Legal Document

Privacy Policy

How we collect, use, and protect your personal information when you book with Moratra.

Effective Date:

Moratra is a registered brand operated and managed by AlloTrips SARL, Marrakech, Morocco. AlloTrips SARL is the data controller for all personal information processed through this website.

Table of Contents

01Introduction 02Information We Collect 03How We Use Your Data 04Legal Bases (GDPR) 05Sharing Information 06International Transfers 07Data Retention 08Data Security 09Your Rights 10Children's Privacy 11Contact Us 12Policy Updates

Introduction

Moratra is a registered brand operated and managed by AlloTrips SARL, a company incorporated under the laws of the Kingdom of Morocco, with registered offices in Marrakech, Morocco. AlloTrips SARL is the data controller responsible for the personal information collected through this website and all associated booking and travel services.

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you visit moratra.com or use our tour, activity, excursion, and travel booking services.

Applicable RegulationsWe operate in compliance with Moroccan data protection law (Law No. 09-08), the EU GDPR (Regulation 2016/679), the UK GDPR, and U.S. privacy regulations including the CCPA as amended by the CPRA, to the extent each applies to our data processing activities.

By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our website and services.

Information We Collect

We collect personal information you provide directly to us, as well as information gathered automatically through your use of our website.

A. Information You Provide Directly

Full name, phone number, and email address
Nationality, country of residence, and preferred language
Booking details including tour or activity selected, travel date, number of participants, and any special requests or accessibility requirements
Payment-related data: Billing information only. Full card details are processed exclusively by PCI-DSS-compliant processors. AlloTrips SARL does not store or have direct access to your card numbers.
Correspondence, enquiries, complaints, and feedback submitted via email, contact forms, or other channels

B. Automatically Collected Information

Device type, browser type, and operating system
IP address and approximate geolocation
Pages visited, time spent, and navigation paths on our website
Referring source — search engines, social media platforms, and advertising networks
Cookie identifiers and analytics logs

C. Cookies & Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyse website usage. Essential cookies are placed automatically. Non-essential cookies are only deployed following your explicit consent, in compliance with GDPR. You may withdraw consent at any time via our Cookie Preference Centre.

How We Use Your Information

To process, confirm, and manage your tour and activity bookings
To send booking confirmations, pre-departure information, and operational updates
To communicate with you regarding enquiries, complaints, or customer support requests
To send promotional offers, newsletters, and marketing communications, strictly subject to your prior consent
To improve, personalise, and optimise our website and service offerings
To comply with our legal, regulatory, and financial obligations
To detect, prevent, and investigate fraudulent transactions or security incidents
To defend our legal rights in the event of a dispute or claim

Our CommitmentWe never sell, rent, or trade your personal data to third parties for any commercial purpose.

Legal Bases for Processing (GDPR)

Where EU or UK GDPR applies to our processing activities, we rely on the following lawful bases:

Contractual NecessityProcessing is necessary to fulfil a booking, respond to a pre-contractual enquiry, or deliver the services you have requested.

Legitimate InterestsImproving our services, ensuring website security, and preventing fraud — provided such interests are not overridden by your rights.

ConsentFor marketing, non-essential cookies, or analytics. You may withdraw consent at any time without affecting prior processing.

Legal ObligationTo comply with applicable Moroccan law, EU law, or other binding legal obligations to which AlloTrips SARL is subject.

Sharing of Personal Information

We may share your personal data with the following categories of recipients, solely to the extent necessary and for the purposes described in this Policy:

Service Providers: Web hosting providers, email platforms, payment processors, and analytics providers. These parties are bound by data processing agreements and are prohibited from using your data for their own purposes.
Operational Partners: Local tour guides, transport operators, accommodation providers, activity suppliers, and ground operators involved in delivering the experience you booked. They receive only information necessary to fulfil your booking.
Legal & Regulatory Authorities: Where required by Moroccan law, EU law, court order, or other legally binding governmental request.
Business Transfers: In the event of a merger, acquisition, or sale of assets involving AlloTrips SARL, your data may be transferred to the successor entity, subject to equivalent privacy protections.

International Data Transfers

As a Morocco-based company serving an international customer base, your personal data may be transferred to and processed in countries outside your country of residence, including within the EEA, the United Kingdom, the United States, and Morocco.

Our SafeguardWhere transfers involve countries without an adequate level of data protection, we implement Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognised transfer mechanisms, to ensure your data remains protected to the standards required by applicable law.

Data Retention

Booking Records

Retained for 5 years following completion of your travel experience, per Moroccan commercial law.

Marketing Data

Retained until you withdraw your consent.

Upon Expiry

Data is securely deleted or irreversibly anonymised.

Data Security

AlloTrips SARL implements a range of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction.

SSL/TLS encryption for all data transmitted via our website
Restricted access controls and role-based permissions
Firewall protections and intrusion detection systems
Regular security audits and vulnerability assessments

While we strive to maintain the highest practicable security standards, no digital system or internet transmission can be guaranteed to be entirely secure. We encourage you to use strong passwords and to notify us immediately if you suspect any unauthorised use of your account or personal information.

Your Rights

Under EU / UK GDPR

AccessRequest a copy of the personal data we hold about you.

RectificationRequest correction of inaccurate or incomplete data.

ErasureRequest deletion of your personal data, subject to legal exceptions.

RestrictionRequest that we limit processing in certain circumstances.

ObjectionObject to processing based on legitimate interests or for direct marketing.

PortabilityReceive your data in a structured, machine-readable format.

Withdraw ConsentWithdraw consent at any time where processing is consent-based.

Under CCPA / CPRA — California Residents

Right to know what personal information is collected, used, shared, or sold
Right to request deletion of personal information
Right to opt out of the sale or sharing of personal information (we do not sell personal data)
Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us using the details in Section 11. We will respond within the timeframes required by applicable law and may need to verify your identity before processing your request.

Children's Privacy

Our website and services are not directed to children under the age of 16 (or under 13 in the United States). We do not knowingly collect personal data from minors.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately and we will take steps to delete such information.

Bookings Involving MinorsWhere minors participate in our tours or activities, all bookings must be made by a responsible adult aged 18 or over, who accepts these terms on behalf of the minor.

Contact Information

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our Data Privacy team:

✉️

[email protected]

📞

Phone

+212 727-541683

📍

Address

AlloTrips SARL, Marrakech, Morocco

🌐

Website

moratra.com

If you are located in the EU or UK and believe we have failed to adequately address your data protection concerns, you have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, ICO in the UK).

Updates to This Policy

AlloTrips SARL reserves the right to amend or update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory guidance. Where material changes are made, we will provide prominent notice on our website and, where appropriate, notify you directly by email.

The Effective Date displayed at the top of this page will be updated accordingly. Your continued use of our website following publication of any revised Policy constitutes your acknowledgement of the changes. We encourage you to review this Policy periodically.