Cookie Policy
Update date: 07 June 2026
This Cookie Policy explains how MarHire and our partners use cookies and similar technologies on our websites and apps, the choices available to you, and how to exercise them. It should be read together with our Privacy Policy, which describes how we process personal data more generally.
This policy applies worldwide. Wherever you are located, you can manage non-essential cookies through our cookie banner and the "Manage cookies" link in our footer. Where local law requires prior consent for non-essential cookies, those cookies are switched off by default until you opt in; in other regions they may be on by default, but you can opt out at any time. The region-specific sections below summarise the legal bases we rely on and the rights available to you depending on where you live.
1) Who we are (Data Controller)
MarHire is a travel platform for car rentals, private drivers, boats, and activities, operated by MarHire LLC (a limited liability company registered in Wyoming, USA), with operations based in Agadir, Morocco.
For the purposes of the EU/UK GDPR, MarHire LLC is the data controller for personal data processed through cookies on our sites.
- Website: https://marhire.com
- Email: [email protected]
- Phone / WhatsApp: +212 660 745 055
- Privacy contact: [email protected]
2) What are cookies and similar technologies?
Cookies are small text files placed on your device when you visit a website. They let a site recognise your device, remember your actions and preferences, keep you logged in, measure how the site is used, and support advertising.
We also use similar technologies that work in comparable ways, including: browser local storage and session storage, pixels / web beacons, software development kits (SDKs) in mobile apps, and tags managed through Google Tag Manager. In this policy, "cookies" refers to all of these.
Cookies may be:
- First-party — set by MarHire.
- Third-party — set by partners (e.g., Google, Meta, TikTok, Stripe, Cloudflare).
- Session — deleted when you close your browser.
- Persistent — remain for a set period or until you delete them.
3) Why we use cookies (categories)
| Category | Purpose | Can you disable it? |
|---|---|---|
| Strictly necessary & security | Core functions: session/login, booking and checkout continuity, CSRF protection, load balancing, and bot/attack mitigation via our CDN/WAF. | No — required for the site to work |
| Functional | Remember preferences such as language (EN/FR/ES/DE/IT/PL/NL/PT/RU), currency, and region. | Yes |
| Analytics | Understand how the site is used and improve performance and content. | Yes (off by default in EEA/UK until you consent) |
| Advertising & retargeting | Measure ad campaigns, attribute conversions, and show relevant offers across Google, Meta, and TikTok. May involve profiling for ad personalisation. | Yes (off by default in EEA/UK until you consent) |
| Payments & fraud prevention | Support secure payment processing and detect fraud. We do not store full card numbers. | No (where used) — necessary to process a payment you request |
4) Cookies we use
The table below lists the main cookies and technologies in each category. Exact names and durations can change as providers update their products; the values shown are typical and should be confirmed against a current scan of the site. Third-party durations are set by the relevant provider.
Strictly necessary & security
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| laravel_session | MarHire (1st party) | Maintains your session and login state | Session cookie | Session |
| XSRF-TOKEN | MarHire (1st party) | CSRF / cross-site request forgery protection | Session cookie | Session |
| marhire_consent | MarHire (1st party) | Stores your cookie consent choices | Local storage | Up to 12 months |
| __cf_bm | Cloudflare | Bot management / abuse mitigation | 3rd party | 30 minutes |
| cf_clearance | Cloudflare | Security challenge / WAF verification | 3rd party | Up to 1 year |
Functional
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| marhire_lang | MarHire (1st party) | Remembers language preference | 1st party | Up to 12 months |
| marhire_currency | MarHire (1st party) | Remembers currency / region | 1st party | Up to 12 months |
Analytics — consent required in EEA/UK
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _ga | Google Analytics 4 | Distinguishes unique users | 3rd party | Up to 24 months |
| _ga_<id> | Google Analytics 4 | Persists GA4 session state | 3rd party | Up to 24 months |
Advertising & retargeting — consent required in EEA/UK
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| _gcl_au | Google Ads | Stores and measures ad-click conversions | 3rd party | Up to 90 days |
| IDE, test_cookie | Google / DoubleClick | Ad delivery and measurement | 3rd party | Up to 13 months |
| _fbp | Meta (Facebook) | Ad delivery, measurement, and retargeting | 3rd party | Up to 90 days |
| _ttp | TikTok | Ad measurement and attribution | 3rd party | Up to 13 months |
Payments & fraud prevention
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| __stripe_mid | Stripe | Fraud prevention (device identification) | 3rd party | 1 year |
| __stripe_sid | Stripe | Fraud prevention (session) | 3rd party | 30 minutes |
5) Legal bases & your choices around the world
We rely on different legal bases, and you have different rights, depending on the cookie category and your location. Across all regions, strictly necessary, security, and payment cookies are used because they are essential to provide the service you request — relying on our legitimate interests in operating a secure, functional service or on performance of a contract for payments. Functional, analytics, and advertising cookies are treated as non-essential and are governed by the rules of your region below.
European Economic Area, United Kingdom & Switzerland (EU GDPR, UK GDPR, Swiss FADP, ePrivacy / PECR)
- Non-essential cookies are used only with your prior consent, requested through our banner before they are set, and are off by default.
- You can withdraw consent at any time, as easily as giving it (Section 7). Withdrawal does not affect processing carried out beforehand.
Morocco (Law No. 09-08, CNDP)
- We rely on your consent where required and on legitimate interests for strictly necessary and security cookies, consistent with the requirements overseen by the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel).
United States
- California (CCPA/CPRA): certain advertising may be a "sale" or "sharing" of personal information. Residents can opt out via "Your Privacy Choices" / "Do Not Sell or Share My Personal Information," and we honour the Global Privacy Control (GPC) signal where applicable.
- Other states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and additional states as their laws take effect — give residents the right to opt out of targeted advertising and the sale of personal data, which you can exercise through the same controls and the GPC signal.
Brazil (LGPD)
- We process cookie data on the basis of your consent or another lawful basis under the LGPD. You have rights of access, correction, deletion, portability, and information about sharing, and may contact us or the ANPD.
Canada (PIPEDA & Quebec Law 25)
- We rely on consent (express or implied as permitted) for cookie use. You have rights of access and correction; Quebec residents have additional rights, including in relation to automated processing.
Australia, South Africa, and other jurisdictions (Privacy Act / APPs, POPIA, and comparable laws)
- We apply consent and choice mechanisms consistent with local law and provide the cookie controls described in Section 7.
Everywhere else
- Even where local law does not specifically require it, we make the same cookie controls available to all visitors and will honour reasonable requests to access or delete personal data associated with cookies, subject to identity verification.
6) How consent affects measurement (Consent Mode)
For visitors in regions where consent is required, our tags operate under Google Consent Mode v2:
- If you decline analytics or advertising cookies, those tags do not read or write cookies and do not collect identifiers from your device. Limited, cookieless and aggregated signals may still be used so we can understand overall trends without identifying you.
- If you accept, the relevant cookies and measurement function normally.
Declining does not prevent you from using the site or completing a booking.
7) Managing your choices
Cookie Settings (on our site): Use the banner shown on your first visit, or the "Manage cookies" link in our footer at any time, to enable or disable each category (except strictly necessary). Your choices are saved and re-applied on future visits, and we will ask again when this policy materially changes.
Browser and device controls: You can block or delete cookies through your browser or device settings. Blocking strictly necessary cookies may break parts of the site (e.g., booking or login). Guidance for common browsers:
Global Privacy Control (GPC): Where detected, we treat GPC as a valid opt-out of advertising "sale/sharing" where applicable. Standard "Do Not Track" (DNT) headers are not universally honoured and we do not currently respond to them.
Opt out at the source: You can also manage ad personalisation directly with Google, Meta, and TikTok.
8) Third parties
Some cookies and identifiers are set by third parties we use for security, analytics, advertising, payments, and communications. Their processing is governed by their own privacy policies:
- Cloudflare (security/CDN) — https://www.cloudflare.com/privacypolicy/
- Google (Analytics & Ads) — https://policies.google.com/privacy
- Meta (Pixel) — https://www.facebook.com/privacy/policy/
- TikTok (Pixel) — https://www.tiktok.com/legal/privacy-policy
- Stripe (payments) — https://stripe.com/privacy
Where the law requires consent, these load only after you accept the relevant category.
9) International data transfers
MarHire operates from Morocco and the USA, and our partners may process data in countries outside your own, including the EEA, UK, USA, and Morocco. Where personal data is transferred out of the EEA or UK, we rely on appropriate safeguards, such as:
- the EU-US / UK Data Privacy Framework, where the recipient is certified (Google, Meta, and Stripe participate); and/or
- Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK Addendum), together with supplementary measures where needed.
You may request more information about these safeguards using the contact details below.
10) Retention
- Strictly necessary cookies last for the session or as long as needed for security.
- Consent and preference cookies are kept for up to 6–12 months, after which we ask again.
- Analytics and advertising identifiers may persist for up to 13–24 months, subject to your consent and regional rules.
Specific durations are listed per cookie in Section 4.
11) Your rights
Depending on where you live, you may have some or all of the following rights over the personal data we process through cookies:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten" / deletion);
- restrict or object to processing, including profiling for targeted advertising;
- data portability;
- withdraw consent at any time;
- opt out of the sale or sharing of personal data and of targeted advertising (US states); and
- not be discriminated against for exercising your rights.
The exact rights available depend on your jurisdiction (see Section 5). To exercise any of them, email [email protected]. We may need to verify your identity before responding, and we will reply within the timeframes required by applicable law. You may also use an authorised agent where local law permits.
Right to complain to a regulator:
- EEA: your local supervisory authority — find it via the EDPB members list.
- United Kingdom: the Information Commissioner's Office (ICO).
- Switzerland: the Federal Data Protection and Information Commissioner (FDPIC).
- Morocco: the CNDP.
- Brazil: the ANPD.
- United States, Canada, Australia, and other regions: your relevant state attorney general, privacy commissioner, or data-protection authority.
12) Children
Our services are not directed to children under 16, and we do not knowingly use cookies to collect personal data from children. If you believe a child has provided us data, contact us so we can remove it.
13) Changes to this policy
We may update this policy to reflect changes in technology, law, or our services. When we make material changes, we will post a new Effective date and, where required, ask for your consent again through the cookie banner.
14) Contact
Questions about this Cookie Policy or your choices? Email: [email protected] • Phone/WhatsApp: +212 660 745 055
Book Trusted Travel Services Across Morocco
Find verified car rentals, private drivers, boats, and activities across Morocco with transparent pricing, local support, and easy online booking through MarHire.
