1. Preamble
HEMC, Hub Engineering Management Consulting, attaches particular importance to the protection of your personal data and to the respect of your privacy.
This Privacy Policy informs you of how we collect, use and protect your personal data when you use our website hem-consulting.com or when you interact with us by email, telephone, WhatsApp or any other channel.
This policy complies with:
- Moroccan Law 09-08 on the protection of natural persons with regard to the processing of personal data
- The General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, for European users
2. Data controller
HUB ENGINEERING MANAGEMENT CONSULTING (HEMC)
- Registered office: HAY LAAYOUNE, Angle Rue Ait Yaflmane, Fida No. 341, 2nd floor, Casablanca, Morocco
- Trade register (RC): 50350729
- Email: contact@hem-consulting.com
- Regulatory framework: Law 09-08 (Morocco) and GDPR (European Union)
3. Data collected
3.1 Data provided directly by you
When you fill in our contact form or write to us, we collect:
- Last name and first name
- Professional email
- Telephone number (optional)
- Name of your company / organisation
- Position
- Description of your project
- Any attached documents (PDF, DOCX)
3.2 Data collected automatically
While you browse, we automatically collect:
- IP address
- Browser type and version
- Operating system
- Pages viewed and viewing duration
- Referring website (referrer)
- Technical cookies (see our Cookie Policy)
3.3 Communication data
When you exchange with us by email, WhatsApp or telephone, the content of these exchanges may be retained for the purposes of commercial follow-up and service quality.
4. Purposes of processing
Your personal data is processed in order to:
- Respond to your requests for contact, information, quotation or diagnosis
- Manage the commercial relationship: prospect follow-up, service proposals, contracting
- Send commercial communications (newsletter, regulatory watch), only with your explicit consent
- Improve our website: traffic analysis, visit statistics, UX optimisation
- Comply with our legal obligations: accounting, taxation, retention of professional documents
- Website security: detection and prevention of fraud or intrusion attempts
5. Legal basis for processing
Your consent, For sending commercial communications (newsletter)
The performance of a contract, Or pre-contractual measures to respond to your requests
The legitimate interest of HEMC, To improve its services and secure its website
Compliance with a legal obligation, Accounting, tax and other obligations
6. Retention period
| Category | Period |
|---|---|
| Data of non-converted prospects | 3 years from the last contact |
| Customer data | Duration of the commercial relationship + 10 years |
| Newsletter data | Until you unsubscribe |
| Technical logs | 12 months |
At the end of these periods, your data is either deleted or anonymised for statistical purposes.
7. Recipients of the data
Your personal data is accessible only to authorised HEMC staff within the scope of their duties.
It may also be shared with our technical subcontractors, strictly governed by contracts compliant with Law 09-08 and the GDPR:
- Website host: Vercel Inc. (United States)
- Email sending tool: Resend
- Audience measurement: Google Analytics, activated only with your consent
- Database: MongoDB, for the management of contact requests
HEMC never sells or rents your data to third parties for commercial purposes.
8. Your rights
In accordance with Law 09-08 and the GDPR, you have the following rights:
Competent authorities
- In Morocco: CNDP, cndp.ma
- In Europe: CNIL (France) or the equivalent authority in your country of residence
To exercise your rights
Write to contact@hem-consulting.com with the subject line « Exercise of GDPR/Law 09-08 rights » as the subject. We will respond within a maximum period of 30 days.
9. Data security
HEMC implements appropriate technical and organisational measures:
- SSL/TLS encryption of exchanges (HTTPS required)
- Data access restricted to authorised personnel
- Strong passwords and strong authentication
- Regular secure backups
- Ongoing staff training in data protection
- Active monitoring of new threats (HEMC, specialised in ISO 27001, applies to itself the requirements it recommends to its clients)
In the event of a data breach, HEMC undertakes to notify the incident to the competent authority (CNDP or CNIL) and to the persons concerned as soon as possible.
10. Changes to the policy
HEMC reserves the right to amend this Privacy Policy at any time, in particular to reflect legal, regulatory or technical developments. The date of the last update is indicated at the bottom of this page. In the event of a substantial change, you will be informed by email or by a visible notification on the website.