Privacy Policy

Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how Turkish Gifts
(“we”, “us”) collects, uses, and protects personal information when you use
turkish-gifts.co.uk and our related
services. For any privacy question or data request, contact us at
[email protected].

Information we collect

  • Order & account data you provide — name, billing and
    delivery address, email address, phone number, and order details.
  • Payment data — processed securely by our payment
    provider. We do not store full card details on our servers.
  • Technical data — IP address, browser type, and cookie
    data used to operate the site, keep it secure, and improve it.

How we use your information

  • To process and deliver your orders and provide customer support.
  • To meet our legal, tax, and accounting obligations.
  • To protect the site against fraud and abuse.
  • With your consent, to send updates or offers (you can opt out anytime).

Cookies and security

We use essential cookies to run the store and, where required, a security
challenge (Cloudflare Turnstile) to protect our forms from automated abuse.
All traffic is served over encrypted HTTPS.

Third parties we share data with

We share data only as needed to run the shop: our payment processor,
delivery/shipping providers, and email/analytics providers acting on our
instructions. We do not sell your personal data.

Etsy integration — API data handling

We operate a tool that manages listings in our own Etsy shop through Etsy’s
official Open API v3, using OAuth 2.0 with PKCE. In connection with that tool:

  • We access only our own Etsy shop and listing data
    (using the minimal scopes listings_r, listings_w,
    shops_r) to create and keep our own product listings
    accurate.
  • We do not access buyers’ personal information, order or
    sales/transaction data, payment details, or Etsy messages.
  • We do not scrape Etsy pages or obtain data outside the
    official API, and we honour Etsy’s rate limits and listing policies.
  • OAuth tokens are stored encrypted at rest and are never
    shared publicly or with third parties. Disconnecting the Etsy account
    removes the stored tokens.

Etsy processes data under its own
Privacy Policy.

Data retention

We keep personal data only as long as necessary for the purposes above and
to meet legal obligations, then delete or anonymise it.

Your rights

Subject to UK GDPR, you may request access to, correction of, or deletion of
your personal data, and may object to or restrict certain processing. To
exercise these rights, email
[email protected].

Changes to this policy

We may update this policy from time to time; the “Last updated” date above
reflects the latest revision.

Contact

Questions or data requests:
[email protected].