At the The Turkish Shop – trading as theturkishshop.com, we value privacy and understand that it is at the core of your rights and freedom.
So we’ve created this page to help you understand what we do to help protect your personal data, what information we need to collect, why we collect it, what we do with it, how long the data is kept, who can access it and what your rights are.
What we need to collect
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, payment card details (processed through our secure pages via our Payment Gateway providers – so we never see or store the full details of your payment method) and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services we provide to you (including, for example, those we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
- Your account login details for our services, including your user name and chosen password;
- Information about whether or not you want to receive marketing communications from us;
- Information about any device you have used to access our services (such as your device’s make and model, browser or IP address) and also how you use our services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. This helps us keep track of your likes and dislikes and any problems or concerns you’ve had with our products or services, so we can continue to provide you with relevant shopping experiences.
Why we need it
There are a number of ways in which we use your personal information. If you do not provide your information to us, then we will be unable to interact with you in that way – for example, if you do not provide your name, address and account details when purchasing one of our products online, we will not be able to sell you that product as we would be unable to process your payment or deliver the product to you.
What we do with it
All the information we collect via our website, products and services, or through correspondence with you, is used by The Turkish Shop Limited to operate and improve the service we offer you. We are committed to using your personal information only for:
Making our products and services available to you.
Personalising your shopping experience;
Monitoring and improving any of our websites and our products and services.
Planning and managing our business activities, including analysing customers’ shopping habits and preferences.
Enabling third parties to carry out technical, logistical or other functions on our behalf.
Providing you with information about the products and services we offer.
Providing you with periodic communications (this may be by post, telephone, SMS, email or as part of your delivery) about features, products, Services, events, promotions and special offers. Such communications from theturkishshop.com might include advertising or offers. (We will never pass your information outside of The Turkish Shop Limited for marketing purposes). We may also contact you in relation to any questions You have raised with us or to discuss the status of your account with us.
Preventing and detecting fraud or abuses of our website or services.
Allowing us to comply with any requirements imposed on us by law or court order.
International Data Transfers.
Theturkishshop.com is based in the UK, but in order to offer you the best service we can provide, we work with service providers from other parts of the world. This means that the data we collect sometimes needs to be transferred, stored and used outside the European Economic Area. We want you to know that we have taken steps to ensure there is an appropriate level of security for the processing carried out in these countries.
How long we keep it
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place.
In most cases, this means we will keep your information for as long as you continue to shop with us or use our services, and for a period of time afterwards if you stop doing so just in case you begin shopping with us again. After that we will either delete it or anonymise it so that it cannot be linked back to you.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, for example for any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Who can see it
The parties that can access this information are:
Service providers: acting as processors who provide IT, system administration and delivery services.
Professional advisers: acting as processors or joint controllers including lawyers, bankers, auditors and others who provide consultancy, banking, legal, insurance and other professional services.
Her Majesty’s Revenue & Customs (HMRC), regulators and other authorities: acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
Other people who help us provide our websites and mobile apps: they include information technology experts who host our websites and payment services companies that make it easy for you to use your credit or payment cards with us. Other examples include market research companies, marketing, advertising, design and PR organisations and general service companies such as printers and mailing houses;
Our insurers and insurance brokers: who provide us with comprehensive cover against the risks of running a business as big as ours. (They may keep this information for the purpose of ongoing risk assessment and insurance broking and underwriting services.)
Banks and finance companies: where we have allowed them to offer you the possibility of buying our products on credit or debit card. (They may keep this information for their related banking and finance purposes)
With social media companies such as Facebook and Twitter: and our advertising partners to enable us to run targeted promotions for you on their platforms;
Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us.
The police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the Courts and any other government authority: if they ask us to do so (but only if us doing so is lawful).
We may also share the information we collect where we are legally obliged to do so, e.g. to comply with a court order.
Social media, blogs, reviews, etc.
Any social media posts or comments you send to us: (on the theturkishshop.com Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are written and could be made public. Other people, not us, control these platforms. We’re not responsible for this kind of sharing. Before you make any remarks or observations about anything, you should review the terms and conditions and privacy policies of the social media platforms you use.
How we protect it
We take the protection of your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
We use appropriate procedures and technical security measures (including encryption and anonymisation) to safeguard your information across all our computer systems, networks, websites, mobile apps and office.
We reveal only the last four digits of your credit or debit card number when confirming an order. These details are stored on our systems but the full credit or debit card number is never stored on any of our systems. Instead we use a token that is unique both to the theturkishshop.com website and to you. This token is transmitted to the appropriate credit or debit card company during the order processing.
Request a copy of the data we hold on you.
Request that we correct or update the data that we hold on you.
Request that we delete the information we hold on you.
Request that we keep your data but do not use it.
Request that we send a copy of your data to another organisation.
Object to how we are using data.
Raise a complaint with the Information Commissioner’s Office about us. If you wish to do this then go to ico.org.uk/concerns
Take us or the Information Commissioner’s Office to court. If you wish to do this then go to ico.org.uk/concerns or email firstname.lastname@example.org
Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you are seeking to exercise any of these rights, please contact us:
By email email@example.com
Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customers against fraudulent requests. We may also contact you to ask you for further information in relation to your request to speed up our response. In the event that we have concerns regarding the abuse of the system we have in place for exercising your rights outlined above, we may apply a processing fee for each consequent request.
Additionally, we will endeavour and must inform you in the event of the following:
If we suffer a data breach and your data is affected in a way that poses a risk to your rights and freedom.
If we carry out your request to correct/update, erase or not use your data
To get in touch with the controller and the data protection officer:
By email: firstname.lastname@example.org