PREAMBLE
A. As part of the operation of its hotel activities and the provision of its services (including reservation management, guest reception, stay management, and operation of its Website), Babylon Hotels, a Moroccan public limited company with a share capital of 18,000,000 dirhams, whose registered office is located at Bab Lghoul, Dhar El Mehraz, Fez (“Babylon Hotels”), is required to collect and process Personal Data relating to its Clients and Prospects in its capacity as data controller.
B. The main purpose of this document is to present, in a concise, transparent, intelligible, and easily accessible format, information relating to the processing of Personal Data carried out by Babylon Hotels, in order to enable Data Subjects to understand under what conditions their Personal Data is processed.
C. Babylon Hotels undertakes to protect the confidentiality of the Personal Data in its possession, in accordance with Moroccan legislation and regulations, as well as European legislation where applicable.
1. DEFINITIONS
When used in this Privacy Policy with an initial capital letter, the terms below, whether singular or plural, shall have the following meanings:
• Client: means any natural or legal person making a reservation or benefiting from the services offered by Babylon Hotels.
• Cookies: means files that may be stored on the device of a person visiting the Website, in particular to ensure its proper functioning and improve the browsing experience.
• Personal Data: means any information that directly or indirectly identifies a natural person.
• Data Subject: means any natural person whose Personal Data is collected and/or processed by Babylon Hotels, whether as a Client or a Prospect, in accordance with Law No. 09-08 relating to the protection of Personal Data.
• Prospect: means any natural person likely to become a client of Babylon Hotels, in particular any person who contacts Babylon Hotels to obtain information, make a reservation request, request a quote, or interact with Babylon Hotels, especially via its Website or any other means of communication.
• Website: means the website operated by Babylon Hotels, allowing access to information about Babylon Hotels, room reservations, and certain online services.
2. PURPOSE OF THE PRIVACY POLICY
This Privacy Policy (“Privacy Policy”) aims to inform Data Subjects, in a clear and transparent manner, about the conditions under which their Personal Data is collected and processed in accordance with the provisions of Law No. 09-08 relating to the protection of individuals with regard to the processing of Personal Data.
It specifies, in particular but not limited to:
● the categories of Personal Data collected;
● the purposes of the processing carried out;
● the legal bases of such processing;
● the retention periods of Personal Data;
● the rights granted to Data Subjects under applicable legislation.
The Privacy Policy applies to all processing of Personal Data carried out in the context of Babylon Hotels’ activities, in particular when using its Website and providing hotel services.
3. LEGAL FRAMEWORK
Babylon Hotels processes the Personal Data of Data Subjects in accordance with:
● Law No. 09-08 relating to the protection of individuals with regard to the processing of Personal Data;
● implementing texts, decisions, and recommendations issued by the National Commission for the Control of Personal Data Protection (CNDP);
● recognized best practices in terms of security and protection of Personal Data.
In this context, Babylon Hotels acts as the data controller within the meaning of Law 09-08 and determines the purposes and means of the processing carried out.
4. GENERAL PRINCIPLES
Babylon Hotels undertakes to comply, in the processing of Personal Data it carries out, with the following principles:
● lawfulness, fairness, and transparency of processing;
● specified, explicit, and legitimate purposes for which Personal Data is collected;
● data minimization by collecting only the Personal Data necessary for the intended purposes;
● security and confidentiality of Personal Data through appropriate technical and organizational measures;
● prior and explicit consent of Data Subjects where required by applicable regulations.
5. PURPOSES AND PERSONAL DATA COLLECTED
5.1. Client Management
In providing its services, Babylon Hotels may collect and/or process the following Personal Data relating to Clients and/or Prospects:
● first and last name;
● address;
● phone number;
● national ID number;
● banking information;
● health data.
5.2. Cookie Management
To ensure the proper functioning of the Website, improve the browsing experience, and conduct advertising targeting, Babylon Hotels may collect and/or process the following Personal Data:
● first and last name;
● postal address;
● email address;
● phone number;
● IP address.
5.3. Security of Property and Persons within the Hotel
For this purpose, Babylon Hotels may collect and/or process the following Personal Data:
image and sound (via video surveillance systems).
6. LEGAL BASIS FOR PROCESSING
The processing of Personal Data carried out by Babylon Hotels is based on the following legal grounds:
● Client management (reservations, stay follow-up, assistance, etc.): performance of a contract or commercial relationship with the Client and/or Prospect;
● Cookie management: consent of the Data Subject through acceptance of the cookie banner;
● security of property and persons (video surveillance): legitimate interest of Babylon Hotels in protecting individuals and property within its establishment.
7. CONSENT OF DATA SUBJECTS
The processing of Personal Data by Babylon Hotels is based on the explicit consent of Data Subjects where required, in accordance with Law No. 09-08.
When their Personal Data is collected, Clients and/or Prospects give their explicit consent to:
• the processing of their Personal Data in accordance with the Privacy Policy;
• acceptance of the applicable General Terms and Conditions of Sale or Use.
8. DATA RECIPIENTS
Personal Data collected and/or processed by Babylon Hotels is accessible only to the following recipients, within the limits of their respective responsibilities and for the purposes described in the Privacy Policy:
● authorized teams of Babylon Hotels, in particular administrative, commercial, and IT departments;
● technical service providers and subcontractors acting on behalf of Babylon Hotels, particularly for:
- reservation management;
- Website operation;
- data hosting;
- management of IT systems and tools.
These providers may process certain Personal Data strictly necessary for the performance of their services, including but not limited to:
- CENDYN;
- NAMASTAY;
- WIHP.
● competent administrative or judicial authorities, where disclosure of Personal Data is required by law or in the context of legal proceedings.
Babylon Hotels ensures that all its service providers provide sufficient guarantees in terms of Personal Data protection, in accordance with Law No. 09-08.
Personal Data is never sold or rented to third parties for commercial prospecting purposes without the prior explicit consent of the Data Subject.
9. DATA TRANSFERS
Personal Data collected and/or processed by Babylon Hotels is, in principle, hosted and processed in Morocco.
However, certain processing operations may involve the transfer of Personal Data abroad, particularly when using IT solutions, online booking platforms, or technical service providers involved in reservation management, Website operation, or cookie management.
Babylon Hotels ensures that such transfers are carried out in compliance with Law No. 09-08 and in accordance with the required formalities with the CNDP.
10. DATA RETENTION PERIOD
Personal Data is retained only for the period strictly necessary to fulfill the purposes for which it is processed, in accordance with applicable regulations.
Applicable retention periods are as follows:
● Client management data: 5 years from the last activity of the Client and/or Prospect. Banking data is deleted once the transaction is completed or at the end of the hotel stay.
● Cookie-related data: 6 months.
● Video surveillance data: 3 months.
11. DATA SECURITY
Babylon Hotels implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of Personal Data, including:
● encryption of sensitive data;
● physical access control to premises and equipment;
● control of access to data storage media;
● secure data transmission;
● LAN and WLAN network security;
● strict access rights management;
● business continuity management;
● contractual safeguards (including subcontractors);
● regular security audits.
These measures are designed to prevent any unauthorized access, alteration, loss, or disclosure of Personal Data.
12. RIGHTS OF DATA SUBJECTS
Data Subjects have the following rights under Law No. 09-08:
● right of access to their Personal Data;
● right to rectification of inaccurate or incomplete Personal Data;
● right to object to processing for legitimate reasons;
● right to erasure of their Personal Data.
Requests to exercise these rights can be sent to: gm@hotelsahrai.com
13. AMENDMENT OF THE PRIVACY POLICY
Babylon Hotels reserves the right to modify the Privacy Policy at any time, in particular to comply with legal, regulatory, or technical developments.
The applicable version is the one published on the Website at the time of consultation.
Any substantial modification will be communicated in advance to Data Subjects by any appropriate means.
14. CONTACT
For any question relating to the protection of Personal Data, Data Subjects may contact:
Babylon Hotels
Bab Lghoul, Dhar El Mehraz, Fez
Email: gm@hotelsahrai.com