Privacy policy
Last updated: 22 April 2026 · Compliant with Moroccan Law 09-08 and CNDP regulations.
AI Tech Solutions (publisher of the Prelab LIMS product, hereinafter "we") attaches the highest importance to the protection of your personal data. This policy explains how we collect, use, retain, and protect your data, in compliance with Law 09-08 on the protection of natural persons with regard to the processing of personal data.
1. Data controller
The data controller is AI Tech Solutions (aitechsolutions.ma), a Moroccan company whose registered office is in Casablanca. Full details are available in our legal notice.
2. Data Protection Officer (DPO)
We have appointed a DPO whom you may contact for any question relating to the processing of your personal data: dpo@prelab.ma.
3. Data we collect
3.1 Data you provide
- Contact forms: last name, first name, email, phone, organisation, subject of your request.
- LIMS user account: credentials, professional email, business role, division, profile picture (optional).
- Billing: legal name, address, Moroccan RC/ICE/IF identifiers, payment means (handled by a PCI DSS-certified provider).
3.2 Data collected automatically
- Technical logs: IP address, user-agent, timestamp, pages visited (retained for 30 days).
- Essential cookies: authentication session only. No advertising cookies, no third-party tracking cookies.
- LIMS application data: user actions tracked in the audit trail (ISO 17025-compliant).
3.3 Sensitive data (customer LIMS applications)
As part of the operation of the LIMS by our customers, laboratory data is processed (samples, results, end clients). This data is the exclusive property of our customers. Prelab acts as a data processor as defined in Article 24 of Law 09-08.
4. Purposes of processing
- Respond to your contact, quotation, and demo requests.
- Provide and operate the LIMS service (authentication, feature execution).
- Issue invoices and manage the commercial relationship.
- Ensure the security of the service (fraud detection, security logs).
- Comply with our legal obligations (accounting, tax, CNDP).
- Improve the product (anonymously and in aggregate only).
5. Legal basis
The processing of your data is based, depending on the case, on:
- The performance of the contract binding us (LIMS subscription, customer relationship).
- Your explicit consent (contact forms, newsletters).
- Compliance with a legal obligation (accounting, tax, audits).
- Our legitimate interest (security, fraud prevention).
6. Recipients of the data
Your data is never sold or transferred to third parties for commercial purposes.
It may be shared with:
- Authorised Prelab employees, within the limits of their duties.
- Our technical subcontractors (hosting, transactional email, payment) — all bound by a confidentiality agreement and subject to the same obligations.
- Public authorities upon valid judicial or administrative request.
7. Transfers outside Morocco
By default, your data stays in Morocco, hosted in our Casablanca data centres and on DNS infrastructure at Hostino. A single ancillary service involves a transfer outside the territory: transactional emails via Brevo SAS (France, supervised by the CNIL). This transfer is framed by equivalent safeguards in accordance with Article 43 of Law 09-08.
8. Retention periods
- Marketing contact data: 3 years after the last contact.
- LIMS user accounts: contract duration + 30 days (then permanent deletion, unless specifically requested by the customer).
- Billing data: 10 years in accordance with Moroccan accounting law.
- Security logs: 12 months.
- ISO 17025 audit trail: period consistent with your accreditation obligations (typically 5 to 10 years).
9. Your rights
In accordance with Law 09-08, you have the following rights:
- Right of access to your personal data.
- Right of rectification of inaccurate or incomplete data.
- Right to object to processing on legitimate grounds.
- Right to erasure of your data (to the extent compatible with our legal obligations).
To exercise these rights, contact our DPO at dpo@prelab.ma. We will respond within a maximum of 30 days.
In case of disagreement, you may refer the matter to the CNDP (www.cndp.ma).
10. Security
We implement technical and organisational measures to ensure the security of your data: encryption in transit and at rest, strong authentication, access logging, encrypted backups, regular audits. See our security page for details.
11. Cookies
The prelab.ma website uses only strictly necessary cookies for operation (authentication session). No advertising cookies, no third-party tracking, no external pixels. Your consent is therefore not required.
12. Changes
This policy may be updated. Any substantial change will be notified to you by email at least 30 days before its entry into force. The applicable version is always the one published on this page.
13. Contact
For any question: dpo@prelab.ma.
In case of discrepancy between this English translation and the French version, the French version shall prevail.