Privacy policy

Introduction

This Privacy Policy explains how Zefriti (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you visit our website, make a purchase, or otherwise interact with us. It is drafted to comply with Moroccan Law No. 09-08 relating to the protection of individuals with regard to the processing of personal data and overseen by the Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP).

Who is the Data Controller

Zefriti is the data controller responsible for your personal data processed through this site.

• Legal entity: Zefriti SARL
• Registered address: 35 Derb Fhal Zfriti, Marrakech
• Email: happy@zefriti.com

What Personal Data We Collect

We collect the minimum data necessary for stated purposes:
• Identification & contact data: name, email, phone number, billing and shipping address.
• Order & payment data: products purchased, order history, payment method details (processed by secure payment partners—see “Sharing”).
• Site usage data: pages viewed, device identifiers, IP address, cookies and similar technologies.
• Communications: messages sent to customer support, reviews, survey responses, and marketing preferences.
• Account data (if you create one): username, hashed password, preferences.
• Sensitive data: We do not intentionally collect sensitive data. If processing is required (e.g., health/allergy info for a bespoke product), we will only do so with your explicit consent and any CNDP authorization required by law.

Why We Use Your Data (Purposes)

• To provide and deliver products/services, process payments, and manage orders and returns.
• To communicate with you about orders, support, and service notices.
• To personalize content, recommend products, and improve our site and offerings.
• To send marketing communications with your consent (you can opt out at any time).
• To comply with legal obligations (tax, accounting, product safety) and respond to lawful requests.
• To prevent fraud, ensure the security of our services, and protect our rights.

Legal Bases for Processing (under Moroccan law)

We process personal data when at least one lawful ground applies, including:
• Your consent (e.g., for marketing or certain cookies).
• Performance of a contract or pre-contractual steps (e.g., fulfilling orders).
• Compliance with legal obligations (e.g., invoicing, warranties).
• Legitimate interests, where permitted by Law 09-08 (e.g., site security, limited analytics), balanced against your rights and freedoms. Where the law requires consent, we will rely on consent.

Cookies & Similar Technologies

We use cookies and similar technologies to operate the site, remember your preferences, analyze traffic, and (with consent) for marketing. You can manage cookies in your browser and, where provided, in our on-site cookie settings. Essential cookies are necessary for the site to function and cannot be disabled. For non-essential cookies, we seek your prior consent when required.

Sharing Your Data

We do not sell your personal data. We may share it with:
• Service providers acting under our instructions (e.g., hosting, payment processing, delivery couriers, customer support tools, analytics) under written agreements and confidentiality/security obligations.
• Professional advisors, auditors, and insurers for legitimate business needs.
• Authorities or third parties where required by law, to protect rights, or to detect/prevent fraud.
If we engage a processor, we ensure appropriate safeguards and that processing is limited to our instructions and the purposes stated above.

International Data Transfers

Personal data may be transferred outside Morocco only in accordance with Law 09-08 requirements. Where a transfer destination is not recognized by the CNDP as providing adequate protection, we will seek CNDP authorization and implement appropriate safeguards before any transfer takes place. You may contact us for details of applicable transfer mechanisms.

Data Security

We apply administrative, technical, and physical measures proportionate to the risks (e.g., encryption in transit, access controls, staff training, secure development practices). While no system is perfectly secure, we work to prevent unauthorized access, alteration, disclosure, or destruction of personal data.

Data Retention

We keep personal data only for as long as necessary for the purposes described above, including to meet legal, accounting, or reporting requirements. Typical periods include:
• Orders and invoicing: retained for the statutory period under Moroccan commercial/tax law.
• Customer accounts: retained while your account is active; deleted or anonymized after inactivity per our internal policy.
• Marketing data: retained until you withdraw consent or object, then promptly suppressed.
• Cookies: stored per their specific lifetimes (see cookie settings/notice).

Your Rights

Subject to Moroccan law, you have the right to:
• Access your personal data and obtain information about processing.
• Rectify inaccurate or incomplete data.
• Request deletion where permitted by law.
• Object to processing, including direct marketing, or withdraw consent at any time (where processing is based on consent).
• Request restriction of processing in certain cases.
To exercise your rights, contact us using the details in “Who is the Data Controller”. We may need to confirm your identity. We will respond within the statutory time limits.

Right to Complain to the CNDP

You also have the right to lodge a complaint with the CNDP if you believe your data-protection rights have been infringed.
• CNDP: Commission Nationale de contrôle de la protection des Données à caractère Personnel
• Website: [www.cndp.ma]

Children & Minors

Our site is not intended for children under 18. We do not knowingly collect personal data from minors without the consent of a parent or legal guardian as required by Moroccan law. If you believe a minor has provided us data without appropriate consent, please contact us to delete it.

Automated Decision-Making

We do not engage in solely automated decisions producing legal or similarly significant effects about you. If we introduce such processing, we will notify you and comply with applicable legal requirements.

Third-Party Links

Our site may link to third-party sites. Those sites operate independently and have their own privacy policies. We are not responsible for their content or practices.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or Moroccan legal requirements. We will post the new version with an updated “Effective date” and, where changes are material, provide a clear notice.

Contact

For questions, requests, or to exercise your rights:
• Email: happy@zefriti.com
• Address: Zefriti SARL, 35 Derb Fhal Zfriti, Marrakech

Effective Date

August 27, 2025