01Information We Collect
Information You Provide Directly
- Name, email address, and phone number (via contact forms)
- Company name, project details, and business requirements
- Login credentials (for client portal accounts)
- Payment information (processed via secure third-party providers)
- Communications, inquiries, and feedback you send us
Information Collected Automatically
- IP address, browser type, and operating system
- Pages visited, time spent on site, and navigation paths
- Referring website or source
- Device identifiers and technical metadata
- Cookies and similar tracking technologies (see section 11)
Information from Third Parties
- Social media profile data (when you connect via social login)
- Business contact information from public directories
- Analytics data from Google Analytics and similar platforms
02How We Use Your Information
Provide Our Services
Process inquiries, manage client projects, and deliver digital solutions you have contracted with us.
Communicate With You
Send project updates, respond to support requests, and share relevant information about our services.
Improve Our Platform
Analyze usage patterns to enhance website performance, user experience, and service quality.
Marketing (With Consent)
Send newsletters or promotional content only when you have explicitly opted in, respecting your preferences.
Legal Obligations
Comply with applicable laws, regulations, court orders, and lawful requests from public authorities.
Security & Fraud Prevention
Detect, investigate, and prevent fraudulent transactions, abuse, and security breaches.
03Data Sharing & Disclosure
We do not sell your personal information. We may share data only in the following limited circumstances:
Trusted vendors who help us operate our business (hosting, analytics, email delivery, payment processing) under strict data processing agreements.
Legal counsel, accountants, and auditors who require access under confidentiality obligations.
When required by law, court order, or legal process, or to protect rights, property, or safety.
In the event of a merger, acquisition, or sale of assets, with prior notice to affected users.
Any other sharing with your explicit, informed consent at the time of collection.
04Data Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
TLS Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.3.
Access Controls
Strict role-based access controls limit who can access personal data within our organization.
Monitoring
Continuous security monitoring and automated alerts for suspicious activity patterns.
Breach Protocol
Documented incident response plan; we notify affected individuals and authorities within 72 hours of discovering a breach (per GDPR requirements).
Note: No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
05Your Rights
Depending on your jurisdiction, you may have the following rights over your personal data. See jurisdiction-specific sections below for details.
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data under certain conditions.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Right to Restrict
Request restriction of processing under certain circumstances.
To exercise any of these rights, contact us at contact@m5tech.ma. We will respond within 30 days (or as required by applicable law).
GDPR Compliance
European Union
Lawful Basis for Processing
We process data on the basis of consent, contract performance, legal obligation, or legitimate interests (Art. 6 GDPR).
Data Subject Rights
You have the right to access, rectify, erase, restrict, port, and object to your data (Arts. 15-22 GDPR).
Right to Withdraw Consent
You may withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3) GDPR).
Data Protection Officer
For GDPR-related inquiries, contact our DPO at contact@m5tech.ma. We appoint a DPO where required by law.
Supervisory Authority
You have the right to lodge a complaint with your national data protection authority (e.g., CNIL for France, ICO for the UK).
International Transfers
Transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) or adequacy decisions.
CCPA Compliance
California, USA
Right to Know
California residents may request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
Right to Delete
Request deletion of your personal information collected from you, subject to certain exceptions.
Right to Opt-Out
We do not sell personal information. If this changes, you will have the right to opt-out via a 'Do Not Sell My Personal Information' link.
Right to Non-Discrimination
We will not discriminate against you for exercising any CCPA rights - no denial of services, different prices, or different quality.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization.
Sensitive Personal Information
We limit the use and disclosure of sensitive personal information to purposes authorized by the CPRA.
PIPEDA Compliance
Canada
Accountability
M5 Tech Agency is responsible for personal information under its control and has designated a Privacy Officer accountable for compliance.
Identifying Purposes
We identify the purposes for which personal information is collected at or before the time of collection.
Consent
We obtain meaningful consent for the collection, use, or disclosure of personal information, except where inappropriate.
Limiting Collection
We collect only the personal information necessary for the identified purposes, using fair and lawful means.
Individual Access
Upon request, we inform individuals of the existence, use, and disclosure of their personal information and provide access to it.
Challenging Compliance
Individuals may challenge our compliance with PIPEDA. Unresolved complaints may be escalated to the Office of the Privacy Commissioner of Canada.
PDPA Compliance
Thailand / Singapore
Consent-Based Processing
We collect, use, and disclose personal data only with consent or as permitted by applicable law in Thailand, Singapore, and Malaysia.
Right to Access & Correct
You may request access to your personal data and correction of inaccurate, incomplete, or misleading data.
Right to Withdraw Consent
You may withdraw consent at any time. Withdrawal does not affect prior lawful processing. We will cease further processing upon withdrawal.
Right to Data Portability
Where technically feasible, you may request your data in a structured, commonly used, and machine-readable format.
Right to Erasure & Restriction
You may request erasure of data no longer necessary or restrict processing where you contest accuracy or object to processing.
Cross-Border Transfers
We transfer personal data outside Thailand/Singapore only to countries with adequate protection standards or under approved safeguards.
APPI Compliance
Japan
Purpose Limitation
Personal information is used only within the scope of the specified purpose of use, as required by Japan's APPI.
Third-Party Provision
We do not provide personal information to third parties without prior consent, except as permitted by APPI (legal obligations, life protection, etc.).
Right to Disclosure
Japanese data subjects may request disclosure of the content of their retained personal information within the scope of APPI.
Right to Correction/Deletion
If retained personal information is incorrect, you may request correction, addition, deletion, or suspension of use.
Anonymized Information
We may create and use anonymized information from which individuals cannot be identified, following APPI anonymization standards.
Personal Information Protection Commission
Unresolved complaints related to APPI may be reported to Japan's Personal Information Protection Commission (PPC).
12Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.
13International Data Transfers
M5 Tech Agency is headquartered in Marrakech, Morocco. We may transfer your personal data to, or access it from, countries outside your home country. Morocco has been recognized by the EU as providing an adequate level of data protection.
When we transfer data to other countries, we use appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules for intra-group transfers
- Adequacy decisions by relevant data protection authorities
- Your explicit consent for specific transfers
14Children's Privacy
15Policy Changes
- Update the "Last Updated" date at the top of this page
- Notify registered users via email (for significant changes)
- Display a banner on our website for a reasonable notice period
- Where required by law, obtain fresh consent
Your continued use of our services after any changes constitutes your acceptance of the updated policy.
16Contact Us
Privacy Requests
Response within 30 days
General Inquiries
For general questions about our services or this policy, use our contact page or email us directly.
Contact Us