Privacy Policy

The Institute for Advanced Studies at Mohammed VI Polytechnic University (IAS UM6P) is committed to protecting the privacy and personal data of everyone who interacts with our institution — including residency applicants, program participants, website visitors, event attendees, and correspondents.

This Privacy Policy describes how we collect, use, store, share, and protect personal data in accordance with Moroccan Law n° 09-08 of February 18, 2009, on the protection of individuals with regard to the processing of personal data (Loi relative à la protection des personnes physiques à l'égard des traitements des données à caractère personnel), implemented by Decree n° 2-09-165 of May 21, 2009, and enforced by the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel).

By submitting a residency application, registering for an event, or using our website, you acknowledge that you have read and understood this Policy. Where your consent is required as a legal basis for processing, we will obtain it separately and explicitly.

In accordance with Article 1 of Law n° 09-08, the data controller is the entity that determines the purposes and means of processing personal data:

For any questions, requests, or complaints relating to the processing of your personal data, please contact us at ias@um6p.ma.

We collect personal data in accordance with the principles of relevance, adequacy, and proportionality established by Article 3 of Law n° 09-08 — we collect only what is strictly necessary for the purposes described in this Policy.

A. Residency Applicants

• Identity data: Full name, date of birth, gender, nationality, country of residence, identification document details
• Contact information: Email address, phone number, postal address
• Academic & professional credentials: Curriculum vitae, academic degrees and transcripts, institutional affiliations, professional positions held
• Research project data: Research proposal or project description, work samples, artistic portfolio, publications list
• Reference information: Names, institutional affiliations, and contact details of referees; content of letters of recommendation
• Portrait / photograph: Profile photo submitted with the application, used for internal processing and, if accepted, institutional directory
• Language proficiency: Languages spoken and level of proficiency
• Financial data (post-selection only): Bank account details collected solely when a fellowship stipend is awarded, after the selection process is complete
• Emergency contact: Name and contact details of a designated emergency contact person

B. Website Visitors

• Technical data: IP address, browser type and version, operating system, referring URL
• Browsing data: Pages visited, time spent on pages, links clicked, session duration
• Cookie data: See Section 09 for full details
• Contact form submissions: Name, email address, message content

C. Event & Program Participants

• Registration data: Full name, email address, institutional affiliation, dietary/accessibility requirements (where provided voluntarily)
• Event recordings: Photographs and video recordings made during IAS events. Participants are informed in advance; specific consent is obtained for identifiable recordings used in communications materials

D. Newsletter & Communications Subscribers

• Name and email address, collected with explicit consent via a double opt-in mechanism

We process personal data only for specified, explicit, and legitimate purposes (Article 3, Law n° 09-08). The legal bases applicable to each processing activity are as follows:

Personal data is retained for no longer than is necessary for the purpose for which it was collected, in compliance with Article 3 of Law n° 09-08. The following retention periods apply:

IAS UM6P does not sell, rent, or trade personal data to any third party under any circumstances. Data may be shared only in the following controlled circumstances, in compliance with Article 4 of Law n° 09-08 (information to data subjects) and Articles 24–26 (subcontracting).

Within IAS UM6P and UM6P Group

• IAS administrative staff: Application coordinators, program managers, finance team — access is restricted to data necessary for their function
• Scientific Selection Committee: Anonymized or identified application materials shared for evaluation purposes, under strict confidentiality
• UM6P administration: Limited data shared with the university for legal compliance, payroll, and campus access management

Academic and Research Partners

• Where a residency involves collaboration with a partner institution, limited identity and project data may be shared with that institution's designated coordinator, provided prior written consent is obtained from the resident
• Publication of research outputs is governed by separate publication agreements

Authorized Service Providers (Subcontractors)

• Web hosting and IT infrastructure: Cloud hosting providers processing data on our behalf under Data Processing Agreements
• Email delivery services: For institutional communications and newsletters
• Application management platform: If a third-party system is used for processing applications
• Analytics providers: Anonymized website traffic data

All service providers are contractually bound by confidentiality and data protection obligations equivalent to those under Law n° 09-08.

Legal and Regulatory Authorities

• Personal data may be disclosed to Moroccan judicial, police, or regulatory authorities when required by applicable law, court order, or legal process
• We will inform you of any such disclosure where legally permitted to do so

As an international academic institution, IAS UM6P collaborates with partner universities, research institutions, and scholars worldwide. This may involve transferring personal data to countries outside Morocco.

Pursuant to Articles 43 and 44 of Law n° 09-08, a transfer of personal data to a foreign country is permitted only if that country ensures an adequate level of protection for privacy, fundamental freedoms, and rights, or if one of the following conditions applies:

• Adequacy decision: The CNDP or Moroccan government has determined that the destination country provides adequate protection
• Explicit consent: You have given your explicit and informed consent to the transfer, after being informed of the risks
• Contractual necessity: The transfer is necessary for the performance of a contract between you and IAS UM6P (e.g., international collaborative residency)
• Standard contractual clauses: The transfer is governed by contractual clauses approved by the CNDP providing appropriate safeguards
• CNDP authorization: The transfer has received prior authorization from the CNDP where required

You have the right to request information about any international transfers of your personal data and the safeguards in place by contacting us at ias@um6p.ma.

Under Law n° 09-08, you have the following rights regarding your personal data. We will respond to all verified requests within 30 days of receipt.

The IAS website (ias.um6p.ma) uses cookies and similar tracking technologies in accordance with Moroccan regulations and best practices. A cookie is a small text file stored on your device when you visit our website.

When you first visit our website, a consent banner informs you of cookie use and allows you to accept or refuse optional cookies. You may change your preferences at any time via the cookie settings accessible in the website footer. You may also control cookies through your browser settings; however, disabling essential cookies may affect website functionality.

In accordance with Article 23 of Law n° 09-08, IAS UM6P implements appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction.

• Encryption in transit: All data transmitted between your browser and our servers is protected by TLS/SSL encryption (HTTPS)
• Encryption at rest: Sensitive data stored in our systems is encrypted at rest
• Access controls: Strict role-based access controls limit who can access personal data; access is granted on a need-to-know basis
• Authentication: Strong authentication mechanisms are required for staff accessing personal data systems
• Pseudonymization: Where possible, application data is pseudonymized during the evaluation process to reduce identification risk
• Regular audits: Security practices and systems are subject to regular internal and external reviews
• Staff training: All IAS staff handling personal data receive training on data protection obligations and best practices
• Incident response: A documented procedure is in place for responding to personal data breaches, including notification to the CNDP and affected individuals where required

IAS UM6P's residency programs and associated services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect personal data from persons under the age of 18.

If we become aware that personal data has been inadvertently collected from a minor without appropriate parental or guardian consent, we will take immediate steps to delete that data from our systems. If you believe that a minor's data has been submitted to us without appropriate consent, please notify us immediately at ias@um6p.ma.

IAS UM6P may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory guidance. The most current version will always be published on our website at ias.um6p.ma with the date of the most recent revision clearly indicated.

In the event of material changes that significantly affect your rights or the way we process your data, we will notify you directly (by email, where we hold your contact details) prior to the changes taking effect, and request fresh consent where required.

Your continued interaction with IAS UM6P's services after the effective date of any update constitutes acknowledgment of the revised Policy. Where processing requires consent, we will obtain new consent for any material change to the purposes or scope of processing.

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us: