This Personal Data Protection Law Notice (“Notice”) explains how SustainaCraft (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit our website, place an order, or contact us.

We process personal data in accordance with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR) and, where applicable, Turkey’s Law No. 6698 (KVKK).

1) Data Controller

SustainaCraft is the data controller for the personal data processed through this website.

If you have questions or requests regarding your personal data, please contact us via our Contact page or email address provided on the website.

2) Personal Data We Collect

Depending on how you interact with us, we may collect:

• Identity information: name, surname

• Contact information: email address, phone number, delivery/billing address

• Order & transaction information: products purchased, order details, payment status (we do not store full card details)

• Customer support messages: your messages and attachments you send us

• Technical data: IP address, device/browser information, cookies, website usage data

• Marketing preferences: newsletter opt-in/opt-out, communication preferences

3) Purposes of Processing

We process your personal data for the following purposes:

• To create and manage orders, delivery, returns, and refunds

• To provide customer support and respond to your requests

• To issue invoices and meet accounting/tax obligations

• To prevent fraud and ensure website security

• To improve our website and user experience (analytics)

• To send marketing communications only if you have given consent (where required)

4) Legal Bases (GDPR)

We process your data based on one or more of the following legal bases:

• Performance of a contract (to fulfill your order)

• Legal obligation (tax, accounting, consumer regulations)

• Legitimate interests (security, fraud prevention, improving services)

• Consent (marketing emails/cookies where required)

5) Data Sharing & Transfers

We may share your personal data only when necessary and limited to the purpose, with:

• Payment service providers (to process payments)

• Shipping & logistics partners (to deliver your order)

• Website/hosting providers & IT support (for website operation and security)

• Accounting, legal, or regulatory authorities (when legally required)

If your data is transferred outside the EEA, we use appropriate safeguards (such as contractual protections) where required.

6) Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes described above, including:

• Legal and accounting retention periods

• Handling disputes, returns, and customer service needs

• Security and fraud prevention requirements

After the retention period ends, your data is securely deleted or anonymized.

7) Your Rights

Subject to applicable law, you have the right to:

• Access your personal data

• Request correction or update

• Request deletion (where legally possible)

• Object to processing or request restriction

• Request data portability (where applicable)

• Withdraw consent at any time (for consent-based processing)

• Lodge a complaint with a supervisory authority

To exercise your rights, please contact us via the Contact page.

8) Cookies

We use cookies and similar technologies to:

• Make the website function properly

• Understand usage and improve performance

• Provide a better shopping experience

You can manage cookie preferences through your browser settings and (if available) the cookie banner.

9) Data Security

We apply reasonable technical and organizational measures to protect your data against unauthorized access, loss, misuse, alteration, or disclosure.

10) Changes to This Notice

We may update this Notice from time to time. Changes will be posted on this page with the updated “Last Updated” date.