Privacy Policy

Who we are

The Nest (“The Nest”, “we”, “us”, or “our”) operates the website thenest.ma and provides bespoke concierge, stays, dining, transfer, retreat, tour, and event services in and around Marrakech. We act as the data controller responsible for the personal data we process about you.

You can reach us any time at hello@thenest.ma.

Information we collect

We collect personal information in three ways:

• From you directly. When you submit our contact form, request a quote, or correspond with us by email, WhatsApp, or phone, we collect: your name, email address, phone number (if provided), travel dates, party size, accommodation and experience preferences, dietary or accessibility needs you choose to share, and the content of your messages.
• Automatically. When you visit thenest.ma, we use Plausible Analytics, a privacy-friendly service that records aggregated usage data without cookies or fingerprinting: page views, the country your visit originates from (derived from IP, then discarded), referring website, approximate browser and device type. This data is anonymous and cannot identify individual visitors.
• From booking and travel partners. Where a partner (a hotel, riad, driver, guide, or referral platform) shares booking-related details with us so we can fulfil your stay or experience, we may receive your name, contact details, dates, and stay information from them.

Why we process your data

We use your personal data only for the purposes set out below.

• To respond to your inquiry and prepare a personalised proposal.
• To plan, coordinate, and deliver the stays, transfers, dining, experiences, retreats, tours, and events you request.
• To communicate with you about your trip, including confirmations, logistical updates, and follow-up.
• To handle invoicing, payment coordination through our partners, and tax record-keeping required by Moroccan law.
• To respond to questions, complaints, or requests, including requests to exercise your data protection rights.
• To improve our website, services, and communications, using only aggregated and anonymous analytics.
• To comply with our legal obligations and protect against fraud or misuse.

Legal basis for processing

Where the General Data Protection Regulation (EU) 2016/679 (“GDPR”) applies to you, we rely on the following legal bases under Article 6(1):

• Contract performance — to take steps at your request before entering into a service agreement and to deliver the services you book.
• Consent — where you choose to share optional information (preferences, dietary needs, special occasions) or subscribe to optional updates. You may withdraw consent at any time.
• Legitimate interests — to respond to inquiries, operate our website, prevent fraud, and improve our services. We balance our interests against your rights and freedoms.
• Legal obligation — to retain financial records and respond to lawful requests from competent authorities.

Sharing your information

We do not sell, rent, or trade your personal data. We share information only with the categories of recipients listed below, and only to the extent necessary.

• Trip and concierge partners (hotels, riads, villa owners, drivers, guides, chefs, instructors, photographers, event vendors) — we share the minimum information needed to confirm and deliver your booking, such as your name, dates, party size, and any preferences relevant to the service.
• Email service provider (Resend, Inc., United States) — processes the contact form submissions and inquiry emails sent to our team.
• Analytics provider (Plausible Insights OÜ, European Union) — processes anonymous, aggregated website usage statistics.
• Hosting and infrastructure providers — host our website and supporting systems under contractual confidentiality.
• Professional advisors — lawyers, accountants, and auditors when strictly necessary and bound by confidentiality.
• Authorities — where we are required by law to disclose information to a competent authority, court, or regulator.

International data transfers

Some of our service providers are located outside Morocco and outside the European Economic Area, including the United States. Where personal data is transferred internationally, we rely on safeguards such as the European Commission’s Standard Contractual Clauses, adequacy decisions, or equivalent contractual protections to ensure your data continues to be protected to a level consistent with applicable law.

Cookies and similar technologies

Our site does not set advertising or tracking cookies, and we do not profile you for advertising purposes.

We use minimal browser storage to remember functional preferences only, such as your language selection and your acknowledgement of our cookie banner. You can clear this storage at any time through your browser settings.

Plausible Analytics is cookie-free by design.

How long we keep your data

We retain personal data only for as long as necessary.

• Inquiry correspondence — for the duration of our discussions and up to 24 months after the last interaction, so we can follow up and improve our service.
• Booking and trip records — for the period required by Moroccan tax and commercial law (typically up to 10 years for accounting and tax records).
• Optional newsletter subscriptions — until you unsubscribe.
• Aggregated analytics — retained indefinitely in anonymous, non-identifying form.

Your rights

Under Moroccan Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data, and where applicable under the GDPR, you have the following rights:

• Right of access — obtain confirmation of whether we process your personal data and a copy of that data.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your data, subject to legal retention obligations.
• Right to restrict processing — ask us to limit how we use your data in certain circumstances.
• Right to object — object to processing based on our legitimate interests.
• Right to data portability (GDPR) — receive your data in a structured, commonly used, machine-readable format.
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
• Right to lodge a complaint — with the Moroccan supervisory authority (CNDP) or the data protection authority of your country of residence.

How to exercise your rights

To exercise any of these rights, email us at hello@thenest.ma with enough information for us to identify you and the right you wish to exercise. We will respond within 30 days. There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.

If you are not satisfied with our response, you may contact the Moroccan supervisory authority — the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP) — at www.cndp.ma, or your local data protection authority if you are in the European Economic Area or the United Kingdom.

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted transport (HTTPS/TLS), restricted access to inquiry data on a need-to-know basis, and contractual confidentiality obligations on our service providers.

We do not store payment card details on our systems. Payments, where required, are handled by our partners or by you directly with the relevant property or vendor.

No method of transmission or storage is completely secure. While we work hard to protect your data, we cannot guarantee absolute security.

Children

Our services and website are intended for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, please contact us so that we can delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The date at the top of this page indicates when it was last revised. Material changes will be communicated through the website. We encourage you to review this page periodically.

Contact

Questions, requests, or concerns about this Privacy Policy or how we handle your personal data can be sent to hello@thenest.ma. You can also reach us via the WhatsApp link available on every page of this site.