Last updated: June 2026
Mahdi Naim Studio processes personal data in the context of its activities, in compliance with all applicable laws and contractual provisions, using methods based on the principles of accuracy, lawfulness and transparency — protecting the privacy and rights of the individuals concerned.
1. DATA CONTROLLER
Through this document, Mahdi Naim Studio — as Data Controller — pursuant to Art. 13 of EU Regulation 679/2016 (hereafter “GDPR”), provides all information relating to the use of personal data of users of the website (hereafter “User/Users”) https://mahdinaimstudio.com (hereafter “Website”).
Studio name: Mahdi Naim Studio
Primary address: 6 Rue 6 Octobre, Etg 3, Appt 3, Boulevard Massira, Casablanca 20000, Morocco
Secondary address: 61c Rue de Gerland, Lyon 69007, France
Email: contact@mahdinaimstudio.com
Privacy contact: contact@mahdinaimstudio.com — subject: Privacy
Legal entity details (company registration, VAT) will be updated in a subsequent version of this document.
2. TYPES OF DATA COLLECTED
a) Navigation data
Personal data that computer systems and software procedures used to operate this Website acquire during their normal operation, and whose transmission is inherent in the use of Internet communication protocols. This data is not collected to be associated with identified users, but may be used — through processing and associations with data held by third parties — to identify the users concerned. This category includes: IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of requested resources, request time, method used to submit the request to the server, file size obtained in response, numeric code indicating server response status, and other parameters relating to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on Website use and to verify its correct functioning; they are deleted immediately after processing. These data may be used to establish responsibility in the event of hypothetical IT offences against the Website. Outside this eventuality, they are not retained for more than seven days.
b) Data voluntarily provided — general contact
Data provided by the User by sending an email to contact@mahdinaimstudio.com, lyon@mahdinaimstudio.com, or casa@mahdinaimstudio.com, or by completing the contact form on the Website. Upon submission, the User’s data will be processed solely for the purpose of responding to the request and fulfilling related administrative obligations. Data processed: first name, last name, email address, role, organisation, subject, and any other personal data voluntarily communicated by the User.
c) Data voluntarily provided — project enquiries
Data provided by the User when submitting a project brief or collaboration enquiry via the Website contact form or by email. These data are processed solely to assess the feasibility of the project and initiate a professional relationship. Data processed: first name, last name, email address, role, organisation, and project description.
d) Data voluntarily provided — newsletter subscription
Data provided by the User when subscribing to the Studio newsletter to receive communications relating to new works, material research, and field notes published by Mahdi Naim Studio. Data processed: email address. Consent may be withdrawn at any time by clicking the unsubscribe link included in all communications, or by writing to contact@mahdinaimstudio.com.
e) Data voluntarily provided — career applications
Data provided by the User when submitting a spontaneous application to join the Studio. These data will be used to evaluate the candidate’s profile for a potential professional collaboration. Data processed: first name, last name, email address, phone number, postal address, and data contained in the attached CV and portfolio.
f) Cookies
For the processing of data via cookies, please refer to the Cookie Policy available on the Website.
3. PURPOSES AND LEGAL BASIS FOR PROCESSING
User data collected is processed by the Data Controller for the following purposes:
Website operation and security: ensuring the security and correct functioning of the Website, including the capacity to withstand unforeseen events or unlawful acts that may compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data. Legal basis: Art. 6(1)(f) GDPR — legitimate interest.
Managing contact requests: responding to requests submitted by the User. Legal basis: Art. 6(1)(b) GDPR — performance of a contract or pre-contractual measures.
Newsletter and communications: sending new works announcements, material research updates, and field notes, only where the User has given explicit consent. Legal basis: Art. 6(1)(a) GDPR — consent of the data subject.
Career applications: evaluating professional profiles received following a spontaneous application. Legal basis: Art. 6(1)(b) GDPR.
4. MANDATORY / OPTIONAL NATURE OF DATA PROVISION
Provision of data described in section 2(b) is optional. In its absence, however, the User will not be able to use the contact service.
Provision of data described in section 2(d) is optional. The User may withdraw consent at any time without giving reasons, by using the unsubscribe link or by contacting the Data Controller at contact@mahdinaimstudio.com.
Provision of data described in section 2(e) is also optional. However, refusal to allow processing would prevent any follow-up regarding evaluation of a potential collaboration.
5. DATA PROCESSING METHODS
Data processing will be carried out on paper and electronic media, using modern IT systems, by persons expressly designated for this purpose. Processing will be carried out logically and according to organisational methods strictly linked to the obligations, tasks, or purposes mentioned above. The Data Controller implements technical and organisational measures to protect data in its possession against manipulation, loss, destruction, and unauthorised access. These security measures are continuously improved in line with technological developments.
6. DATA DISCLOSURE
The User’s personal data will be processed by parties authorised to carry out these tasks, duly designated as processors or data controllers, and equipped with security measures guaranteeing the confidentiality of data communicated by data subjects and preventing unauthorised access by third parties. Where necessary, data collected may be transmitted, within the strictly necessary limits for the obligations, tasks, or purposes described in section 2, to public or private bodies (insurers, audit and certification companies, etc.) or to competent authorities for purposes of prevention, detection or prosecution of offences, in accordance with applicable regulations. No data will be disseminated.
All User data stored in electronic form is retained on servers located within the European Union.
7. RETENTION PERIOD
Personal data is processed and retained for the time necessary to fulfil the purposes for which it was collected.
For the purposes referred to in section 2(a), personal data is processed for the strictly necessary time to pursue the aforementioned objectives and, subsequently, for compliance with legal obligations and/or for defence purposes.
Data provided for newsletter communications is retained until the data subject requests cessation of such activities, or for a maximum period of two years.
Once the retention period has expired, personal data is deleted. The rights of access, erasure, rectification, and portability can no longer be exercised after this expiration.
8. USER RIGHTS
Users have the right to know their rights, which consist essentially of the right to be informed by other contracting parties about the processing of their personal data, as well as to access their data and obtain rectification, integration, updating, erasure, or blocking. The User also has the right to obtain a copy of their data, to restrict or object to its processing, as well as the right to data portability and to lodge a complaint with the competent supervisory authority, under the conditions and limits provided for in Art. 13 of the GDPR.
Pursuant to Articles 15 et seq. of the GDPR, any data subject has the following rights:
— Right to information
— Right of access to data
— Right to rectification
— Right to erasure (“right to be forgotten”)
— Right to restriction of processing
— Right to data portability
— Right to object
The data subject may thus know what personal data is held by the Data Controller, its origin and use, and may request its update, rectification, or completion. In cases provided for by applicable regulations, they may also request its erasure, restriction of processing, or object to it. Any data subject may, if they wish, request to receive a copy of the personal data concerning them held by the Data Controller in a machine-readable format. Where technically possible, the Data Controller may transfer this data directly to a third party designated by the data subject.
If the User considers that the processing of their personal data has been carried out unlawfully, they may lodge a complaint with the competent supervisory authority responsible for compliance with personal data protection rules. In France, any such complaint may be lodged with the CNIL (Commission Nationale de l’Informatique et des Libertés — https://www.cnil.fr). In Morocco, with the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel — https://www.cndp.ma).
9. EXERCISING RIGHTS
To exercise the aforementioned rights, Users may send a communication to the following email address: contact@mahdinaimstudio.com, indicating as the subject: “Privacy — Exercise of Rights”.
This Privacy Policy was published in June 2026. Any updates will be systematically published on this page.