– CNDP GDPR conditions:
Law 09-08 relating to the protection of individuals with regard to the processing of personal data defines the obligations to which data controllers are subject. They must ensure that personal data is collected and processed in a fair, legitimate and transparent manner. They must, moreover.
– Respect the purpose of the processing:
Any processing of personal data must have a precise and legitimate purpose which is communicated to the persons concerned when collecting their personal data and to the CNDP when notifying the processing. The change of purpose is subject to prior authorization from the CNDP.
-Respect the principle of proportionality:
The data collected and processed must be necessary, proportional and not excessive with regard to the purpose of the envisaged processing.

-Ensure data quality:
The data controller must ensure that the personal data processed are accurate, reliable, complete and updated.
-Ensure compliance with the data retention period:
Personal data allowing the identification of the persons concerned must be kept for a limited period, not exceeding the period necessary to achieve the purpose of the processing for which they were collected. At the end of this period, the data must be destroyed.
If the data controller plans to retain personal data for statistical or historical purposes, he must request express authorization from the CNDP for this purpose.
-Ensure the exercise of rights by the person concerned:
Law 09-08 provides for a certain number of rights for the benefit of the people concerned. The data controller is required to ensure compliance with these rights, in particular by taking all measures enabling the persons concerned to assert and exercise them where applicable.

-Ensure the security and confidentiality of treatments:
It is the responsibility of the data controller to take all necessary precautions to guarantee the integrity and confidentiality of the personal data in his possession with a view to protecting them against destruction or accidental loss and against any form of illicit processing. To this end, He must implement appropriate physical and logical security measures and take all necessary precautions to prevent data from being distorted, damaged, or communicated to unauthorized third parties. The data controller must ensure, through contracts and audits, that its subcontractors and third parties to whom it communicates personal data comply with all the provisions of Law 09-08.
-Notify the treatments to the CNDP:
Before implementing processing, the data controller must notify the CNDP by completing the appropriate procedure, namely:
1- An authorization request:
a) If the processing uses sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health data, etc.
b) If there is a change of purpose, i.e. personal data is used for purposes other than those for which it was collected.
c) If the data processing relates to offences, convictions or security measures.
d) If the data processing uses the CIN number.
e) If the processing requires the interconnection of files, the purposes of which are different.
2-.A prior declaration in other cases.
3- A request for data transfer abroad if personal data will be hosted or transmitted abroad.

Digital Millennium Copyright Act Policy

GOTOUR respects the intellectual property of others, and we ask our users to do the same. It is our policy to respond to clear notices of alleged copyright infringement. This page describes the information that should be present in these notices. The form of notice specified below is consistent with the form suggested by the United States Digital Millennium Copyright Act, If you believe that content available by means of the Website infringes one or more of your copyrights, please notify us by means of an emailed notice ( “Infringement Notice”) providing the information described below to the email address listed below.
All Infringement Notices should be reported using Submit Infringement Notice Form and include the following or they will be deemed invalid:
An electronic signature of the copyright owner or a person authorized to act on their behalf;
An identification of the copyright claimed to have been infringed;
A description of the nature and exact location of the content that you claim to infringe your copyright, in sufficient detail to permit GOCAR to find and positively identify that content; for example we require a link to the specific blog post (not just the name of the blog) that contains the content and a description of which specific portion of the blog post – an image, a link, the text, etc – your complaint refers to;
Your name, address, telephone number and email address; and
A statement by you:
(a) that you believe in good faith that the use of the content that you claim to infringe your copyright is not authorized by law, or by the copyright owner or such owner’s agent.
(b) under penalty of perjury, that all of the information contained in your Infringement Notice is accurate, and that you are either the copyright owner or a person authorized to act on their behalf.