disabled.
Most browsers offer instructions on how to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser.
If you only want to limit third party advertising cookies, you can turn such cookies off by visiting the following links:
• Your Online Choices (http://www.youronlinechoices.com/uk/)
• Network Advertising Initiative (http://www.networkadvertising.org/)
• Digital Advertising Alliance (http://www.aboutads.info/consumers)
Please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website.
- Cookies that have been set in the past
If you have disabled one or more Cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.
VII. PSEUDONYMOUS USAGE PROFILES FOR ADVERTISING AND MARKET RESEARCH (WEB TRACKING AND ANALYSIS)
Graf Morocco uses web tracking systems for advertising, market research and to make your use of our website as pleasant as possible. This allows us to further develop our website and tailor content to your needs. Graf Morocco and third-party businesses may use the information collected through the Sites using cookies, web beacons, and other similar technologies to help manage online advertising programs. This information may enable us and our third-party advertising services and other third-party businesses to track the actions of users online over time and across different websites or platforms to measure statistics relating to marketing efforts, and to deliver electronic advertisements that may be more relevant to individual consumers and that will improve the consumer experience. For information about how tracking works for online advertising purposes, and what happens when you elect a do-not-track option, visit http://www.aboutads.info/choices. In addition, some third-party businesses may provide a mechanism to opt-out of their technology. For more information about the opt-out process, you may visit the Network Advertising Initiative website, available at: http://www.networkadvertising.org/managing/opt_out.asp.
VIII. LEGAL BASIS FOR DATA PROCESSING
If you reside within the European Economic Area (EEA), our processing of your personal information will be legitimized as follows:
(i.) Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when processing can be done lawfully.
(ii.) If the processing of your personal data is necessary for the perfor-mance of a contract between you and Graf Morocco or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).”). If this data is not processed, Travel Morocco 10X will not be able to execute the contract with you.
(iii.) Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), for example complying in the fields of employment law.
(iv.) And where the processing is necessary for the purposes of Graf Morocco legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f), for example to detect fraud.
- SOCIAL NETWORKS
Our website contains links to social networks (Facebook, Instagram, Twitter, Google+, Pinterest, LinkedIn). These social networks are operated exclusively by third parties. If you follow the links, information may be transmitted to these third parties. We use the so-called 2-click solution. This means, in general, that no personal data will be passed on if you visit our site.
- TRANSMISSION TO THIRD PARTIES
Your personal data will only be transmitted to third parties if this is legally permitted or if you have given your prior consent. In particular, we will not sell your data to third parties or market it in any other way. We will only disclose your data to government authorities as part of legal obligations or as a result of an official order or court decision. We have bound our employees and partners to secrecy and to comply with data protection regulations.
- HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
Except as set forth in this Privacy Statement or when specifically agreed to by you, we will not disclose personal information we gather from you to third parties unless we are required to share this information to complete your request or for legitimate business purposes. Graf Morocco shares personal information in the following circumstances:
We may share your information with vendors or third parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of Graf Morocco . These third parties may include, for example, our third-party (technology) providers, Suppliers and partners. These third-party service providers will only have access to the information needed to perform these limited functions on our behalf.
XII. DATA TRANSMISSION TO COUNTRIES OUTSIDE THE EU
As far as this is necessary for the initiation or execution of the contract — e.g. to process bookings for activities in countries outside the EU — we will transmit your data outside the EU. The same applies if such a transmission turns out to be necessary for our purposes. In this respect, we ensure that the data recipient guarantees an appropriate level of data protection and that no other interests worthy of protection conflict with the data transmission. Graf Morocco relies on derogations as set forth in Article 49 of the GDPR in the event no “adequacy” decision and no other safeguards under the GDPR are in place (for example binding corporate rules on the transfer outside the EEA). In particular, we collect and transfers to countries outside the EU personal data only: with your explicit consent; to perform a contract with you; in a manner that does not outweigh your rights and freedoms. If this data is not processed and transferred, Graf Morocco will not be able to execute the contract with you or you will not have access to any or all of the benefits and features associated with your transaction. We endeavour to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Graf Morocco and the practices described in this Privacy Statement. In the event that you have any questions to this end, please contact our Data Protection Officer.
XIII. DELETION OF DATA
We retain data for the duration of your business relationship with us and otherwise as required under applicable law. Personal data will be kept for no longer than is necessary for the purposes for which your personal data are processed. We will retain your personal data as long as you have a member account or require our services so that we can provide these services to you.
If you are in the European Economic Area, at the moment you withdraw your consent for the processing of your personal data, all your personal data received and stored are erased if no longer needed by us. Unless we are required to retain this personal data by law or to comply with our regulatory obligations. In such a case, we will only keep this personal data for as long as necessary. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability.
XIV. DATA SECURITY
Graf Morocco has taken the necessary technical and organisational measures to protect the personal data provided by you against loss, destruction, manipulation and unauthorized access. Our employees and all persons involved in data processing are obliged to comply with the data protection laws and to treat personal data confidentially. Our employees have been trained accordingly. Both internal and external audits ensure compliance with all data protection processes at Graf Morocco.
We use a secure online transmission procedure, the so-called «Secure Socket Layer» (SSL) transmission, to protect the personal data of our users. You can see this from the fact that an «s» (https://) is added to the address component http://, or a green, closed lock icon is displayed. By clicking on the icon, you will receive information about the SSL certificate used. The display of the icon depends on the browser version used by you. The SSL encryption guarantees that your data is transmitted in an encrypted and complete way.
- EUROPEAN UNION DATA SUBJECTS RIGHT
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. If you wish to confirm that Graf Morocco is processing your personal data, or to have access to the personal data Graf Morocco may have about you, or have other questions, please contact us via email@example.com
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Graf Morocco might have received the data from us; what the source of the information was (if you did not provide it directly to Travel Morocco 10X ); where the personal data is stored and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by us if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also ask us for your personal data to be supplemented or updated, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. You may withdraw your consent for the processing of personal data or the further processing of personal data by us at any time. You may also request that Graf Morocco ceases using your data for direct marketing purposes. In many countries (including EEA countries), you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Graf Morocco processes your personal data. When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller. You have the right to receive your personal information in a structured and standard format.
In addition to the information contained in this Privacy Statement, you may be provided with additional and contextual information concerning particular services or the collection and processing of your personal data upon request.
XVI. NO AUTOMATED INDIVIDUAL DECISION
We do not use your personal data for automated individual decisions.
XVII. HOW CAN YOU CONTACT US?
You will find our contact details as the responsible body in the imprint.
Graf Morocco ,Bloc D 297 hay al houda – Agadir Morocco
XVIII. CHANGES TO THE PRIVACY STATEMENT
From time to time, we may need to update or modify this Privacy Statement, to reflect changes in our business practices, data collection practices or organization. We reserve the right to amend this Privacy Statement at any time, for any reason, without notice to you, other than the posting of the amended Privacy Statement on our website, or, if you have provided your email address to us, sending you an email notifying you of the amended Privacy Statement. It is strongly recommended to check the Website often, referring to the date of the last modification listed at the top. We will in any case not reduce your rights under this Privacy Statement without your explicit and informed consent. If you do not agree to the changes, you should discontinue your use of the Website, and cease providing personal information to us, prior to the time the modified Privacy Statement takes effect. If you continue using the Website or provide personal information after the modified Privacy Statement takes effect, you will be bound by the modified Privacy Statement.