Welcome to Palais Mirage d’Atlas. We are committed to the absolute protection of your privacy and the security of your personal data. For the purposes of Moroccan Law No. 09-08, the European General Data Protection Regulation (GDPR), and applicable United States privacy frameworks including the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Data Controller responsible for processing your personal information is:
Palais Mirage d’Atlas, Hôtel & Spa Registered Address: Ain Aitti Dar Essadaka Douar Saadna Bab Atlas, BP: 12414, Palmeraie Marrakesh, Ouled Jelal, Morocco. Telephone: +212 661-358-729 General Inquiries: [[email protected]] Privacy & Data Protection Officer: [[email protected]]
This Privacy Policy governs all personal data collected, processed, stored, and transferred through our digital interfaces (including www.miragedatlas.com), via direct email or telephone communications, and physically on-site during your stay at our hotel, private villas, spa facilities, and restaurants. It outlines our data collection practices, our legal bases for processing, the third parties with whom we share data, and your comprehensive rights regarding your digital identity.
To provide our bespoke luxury hospitality services, process reservations, and comply with strict national security laws, we collect specific categories of data. We adhere strictly to the principle of data minimization, collecting only what is absolutely necessary:
Identity and Primary Contact Information: First and last name, email address, physical address, phone number, country of origin, and date of birth.
Financial and Transactional Data: Payment card details (Visa, Mastercard, AMEX), billing address, and comprehensive transaction history. Note: Payments made with specific cards are subject to processing surcharges (e.g., 2.7% for Visa/Mastercard, 4.7% for AMEX), and the payment method must exactly match the reservation name to prevent fraud.
Reservation and Stay Data: Dates of arrival and departure, room preferences (e.g., suite vs. bungalow), purchase of day passes, usage of promotional tracking codes (such as the “MIRAGE” direct-booker code), early-bird booking metrics, and specific on-property service requests.
Compliance and Government Identification: Copies of passports or national identification cards. This is strictly mandated by Moroccan law for the creation and submission of the Fiche de Police to local law enforcement within 24 hours of arrival.
Morality Law Compliance Data: In strict adherence to Moroccan law, Moroccan couples must present valid marriage certificates upon arrival to gain entry. Privacy Guarantee: We visually verify these certificates to fulfill our legal obligations, but we do not digitally scan, photograph, or retain copies of your marriage certificate in our databases.
Sensitive Health and Wellness Data: Information voluntarily provided regarding severe food allergies for our dining services, or physical health conditions relevant to the safe provision of hammam and spa treatments. This data is collected solely with your explicit, opt-in consent to protect your vital interests.
Technical and Automated Usage Data: IP addresses, browser types, geolocation data, operating systems, and interaction metrics with our digital platforms, collected via cookies and tracking pixels.
We do not process your personal data without a robust, documented legal foundation as required by Law 09-08 and the GDPR. We utilize your data for the following specific purposes:
Execution of a Contract: To manage your room reservation, process financial transactions, verify payment identities, and deliver requested hotel, dining, and spa services.
Strict Legal Compliance: To fulfill our absolute obligations under Moroccan law, including corporate tax reporting (retaining financial records), accounting standards, and registering guests with local police authorities for national security purposes.
Explicit Consent: To send you newsletters, promotional offers, to deploy non-essential marketing cookies, and to process sensitive health data for customized spa or culinary services. You possess the right to withdraw your consent for these specific activities at any time without affecting the broader provision of your stay.
Legitimate Interests: To improve website architecture, ensure network cybersecurity resilience in accordance with Moroccan Law No. 05-20, prevent financial fraud, and manage the physical security of our property.
Palais Mirage d’Atlas treats your personal data with the highest degree of confidentiality. We absolutely do not sell your personal data to third parties. We only share your data with authorized recipients under strict, legally binding Data Processing Agreements (DPAs) that guarantee technical security:
Technology Service Providers: Third-party vendors who provide cloud hosting, external booking engine infrastructure, secure payment gateway processing, and email delivery platforms.
Government and Law Enforcement Agencies: Moroccan police, tax authorities, and judicial bodies, strictly when compelled by local law and within the boundaries of formal legal requests.
Professional Business Advisors: External legal counsel, corporate auditors, and accountants retained for compliance, tax, and advisory purposes.
Given the international nature of our clientele and the globalized architecture of modern digital infrastructure, your personal data may be transferred to, and processed in, data centers located outside of Morocco. We ensure that all cross-border data flows comply meticulously with CNDP regulations and Chapter V of the GDPR. Transfers are conducted only to countries formally recognized as providing an adequate level of data protection. Where adequacy decisions do not exist, transfers are safeguarded by Standard Contractual Clauses (SCCs), explicit data subject consent, and prior authorization from the CNDP where legally mandated. By utilizing our international booking services, you acknowledge the operational necessity of these secure transfers.
We retain your personal data only for as long as necessary to fulfill the specific purposes outlined in this policy, or to comply with overriding statutory retention mandates. Our operational retention schedule is as follows:
Accounting, Billing, and Tax Data: Retained for a minimum of 10 years to strictly comply with Moroccan corporate tax laws.
Fiche de Police (Identity) Data: Retained for a minimum of 2 years as mandated by Moroccan internal security directives.
General Booking and Contractual Data: Retained for up to 10 years following your departure to resolve any subsequent civil or financial disputes.
Marketing and Promotional Data: Retained actively until you exercise your right to withdraw consent or opt-out of our communications.
Health, Dietary, and Spa Data: Securely deleted or anonymized within 90 days of your departure, ensuring strict data minimization.
In accordance with Article 23 of Law 09-08, GDPR standards, and the resilience mandates of Moroccan Cybersecurity Law No. 05-20, Palais Mirage d’Atlas has implemented rigorous technical and organizational security architectures. These measures are designed to protect your data against accidental or unlawful destruction, loss, alteration, and unauthorized access. Our defenses include at-rest and in-transit data encryption, secure socket layer (SSL) technology for all online payment interfaces, robust network firewalls, strict role-based access control (RBAC) limiting staff access to data on a need-to-know basis, and regular vulnerability audits of our IT systems.
Depending on your geographical jurisdiction (including rights granted by the Moroccan CNDP, the EU GDPR, and the California CPRA), you possess comprehensive legal rights regarding your personal data:
Right to Information and Access: You may request full disclosure of the categories of data we collect and request a digital copy of the specific personal data we hold about you.
Right to Rectification and Correction: You may demand that we immediately correct any inaccurate, outdated, or incomplete data in our systems.
Right to Erasure (Right to be Forgotten): You may request the absolute deletion of your data, subject strictly to our overriding legal retention requirements (e.g., tax records and police files).
Right to Object and Withdraw Consent: You may object to data processing for direct marketing purposes and withdraw previously granted consent at any time without penalty.
Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format for transfer to another entity.
Right to Limit Sensitive Data (CCPA/CPRA Specific): California residents hold the specific right to direct us to limit the use and disclosure of sensitive personal information strictly to the services explicitly requested.
Right to Non-Discrimination: We guarantee that exercising any of your privacy rights will never result in denied services, altered pricing, or degraded service quality.
Exercising Your Rights: To exercise any of these statutory rights, please submit a formal request to [[email protected]]. We will verify your identity to prevent fraudulent access and respond to your request within 30 days, entirely free of charge. Furthermore, our website architecture is designed to automatically detect and honor Global Privacy Control (GPC) opt-out signals broadcast by your browser. You also retain the absolute right to lodge a formal complaint with the CNDP in Morocco or your local regional data protection supervisory authority.
Our website utilizes cookies and tracking technologies to optimize user experience, ensure site functionality, and deliver targeted advertising. In absolute compliance with CNDP Decision No. D-939-2025 and international ePrivacy standards, we manage digital tracking through a strict consent mechanism:
Strictly Necessary Cookies: Essential for the website’s core operation (such as maintaining a secure booking session and remembering the contents of your cart). These cookies do not require consent and cannot be disabled, as they do not profile users.
Functional, Analytics, and Marketing Cookies: Used to track website traffic patterns and deliver personalized promotional advertisements. These scripts are strictly blocked from executing until you provide explicit, active consent via our automated Cookie Consent Banner. We do not utilize pre-ticked boxes. You maintain full control over your digital footprint and can manage, modify, or withdraw your cookie consent at any time by accessing the “Cookie Settings” portal located persistently in the footer of our website.
We reserve the right to comprehensively update this Privacy Policy periodically to reflect technological advancements, changes in our operational practices, or shifting global legal obligations. The “Last Updated” timestamp at the bottom of the policy will indicate when modifications were enacted. We encourage our guests to review this page regularly.
Last Updated: Sunday, May 24, 2026.