Moratra is a registered brand operated and managed by AlloTrips SARL, a company incorporated under the laws of the Kingdom of Morocco, with registered offices in Marrakech, Morocco. AlloTrips SARL is the data controller responsible for the personal information collected through this website and all associated booking and travel services.
We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you visit moratra.com or use our tour, activity, excursion, and travel booking services.
Applicable RegulationsWe operate in compliance with Moroccan data protection law (Law No. 09-08), the EU GDPR (Regulation 2016/679), the UK GDPR, and U.S. privacy regulations including the CCPA as amended by the CPRA, to the extent each applies to our data processing
activities.
By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our website and services.
We collect personal information you provide directly to us, as well as information gathered automatically through your use of our website.
A. Information You Provide Directly
- Full name, phone number, and email address
- Nationality, country of residence, and preferred language
- Booking details including tour or activity selected, travel date, number of participants, and any special requests or accessibility requirements
- Payment-related data: Billing information only. Full card details are processed exclusively by PCI-DSS-compliant processors. AlloTrips SARL does not store or have direct access to your card numbers.
- Correspondence, enquiries, complaints, and feedback submitted via email, contact forms, or other channels
B. Automatically Collected Information
- Device type, browser type, and operating system
- IP address and approximate geolocation
- Pages visited, time spent, and navigation paths on our website
- Referring source — search engines, social media platforms, and advertising networks
- Cookie identifiers and analytics logs
C. Cookies & Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyse website usage. Essential cookies are placed automatically. Non-essential cookies are only deployed following your explicit consent, in compliance with GDPR. You may withdraw consent at any time via our Cookie Preference Centre.
03
How We Use Your Information
- To process, confirm, and manage your tour and activity bookings
- To send booking confirmations, pre-departure information, and operational updates
- To communicate with you regarding enquiries, complaints, or customer support requests
- To send promotional offers, newsletters, and marketing communications, strictly subject to your prior consent
- To improve, personalise, and optimise our website and service offerings
- To comply with our legal, regulatory, and financial obligations
- To detect, prevent, and investigate fraudulent transactions or security incidents
- To defend our legal rights in the event of a dispute or claim
Our CommitmentWe never sell, rent, or trade your personal data to third parties for any commercial purpose.
04
Legal Bases for Processing (GDPR)
Where EU or UK GDPR applies to our processing activities, we rely on the following lawful bases:
Contractual NecessityProcessing is necessary to fulfil a booking, respond to a pre-contractual enquiry, or deliver the services you have requested.
Legitimate InterestsImproving our services, ensuring website security, and preventing fraud — provided such interests are not overridden by your rights.
ConsentFor marketing, non-essential cookies, or analytics. You may withdraw consent at any time without affecting prior processing.
Legal ObligationTo comply with applicable Moroccan law, EU law, or other binding legal obligations to which AlloTrips SARL is subject.
05
Sharing of Personal Information
We may share your personal data with the following categories of recipients, solely to the extent necessary and for the purposes described in this Policy:
- Service Providers: Web hosting providers, email platforms, payment processors, and analytics providers. These parties are bound by data processing agreements and are prohibited from using your data for their own purposes.
- Operational Partners: Local tour guides, transport operators, accommodation providers, activity suppliers, and ground operators involved in delivering the experience you booked. They receive only information necessary to fulfil your booking.
- Legal & Regulatory Authorities: Where required by Moroccan law, EU law, court order, or other legally binding governmental request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets involving AlloTrips SARL, your data may be transferred to the successor entity, subject to equivalent privacy protections.
06
International Data Transfers
As a Morocco-based company serving an international customer base, your personal data may be transferred to and processed in countries outside your country of residence, including within the EEA, the United Kingdom, the United States, and Morocco.
Our SafeguardWhere transfers involve countries without an adequate level of data protection, we implement Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognised transfer mechanisms, to ensure your data remains protected to the standards required by applicable law.
Booking Records
Retained for 5 years following completion of your travel experience, per Moroccan commercial law.
Marketing Data
Retained until you withdraw your consent.
Upon Expiry
Data is securely deleted or irreversibly anonymised.
AlloTrips SARL implements a range of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction.
- SSL/TLS encryption for all data transmitted via our website
- Restricted access controls and role-based permissions
- Firewall protections and intrusion detection systems
- Regular security audits and vulnerability assessments
While we strive to maintain the highest practicable security standards, no digital system or internet transmission can be guaranteed to be entirely secure. We encourage you to use strong passwords and to notify us immediately if you suspect any unauthorised use of your account or personal information.
Under EU / UK GDPR
AccessRequest a copy of the personal data we hold about you.
RectificationRequest correction of inaccurate or incomplete data.
ErasureRequest deletion of your personal data, subject to legal exceptions.
RestrictionRequest that we limit processing in certain circumstances.
ObjectionObject to processing based on legitimate interests or for direct marketing.
PortabilityReceive your data in a structured, machine-readable format.
Withdraw ConsentWithdraw consent at any time where processing is consent-based.
Under CCPA / CPRA — California Residents
- Right to know what personal information is collected, used, shared, or sold
- Right to request deletion of personal information
- Right to opt out of the sale or sharing of personal information (we do not sell personal data)
- Right to non-discrimination for exercising your privacy rights
To exercise any of these rights, contact us using the details in Section 11. We will respond within the timeframes required by applicable law and may need to verify your identity before processing your request.
Our website and services are not directed to children under the age of 16 (or under 13 in the United States). We do not knowingly collect personal data from minors.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately and we will take steps to delete such information.
Bookings Involving MinorsWhere minors participate in our tours or activities, all bookings must be made by a responsible adult aged 18 or over, who accepts these terms on behalf of the minor.
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our Data Privacy team:
If you are located in the EU or UK and believe we have failed to adequately address your data protection concerns, you have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, ICO in the UK).
AlloTrips SARL reserves the right to amend or update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory guidance. Where material changes are made, we will provide prominent notice on our website and, where appropriate, notify you directly by email.
The Effective Date displayed at the top of this page will be updated accordingly. Your continued use of our website following publication of any revised Policy constitutes your acknowledgement of the changes. We encourage you to review this Policy periodically.
