1. Maroc Telecom group
  2. CSR and certifications
  3. Privacy protection policy

Privacy protection policy at Maroc Telecom

Maroc Telecom is certified, for all its activities and sites, ISO 9001 and ISO 27001 and now has an integrated management system implementing all the recommendations and best practices related to quality management, information security, and privacy protection.
Privacy protection is guaranteed by Article 24 of the Moroccan Constitution and reinforced by Law 09-08. It is a right that includes the protection of individuals regarding the processing of personal data.
As part of its missions, Maroc Telecom collects and processes different categories of personal data while ensuring the protection of this data and complying with the obligations imposed on it as the data controller. Maroc Telecom has adopted this privacy protection policy to inform all concerned individuals about the principles of use and protection implemented for the protection of privacy.

Personal Data

Personal data refers to any information relating to an identified or identifiable natural person. An “identifiable natural person” is one who can be identified, directly or indirectly, by reference to an identifier (name, identification number, location data, etc.) or by reference to one or more specific elements related to their physical, physiological, genetic, economic, cultural, or social identity.

Categories of Personal Data Collected

Maroc Telecom is committed to collecting only the data strictly necessary for the execution of its missions and activities and processing them in a lawful, fair, and transparent manner. These personal data may be collected.


Directly from the concerned person:

  • As part of subscribing to the products and services offered by Maroc Telecom.
  • In connection with various activities related to customer relationship management (after-sales service, support and information, complaints, etc.)
  • In the context of contractual agreements (employees, service providers, suppliers, etc.)

Indirectly: This collection is carried out in accordance with legal, regulatory, or contractual provisions, for example, when granting physical access rights to an employee of a provider or when verifying the compliance of human resources provided by a subcontractor. The categories of personal data collected by Maroc Telecom vary depending on the missions and activities carried out. It may include:
  • Identity and contact details of the concerned person (name, first name, ID number and copy of ID, contact details, address, connection traces and operations performed, IP address);
  • Professional situation (trade register, status, employer identity); banking and financial data (RIB, invoice amounts for products and services offered by Maroc Telecom);
  • Images and videos as part of security measures related to access to Maroc Telecom's premises;
  • Data necessary for after-sales service and claims handling.

Legal Basis for Processing Personal Data

Maroc Telecom processes personal data with the prior consent of the concerned individuals, in response to its legal obligations, as part of the execution of subscription contracts or for products and services offered to its customers, or in the legitimate interests of Maroc Telecom. These legitimate interests are proportionate to the respect of the individuals' rights. Depending on the activities involved, the processing of personal data is based on:

  • The consent of the concerned person when required, such as for subscribing to services at Maroc Telecom's front office.
  • The legitimate interest of Maroc Telecom, particularly in the context of security measures taken for controlling access to its premises (video surveillance, badge access, etc.).
  • The execution of a contract to which the concerned person is a party or the execution of pre-contractual measures taken at their request. This applies, for example, to recruitment and human resources management.
  • A legal obligation to which Maroc Telecom is subject. This applies, for example, to provisions related to Law 05-20 (Article 26).

Purposes of Processing Personal Data

The processing of collected personal data is limited to the strict minimum necessary to achieve predefined, legitimate, appropriate, and limited purposes:

  • Conclusion and execution of contracts binding the concerned person to Maroc Telecom.
  • Identification of customers, informing the customer, and processing orders.
  • Human resources management.
  • Managing outsourced services and subcontracting.
  • Ensuring the security of property and individuals.
  • Communication about Maroc Telecom's activities.
  • Compliance with the legal obligations entrusted to Maroc Telecom.
The collected data may also be processed for archival purposes or statistical purposes. The processing of personal data has been declared or authorized by the National Commission for the Protection of Personal Data (CNDP).

Data Retention Period

Maroc Telecom retains the collected personal data for as long as necessary to achieve the defined objectives and in accordance with its legal obligations. If not, Maroc Telecom, as the data controller, retains the data:

  • During the duration of the contractual relationship;
  • Until the consent is revoked when processing is based on it;
  • For the duration necessary to execute the operation or provide the service concerned.
And until the expiration of the applicable prescription and archiving periods.

Rights of Concerned Individuals

Under the provisions in force regarding the protection of personal data, the concerned individual, provided they prove their identity, has the right to access the personal data related to them, to rectify them, to object to their processing, and to request their deletion.
The concerned individual has the right to modify and/or withdraw their consent to the processing of personal data.
The concerned individual can exercise their rights by sending their request to Maroc Telecom.
The individual also has the option to file a complaint with the National Commission for the Protection of Personal Data (CNDP).

Access to Personal Data

The collected personal data is intended for authorized services of Maroc Telecom.
Maroc Telecom may use service providers and subcontractors who act on its instructions, to process all or part of the personal data, to the extent necessary for the performance of their services. In such cases, Maroc Telecom ensures that service providers and subcontractors who have access to personal data adhere to confidentiality and legal and regulatory compliance obligations.
Some personal data may also be communicated, within the limits prescribed by regulations, to administrative, financial, or judicial bodies or to certain regulated professions (social security organizations, auditors, etc.).

Measures to Protect Personal Data

Maroc Telecom implements appropriate technical and organizational measures to ensure a level of security for the collected data, taking into account the risks related to processing and the nature of the data to be protected.
In the event that personal data is compromised, Maroc Telecom will act swiftly to identify the cause of the breach and take appropriate remedial measures.

How to Contact the Personal Data Protection Officer

Maroc Telecom has appointed a Data Protection Officer (DPO), the primary contact for the CNDP. For any questions or comments regarding this policy, the DPO can be contacted:

  • By email at: dpo@iam.ma
  • By mail addressed to "Itissalat Al-Maghrib DQSI-TDP, Avenue Anakhil, Hay Riad – 10100, Rabat" with the mention "Attention: DPO".

Changes to the Privacy Protection Policy

The privacy protection policy is published on the Maroc Telecom website. It is available upon request from the Data Protection Officer (DPO), whose contact details are mentioned in Article 9 above. Any modification of this privacy protection policy is effective as soon as it is published on the Maroc Telecom website.