Legal

Privacy policy.

How we collect, use, and protect your personal data — written in plain English. Compliant with GDPR and Moroccan Law 09-08.

Last updated: 1 May 2026

1. Who we are

[YOUR LEGAL NAME] (trading as "NordicMarketing") is a digital marketing agency operating from [CITY], [COUNTRY]. For the purposes of this policy, we are the data controller for personal data collected through this website and through our services.

You can contact our privacy team at privacy@nordicmarketing.com.

Business registration: [YOUR ICE NUMBER / TRADE REGISTRY]
Operating address: [STREET ADDRESS], [CITY], [COUNTRY]

2. What data we collect

Information you provide directly

  • Your name and email address
  • Company name and website URL
  • Phone number (if provided)
  • Payment and billing information — processed securely through our payment provider (Stripe). We do not store full card details on our servers.
  • Any content you send us in messages, emails, or briefs

Information collected automatically

  • IP address (anonymised), browser type, device type, and operating system
  • Pages visited, time spent on page, and referring URL
  • Cookies and similar technologies (see our cookie policy)

3. How we use your data

PurposeLegal basis (GDPR Art. 6)
Respond to your enquiries and provide requested servicesPerformance of a contract
Deliver contracted digital marketing services and reportsPerformance of a contract
Send marketing communications (only with consent)Consent (Art. 6(1)(a))
Improve our website and service offeringsLegitimate interests
Comply with legal and tax obligationsLegal obligation
Detect, prevent, and address fraud or abuseLegitimate interests

4. How long we keep your data

  • Contact form submissions: 24 months from last contact, then deleted
  • Client records: 7 years after end of engagement (legal/tax obligation)
  • Marketing list: Until you unsubscribe
  • Website analytics: 14 months (Google Analytics default)

5. Who we share your data with

We never sell your data. We share it only with third-party service providers strictly necessary to operate our business:

  • Google Analytics / Google Workspace — analytics and email infrastructure
  • Stripe — payment processing
  • Slack, Notion, Figma — project management and collaboration
  • Looker Studio, GA4, Meta Business Suite, Google Ads, Klaviyo, Triple Whale — marketing analytics and reporting
  • Email and CRM provider — client communication and account management

All third parties are bound by data-processing agreements compliant with GDPR Article 28.

6. International transfers

Some of our service providers are based outside the EU/EEA (notably in the United States). When this happens, we rely on Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms, to ensure your data is protected to an equivalent standard.

7. Your rights under GDPR

If you are based in the EU, EEA, UK, or Switzerland, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Restriction — limit how we use your data
  • Portability — receive your data in a portable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior lawful processing

To exercise any of these rights, email privacy@nordicmarketing.com. We will respond within 30 days.

8. Complaints

If you believe we have mishandled your data, you have the right to lodge a complaint with:

  • Your local EU data protection authority, or
  • The Moroccan Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)www.cndp.ma

9. Data security

We use industry-standard security practices including TLS encryption in transit, encryption at rest for sensitive records, access controls, MFA on all internal accounts, and regular security reviews. No system is 100% secure, but we take our duty of care seriously.

10. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. For material changes, we will notify you by email or via a notice on this site.

12. Contact

Privacy questions: privacy@nordicmarketing.com
General enquiries: hello@nordicmarketing.com
Postal: [STREET ADDRESS], [CITY], [COUNTRY]