Login

Country

Cart

Your cart is empty

Privacy Policy

Last updated: 10 May 2026

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit or make a purchase on turkishrug.com. We take your privacy seriously and comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and Turkish Personal Data Protection Law (KVKK).

1. Who we are

This website is jointly operated by two affiliated entities:

  • ALPA Technologies Ltd — Data Controller for online operations.
    Registered office: Flat 14 Thursley House, Kingsnympton Park, Kingston Upon Thames KT2 7TD, United Kingdom.
    UK company number: 16997965.
    Responsible for: e-commerce platform, online customer data, payment processing, shipping logistics, and customer support for international buyers.
  • Heritage Nomadic Art Gallery — Source of products and physical operations.
    Address: Cankurtaran Mh. Caferiye Sok. No 1, Sultanahmet/Fatih, Istanbul 34122, Turkey.
    Responsible for: rug sourcing, packaging, dispatch from Istanbul, and in-person customer service at the gallery.

For all data-related enquiries, please contact: info@turkishrug.com (this address reaches both entities).

2. What information we collect

  • Order information: name, billing/shipping address, email, phone number, payment method (processed by Shopify Payments and other PCI-compliant gateways — we do not store full card details).
  • Account information (if you create one): email, password (hashed), order history, saved addresses.
  • Browsing data: pages visited, time on site, device and browser information, approximate location (via IP address). Collected through cookies and analytics tools.
  • Marketing consent: if you opt in to email or SMS marketing communications.
  • Communications: emails, contact form submissions, and chat messages you send us.

3. How we use your information

  • To process and fulfil your orders, including shipping and customs documentation.
  • To respond to questions and provide customer support.
  • To send order confirmations, shipping updates, and (with your consent) marketing communications.
  • To improve the website experience, fix bugs, and analyse traffic patterns.
  • To prevent fraud and comply with legal obligations (including UK, EU, and Turkish accounting and tax requirements).

4. Legal bases for processing (GDPR)

  • Contract: processing necessary to fulfil your order.
  • Legitimate interests: improving our services, fraud prevention, internal analytics.
  • Consent: marketing communications, non-essential cookies.
  • Legal obligation: tax records, fraud prevention, regulatory reporting.

5. Who we share data with

We only share your information with service providers that help us run the shop:

  • Shopify Inc. — storefront, checkout, and payment processing.
  • Shipping carriers (UPS, DHL, etc.) — for delivery and tracking.
  • Email service providers — for order notifications and (with consent) marketing.
  • Analytics platforms (Google Analytics, Meta Pixel where applicable) — for traffic analysis.
  • Tax authorities and customs — where legally required for cross-border shipments.

We never sell your personal data to third parties.

6. International data transfers

Your data may be transferred between the UK (where ALPA Technologies Ltd is based), Turkey (where Heritage Nomadic Art Gallery is based), and other countries where our service providers operate. All transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

7. Cookies

We use cookies for essential site functions (cart, login), analytics, and marketing. You can adjust your preferences via the cookie banner that appears on your first visit, or by clearing cookies in your browser. Essential cookies cannot be disabled as they are required for the site to function.

8. Your rights

Under GDPR, UK GDPR, and KVKK you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data ("right to be forgotten")
  • Restrict or object to processing
  • Withdraw consent at any time (for consent-based processing)
  • Receive your data in a portable format
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email info@turkishrug.com. We will respond within 30 days. If you are not satisfied with our response, you may contact:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: your local data protection authority
  • Turkey: Kişisel Verileri Koruma Kurulu (KVKK)

9. Data retention

We retain your data only as long as necessary:

  • Order records: 7 years (UK and Turkish tax/accounting requirements).
  • Account data: until you request deletion or your account becomes inactive for 5+ years.
  • Marketing data: until you unsubscribe.
  • Analytics data: 26 months (Google Analytics default).

10. Data security

We implement industry-standard technical and organisational measures to protect your data, including SSL/TLS encryption for all transmissions, PCI-DSS compliance for payment processing (via Shopify Payments), restricted access to customer data on a need-to-know basis, and regular security audits.

11. Children's privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us.

12. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect the most recent version. Significant changes will be communicated via email (to subscribers) or a prominent notice on the homepage.