1. Introduction
This Privacy Policy aims to inform users of the AutoRent.ma service (hereinafter "the Service") of the methods of collection and processing of their personal data, in compliance with Moroccan law no. 09-08 of February 18, 2009 on the protection of natural persons with regard to the processing of personal data and its implementing texts, as well as the General Data Protection Regulation (GDPR) when applicable to residents of the European Union.
By using the Service, you acknowledge having read this policy and accept the processing operations described herein, within the limits of the applicable legal bases.
2. Data controller
The controller of personal data collected via the Service is:
Triggerz Design Studio
A company organized under Moroccan law
Registered office: Amsterdam, Netherlands
Email: privacy@autorent.ma
DPO: dpo@autorent.ma
3. Data collected
We collect different categories of data depending on the context of use of the Service:
3.1 Data provided directly
- Identification data: last name, first name, company name, tax identifier (ICE), commercial registry number;
- Contact details: postal address, email, phone number, city;
- Billing data: payment information (processed by our CMI provider), invoice history;
- User content: vehicle catalog, descriptions, photos, pricing.
3.2 Data collected automatically
- Connection data: IP address, browser type, operating system, pages visited, dates and times of access;
- Cookies and trackers: see our Cookie Policy;
- Usage data: features used, login frequency, performance metrics.
4. Purposes of processing
Collected data is processed for the following purposes:
- Creation and management of the user account;
- Provision, improvement and personalization of the Service;
- Billing, accounting and collection;
- Customer support and technical assistance;
- Sending communications related to the Service (notifications, security updates);
- Sending commercial information (with prior consent);
- Audience measurement and performance improvement;
- Compliance with legal and regulatory obligations (accounting, taxation, anti-money laundering).
5. Legal basis for processing
In accordance with law 09-08 and the GDPR, each processing operation is based on one of the following legal bases:
- Performance of the contract: for providing the subscribed Service, billing and support;
- Consent: for marketing communications, non-essential cookies and the newsletter;
- Legal obligation: for retention of accounting and tax data (10 years);
- Legitimate interest: for Service security, fraud prevention and product improvement.
6. Data recipients
Your data is never sold to third parties. It may be shared with the following recipients, strictly to the extent necessary:
- Authorized personnel of Triggerz Design Studio (technical, support and accounting teams);
- Subcontractors bound by a confidentiality agreement: hosting provider, payment provider (CMI), email service, analytics tools;
- Administrative or judicial authorities where required by law;
- Legal and accounting advisors bound by professional secrecy.
7. Transfers outside Morocco
Some data may be processed by providers located outside Morocco, in particular within the European Union (hosting, emailing). In such cases, we ensure that:
- The recipient country offers an adequate level of protection recognized by the CNDP;
- Failing that, appropriate contractual safeguards are put in place (standard contractual clauses);
- Prior authorization from the CNDP is obtained where required.
8. Retention period
Data is kept for a duration that does not exceed what is necessary for the purposes for which it is processed:
- Active account data: throughout the duration of the subscription;
- Inactive or terminated account data: 30 days to allow export, then deletion;
- Billing data: 10 years from the close of the financial year (accounting obligation);
- Connection data: 12 months maximum;
- Cookies: variable durations detailed in our Cookie Policy;
- Non-customer prospects: 3 years from the last contact.
9. Your rights
In accordance with law 09-08 and the GDPR, you have the following rights over your personal data:
- Right of access: obtain confirmation that your data is being processed and receive a copy;
- Right of rectification: have inaccurate or incomplete data corrected;
- Right to erasure ("right to be forgotten"): request the deletion of your data in cases provided for by law;
- Right to portability: receive your data in a structured, machine-readable format;
- Right to object: object to the processing of your data on legitimate grounds;
- Right to restriction: request the suspension of a contested processing operation;
- Right to withdraw your consent at any time, without retroactive effect.
To exercise these rights, contact our DPO at dpo@autorent.ma, attaching a copy of your identity document. We respond within a maximum of one (1) month.
10. Cookies
The Service uses cookies and similar technologies to ensure its operation, measure its audience and personalize your experience. For more details on the cookies used and how to manage them, please consult our Cookie Policy.
11. Security
We implement appropriate technical and organizational security measures to protect your data against loss, misuse, unauthorized access, disclosure, alteration or destruction:
- TLS 1.3 encryption of communications;
- Encryption at rest of databases and backups;
- Role-based access control and strong authentication;
- Daily encrypted backups stored in separate datacenters;
- Access logging and anomaly detection;
- Regular security tests and a responsible disclosure policy.
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify you as soon as possible in accordance with legal requirements.
12. Compliance with law 09-08 and GDPR
This processing complies with Moroccan law no. 09-08 on the protection of natural persons with regard to the processing of personal data and with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) where users reside in the European Union.
As a data controller, Triggerz Design Studio applies the principles of lawfulness, fairness, transparency, minimization, accuracy, storage limitation, integrity and confidentiality.
13. National Commission for the Protection of Personal Data (CNDP)
The personal data processing operations carried out as part of the Service have been subject to the required filings with the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP), the Moroccan data protection authority and an independent administrative authority established by law 09-08.
If, after contacting us, you believe your rights are not respected, you may file a complaint with the CNDP:
CNDP – Commission Nationale de contrôle de la protection des Données à caractère Personnel
Website: www.cndp.ma
Address: Avenue Mehdi Ben Barka, Hay Ryad, Rabat, Morocco
14. DPO contact
For any question relating to this policy or to exercise your rights, you may contact our Data Protection Officer (DPO):
- DPO email: dpo@autorent.ma
- General email: privacy@autorent.ma
- Postal address: Triggerz Design Studio, attn. DPO, Amsterdam, Netherlands
- WhatsApp: +212 600 000 000