🔒 Privacy Policy for Elbaz Tours
Effective Date: [Current Date, e.g., November 3, 2025]
Elbaz Tours (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, book a tour, or communicate with us.
1. Important Information and Who We Are
The Data Controller: Elbaz Tours, [Your Official Address in Morocco – e.g., 12 Rue Principale, Marrakech, Morocco].
Contact for Privacy Issues: If you have any questions about this policy or your data, please contact our dedicated Privacy Team:
- Email: contact@elbaztours.com
- phone:+212 636-405858
2. The Data We Collect About You
We collect and process various categories of personal data, which we have grouped as follows:
| Category of Data | What We Collect | Purpose of Collection (Why?) |
| Identity Data | Name, date of birth, gender, nationality, passport details (for booking) | To process your bookings, verify identity, and fulfill contracts (e.g., flight/hotel manifests). |
| Contact Data | Email address, phone number, billing address | To communicate about your booking, send confirmations/updates, and provide 24/7 support. |
| Financial Data | Payment card details (processed securely by a third-party payment processor), transaction records | To process payments for tours and manage refunds. We do not store full credit card details. |
| Travel Data | Trip dates, destination preferences, dietary requirements, health information (if required for safety/assistance) | To arrange customized itineraries, accommodate special needs, and ensure a safe experience. |
| Technical Data | IP address, browser type, operating system, time zone setting, location | For website analytics, security, and to improve user experience. |
| Marketing Data | Preferences for receiving marketing, communication preferences | To send you relevant offers and updates (only if you consent). |
3. How We Collect Your Data
We collect data through the following methods:
- Direct Interactions: You provide data directly when you fill out our “Request a Quote” form, book a tour, subscribe to our newsletter, or communicate with our team via email or phone.
- Automated Technologies: As you interact with our website, we automatically collect Technical Data via cookies, server logs, and other tracking technologies (e.g., Google Analytics).
- Third Parties: We may receive data from affiliated travel agents or third-party payment processors (only transaction confirmation, not full card details).
4. How We Use Your Data and Legal Basis
We use your data only when the law allows us to. Most commonly, we use your personal data to:
| Purpose of Use | Legal Basis (e.g., under GDPR) |
| Process and Fulfill Bookings | Performance of a Contract: Necessary to provide the tour and services you purchased. |
| Communicate with You | Legitimate Interests: To service your booking and respond to inquiries promptly. |
| Marketing & Promotions | Consent: We will only send marketing emails if you have explicitly given us consent to do so. |
| Security and Fraud Prevention | Legitimate Interests: To protect our business and our customers from fraud. |
| Improve Website Performance | Legitimate Interests: To understand how our website is used and to make improvements. |
5. Disclosure and International Transfers
As a tour operator, we must share your data with third parties to fulfill your travel contract:
- Travel Providers: We share necessary Identity and Travel Data with hotels, guesthouses (Riads/Kasbahs), local guides, and transport companies in Morocco.
- Payment Processors: Your Financial Data is securely processed by trusted payment gateways (e.g., PayPal, Stripe).
- Regulators & Law Enforcement: We will disclose data when legally required to do so by Moroccan or international law.
Your personal data will be transferred outside of Morocco (e.g., if we use international cloud servers or email providers, and when dealing with international travel partners). We ensure your data is treated securely and in accordance with this privacy policy.
6. Data Security and Retention
- Data Security: We have implemented security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. This includes the use of SSL encryption on our website and limiting access to personal data to only necessary staff.
- Data Retention: We only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements (typically 5 years after a completed booking for financial records).
7. Your Legal Rights (Including GDPR Rights)
Depending on where you reside, you may have the following rights over your personal data:
- The Right to Access: Request a copy of the personal data we hold about you.
- The Right to Rectification: Request correction of any incomplete or inaccurate data we hold about you.
- The Right to Erasure: Ask us to delete your personal data (in specific circumstances).
- The Right to Object: Object to the processing of your data for direct marketing purposes.
- The Right to Withdraw Consent: Withdraw your consent for marketing at any time.
To exercise any of these rights, please contact our Privacy Team via the email address listed in Section 1.
8. Cookies
Our website uses cookies (small text files) to improve your experience. We use:
- Necessary Cookies: Required for the website to function (e.g., booking process).
- Analytical/Performance Cookies: To count visitors and see how they use the site (e.g., Google Analytics).
- Marketing Cookies: To track your browsing habits and show you relevant advertising.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
