Privacy Policy
Introduction
​
Amazing Trails Morocco ("we," "us," or "our") is a travel agency and tour operator based in Morocco. We are committed to protecting the privacy and personal data of all individuals who interact with our website and services. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with applicable privacy regulations, including:
-
The General Data Protection Regulation (GDPR) — European Union
-
The UK General Data Protection Regulation (UK GDPR)
-
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — United States
-
The Morocco Law No. 09-08 on the Protection of Personal Data
This policy applies to all visitors, customers, and users of our website and services, regardless of their country of residence.
Data Controller Information
​
The data controller responsible for personal data collected through this website is:
Amazing Trails Morocco, Morocco.
-
Phone: +1-407-801-0867
-
Website: www.amazingtrailsmorocco.com
What Personal Data We Collect
​
We collect the following categories of personal data:
​
Data You Provide Directly
-
Identity Data — full name, date of birth, nationality, passport details
-
Contact Data — email address, phone number, postal address
-
Booking Data — tour preferences, travel dates, group size, dietary requirements, accessibility needs
-
Payment Data — billing address and payment card details (processed securely via third-party payment processors — we do not store full card details)
-
Communication Data — enquiries, correspondence, and feedback submitted via email, contact forms, or phone
-
​
Data Collected Automatically
-
Technical Data — IP address, browser type and version, device type, operating system
-
Usage Data — pages visited, time spent on pages, links clicked, referring URLs
-
Cookie Data — preferences and session data collected via cookies and similar tracking technologies (see Section 9)
​
Data from Third Parties
-
Data received from booking platforms and travel aggregators through which reservations are made
-
Data from social media platforms where users engage with our content or contact us directly
How We Use Your Personal Data
​
We process personal data for the following purposes and on the following legal bases:
Purpose
Legal Basis
Processing tour bookings and reservations
Performance of a contract​
Communicating booking confirmations and updates
Performance of a contract​
Processing payments
Performance of a contract​
Responding to enquiries and customer support
Legitimate interests / Performance of a contract
Sending marketing communications (with consent)
Consent
Improving website functionality and user experience
Legitimate interests
Complying with legal and regulatory obligations
Legal obligation
Fraud prevention and security
Legitimate interests / Legal obligation
Analysing website traffic and usage patterns
Legitimate interests / Consent (cookies)​
​
Sharing of Personal Data
​
We do not sell personal data to third parties. Personal data may be shared with the following categories of recipients where necessary:
-
Service Providers & Suppliers — hotels, transport providers, local guides, and activity operators required to fulfil booked tours
-
Payment Processors — third-party payment service providers for secure transaction processing
-
Technology Providers — website hosting, CRM, email, and booking management platform providers
-
Legal & Regulatory Authorities — where required by law, court order, or regulatory obligation
-
Professional Advisors — legal, accounting, and insurance advisors where necessary
All third-party service providers are required to handle personal data securely and in accordance with applicable data protection regulations.
​
International Data Transfers
​
As a Morocco-based operator serving international customers, personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including:
-
Standard Contractual Clauses (SCCs) approved by the European Commission
-
Transfers to countries recognised as providing an adequate level of data protection
-
Other legally approved transfer mechanisms under GDPR and applicable US state privacy laws
Data Retention
​
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including:
-
Booking and transaction records — retained for a minimum of 7 years for legal and accounting compliance
-
Marketing data — retained until consent is withdrawn or an opt-out request is received
-
Website usage and technical data — retained for up to 12 months
-
Enquiry and correspondence records — retained for up to 3 years
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.
Data Security
​
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, or disclosure, including:
-
SSL/TLS encryption for all data transmitted via the website
-
Secure, access-controlled storage of customer records
-
Restricted staff access to personal data on a need-to-know basis
-
Regular review of security practices and procedures
In the event of a data breach that poses a risk to individuals' rights and freedoms, we will notify the relevant supervisory authorities and affected individuals in accordance with applicable legal requirements.
Cookies & Tracking Technologies
​
Our website uses cookies and similar tracking technologies to enhance functionality and analyse usage. The categories of cookies used include:
-
Strictly Necessary Cookies — essential for the website to function and cannot be disabled
-
Analytics Cookies — used to understand how visitors interact with the website (e.g., Google Analytics)
-
Marketing & Preference Cookies — used to personalise content and, where applicable, deliver relevant advertising
Upon first visiting the website, users are presented with a cookie consent banner and may accept, reject, or customise non-essential cookie preferences at any time via the cookie settings panel.
Your Privacy Rights
​
Depending on the applicable privacy regulations in the user's country of residence, the following rights may apply:
​
🇪🇺 European & UK Users (GDPR / UK GDPR)
​
-
Right of Access — request a copy of personal data held
-
Right to Rectification — request correction of inaccurate or incomplete data
-
Right to Erasure — request deletion of personal data ("right to be forgotten")
-
Right to Restriction — request that processing be restricted in certain circumstances
-
Right to Data Portability — request transfer of data in a structured, machine-readable format
-
Right to Object — object to processing based on legitimate interests or for direct marketing
-
Right to Withdraw Consent — withdraw consent at any time where processing is consent-based
-
Right to Lodge a Complaint — with the relevant national data protection supervisory authority
🇺🇸 California Users (CCPA / CPRA)
​
-
Right to Know — request disclosure of personal data collected, used, shared, or sold
-
Right to Delete — request deletion of personal data
-
Right to Correct — request correction of inaccurate personal data
-
Right to Opt-Out — opt out of the sale or sharing of personal data (we do not sell personal data)
-
Right to Limit Use of Sensitive Personal Information — limit the use of sensitive personal data
-
Right to Non-Discrimination — exercise privacy rights without receiving discriminatory treatment
🇲🇦 Morocco Users (Law No. 09-08)
​
-
Right to access, rectify, and oppose the processing of personal data
-
Right to lodge a complaint with the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP)
To exercise any of the above rights, please submit a request to: privacy@amazingtrailsmorocco.com
Requests will be responded to within 30 days in accordance with applicable regulatory requirements.
Marketing Communications
​
Marketing emails and promotional communications are only sent to individuals who have provided explicit consent. Every marketing communication includes an unsubscribe link, and opt-out requests are processed promptly. Withdrawal of marketing consent does not affect the lawfulness of prior processing.
Children's Privacy
​
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children without verifiable parental consent. Where data relating to a minor is required in the context of a family booking, it is collected and processed solely for the purpose of fulfilling the travel booking.
Updates to This Privacy Policy
​
This Privacy Policy may be updated periodically to reflect changes in our practices, services, or applicable legal requirements. The updated policy will be published on this page with a revised effective date. Where changes are material, users will be notified via email or a prominent website notice.
Contact & Complaints
​
For any questions, concerns, or requests relating to this Privacy Policy or the handling of personal data, please contact:
-
Amazing Trails Morocco — Data Privacy
-
Phone: +1-407-801-0867
​
Users also have the right to lodge a complaint with their local data protection supervisory authority:
-
🇪🇺 EU: Relevant national Data Protection Authority (DPA)
-
🇬🇧 UK: Information Commissioner's Office (ICO) — www.ico.org.uk
-
🇺🇸 USA: Relevant State Attorney General's Office
-
🇲🇦 Morocco: CNDP — www.cndp.ma
​
​
​
​