Privacy Policy
This policy explains what personal data we collect, how we use it, who we share it with and what rights you have. It is prepared in accordance with Turkish Personal Data Protection Law No. 6698 (KVKK) and applicable international data protection standards.
Data Controller
This Privacy Policy has been prepared by İDİN BİJUTERİ İTHALAT İHRACAT SANAYİ VE TİCARET LİMİTED ŞİRKETİ in its capacity as data controller under Turkish Personal Data Protection Law No. 6698 (KVKK).
Address: Rüstem Paşa Mah. Sabuncuhan Cad. Atmaca İş Merkezi Kat:1 No:23/18 Eminönü – Fatih / Istanbul, Turkey | Email: info@idin.com.tr | Website: idin.com.tr
Personal Data We Collect
The following categories of personal data may be collected and processed in connection with transactions carried out through idin.com.tr:
| Data Category | Examples | Scope |
|---|---|---|
| Identity Data | First name, last name | All users |
| Contact Data | Email address, phone number | All users |
| Address Data | Billing address, delivery address | All users |
| Tax & Company Data | Tax ID number, tax office | Corporate buyers |
| Order & Payment Data | Order history, payment method | All users |
| Technical Data | IP address, browser type, transaction logs | All users |
| Cookie Data | Session, analytics and marketing cookies | Site visitors |
Purposes of Processing
Personal data collected through idin.com.tr is processed for the following purposes:
- Processing, managing and fulfilling orders and deliveries
- Issuing invoices and managing accounting records
- Providing customer service and after-sales support
- Complying with legal obligations and making statutory notifications to public authorities
- Ensuring platform security and preventing fraud
- Analysing site usage and improving service quality (Google Analytics)
- Running personalised advertising and remarketing campaigns (Facebook/Meta Pixel)
Domestic Data Sharing
Your personal data may be shared with the following parties within Turkey under Article 8 of KVKK, strictly limited to the purpose of processing:
Carrier Companies
Name, delivery address and phone number are shared to facilitate the fulfilment and delivery of orders.
Payment Providers
The minimum data necessary to process payment transactions is transferred to the relevant payment infrastructure.
Financial Advisors
Tax and invoice data is shared with our accounting service provider for bookkeeping and compliance purposes.
Data may also be shared with public institutions and judicial authorities where required by law. All such transfers are carried out strictly within the scope of legal obligation under Article 8 of KVKK.
International Data Transfers
Certain services used by idin.com.tr result in personal data being transferred outside of Turkey under Article 9 of KVKK. These transfers occur through the following channels:
Google Analytics (Google LLC — USA): Site visit statistics, page views and user behaviour data are transmitted to Google servers. Google processes this data under its own privacy policy. The transfer is carried out under Standard Contractual Clauses (SCC) as the applicable adequacy mechanism. Google Privacy Policy →
Meta Pixel / Facebook (Meta Platforms — USA): Visitor behaviour data is transmitted to Meta servers for ad targeting and conversion tracking purposes. This data is processed by Meta's advertising systems. The transfer is carried out under Meta's Standard Contractual Clauses. Meta Privacy Policy →
International Carriers (DHL, FedEx, UPS): For international orders, the name, delivery address and order details required for fulfilment are transferred to the carrier's servers, which may be located in the destination country or their operational territory. This transfer is strictly limited to delivery purposes.
These international transfers are carried out on the legal grounds of contractual performance, legitimate interest and/or explicit consent. Adequate safeguards — including Standard Contractual Clauses approved by relevant authorities — are in place for each transfer destination.
Legal Basis for Processing
Personal data is collected electronically through order forms, account registration, contact forms and automated technical tools (cookies, server logs). Each processing activity rests on one of the following legal grounds under Article 5 of KVKK:
| Processing Purpose | Legal Basis (KVKK Art. 5) |
|---|---|
| Order & delivery management | Performance of a contract |
| Invoicing & accounting | Compliance with a legal obligation |
| Customer service | Legitimate interest |
| Security & fraud prevention | Legitimate interest |
| Site analytics (Google Analytics) | Explicit consent / legitimate interest |
| Personalised advertising (Meta Pixel) | Explicit consent |
| Notifications to public authorities | Compliance with a legal obligation |
Cookie Policy
idin.com.tr uses cookies as a result of its OpenCart v4 infrastructure and integrated third-party services. Cookies fall into three categories:
| Cookie Name / Type | Category | Purpose | Retention | Provider |
|---|---|---|---|---|
| PHPSESSID / session | Session and cart management | Session end | idin.com.tr | |
| CSRF token | Security (form validation) | Session end | idin.com.tr | |
| Language / currency preference | Remembering user preferences | 30 days | idin.com.tr | |
| _ga, _gid, _gat | Site traffic and usage analysis | 2 years / 24 hours | Google Analytics | |
| _fbp, _fbc | Ad targeting and conversion tracking | 90 days | Meta (Facebook) |
Essential cookies are required for the site to function technically and cannot be disabled. Analytics and marketing cookies can be managed through your browser settings or cookie management tools.
How to manage cookies: You can delete or block cookies from your browser's settings menu. Chrome: Settings → Privacy → Cookies. Firefox: Options → Privacy. Safari: Preferences → Privacy. To opt out of Google Analytics tracking, you can install the Google Analytics Opt-Out Browser Add-on.
Data Retention Periods
Your personal data is retained for as long as required by the purpose of processing and applicable legal obligations:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Order and invoice records | 10 years | Turkish Tax Procedure Law |
| Account and membership data | 2 years after relationship ends | KVKK / legitimate interest |
| Customer communications | 3 years | Turkish Code of Obligations |
| Log records (IP, transactions) | 2 years | Law No. 5651 |
| Cookie data (analytics) | Up to 2 years | Consent / legitimate interest |
| Cookie data (marketing) | Up to 90 days | Explicit consent |
Upon expiry of the retention period or where the processing purpose ceases to exist, your personal data will be deleted, destroyed or anonymised in accordance with Article 7 of KVKK.
Data Security
We implement the technical and administrative security measures required under Article 12 of KVKK to protect your personal data:
- All data transmission is secured using SSL/TLS encryption protocols.
- Access to personal data is restricted to authorised personnel only; access logs are maintained.
- Payment data is not stored directly in our systems — we use PCI-DSS compliant payment infrastructure.
- In the event of a data breach, we are required to notify the Personal Data Protection Authority (KVKK) within 72 hours under Article 12 of KVKK.
- Regular security updates and penetration testing are carried out.
Your Rights
Under Article 11 of KVKK, you have the following rights in relation to your personal data:
Right to Know
The right to know whether your personal data is being processed and, if so, to request information about how it is being processed.
Right to Rectification
The right to request correction of any personal data that is incomplete or inaccurately processed.
Right to Erasure
The right to request deletion or destruction of your data where the conditions for processing no longer apply.
Right to Notification
The right to request that any correction or deletion be communicated to the third parties to whom your data has been transferred.
Right to Object
The right to object to processing based on legitimate interest and to contest decisions made solely by automated systems that produce adverse effects.
Right to Compensation
The right to claim compensation for any damage suffered as a result of unlawful processing of your personal data.
How to Submit a Request
To exercise your rights under KVKK, you may contact us through any of the channels below. All requests will be responded to within 30 days of identity verification.
You may reach us by email or by registered post to our Eminönü address. Please include your full name, contact details and a clear description of your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Authority of Turkey (KVKK Board) at www.kvkk.gov.tr. For international users, you may also contact the relevant data protection authority in your country of residence.
Rüstem Paşa Mah. Sabuncuhan Cad. Atmaca İş Merkezi Kat:1 No:23/18 Eminönü – Fatih / Istanbul, Turkey — info@idin.com.tr — idin.com.tr
Have a question about your data?
Our team is here to help with any enquiry about your personal data or privacy rights.