Last updated: 20 Oct 2025

1. Who We Are

  • Controller: ORİENTO TURİZM İÇ VE DIŞ TİCARET LİMİTED ŞİRKETİ (Validus Hair)
  • Address: Aksaray Mah., İnkılap Cd., ÖZHAN ÇELİK İş Hanı No:12, İç Kapı No:304, Fatih, İstanbul, Türkiye
  • E-mail: [email protected]Phone: +90 539 635 13 25
  • IDs: VKN 6470714391 • MERSİS 0647071439100001 • Ticaret Sicil 377856-5
  • ETBİS registration: 18.01.2022

2. Scope

This Policy explains how we collect, use, share, store, and protect personal information when you visit validushair.com, create an account, place an order, contact support, or interact with our marketing.

3. Information We Collect

  • Information you provide: name, email, phone, billing and shipping addresses, account credentials, messages to support, marketing preferences, and survey responses.
  • Order & delivery data: products purchased, order ID, invoice and tax details, delivery status, and tracking information.
  • Payment data: limited payment details needed to process transactions (e.g., method type, authorization result, fraud-screening outcome). We do not store full card numbers or CVV.
  • Automatically collected: IP address, device/browser type, pages viewed, clicks, timestamps, referrer/UTM data, and error logs.
  • Cookies & similar tech: cookies, pixels, tags, and SDKs for essential functions, analytics, and advertising (see “Cookies & Tracking”).
  • From third parties: payment processors (PayTR / iyzico), delivery partners (including UPS), and anti-fraud services may share limited information related to your transaction or delivery.

3. Contact Forms

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

4. Purposes of Processing

  • Provide and operate the Services (account, checkout, shipping, returns, customer support).
  • Communicate with you about orders, accounts, updates, and policy changes.
  • Personalize content/offers; measure and improve our Services and marketing.
  • Prevent fraud and secure the Services (monitoring, detection, and incident response).
  • Comply with legal obligations (tax, accounting, consumer protection) and enforce our terms.
  • With your consent where required, send marketing (you can unsubscribe anytime).

5. Legal Bases (EEA/UK & Türkiye)

  • Contract: to provide the Services you request (orders, account, support).
  • Legitimate interests: secure and improve our platform, prevent fraud, and market to existing customers (balanced against your rights).
  • Consent: for certain cookies/analytics/marketing (withdraw any time).
  • Legal obligation (e.g., tax/accounting) and vital interests where applicable.
  • Türkiye (KVKK 6698): we rely on the Turkish legal bases equivalent to the above (explicit consent where required).

6. Sharing & Processors

  • Payments: PayTR and/or iyzico authenticate and process payments and refunds (they may act as independent controllers for parts of processing).
  • Carriers & logistics: delivery partners (which may include UPS) for shipping, returns and claims.
  • Hosting & security: infrastructure, backup, monitoring and fraud-prevention providers.
  • Professional advisers & authorities: when required by law or to protect rights, property and safety.
  • We do not sell personal data.

7. Payments (Important)

  • Card details are entered on pages protected by TLS/SSL and are handled by PayTR and/or iyzico.
  • We receive only limited information (e.g., last 4 digits, token/transaction ID, status) to confirm and fulfill your order.
  • Strong Customer Authentication/3-D Secure may be required by your bank or the processor.

8. Cookies & Tracking

  • Necessary: cart, checkout, account and security cookies.
  • Performance/analytics: to understand usage and improve the site.
  • Functionality: to remember choices (e.g., language, region).
  • Advertising: to measure campaigns and show relevant offers (only with consent where required).

Manage cookies via our consent banner and your browser/device settings. For details see our Cookie Policy.

9. International Transfers

Your data may be stored or accessed outside your country. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and ensure a level of protection consistent with applicable law.

10. Retention

  • Orders & invoices: kept as required by commercial/tax laws (often up to 10 years).
  • Account data: kept while your account is active; we delete or anonymize after inactivity or request, subject to legal holds.
  • Marketing data: kept until you opt out or your consent is withdrawn.
  • Security logs: kept for a reasonable period to investigate incidents.

11. Your Rights

Depending on your location, you may have the right to:

  • Access, correct or delete your personal data.
  • Object to or restrict processing; withdraw consent.
  • Data portability (receive data in a structured, commonly used format).
  • Complain to your local data protection authority.

12. How to Exercise Your Rights

Contact us at [email protected] with “Privacy Request” in the subject. We may ask for information to verify your identity before acting on your request.

13. Security

  • We use administrative, technical and physical safeguards appropriate to the nature of the data (e.g., access controls, encryption in transit, monitoring, backups).
  • No method of transmission or storage is 100% secure; please protect your account credentials.

14. Children

Our Services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect such data. If you believe a child has provided data to us, contact us to request deletion.

15. Third-Party Links & Social

Our site may include links or integrations to third-party services (e.g., social networks, messaging tools). Their privacy practices are governed by their own policies.

16. Changes

We may update this Policy from time to time. Significant changes will be highlighted on this page, and the latest version will apply to your information.

17. Contact

  • E-mail: [email protected]
  • Mail: ORİENTO TURİZM İÇ VE DIŞ TİCARET LİMİTED ŞİRKETİ, Aksaray Mah., İnkılap Cd., ÖZHAN ÇELİK İş Hanı No:12, İç Kapı No:304, Fatih, İstanbul, Türkiye
  • Phone: +90 539 635 13 25