Menu

Privacy Policy

This Privacy Policy explains how personal data is collected, used, and protected when you visit www.mementomorocco.com and use our services.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and the UK Data Protection Act 2018.

Last updated: April 13, 2026

Controller Information

The controller responsible for data processing on this website is:

Memento Universe Ltd
27 Old Gloucester Street, London, WC1N 3AX
United Kingdom
Company registered in England and Wales
Email: contact@mementomorocco.com
Director: Mr. Badr-Eddine Rachadi

Hosting and Infrastructure

This website is hosted on dedicated servers provided by Hetzner Online GmbH. Data is stored exclusively on servers located in Finland (European Union).

This ensures an adequate level of data protection in accordance with EU and UK data protection laws. Hetzner implements appropriate technical and organisational security measures.

Content Management and Tools

WordPress

This website uses WordPress as a content management system. Personal data is processed only to the extent necessary to ensure website functionality and security.

Elementor Pro & Crocoblock

We use Elementor Pro and Crocoblock for website design and functionality. These tools are configured to operate without transmitting personal data to third parties.

Bookings & Payment Processing

We use WooCommerce and JetBooking to manage bookings and process payments on this website.

When you make a booking, the following personal data is collected and hosted on our servers:

  • Name, location and contact details
  • Billing information

Payments are securely processed through third-party providers:

  • PayPal
  • Stripe

We do not store or have access to your full payment details (such as credit card numbers). These are processed directly by the payment providers.

PayPal and Stripe may process your data in accordance with their own privacy policies and may transfer data outside the UK or European Economic Area (EEA). Appropriate safeguards, such as Standard Contractual Clauses, are used to protect your data.

Legal basis: Article 6(1)(b) UK GDPR / EU GDPR (performance of a contract).

Transactional Email Service (Brevo)

We use Brevo (Sendinblue), provided by Brevo SAS, 55 rue d’Amsterdam, 75008 Paris, France, to send transactional emails such as booking confirmations and contact responses.

Brevo acts as a data processor under a Data Processing Agreement in accordance with Article 28 UK GDPR / EU GDPR.

Data processed may include:

  • Name and email address
  • Technical delivery data (e.g. timestamp, delivery status)

Emails are saved as logs for a duration of 1 month and are deleted after 1 month.

Brevo processes data primarily within the European Union. Where data transfers occur outside the EU, appropriate safeguards such as Standard Contractual Clauses are applied.

Contact & Booking Forms

When you submit a contact form on our website:

  • Your data is transmitted securely via email
  • Your data is securely stored in the website database for as long as needed to process your requests

Legal basis: Article 6(1)(b) UK GDPR / EU GDPR (pre-contractual communication).

ALTCHA Spam Protection

We use ALTCHA, a self-hosted, open-source spam protection service, to protect our website from automated submissions and spam. ALTCHA operates entirely on our own servers and does not send any personal data to third parties.

ALTCHA works by generating a cryptographic challenge in your browser, which your device solves locally using a proof-of-work algorithm. This process:

  • Does not use cookies or any form of browser fingerprinting

  • Does not track your browsing activity

  • Does not collect or store any personal information

  • Does not share any data with external services

The verification happens in real-time and no data is retained on our servers after verification is complete. The cryptographic challenge expires automatically after one hour.

ALTCHA is fully compliant with GDPR, WCAG 2.2 AA accessibility standards, and the European Accessibility Act (EAA). For more information, visit altcha.org.

Sharing Data with Third Parties

To deliver your travel services, we may share your personal data with trusted third-party partners, including:

  • Hotels, riads, and desert camps
  • Transport providers and drivers
  • Local guides and activity providers
  • Restaurants and service partners

This data is shared solely for the purpose of fulfilling your booking and delivering the agreed services.

Legal basis: Article 6(1)(b) UK GDPR / EU GDPR (performance of a contract).

Cookies and Consent

We use cookies to ensure proper website functionality and, where applicable, to analyse website usage.

Cookie consent is managed through Complianz.

  • Essential cookies are active by default
  • Analytics cookies are only activated with your consent

You may withdraw or modify your consent at any time.

Google Analytics

This website uses Google Analytics, provided by Google Ireland Ltd.

  • IP anonymisation is enabled
  • Data is used only for internal analysis
  • Tracking is activated only after user consent

Google may transfer data to the United States. Such transfers are protected using Standard Contractual Clauses.

Legal basis: Article 6(1)(a) UK GDPR / EU GDPR (consent).

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy.

Booking-related data may be retained for up to 10 years to comply with legal and tax obligations.

Security Measures

We implement appropriate technical and organisational measures, including:

  • SSL/TLS encryption
  • Firewall protection
  • Secure authentication systems
  • Regular backups

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects.

Supervisory Authority

If you are based in the United Kingdom, you may contact:

Information Commissioner’s Office (ICO)
https://ico.org.uk

If you are located in the European Union, you may contact your local data protection authority.

International Data Transfers

Where personal data is transferred outside the UK or European Economic Area (EEA), appropriate safeguards such as Standard Contractual Clauses are applied.

Contact

If you have any questions or wish to exercise your rights, please contact:

Memento Universe Ltd
Email: contact@mementomorocco.com

Changes to this Policy

We reserve the right to update this Privacy Policy at any time. Continued use of the website constitutes acceptance of any changes.

Close
Home
Tours
Blog
Weather
Contact
About
Register & login

Your Trip, You Take The Lead!

40% of the global bookings we receive are tailor made by our beloved travelers. People more often prefer to take full advantage of this opportunity and have full control over their trips. We are so happy to support your future memorable trip and make it a lifetime experience for you!

Your Trip, You Take The Lead!

40% of the global bookings we receive are tailor made by our beloved travelers. People more often prefer to take full advantage of this opportunity and have full control over their trips. We are so happy to support your future memorable trip and make it a lifetime experience for you!

Personal Information
First Name*
Last Name*
Email*
Phone
Nationality
correspondence country
Trip Preferences
From*
To*
Adults*
Children
Infant
Desired Itinerary