Privacy Policy

1. Introduction

Ederest, a Moroccan company based in Casablanca, places great importance on protecting your personal data and respecting your privacy. This privacy policy informs you about how we collect, use, store, and protect your personal data in accordance with Moroccan Law No. 09-08 on the protection of individuals with regard to the processing of personal data and the European General Data Protection Regulation (GDPR) when applicable.

2. Data Controller

The data controller is: Ederest, Rue Ahmed El Majjati, Residence Les Alpes, 1st floor N°8, Maarif District, Casablanca, Morocco. Email: privacy@ederest.com. Phone: +212 (0) 612 498 432.

3. Data Collected

3.1 Data You Provide

We collect the following data when you use our platform: Identification information: name, email, phone number. Professional information: company, position, industry. Login data: username, password (encrypted). Payment information: billing details, transaction history. User content: quiz responses, notes, comments, uploaded documents.

3.2 Automatically Collected Data

Navigation data: IP address, browser type, pages visited, time spent. Usage data: training progress, scores, badges earned. Cookies and similar technologies: see our cookie policy. Analytics data: usage statistics, platform behavior.

4. Processing Purposes

We use your data to: Create and manage your user account. Provide and personalize our training services. Process your payments and manage your subscriptions. Track your progress and deliver certifications. Improve our platform and develop new features. Send you marketing communications (with your consent). Ensure platform security and prevent fraud. Comply with our legal and regulatory obligations. Analyze platform usage for statistical purposes.

5. Legal Basis for Processing

The processing of your data is based on: Contract performance: for the provision of our services. Your consent: for marketing communications and certain cookies. Our legitimate interests: service improvement, security, analytics. Legal obligations: tax, accounting, and regulatory compliance.

6. Data Sharing

6.1 Recipients

Your data may be shared with: Service providers: hosting (Microsoft Azure), payment, analytics, email. Your employer: if you use a business account (progress, certifications). Competent authorities: in case of legal obligation or court order. Business partners: with your explicit consent.

6.2 International Transfers

Your data may be transferred to countries outside Morocco, particularly to the United States and the European Union, as part of using hosting services (Microsoft Azure) and other providers. These transfers are governed by appropriate safeguards (standard contractual clauses, Privacy Shield, etc.).

7. Retention Period

We retain your data for the following periods: Active account: throughout your use of the platform. Inactive account: 3 years after last login. Billing data: 10 years in accordance with Moroccan legal obligations. Marketing data: 3 years after your last consent or unsubscribe. Cookies: according to durations specified in our cookie policy.

8. Your Rights

In accordance with Moroccan Law 09-08 and GDPR, you have the following rights: Right of access: obtain a copy of your personal data. Right to rectification: correct your inaccurate or incomplete data. Right to erasure: delete your data under certain conditions. Right to restriction: limit the processing of your data. Right to portability: receive your data in a structured format. Right to object: oppose the processing of your data. Right to withdraw consent: at any time. Right to lodge a complaint: with the CNDP (National Commission for the Control of Personal Data Protection). To exercise these rights, contact us at: privacy@ederest.com

9. Data Security

We implement appropriate technical and organizational measures to protect your data: SSL/TLS encryption for all communications. Password encryption with secure algorithms. Hosting on Microsoft Azure with security certifications. Strict access controls and multi-factor authentication. Regular backups and disaster recovery plan. Regular security audits and penetration testing. Staff training on security best practices.

10. Minors' Data

Our platform is not intended for persons under 18 years of age without the consent of a parent or legal guardian. If you are aware that a minor has provided us with data without parental authorization, please contact us so we can delete this data.

11. Policy Changes

We may modify this privacy policy at any time. Significant changes will be notified to you by email or via a notice on the platform. We encourage you to regularly consult this page to stay informed of our practices.

12. Contact

For any questions about this privacy policy or your personal data: Data Protection Officer (DPO) - Email: privacy@ederest.com. Address: Ederest, Rue Ahmed El Majjati, Residence Les Alpes, 1st floor N°8, Maarif District, Casablanca, Morocco. National Commission for the Control of Personal Data Protection (CNDP): Address: Avenue Assoukhour As-sawdaa, Hay Ryad, Rabat, Morocco. Website: www.cndp.ma