Privacy Policy

Version #5Updated : 7/10/2026

1. Purpose of this Policy This Privacy Policy explains how LocaDigital collects, uses, stores and protects personal data in connection with: the public LocaFlotte website; contact and demonstration requests; subscriptions to LocaFlotte services; use of the LocaFlotte web and mobile applications; management of professional accounts, subscriptions, billing and support. LocaFlotte is a SaaS software solution intended for vehicle rental professionals. This Policy is primarily intended for: visitors to the LocaFlotte website; professional prospects; representatives of vehicle rental agencies; administrators of LocaFlotte accounts; agents, accountants and employees authorised by an agency; persons contacting LocaDigital or using its professional services. It is not intended to constitute the privacy notice for renters, drivers or other end customers whose data is entered into LocaFlotte by a vehicle rental agency. Each agency using LocaFlotte remains responsible for providing its own customers with the information required regarding the processing of their personal data. 2. Data Controller For processing carried out for its own purposes, the data controller is: LocaDigital SARL à associé unique Address: OASIS OFFICES LATITUDES, Route de l’Oasis, Office 304, Maarif, Casablanca, Morocco Commercial Register: 737087 ICE: 003988547000086 Relevant product: LocaFlotte Data protection contact: [email protected] In this Policy, “LocaDigital” refers to the company that publishes and operates the LocaFlotte solution. 3. Data Collected from Visitors, Prospects and Agencies LocaDigital may collect the following professional data: first and last name; professional email address; professional telephone number; job title; agency trade name or legal company name; agency address and country of establishment; information concerning the agency’s activity; approximate fleet size; content of contact, demonstration or support requests; administrative, legal or tax information required for subscription; information concerning the subscription plan, duration and status; invoices, transaction references and payment status; history of communications with LocaDigital. Mandatory fields are identified at the time of collection. Failure to provide a mandatory field may prevent LocaDigital from processing a request, creating an account or providing the Service. 4. Professional User Data When an agency creates access for its employees or collaborators, LocaDigital may process: first and last name; email address; professional telephone number, where provided; assigned agency or establishment; job title, role and permission level; language and usage preferences; account status; account creation, activation and last login dates; information required for authentication and security; history of actions performed within the application; connection, security and audit logs. This data is used to manage access, apply the permissions defined by the agency, secure the platform and ensure traceability of operations. 5. Technical Data When accessing the LocaFlotte website or applications, certain technical data may be collected automatically: IP address; connection date and time; browser type; operating system; device type; session identifier; language used; pages or features accessed; technical errors; login attempts; security events and logs. This data is used to operate, secure, maintain and improve the Service. 6. Purposes of Processing LocaDigital processes collected data in order to: respond to contact or demonstration requests; establish and manage the commercial relationship with agencies; create and administer LocaFlotte accounts; manage users, roles and permissions; provide the web and mobile applications; manage trial periods, subscriptions, invoices and payments; send communications required for operation of the Service; provide technical support and user assistance; process requests and complaints; prevent fraudulent or unauthorised access; ensure the security, availability and continuity of the Service; detect, analyse and correct technical issues; retain logs required for security and traceability; comply with LocaDigital’s legal, tax, accounting and regulatory obligations; measure and improve the quality of the website and services, where permitted by the tools used and the required consent. LocaDigital does not sell or rent personal data to third parties. 7. Grounds for Processing Depending on the relevant purpose, processing may be based on: the consent of the data subject, where required; pre-contractual measures requested by a prospect; performance of the agreement entered into with the agency; compliance with LocaDigital’s applicable legal and regulatory obligations; requirements relating to security, abuse prevention and operation of the Service. 8. Data Entered by Agencies About Their Customers As part of their activities, agencies may enter information into LocaFlotte concerning their customers, renters, drivers, reservations, agreements, vehicles, invoices, payments, vehicle inspections and supporting documents. For this data: the agency determines the purposes and conditions of collection; the agency acts as the data controller; LocaDigital acts as the agency’s technical data processor; LocaDigital processes the data to provide, host, secure, back up and maintain the Service; LocaDigital processes the data in accordance with the agency’s documented instructions and applicable obligations; the agency remains responsible for the lawfulness of collection, informing its customers and handling their data rights requests. This Policy does not replace the privacy notice that each agency must provide to its customers, renters and drivers. Where a request for access, correction, objection or deletion concerns data entered by an agency, the data subject should contact that agency first. LocaDigital may provide the agency with the technical assistance required to handle the request. The respective obligations of the agency and LocaDigital are set out in the applicable contractual documents, including the Service terms and the clauses governing personal data processing. 9. Data Recipients Within the scope of their duties, data may be accessible to: authorised personnel within LocaDigital; users authorised by the relevant agency; technical service providers required to operate the Service; payment service providers for transactions handled by them; LocaDigital’s professional advisers where access is necessary; administrative or judicial authorities where required by law. Technical providers may supply services relating to: IT hosting; storage and backups; security and protection against abusive use; delivery of emails and notifications; payment processing; support, maintenance and technical monitoring; document analysis or OCR extraction where this feature is used; audience measurement for the public website, subject to any required consent. Providers are authorised to process data only for the services entrusted to them and in accordance with the applicable contractual instructions. 10. Hosting and International Data Transfers LocaFlotte’s primary application infrastructure is hosted in Morocco. Certain complementary technical services may nevertheless involve access to, processing of or transfer of data outside Morocco, including services relating to: electronic messaging; security and protection against automated abuse; payment processing; document analysis or OCR; technical monitoring; audience measurement for the public website. Where such transfers take place, LocaDigital ensures that appropriate contractual safeguards are implemented and that the required formalities are completed with the CNDP. The countries concerned, the providers involved and the references of the relevant transfer authorisations may be specified in this Policy according to the services actually used. 11. CNDP Formalities Personal data processing carried out by LocaDigital is subject to Moroccan Law No. 09-08 relating to the protection of individuals with regard to the processing of personal data. This processing has been subject to prior authorisation by the CNDP under number [EXACT NUMBER], issued on [EXACT DATE]. Where data is transferred abroad, the references of the corresponding transfer authorisations may also be stated in this Policy. 12. Data Retention Data is retained for a period proportionate to the purpose for which it was collected. In particular: prospect data is retained for the time required to process the request and follow up the commercial relationship; agency data is retained for the duration of the contractual relationship; professional user data is retained while the account remains active or associated with a customer agency; billing and payment information is retained in accordance with applicable legal, accounting and tax requirements; technical and security logs are retained for the period required for security, traceability and incident handling; trial environment data may be deleted after the trial period where the agency does not subscribe to the Service; data entrusted by agencies is retained in accordance with the agency’s instructions, the contractual terms and applicable obligations; backups may temporarily contain certain data until they are replaced or deleted in accordance with the applicable backup cycle. At the end of the contractual relationship, data may be returned, exported, deleted or anonymised under the terms agreed with the agency, subject to applicable legal retention obligations. 13. Security and Confidentiality LocaDigital implements technical and organisational measures intended to protect data against: unauthorised access; loss; alteration; unauthorised disclosure; accidental or unlawful destruction; misuse. These measures may include: encryption of communications; role and permission management; logical isolation of each agency’s data; secure authentication; two-factor authentication where enabled; logging of sensitive actions; backups; monitoring of security events; restriction of internal access; security updates; incident management procedures. Users must keep their credentials confidential and promptly notify LocaDigital if they suspect unauthorised access to their account. 14. Payments When a payment is made through an external payment provider, the banking data required for the transaction is collected and processed directly by that provider. LocaDigital may receive information required to manage the transaction, including: amount; transaction reference; payment method used; date; payment status. LocaDigital is not intended to record or retain full payment card numbers or card security codes. 15. Cookies and Similar Technologies The LocaFlotte website and applications may use cookies or similar technologies required for: session management; authentication; security; storage of the selected language; operation of forms; protection against automated and abusive use. The public website may also use audience measurement tools. Where consent is required, non-essential cookies or tools are activated only after the user has expressed a choice. The secure professional area does not use agency or user data to display targeted advertising. Users may manage non-essential cookies using the consent management tool available on the website or through their browser settings. 16. Communications LocaDigital may send agencies and users communications required for operation of the Service, including: account creation or activation confirmations; security messages; operational alerts; invoices and payment reminders; subscription information; maintenance notifications; support responses; information concerning significant changes to the Service or contractual documents. Separate commercial communications are sent under the conditions permitted by applicable regulations. Recipients may unsubscribe using the available unsubscribe link or by writing to [email protected]. 17. Data Subject Rights In accordance with Law No. 09-08, data subjects may, under the conditions provided for by that law: ask whether personal data concerning them is being processed; access their personal data; request that inaccurate or incomplete data be updated or corrected; request deletion or blocking where provided for by law; object to the processing of their data on legitimate grounds. For data collected directly by LocaDigital, requests may be sent to: [email protected] The request must contain sufficient information to identify the person and the processing concerned. Proof of identity may be requested where necessary to verify the requester’s identity and protect data against unauthorised access. For data entered by an agency concerning its own customers, requests should first be addressed to the relevant agency. The data subject may also contact the CNDP in accordance with the procedures made available by that authority. 18. External Services and Links The LocaFlotte website may contain links to websites or services operated by third parties. LocaDigital is not responsible for the privacy practices of those external services. Users are invited to review their privacy policies before transmitting personal data to them. 19. Changes to this Policy LocaDigital may amend this Policy to take account of: changes to the Service; technical changes; the use of new service providers; legal or regulatory developments; decisions or recommendations issued by the CNDP. The latest update date is shown at the top of the page. In the event of a material change, LocaDigital may notify agencies and users by email or through a notification within the application. 20. Contact For any question concerning this Policy or the processing of personal data: LocaDigital — Data Protection OASIS OFFICES LATITUDES Route de l’Oasis, Office 304 Maarif, Casablanca, Morocco Email: [email protected]