• Your shopping cart is empty!

PRIVACY AND SECURITY POLICY

Privacy & Security Policy

Effective date: 17 Dec 2025
Controller: MERCHANTEX
Address: Kumludere Cd. No.:131/A, Manisa Şehzadeler, Türkiye
Email: info@merchantex.de
Phone: +90 531 300 99 02
(Optional: DPO/Privacy contact: [Name, Email])

1) Purpose of this policy

This Privacy & Security Policy explains what personal data we collect, how we use it, who we share it with, and your rights. It also outlines the security measures we take.

2) Personal data we process

Depending on how you interact with us, we may process:

  • Account/contact data: name, billing/shipping address, email, phone number, company name, VAT ID (if provided).
  • Order data: items purchased, quantities, prices, discounts, shipping method, tracking information, order communications.
  • Payment data: we generally do not store full card/bank details; payments are handled by payment providers and we receive transaction references/status.
  • Customer support data: emails, chat messages, phone notes, complaints, returns.
  • Technical data: IP address, device/browser details, log files, timestamps, cookie identifiers (if set).
  • Marketing data (if enabled): newsletter opt-in status, open/click metrics, preferences.

3) Sources of data

  • Directly from you (checkout, account registration, contact forms, email/phone).
  • Automatically from the website (cookies/logs).
  • From service providers (e.g., payment status, delivery status).

4) Why we use your data (purposes)

  • Contract performance: process orders, take payment, ship and deliver, handle returns.
  • Customer support: respond to inquiries, complaints, warranty/returns.
  • Operations & security: troubleshoot, prevent fraud/abuse, protect systems.
  • Legal obligations: accounting, tax/commercial law compliance, record keeping.
  • Marketing (optional): newsletters/offers where you consent or where lawful.
  • Analytics (optional): improve the website (subject to cookie choices).

5) Lawful bases (EU/EEA/UK users)

Depending on the context:

  • Contract / pre-contract steps
  • Legal obligation
  • Legitimate interests (security, fraud prevention, basic analytics)
  • Consent (newsletter, non-essential cookies/ads)

6) Sharing with third parties

We share data only as necessary, e.g. with:

  • Shipping/logistics providers (delivery, tracking)
  • Payment providers (payment processing, fraud prevention)
  • IT/hosting providers (website operation and maintenance)
  • Accountants/authorities (where legally required)
  • Email/marketing providers (if used)

Where required, providers are bound by contractual confidentiality and data protection obligations.

7) International transfers (e.g., Türkiye)

As we are based in Türkiye, data may be processed outside the EU/EEA. We apply appropriate safeguards (contracts and technical/organizational measures) to protect your data.

8) Data retention

We keep personal data only as long as needed:

  • Order/invoice records: as required by applicable legal retention rules.
  • Support records: for handling and evidence as needed.
  • Marketing: until you unsubscribe/withdraw consent.
  • Logs: limited periods for security and troubleshooting.

9) Cookies & tracking

We use:

  • Strictly necessary cookies (cart, login, language)
  • Optional cookies (analytics/marketing) — subject to your choices/consent where required.

10) Your rights

Depending on applicable law, you may have rights to:

  • access, rectification, erasure, restriction
  • data portability (where applicable)
  • object (e.g., direct marketing)
  • withdraw consent at any time (future effect)
  • lodge a complaint with a supervisory authority

Contact: info@merchantex.de

11) Security measures

We implement reasonable technical and organizational measures, such as:

  • TLS/HTTPS encryption in transit
  • access controls and role-based permissions
  • security logging and monitoring
  • regular patching and malware protection
  • backups and recovery procedures
  • (Optional) 2FA for admin access

No method of transmission/storage is 100% secure.

12) User responsibilities

Please keep your login credentials secure and notify us if you suspect unauthorized access.

13) Updates

We may update this policy from time to time. The latest version will be posted on our website.