Privacy Policy

01Data Controller Identity

The controller of personal data collected via www.souhalegal.com is:

02Data Collected and Purposes

We apply the data minimisation principle — only data strictly necessary for the stated purpose is collected.

03Legal Bases for Processing

Pursuant to Article 4 of Moroccan Law 09-08 and Article 6 of the GDPR, each processing activity has an identified legal basis:

a) Contract performance (Art. 6(1)(b) GDPR · Art. 4 Law 09-08)

Data necessary for the attorney's engagement is processed to perform the mandate you entrust to us, or to take pre-contractual steps at your request.

b) Legal obligation (Art. 6(1)(c) GDPR)

Accounting and tax obligations (Moroccan Law 9-88, General Tax Code), anti-money laundering (Law 43-05), file archiving in accordance with the Rabat Bar regulations.

c) Legitimate interests (Art. 6(1)(f) GDPR)

Site security (connection logs, firewall) and anonymous audience measurement, provided these do not override your fundamental rights and freedoms.

d) Consent (Art. 6(1)(a) GDPR · Art. 4 Law 09-08)

For marketing communications, non-essential cookies or sensitive data, we will obtain your prior, free, specific, informed and unambiguous consent. You may withdraw it at any time without retroactive effect.

04Retention Periods

Upon expiry of these periods, data is either permanently deleted or anonymised for statistical purposes.

05Recipients and Data Processors

Technical processors

• Web host — hosting of the website (server in Morocco / EEA) ;
• Web3Forms — contact form processing (EU servers, GDPR-compliant) ;
• Google LLC — Fonts & Maps Embed (EU-US Data Privacy Framework certified, July 2023).

Each processor is bound by a Data Processing Agreement (DPA) ensuring an adequate level of protection.

Legally authorised third parties

Your data may be disclosed to Moroccan judicial, administrative or tax authorities when required by law (court order, AML reporting obligation), or in the context of your mandate (courts, court registries, opposing party where necessary for your defence).

06International Data Transfers

Where possible, your data is hosted and processed in Morocco or in the European Economic Area (EEA). When a transfer outside these areas is required, we ensure one of the following safeguards applies:

• Adequacy decision by the European Commission or CNDP ;
• Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914) ;
• Binding Corporate Rules (BCR) ;
• EU-US Data Privacy Framework (DPF), recognised as adequate by the European Commission (July 2023).

Google LLC is certified under the EU-US DPF for Fonts and Maps services.

07Your Rights

Under Moroccan Law 09-08 (Articles 7–14) and the GDPR (Articles 15–22), you have the following rights:

How to exercise your rights

Submit a written request to contact@souhalegal.com or by post to the firm. Response time: 30 days (extendable to 3 months for complex requests, with reasoned notice). Proof of identity may be requested.

08Attorney–Client Privilege

As an attorney registered at the Rabat Bar, Maître Abdelkarim Souha is bound by absolute professional secrecy enshrined in Dahir n° 1-08-101 of 20 October 2008 enacting Law n° 28-08 on the organisation of the legal profession (Article 32), and by the deontological rules of the Rabat Bar.

This privilege covers all confidential information communicated in the attorney–client relationship: consultations, correspondence, case documents and personal information. It is permanent, general and absolute.

Data processed under the mandate is protected by this reinforced regime, which is distinct from and complementary to data protection law.

09Cookies and Trackers

Strictly necessary cookies

Essential for the site to function (security, navigation). No consent required. No personally identifiable data is collected.

Third-party cookies (Google Fonts & Maps)

Integration of Google Fonts and Google Maps Embed may place cookies by Google LLC, subject to Google's Privacy Policy. You may disable these through your browser settings.

No advertising cookies

We use no targeting, retargeting or behavioural tracking cookies. No browsing data is sold or shared with advertising networks.

Managing your preferences

Configure your browser (Chrome, Firefox, Safari, Edge) or visit youronlinechoices.eu to manage third-party cookies.

10Data Security

We implement appropriate technical and organisational measures in line with the state of the art (Art. 32 GDPR / Art. 23 Law 09-08):

• Full encryption via HTTPS / TLS 1.3 across the entire site ;
• Access to data strictly limited to authorised personnel ;
• Hashed passwords (bcrypt) and strong authentication ;
• Access and modification logs for audit purposes ;
• Regular encrypted backups ;
• Systematic software updates and security patches.

In the event of a data breach (Art. 33–34 GDPR), we will notify the CNDP within 72 hours and inform you directly if the risk to your rights is high.

11Minors

Our site and services are not directed at persons under 16 years of age. We do not knowingly collect data relating to minors. If you are a parent or legal guardian and believe a child has sent us personal data, please contact us for immediate deletion.

In proceedings involving minors, processing is governed by special child protection rules and attorney–client privilege.

12Policy Updates

We reserve the right to update this policy to comply with changes in applicable law (Law 09-08, GDPR, CNDP or CJEU decisions) or our processing practices. The "last updated" date in the header will be revised accordingly. Significant changes will be highlighted on the site.

The version in force at the time of your visit applies.

13Contact and Complaints

Supervisory Authority — Morocco

CNDP — Commission Nationale de contrôle de la Protection des Données à caractère Personnel
Corner rue Tichka and avenue Omar Ibn Khattab, Hay Riad, Rabat — www.cndp.ma

Supervisory Authority — European Union

EU residents may contact their national data protection authority: EDPB member list.