Privacy & Cookies Notice

This Privacy & Cookies Notice explains how Meet in Morocco collects, uses, shares and protects personal information when you visit our website, request or book a transfer, contact us or receive booking communications.

Meet in Morocco is the controller responsible for deciding how and why your personal information is used.

Meet in Morocco operates from 128 City Road, London, EC1V 2NX, United Kingdom.

For privacy questions or requests, contact bookings@meetinmorocco.com.

We may collect the following categories of personal information:

• Contact information: email address, WhatsApp or telephone number and telephone country code.
• Identity information:the lead passenger's name.
• Journey information: travel dates, flight numbers, airports, destinations, pickup and drop-off addresses, accommodation details and return-transfer information.
• Passenger and luggage information: passenger numbers, suitcases, surfboards, golf bags and other declared luggage or equipment.
• Special requirements: accessibility needs, mobility requirements or other information you choose to provide for the transfer.
• Booking and payment records: booking references, prices, currencies, payment status, refunds, disputes and identifiers supplied by Stripe. We do not directly receive or store complete payment-card details.
• Communications: complete email and WhatsApp conversations, booking messages, support requests, complaints, attachments and notification history.
• Technical information: an irreversibly hashed version of your IP address, approximate country, browser or device information, user agent, referring page and request timestamps.
• Website preferences: selected currency, cookie choices and similar settings.
• Analytics information: information about use of the website, subject to consent where required.
• Administration information: identity, email and authentication records for authorised administration users.

We collect personal information:

• directly from you when you use the website, request or complete a booking, contact us, communicate through email or WhatsApp, submit a complaint or otherwise interact with us;
• from the person making a booking where they book on behalf of another passenger;
• automatically through our website, server logs, security systems, cookies and analytics technologies;
• from Stripe regarding payments, refunds, payment failures and disputes;
• from airlines, airports or flight-data services where we use flight information to manage a pickup;
• from drivers and transport providers, including journey updates, location information, photographs, incident reports, lost-property information and feedback about the transfer;
• from fraud-prevention, security and technical service providers; and
• from other passengers or people involved in managing the booking.

If you provide personal information about another passenger, you must ensure that you are authorised to do so and that they have been informed that their information will be used in accordance with this notice.

• To provide and manage our services: to create quotations and booking drafts, process bookings and payments, arrange transfers, communicate pickup details, manage changes, cancellations and refunds, provide customer support and handle complaints. We rely on performance of a contract or steps requested before entering into a contract.
• To send transactional communications: to send essential booking, payment, pickup, driver, delay, cancellation and service information by email or WhatsApp. We rely on performance of a contract.
• To follow up incomplete bookings: to send limited reminders by email or WhatsApp where a booking has been started but not completed. We rely on our legitimate interest in helping customers complete requested bookings and recovering abandoned transactions.
• To request service feedback: to send a limited post-transfer request for a review or feedback. We rely on our legitimate interest in understanding and improving service quality. You may opt out of further review requests.
• To operate and improve our business: to monitor service quality, maintain records, investigate incidents, train and manage providers, analyse operational performance and improve the website and booking process. We rely on our legitimate interests.
• To prevent misuse and protect security: to prevent fraud, spam, payment abuse, unauthorised access and other unlawful or harmful activity. We rely on our legitimate interests and, where applicable, legal obligations.
• To comply with law: to maintain financial and tax records, respond to lawful requests and establish, exercise or defend legal claims. We rely on legal obligations and legitimate interests.
• To protect people: to use or disclose information where reasonably necessary to protect a passenger, driver or another person in an emergency. We rely on vital interests where applicable.
• To use non-essential analytics: to understand website use through optional analytics technologies. We rely on consent where required.
• To send promotional marketing: if introduced, we will send optional offers or promotional messages only where permitted by law, normally with separate consent. Marketing consent can be withdrawn at any time without affecting transactional booking communications.

When you begin a booking, we create a booking draft containing the journey, contact and other information supplied. This allows you to continue the booking and allows us to manage the requested service.

Booking drafts are normally retained for up to 10 days after the most recent activity and are then deleted automatically unless the booking has been completed or we are required to retain information for another lawful reason.

During that period, we may send a limited number of reminders by email or WhatsApp to help you continue or complete the booking. The number and timing of reminders may vary according to the booking status and proximity of the proposed journey.

Abandoned-booking reminders stop when the booking is completed, cancelled, expires or you ask us to stop them.

Each reminder will provide a reasonable way to stop further abandoned-booking reminders. Opting out will not prevent essential communications relating to a booking that you subsequently complete.

Abandoned-booking reminders are kept separate from promotional marketing. We will not treat starting a booking as consent to receive unrelated offers.

Payments are processed by Stripe. Stripe collects and processes payment-card, authentication, device and transaction information under its own privacy notice.

Stripe may use fraud-prevention and security services, including Stripe Radar, to assess transactions and prevent unauthorised or fraudulent payments.

Meet in Morocco receives limited payment records such as payment status, amount, currency, Stripe customer, Checkout Session, PaymentIntent, charge, refund and dispute identifiers, and fraud or payment-outcome information.

We use this information to complete bookings, reconcile payments, provide support, issue refunds, manage disputes, prevent fraud and maintain financial and accounting records.

Stripe customer records may be retained and reused for support, reconciliation and record-keeping connected with your bookings. We do not use the service to store payment cards for future bookings.

Meet in Morocco does not directly receive or store complete card numbers or card security codes.

We share personal information with selected transport providers and drivers where necessary to arrange and perform a transfer.

Depending on the booking, this may include the passenger name, necessary contact details, journey dates, flight information, pickup and drop-off locations, passenger numbers, luggage, special requirements and relevant booking notes.

We apply a data-minimisation approach and provide each provider or driver only with the information they reasonably need. An email address will not normally be shared where the passenger's name, telephone or WhatsApp number and journey details are sufficient.

Providers and drivers may contact passengers directly before and during the transfer to coordinate pickup, communicate delays, confirm locations or resolve operational issues.

Providers and drivers must not use booking information for unrelated marketing or contact passengers after the journey, except where reasonably necessary for lost property, a complaint, an incident, an insurance matter, a legal issue or another matter connected with the transfer.

We require providers to handle personal information confidentially, securely and in accordance with applicable data-protection requirements. A provider may also need to retain or use limited information independently to comply with local transport, insurance, licensing, tax or legal obligations.

We use email and WhatsApp to send booking drafts, payment confirmations, booking references, pickup instructions, driver details, delay updates, changes, cancellation information, reminders, support responses and other service-related communications.

Transactional email is currently delivered through Plunk. WhatsApp communications may be delivered through a specialist communications provider introduced in the future. These providers process contact details, message content and delivery information on our behalf.

We may record delivery, bounce, open and link-click information for email messages. Open tracking is not always reliable because mailbox privacy features may load images without the recipient reading the message.

Where available, we may record WhatsApp sending, delivery and read status.

Complete email and WhatsApp conversations, customer replies, attachments and delivery history may be stored against the booking record and made available to authorised administrators.

We use communication records to manage bookings, provide support, investigate complaints, resolve disputes, monitor service quality and assess transport-provider performance.

Essential communications relating to an active or completed booking cannot be opted out of where they are necessary to provide the service, manage payment, communicate safety information or comply with law.

You may separately opt out of abandoned-booking reminders, review requests and promotional marketing without preventing essential booking communications.

We use cookies, local storage and similar technologies to operate the website, remember preferences and understand website use.

Strictly necessary storage is used to maintain booking ownership, protect administration sessions, provide security and support essential website functions. It cannot be disabled through our website.

Functional storage remembers choices such as the selected currency. It may be used without consent where necessary to provide a feature requested by you.

We use Google Analytics 4 to understand how visitors use the website. Google Analytics will not load or set analytics cookies until you provide consent. Where enabled, Google may receive information about your device, browser, approximate location and interactions with the website.

We also use Plausible Analytics. Plausible is configured as a privacy-focused, cookieless analytics service and may operate without analytics consent where its configuration does not store information on your device or otherwise require consent.

Analytics consent is optional and does not affect your ability to request or book a transfer. Your choice is normally remembered for approximately six months.

You can withdraw or change analytics consent at any time using the Cookie settings link in the website footer. You can also block or delete cookies through your browser, although this may affect booking, currency or sign-in functionality.

Cookie choices are managed using a self-hosted copy of Silktide Consent Manager. Silktide does not receive personal information through this implementation.

We may share personal information with organisations that help us operate and provide our services, including:

• transport providers and drivers;
• Stripe for payment processing and fraud prevention;
• Firebase and Google Cloud for database, authentication and infrastructure services;
• Vercel for website hosting and delivery;
• Plunk for transactional email delivery and tracking;
• a future WhatsApp communications provider;
• Google Analytics where analytics consent has been provided;
• Plausible for privacy-focused, cookieless website analytics;
• authorised employees, contractors and customer-support personnel who require access to perform their duties;
• accountants, lawyers, insurers and other professional advisers;
• government authorities, regulators, courts and law-enforcement bodies where disclosure is required or lawfully requested; and
• potential investors, buyers or successors where the business is sold, reorganised, financed or transferred.

We may replace or add service providers as our business develops. Where a provider processes personal information on our behalf, we require appropriate confidentiality, security and data-protection commitments.

Meet in Morocco is operated from the United Kingdom, while transfer services are performed in Morocco. Personal information needed to arrange and provide a transfer must therefore be shared with selected transport providers and drivers in Morocco.

Some technology, payment, communications and professional service providers may process information in the United Kingdom, European Economic Area, United States or other countries.

Data-protection laws and levels of protection vary between countries. Where required, we use appropriate safeguards for international transfers, which may include adequacy regulations, approved contractual protections and supplementary security measures.

You may contact us for further general information about the safeguards applied to international transfers relevant to your personal information.

We retain personal information only for as long as reasonably necessary for the purposes described in this notice, including providing services, maintaining records, preventing fraud, resolving disputes and complying with legal obligations.

Our usual retention periods are:

• Uncompleted booking drafts: up to 10 days after the most recent activity.
• Completed booking records and communications: six years after the transfer.
• Payment, refund, dispute, tax and accounting records: seven years after the end of the relevant financial year.
• Failed or incomplete payment and fraud-prevention records: up to two years.
• Complaints, incidents, damage and legal claims: six years after resolution, or longer while proceedings or a legal requirement remain active.
• Transactional email and WhatsApp records: generally retained with the associated booking record.
• Google Analytics data: up to 14 months.
• Cookie-consent choices: normally six months before consent is requested again. Limited consent records may be retained longer where reasonably necessary to demonstrate compliance.
• Administration, authentication and security records: retained for a period appropriate to security, investigation and audit requirements.

Transport providers, drivers and other independent recipients may retain limited information for different periods where required by transport, insurance, licensing, tax or other applicable laws.

We may delete information earlier where it is no longer needed, or retain it for longer where required by law, fraud prevention, an investigation, complaint, dispute or legal claim. Where practical, information may be anonymised instead of deleted.

We use appropriate technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration or disclosure.

These measures include access controls, authentication, encryption in transit, restricted administrative access, server-side processing, data minimisation and security controls provided by our hosting, database, payment and communications providers.

Access to booking information is limited to authorised people and providers who reasonably need it for their role. Transport providers and drivers receive only the information necessary to perform or manage the relevant transfer.

No method of electronic transmission or storage can be guaranteed to be completely secure. We review and update safeguards as appropriate to the nature of the information and risks involved.

You should protect access to your email, telephone and WhatsApp accounts and notify us promptly if you believe a communication account or booking information has been compromised.

Depending on applicable law and your circumstances, you may have rights to:

• request access to personal information held about you;
• request correction of inaccurate or incomplete information;
• request deletion of information;
• request restriction of processing;
• object to processing based on legitimate interests;
• receive certain information in a portable format;
• withdraw consent at any time where processing relies on consent; and
• complain to a data-protection regulator.

Meet in Morocco does not currently make decisions that produce legal or similarly significant effects solely through automated processing.

To exercise a privacy right, email bookings@meetinmorocco.com. Please explain your request clearly. We may ask for information reasonably necessary to verify your identity and protect personal information from unauthorised disclosure.

We normally respond within one month. We may extend this period where permitted for complex or numerous requests and will explain the reason for any extension.

Privacy requests are normally free. Where a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request where permitted by law.

Some rights are subject to legal limitations and exemptions. For example, we may retain information needed for accounting, fraud prevention, legal claims or the rights of another person.

Our website and booking service are intended for adults aged 18 or over. Children may be passengers, and the adult making the booking may provide limited information required to arrange their transfer.

We do not knowingly allow children to enter contracts or independently submit bookings. Passengers under 18 must be accompanied by a responsible adult during the transfer.

We ask customers to provide only information reasonably necessary for a child's journey and to avoid providing unnecessary details.

If we learn that a child has independently provided personal information without appropriate adult involvement, we may delete it.

If you have a concern about how we use personal information, please contact us so that we can try to resolve it.

You may also have the right to complain to the UK Information Commissioner's Office or, where applicable, a data-protection authority in your country of residence.

We may update this Privacy & Cookies Notice to reflect changes to our services, providers, technology or legal obligations.

The latest version will be published on this page with its effective date. Where a change materially affects how we use information connected with an existing booking, we may also notify you by email or another appropriate method.

Previous processing remains governed by the notice and legal basis applicable at the relevant time.

Email: bookings@meetinmorocco.com

Please use the subject “Privacy request” and provide enough information for us to identify your records and understand the request.