Privacy Policy
Update date: 07 Jun 2026
MarHire ("MarHire," "we," "us," "our") respects your privacy. This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and the rights and choices available to you. It should be read together with our Cookie Policy, which describes our use of cookies and similar technologies in detail.
This policy applies worldwide. The legal bases we rely on and the rights available to you depend on where you live; the region-specific details are set out in Sections 4 and 10.
1) Who we are (Data Controller)
MarHire is a travel platform (online travel agency) that helps you book car rentals, private drivers and transfers, boat rentals, and tours and activities with trusted local partners across Morocco. The service is operated by MarHire LLC (a limited liability company registered in Wyoming, USA), with operations based in Agadir, Morocco.
For the purposes of applicable data-protection laws (including the EU and UK GDPR, the Swiss FADP, Morocco's Law No. 09-08, and US state privacy laws), MarHire LLC is the data controller for personal data collected through our websites and official channels.
When you book a service supplied by a local partner (a car rental agency, driver, boat owner, or activity provider), that partner is an independent controller for the data they receive to fulfil your booking.
- Website: https://marhire.com
- Email: [email protected]
- Phone / WhatsApp: +212 660 745 055
- Privacy contact: [email protected]
- Languages supported: EN, FR, ES, DE, IT, PL, NL, PT, RU
2) Scope
This policy applies when you:
- browse our websites or apps;
- make an enquiry or booking;
- communicate with us by email, phone, WhatsApp, or social media;
- receive marketing from us; or
- otherwise interact with MarHire.
3) Personal data we collect
Data you provide directly
- Identification & contact: name, email, phone/WhatsApp, billing address.
- Booking details: travel dates, pick-up/drop-off locations, flight numbers (for transfers), party size, add-ons.
- Driver verification (car rentals): driver's licence details (number, issuing country, expiry) and age/date of birth where required by law or by the partner/insurer.
- Payment details: we do not store full card numbers. Payments are handled by certified providers; we may retain tokens, the last four digits, transaction IDs, and payment status.
- Support content: messages and any attachments you choose to send (e.g., photos of documents).
- Preferences: language, currency, marketing preferences, service interests.
Data collected automatically
- Device & usage: IP address, device type, browser, operating system, pages viewed, referring URLs, timestamps, error logs.
- Cookies & similar technologies: identifiers used to keep you logged in, remember preferences, measure performance, and support analytics and advertising — see our Cookie Policy.
- Approximate location: derived from your IP address for language/currency selection and fraud prevention.
Data from third parties
- Local partners — to confirm and fulfil bookings, handle changes/cancellations, and provide post-service support.
- Payment providers — fraud checks and payment confirmations.
- Analytics and advertising partners — aggregated insights and measurement identifiers (no raw card data).
- Social or login providers — if you interact with us through those channels.
4) How and why we use your data (purposes & legal bases)
| Purpose | What it covers | Legal basis |
|---|---|---|
| Provide services & manage bookings | Enquiries, reservations, changes/cancellations, pick-up/drop-off coordination, confirmations and essential updates | Performance of a contract |
| Verify eligibility & safety | Driver's licence and age checks required by partners/insurers | Legal obligation / contract / legitimate interests |
| Payments & fraud prevention | Process payments, detect and prevent misuse or unlawful activity | Contract / legal obligation / legitimate interests |
| Customer support | Respond via email, phone, and WhatsApp across our supported languages | Contract / legitimate interests |
| Personalise & improve | Language, currency, UX, troubleshooting, analytics, A/B testing | Legitimate interests / consent where required |
| Marketing | Newsletters, offers, and retargeting where permitted; opt out anytime | Consent / legitimate interests |
| Legal & compliance | Tax, accounting, lawful requests, enforcing terms, resolving disputes | Legal obligation / legitimate interests |
Where we rely on consent (e.g., certain analytics, advertising, and marketing), you can withdraw it at any time without affecting processing already carried out. Where we rely on legitimate interests, you can object (see Section 10).
5) Cookies, analytics & advertising
We use strictly necessary cookies (security, session, checkout), functional cookies (preferences, load balancing/CDN), analytics (e.g., Google Analytics 4), and advertising/retargeting technologies (e.g., Google Ads, Meta, TikTok) to measure campaigns and show relevant offers.
You can manage these through our cookie banner and the "Manage cookies" link in our footer, and through your browser settings. Where required, advertising and analytics technologies load only after you consent, and we honour the Global Privacy Control (GPC) signal where applicable. Full details — including the specific cookies, providers, and durations — are in our Cookie Policy, which is the authoritative source on this topic.
6) How we share your data
We share personal data only as needed:
- Local partners/suppliers (car rental agencies, drivers, boat owners, activity providers) — to deliver your booking.
- Payment processors & banks (e.g., Stripe) — to process transactions securely; we do not store full card numbers.
- Hosting, security & CDN providers (e.g., our VPS host and Cloudflare for DDoS/WAF/CDN).
- Communication tools — email/SMS/WhatsApp services used to deliver confirmations and support.
- Analytics & marketing platforms (e.g., Google, Meta, TikTok) — using aggregated data and identifiers, subject to your consent and local law.
- Professional advisers & authorities — auditors and legal counsel, and to comply with lawful requests.
We do not sell your personal information. If any activity is treated as a "sale" or "sharing" for cross-context behavioural advertising under US state laws, you have the right to opt out (see Section 10).
7) International data transfers
MarHire operates from Morocco and the USA, and our partners and processors may operate in other countries, including the EEA, UK, USA, and Morocco. Where personal data is transferred across borders, we rely on appropriate safeguards, such as adequacy decisions, the EU-US / UK Data Privacy Framework (where the recipient is certified — e.g., Google, Meta, Stripe), or Standard Contractual Clauses (SCCs) with the UK Addendum and supplementary measures where needed. You may request more information using the contact details above.
8) Data retention
We keep personal data only as long as necessary for the purposes described:
- Bookings & invoices: typically 6 years (tax, accounting, and claims).
- Driver/ID checks: for as long as needed to deliver the service and as required by law or insurers, then securely deleted or anonymised.
- Support tickets: up to 3 years after closure (service quality and defence of claims).
- Marketing data: until you unsubscribe or withdraw consent, after which we keep minimal suppression records.
- Web logs & analytics: typically 12–24 months, then aggregated or anonymised.
Retention may be longer where required by law or to resolve disputes.
9) Data security
We use reasonable technical and organisational measures to protect personal data, including TLS encryption in transit, access controls, logging, firewalling/WAF/CDN, and regular patching and monitoring. No system is completely secure; please contact us immediately if you suspect unauthorised use of your account or data.
10) Your privacy rights worldwide
Depending on where you live, you may have some or all of the following rights:
- access a copy of your personal data;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten");
- restrict or object to processing, including profiling for direct marketing;
- data portability;
- withdraw consent at any time;
- opt out of the sale or sharing of personal data and of targeted advertising; and
- not be discriminated against for exercising your rights.
The rights available depend on your jurisdiction:
- EEA, UK & Switzerland (EU GDPR, UK GDPR, Swiss FADP): the full set of rights above, plus the right to complain to a supervisory authority.
- Morocco (Law No. 09-08, CNDP): rights of access, rectification, and opposition, and the right to contact the CNDP.
- United States — California (CCPA/CPRA): rights to know/access, correct, delete, and opt out of sale/sharing, with no discrimination for exercising them.
- United States — other states (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others as their laws take effect): rights to access, correct, delete, and opt out of targeted advertising and the sale of personal data.
- Brazil (LGPD): rights of access, correction, deletion, portability, and information about sharing; you may contact the ANPD.
- Canada (PIPEDA & Quebec Law 25): rights of access and correction, with additional rights for Quebec residents.
- Australia, South Africa, and other regions: rights consistent with local law (Privacy Act/APPs, POPIA, and comparable frameworks).
- Everywhere else: we extend the same core choices to all users and honour reasonable access and deletion requests, subject to verification.
How to exercise: email [email protected] with the subject "Privacy Request." We may need to verify your identity, and you may use an authorised agent where local law permits. If a local partner holds your data as their own controller, we may also direct you to contact them.
Right to complain to a regulator:
- EEA: your local supervisory authority — see the EDPB members list.
- UK: the Information Commissioner's Office (ICO).
- Switzerland: the Federal Data Protection and Information Commissioner (FDPIC).
- Morocco: the CNDP. Brazil: the ANPD.
- United States, Canada, Australia, and other regions: your state attorney general, privacy commissioner, or data-protection authority.
11) Children's privacy
Our services are not directed to children, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, contact [email protected] and we will take appropriate steps to delete it.
12) WhatsApp & other messaging apps
If you contact us via WhatsApp or similar apps, your phone number and message content are also processed by those platforms under their own terms. We use these channels only to coordinate enquiries, bookings, and support. You can switch to email at any time.
13) Automated decision-making & profiling
We do not make decisions producing legal or similarly significant effects based solely on automated processing. We may use limited profiling for fraud prevention, risk scoring, and presenting relevant offers. You can object to marketing profiling at any time.
14) Third-party links
Our site may link to partner sites and social networks. We are not responsible for their privacy practices; please review their policies before providing data.
15) Changes to this policy
We may update this policy to reflect changes in our practices or in applicable laws. We will post the updated version with a new Effective date, and where appropriate notify you on-site or by email of significant changes.
16) How to contact us
Questions, or wish to exercise your rights? Email: [email protected] • Phone/WhatsApp: +212 660 745 055
Book Trusted Travel Services Across Morocco
Find verified car rentals, private drivers, boats, and activities across Morocco with transparent pricing, local support, and easy online booking through MarHire.
