Privacy policy

Last updated: 13.01.2026

This Privacy Policy explains how PINAR GÜLLÜ (“PNARU”, “we”, “us”) collects, uses, discloses, and protects personal data when you visit or make a purchase on www.pnaru.com (the “Site”), or otherwise interact with us.

1) Who We Are (Controller)

Controller: PINAR GÜLLÜ
Customer Care / Privacy contact: info@pnaru.com

2) Where This Policy Applies

This Policy applies to visitors and customers in Türkiye, the EU/EEA, the UK, and the US.

3) Data We Collect

Depending on how you use the Site, we may collect:

A. Information you provide

  • Name, email, phone number
  • Shipping and billing address
  • Order details (items purchased, order number)
  • Customer care messages and any details you choose to share

B. Information collected automatically

  • Device and usage data (e.g., IP address, browser type, pages viewed, timestamps, referring URLs)
  • Cookie and similar technology data (see Section 9)

C. Payment data

  • Payments are processed by Shopify’s payment infrastructure / your card issuer (via Shopify checkout). We do not store full card details on our servers.

4) How We Use Your Data

We use personal data to:

  • Process orders, payments, shipping, returns, and refunds
  • Provide customer support and respond to requests
  • Communicate service updates (order confirmations, shipping notifications, policy notices)
  • Prevent fraud, abuse, and security incidents
  • Run analytics and improve the Site and customer experience
  • Send marketing communications where permitted by law and/or with your consent, and allow you to opt out at any time

5) Legal Bases (EU/UK)

Where GDPR/UK GDPR applies, we rely on:

  • Contract (to fulfill your order and provide requested services)
  • Legal obligation (tax, accounting, consumer law compliance)
  • Legitimate interests (operating, securing, and improving our business, balanced against your rights)
  • Consent (for certain cookies/marketing where required)

Privacy notices should include key transparency items such as purposes, recipients, and storage periods (or the criteria used). I

6) Who We Share Data With

We share data only as needed to operate the Site and deliver orders, such as:

  • Shopify (e-commerce platform, hosting and checkout services). Under Shopify’s DPA, you act as controller and Shopify acts as processor for customer personal data in many cases.
  • Payment processing through iyzico / card networks
  • Analytics: Google Analytics 4 (GA4)
  • Advertising/measurement: Meta Pixel
  • Professional advisers (legal/accounting) when necessary
  • Authorities if required by law

7) International Transfers

Because we sell internationally and use global service providers, your data may be processed outside your country. Where required (EU/UK), we use appropriate safeguards (such as contractual protections) for international transfers.

8) Google Analytics 4 (GA4)

We use GA4 to understand Site performance and improve user experience. GA4 provides EU-focused privacy measures; for example, GA4 states that it does not log or store IP addresses and drops IP addresses collected from EU users before logging.
You can control analytics cookies through our cookie banner/preference center (see Section 9).

9) Cookies & Similar Technologies (Cookie Banner)

We use a cookie banner to manage cookie preferences. Cookies may include:

  • Essential cookies (required for site functionality, cart, checkout, security)
  • Analytics cookies (GA4)
  • Marketing cookies (Meta Pixel and similar tools, if enabled)

You can update your preferences at any time via [COOKIE PREFERENCE CENTER LINK].

10) California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have rights to know, delete, and correct personal information, and to opt out of the “sale” or “sharing” of personal information. “Sharing” includes sharing for cross-context behavioral advertising.

  • We do not sell personal information for money.
  • We may use marketing/measurement tools (e.g., Meta Pixel) that could be considered “sharing” under California law when used for cross-context behavioral advertising.
  • You can opt out by using our cookie preference center and, where required.

11) Data Retention

We keep personal data only as long as necessary for the purposes described above, and at least as long as required by applicable law (e.g., accounting/tax recordkeeping). Where a precise period cannot be stated, we use criteria such as the nature of the data, the purpose of processing, and legal requirements.

12) Security

We implement appropriate technical and organizational measures to protect personal data. No online transmission is fully secure, but we work to protect your data with care.

13) Your Rights (EU/UK, Türkiye, US)

EU/UK: You may have rights to access, correct, delete, restrict, object, and request portability, and to withdraw consent where applicable.
Türkiye (KVKK): KVKK requires clear notice and provides data subject rights (including the right to request information, correction, deletion where conditions are met).
US: Rights vary by state; California rights are described in Section 10.

How to submit a request: Email info@pnaru.com with “Privacy Request” in the subject line. We may need to verify your identity.

14) Marketing Preferences

You can opt out of marketing emails at any time by using the unsubscribe link in our emails or contacting info@pnaru.com. Service messages may still be sent when necessary.

15) Children

The Site is not intended for children, and we do not knowingly collect personal data from children.

16) Changes

We may update this Policy from time to time. The “Last updated” date reflects the latest version.

17) Contact

For privacy questions or requests: info@pnaru.com