Privacy Policy

NUR JEWELLERY KUYUMCULUK SANAYİ VE TİCARET LİMİTED ŞİRKETİ ("Nur Jewellery", "we", "us") is the data controller responsible for your personal data. Our registered address is Yenibosna Merkez Mah. Kuyumcukent Sk. Kuyumcukent No: 4M İç Kapı No: 1065, Bahçelievler/İstanbul, Turkey. Tax ID: 6321535825. MERSİS No: 0632153582500001. Trade Registry No: 1099222.

We collect the following categories of personal data: • Identity Data: name, email address, phone number • Account Data: password (encrypted), preferences, sizes • Transaction Data: order history, payment details (processed by our payment gateway — we do not store card numbers) • Technical Data: IP address, browser type, device information, cookies • Usage Data: browsing history on our site, products viewed, search queries • Communication Data: messages you send us, newsletter preferences

We process your personal data for the following purposes: • To fulfill orders and provide our services • To manage your account and preferences • To communicate order updates and respond to inquiries • To personalize your shopping experience • To send marketing communications (only with your consent) • To comply with legal obligations (including Turkish KVKK and EU GDPR) • To prevent fraud and ensure security • To improve our website and services

We process your data based on: • Contract performance (fulfilling orders, managing accounts) • Legitimate interests (improving services, fraud prevention) • Legal obligation (tax records, MASAK compliance for jewelry trade) • Consent (marketing communications, cookies)

We may share your data with: • Payment processors (PayTR) for transaction processing • Shipping companies for order delivery • Cloud service providers for hosting and storage • Legal authorities when required by law We do NOT sell your personal data to third parties.

We implement industry-standard security measures: • SSL/TLS encryption for all data transmission • Encrypted password storage (bcrypt hashing) • Secure payment processing (PCI DSS compliant gateway) • Regular security audits • Access controls and authentication • Two-Factor Authentication (2FA) available for all accounts

We retain your personal data for as long as necessary: • Account data: until you delete your account • Transaction data: 10 years (Turkish tax law requirement) • Marketing data: until you withdraw consent • Technical logs: 12 months

Under GDPR and Turkish KVKK Law No. 6698, you have the right to: • Access your personal data • Rectify inaccurate data • Request deletion of your data • Restrict or object to processing • Data portability (receive your data in a structured format) • Withdraw consent at any time • Lodge a complaint with the Turkish Personal Data Protection Authority (KVKK Kurumu) To exercise these rights, contact us at [email protected] or use the data management tools in your account settings.

We use essential cookies for site functionality and optional cookies for analytics and personalization. You can manage your cookie preferences through our cookie consent banner. We classify cookies as: • Essential: Required for core site functionality • Analytics: Help us understand how visitors use our site • Marketing: Used for personalized advertising

Your data may be transferred to and processed in countries outside Turkey and the EU. We ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions) are in place for such transfers.

For privacy-related inquiries: Data Protection Contact: [email protected] Address: Yenibosna Merkez Mah. Kuyumcukent Sk. Kuyumcukent No: 4M İç Kapı No: 1065, Bahçelievler/İstanbul, Turkey Phone: +90 555 123 4567 You may also contact the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu) at www.kvkk.gov.tr.