1.1 Introduction
This Privacy & Data‑Protection Policy explains how Al Destino Resort SARL (“Al Destino”, “we”, “our”, “us”) collects, uses, discloses and safeguards your personal data when you visit our website, make a reservation, stay with us, interact on social media, or otherwise communicate with our team.
We comply with:
- EU Regulation 2016/679 (GDPR)
- Moroccan Law 09‑08 on the protection of personal data
- Any other data‑protection laws applicable to guests from the United Kingdom, Switzerland, the USA or Canada.
1.2 Data We Collect
| Category | Examples | Collection Points |
| Identification | name, passport/ID number, nationality, date of birth | online booking, check‑in form |
| Contact | email, phone, postal address, social‑media handle | booking engine, newsletter signup, live chat |
| Booking & Stay | dates, room type, rate plan, special requests, incidentals | booking engine, PMS, POS |
| Payment | tokenised card details, billing address | PCI‑compliant payment gateway |
| Marketing & Preferences | newsletter opt‑in, interests, survey answers | footer form, guest app |
| CCTV & Access | video footage in public areas, key‑card logs | CCTV cameras, door‑lock system |
1.3 Lawful Bases & Purposes
- Contract — to confirm reservations, process payments, provide requested services.
- Legal obligation — to register guests with Moroccan authorities and issue invoices.
- Legitimate interest — to improve services, secure premises, detect fraud.
- Consent — to send promotional emails or store dietary / health data you volunteer.
1.4 Data Sharing
We share data only with trusted processors and authorities:
- Channel manager & PMS (two‑way availability sync)
- Payment processor (PCI‑DSS Level 1)
- Email & marketing automation provider
- IT hosting & security providers
- Government bodies on lawful request (e.g., police, tax office)
All processors sign Data‑Processing Agreements (Art. 28 GDPR) and receive only the minimum data required.
1.5 International Transfers
If data leaves Morocco or the EEA, we apply Standard Contractual Clauses or other legally recognised safeguards.
1.6 Retention Periods
| Data Type | Retention |
| Guest profile & stays | 5 years after last stay |
| Financial & invoice data | 10 years (Moroccan tax law) |
| CCTV footage | 30 days, unless required for an investigation |
| Marketing opt‑in | until withdrawal or 3 years of inactivity |
1.7 Your Rights
You may request: access, rectification, erasure, restriction, data portability, objection to processing, or withdrawal of consent at any time. Email privacy@aldestino.com. We respond within 30 days.
1.8 Security Measures
- TLS 1.3 encryption
- Role‑based access control
- Periodic penetration tests
- Tokenisation of payment data
1.9 Supervisory Authority
You can complain to the CNDP Morocco or to your local EU supervisory authority.
1.10 Updates
Last updated : 18 July 2025. Changes will appear on this page and, where appropriate, via email.
