MARMARA TUZ (marmaratuz.com) GDPR PRIVACY POLICY
Effective Date: [Day/Month/Year]
This Privacy Policy explains how [Your Company Name/Title] (hereinafter referred to as “the Company,” “we,” “us,” or “our”), operating the e-commerce website Marmaratuz.com, collects, uses, discloses, and protects the personal data of its users and customers, particularly those residing in the European Union (EU) or European Economic Area (EEA), in compliance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679).
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller responsible for the processing of your personal data is:
- Company Name: [Your Company Name/Title]
- Address: [Your Company’s Full Address]
- Email: [Your Contact Email Address for Privacy Queries, e.g., privacy@marmaratuz.com]
- Phone: [Your Contact Phone Number]
Data Protection Officer (DPO) / EU Representative (If applicable):
- [If you are required to or have voluntarily appointed a DPO or an EU Representative, provide their contact details here. E.g., DPO Contact: dpo@marmaratuz.com]
2. PERSONAL DATA COLLECTED
We collect various types of personal data depending on your interaction with the Site (visiting, registering, purchasing).
| Category of Personal Data | Examples of Data Types |
| Identity Data | Name, Surname, Date of Birth (for age verification/legal requirements). |
| Contact Data | Billing address, Delivery address, Email address, Telephone number. |
| Financial Data | Payment card details (processed securely by our payment processor, we do not store full card details), Bank account details (for refunds). |
| Transaction Data | Details about products purchased, order history, amount spent. |
| Technical & Usage Data | IP address, browser type and version, time zone setting, operating system, browsing behaviour, cookie data. |
| Marketing & Communication Data | Your preferences in receiving marketing from us, communication preferences. |
3. PURPOSES AND LEGAL BASIS FOR PROCESSING
We will only process your personal data when we have a legal basis to do so, as defined by Article 6 of the GDPR.
| Processing Activity / Purpose | Categories of Data Used | Legal Basis (GDPR Article 6) |
| To Process and Deliver Orders | Identity, Contact, Financial, Transaction Data | Performance of a Contract with you (Art. 6(1)(b)) |
| To Register and Manage your Account | Identity, Contact, Technical Data | Performance of a Contract with you (Art. 6(1)(b)) |
| To Comply with Legal Obligations | Identity, Financial, Transaction Data | Compliance with a Legal Obligation (Art. 6(1)(c)) (e.g., tax, accounting laws) |
| For Direct Marketing (e-Newsletter/Promotions) | Contact, Marketing Data | Consent (Art. 6(1)(a)) (You have the right to withdraw this at any time) |
| To Improve our Website and Services | Technical, Usage Data | Legitimate Interests (Art. 6(1)(f)) (Improving user experience and service offerings) |
| For Fraud Prevention and Site Security | Identity, Technical, Transaction Data | Legitimate Interests (Art. 6(1)(f)) (Protecting our business and customers from fraud) |
4. DATA RECIPIENTS AND INTERNATIONAL DATA TRANSFERS
4.1. Disclosure to Third Parties: We may share your personal data with the following categories of recipients:
- Payment Processors: To securely handle payment transactions.
- Logistics Providers: Courier and shipping companies to deliver your order.
- IT & System Providers: Companies that provide hosting, data storage, and website support services.
- Professional Advisors: Accountants, auditors, and lawyers for compliance and legal advice.
- Public Authorities: Where legally required by law, such as tax authorities or law enforcement agencies.
4.2. International Data Transfers:
As an international e-commerce platform, your personal data may be transferred to and stored in countries outside the EU/EEA (e.g., to third-party service providers located in the USA for cloud services).
Where we transfer personal data outside the EU/EEA, we ensure that the transfer is protected by appropriate safeguards as required by the GDPR. These safeguards may include:
- Transfer to countries deemed adequate by the European Commission.
- The use of Standard Contractual Clauses (SCCs) approved by the European Commission.
5. DATA RETENTION PERIOD
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria used to determine our retention periods include:
- Contractual Necessity: Data related to your account and orders will be kept for the duration of the contract and subsequent limitation periods.
- Legal Obligation: Financial and transaction data (e.g., invoices) are typically kept for [Specify a period, e.g., 7 or 10] years as required by relevant tax and commercial law.
- Consent: Marketing data based on consent will be kept until you withdraw your consent or opt out of receiving communications.
6. YOUR DATA PROTECTION RIGHTS (GDPR CHAPTER III)
Under the GDPR, you have the following rights regarding your personal data:
- Right to be Informed (Art. 13 & 14): The right to receive clear, transparent, and easily understandable information about how we use your data (which is the purpose of this Policy).
- Right of Access (Art. 15): The right to obtain confirmation as to whether or not your personal data is being processed, and access to that personal data.
- Right to Rectification (Art. 16): The right to have inaccurate or incomplete personal data corrected.
- Right to Erasure (‘Right to be Forgotten’) (Art. 17): The right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
- Right to Restrict Processing (Art. 18): The right to block or suppress the processing of your personal data in certain circumstances.
- Right to Data Portability (Art. 20): The right to obtain your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
- Right to Object (Art. 21): The right to object to processing based on legitimate interests or direct marketing.
- Rights related to Automated Decision Making (Art. 22): The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
7. HOW TO EXERCISE YOUR RIGHTS AND LODGE A COMPLAINT
If you wish to exercise any of the rights set out above, please contact us using the details provided in Section 1 (Identity and Contact Details of the Data Controller).
Right to Lodge a Complaint:
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
8. COOKIES
Marmaratuz.com uses cookies and similar tracking technologies to enhance your experience. For detailed information on the types of cookies we use, the purposes for which we use them, and how you can manage your preferences, please refer to our separate Cookie Policy [Insert Link to Cookie Policy Here].
9. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated “Effective Date” at the top of this Policy and will be effective as soon as it is published on the Site.
[Your Company Name/Title]
Marmaratuz.com
[Day/Month/Year]