Privacy Policy

Last updated: 12 June 2026

This Privacy Policy explains how Validus Hair collects, uses, shares, stores, and protects personal information when you visit validushair.com, create an account, place an order, contact support, or interact with our marketing.

Validus Hair is operated by ORIENTO TURIZM IC VE DIS TICARET LIMITED SIRKETI. This policy should be read together with our Terms & Conditions, Distance Sales Contract, Shipping & Delivery information, Refund & Return Policy, and cookie or consent settings shown on the website.

1. Who we are

Data controller: ORIENTO TURIZM IC VE DIS TICARET LIMITED SIRKETI, trading as Validus Hair.

Registered address: Aksaray Mah., İnkılap Cd., ÖZHAN ÇELİK İş Hanı No:12, İç Kapı No:304, Fatih, İstanbul, Türkiye.

Email: [email protected]. Phone: +90 539 635 13 25.

Company identifiers: VKN 6470714391. MERSİS 0647071439100001. Trade Registry 377856-5. ETBİS registration date 18.01.2022.

2. Scope

This policy applies to personal information processed through validushair.com, customer accounts, checkout, delivery, support, returns, fraud prevention, analytics, and marketing activities connected with Validus Hair.

It does not replace the privacy notices of payment providers, carriers, social networks, or other third-party services that operate under their own responsibility.

3. Information we collect

We collect only the information needed to operate the store, provide support, fulfil legal duties, and improve the website.

  • Information you provide: name, email address, phone number, billing and shipping addresses, account credentials, support messages, marketing preferences, and survey responses.
  • Order and delivery data: products purchased, order ID, invoice and tax details, delivery status, tracking details, return requests, and customer service notes.
  • Payment data: limited payment information needed to confirm transactions, such as method type, authorization result, fraud-screening outcome, token or transaction ID, and card last four digits when supplied by the provider. We do not store full card numbers or CVV codes.
  • Technical data: IP address, device and browser type, pages viewed, clicks, timestamps, referrer, UTM data, session data, and error logs.
  • Cookies and similar technologies: cookies, tags, pixels, and SDKs used for essential site functions, analytics, performance measurement, personalization, and advertising where allowed.
  • Information from partners: payment providers such as PayTR and iyzico, delivery partners including UPS, anti-fraud services, hosting providers, and support tools may share limited information needed for the transaction, delivery, security, or support case.

4. Contact forms, accounts, and site cookies

When you send a form, create an account, contact support, or leave information in a checkout field, we process the details you provide so we can respond, complete your order, or maintain your account.

If comments or reviews are enabled, optional cookies may remember your name, email address, and website for convenience. Account login cookies help keep you signed in, remember screen choices, and verify that your browser accepts cookies. These cookies do not contain full payment data.

Administrative cookies may also be created when authorized team members edit content or manage orders. They are used only for website operation and security.

5. Purposes of processing

We process personal information for the following purposes:

  • Provide and operate the website, account area, checkout, order management, shipping, returns, and customer support.
  • Communicate about orders, delivery updates, account notices, support replies, policy changes, and service messages.
  • Personalize content and offers, measure performance, understand customer needs, and improve our website and product selection.
  • Prevent fraud, protect accounts, secure payments, monitor abuse, investigate incidents, and maintain platform security.
  • Comply with tax, accounting, consumer protection, e-commerce, customs, and legal obligations.
  • Send marketing messages when you have opted in or when local law allows existing-customer communication. You can unsubscribe at any time.

6. Legal bases in the EEA, UK, and Türkiye

Where privacy law requires a legal basis, we rely on one or more of the following:

  • Contract: to provide the services you request, including orders, account access, payment confirmation, shipping, returns, and customer support.
  • Legitimate interests: to secure and improve the platform, prevent fraud, manage business operations, and communicate with existing customers in a balanced way.
  • Consent: for certain cookies, analytics, advertising, marketing, or other processing where consent is required. You may withdraw consent at any time.
  • Legal obligation: for tax, accounting, consumer protection, customs, and other mandatory requirements.
  • Vital interests: only in rare situations where it is necessary to protect someone’s life or safety.

For Türkiye, including Law No. 6698 on the Protection of Personal Data, we apply the equivalent legal bases and obtain explicit consent where required.

7. Sharing and processors

We share personal information only when needed for the purposes described in this policy.

  • Payment providers: PayTR, iyzico, banks, and card networks authenticate payments, process transactions, handle refunds, and may run fraud checks.
  • Carriers and logistics providers: delivery partners, including UPS where used, process shipping labels, delivery updates, returns, claims, and customs information.
  • Hosting, security, and website tools: infrastructure, backup, monitoring, analytics, caching, email, anti-spam, and fraud-prevention providers support website operation.
  • Customer support and marketing tools: approved providers help us answer requests, manage communications, and measure campaigns.
  • Professional advisers and authorities: accountants, lawyers, auditors, regulators, courts, or law-enforcement bodies may receive information where required by law or to protect rights, property, and safety.

We do not sell customer personal data.

8. Payments

Payment pages are protected by TLS encryption. Card and payment details are handled by payment providers such as PayTR and iyzico. They may act as independent controllers for parts of payment processing.

We receive only limited information needed to confirm and fulfil the order, such as payment status, transaction reference, method type, last four digits where available, and fraud-screening result. Strong Customer Authentication or 3-D Secure may be required by your bank or payment provider.

9. Cookies and tracking

We use cookies and similar technologies to operate and improve the website.

  • Necessary cookies: cart, checkout, account login, language, security, and fraud-prevention functions.
  • Performance and analytics cookies: help us understand how visitors use the site and where errors occur.
  • Functionality cookies: remember choices such as language, region, and display preferences.
  • Advertising cookies: measure campaigns and show relevant offers where permitted and consented to when required.

You can manage cookies through our consent banner and through your browser or device settings. Some necessary cookies cannot be disabled without affecting core store functions.

10. International transfers

Because Validus Hair serves international customers, personal information may be stored or accessed outside your country, including by hosting, payment, analytics, support, marketing, and logistics providers.

Where required, we use appropriate safeguards such as contractual protections, Standard Contractual Clauses, limited access, and security controls designed to keep protection consistent with applicable law.

11. Retention

We keep personal information only as long as needed for the purpose collected, unless a longer period is required or allowed by law.

  • Orders, invoices, and tax records: kept as required by commercial, tax, accounting, and e-commerce rules, often up to 10 years.
  • Account data: kept while your account is active, then deleted or anonymized after inactivity or a valid request, subject to legal holds.
  • Support and return records: kept long enough to answer requests, manage returns, resolve disputes, and protect legal rights.
  • Marketing data: kept until you unsubscribe, withdraw consent, or the data is no longer needed.
  • Security logs: kept for a reasonable period to prevent fraud, investigate incidents, and maintain service security.

12. Your rights

Depending on your location and the law that applies, you may have the right to:

  • Request access to the personal information we hold about you.
  • Correct incomplete or inaccurate data.
  • Request deletion of data where there is no legal reason to keep it.
  • Restrict or object to certain processing.
  • Withdraw consent where processing is based on consent.
  • Request data portability in a structured, commonly used format where applicable.
  • Object to direct marketing at any time.
  • Complain to your local data protection authority.

Some rights may be limited where we must keep information for orders, tax, fraud prevention, disputes, or legal obligations.

13. How to exercise your rights

To make a privacy request, contact us at [email protected] and include “Privacy Request” in the subject line.

We may ask for information to verify your identity before acting on a request. We will respond within the timeframe required by applicable law and explain if a request cannot be fulfilled fully because of legal, security, or business-record obligations.

14. Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data, including access controls, encryption in transit, monitoring, backups, and role-based account permissions.

No transmission or storage method is completely secure. Please protect your account credentials and contact us quickly if you believe your account or order information has been misused.

15. Children

Our services are not directed to children under 13 years old or the age defined by local law. We do not knowingly collect personal information from children.

If you believe a child has provided personal information to us, contact us so we can review and delete it where required.

16. Third-party links and social integrations

The website may include links, embedded content, chat tools, review tools, social networks, payment pages, carrier tracking pages, or other third-party services. Their privacy practices are governed by their own notices and policies.

We are not responsible for how third-party websites process personal information once you leave validushair.com or interact directly with those services.

17. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, providers, legal obligations, or security practices.

When changes are significant, we will highlight the update on this page or through another appropriate notice. The latest version published on this page applies to your information.

18. Contact

Email: [email protected]
Mail: ORIENTO TURIZM IC VE DIS TICARET LIMITED SIRKETI, Aksaray Mah., İnkılap Cd., ÖZHAN ÇELİK İş Hanı No:12, İç Kapı No:304, Fatih, İstanbul, Türkiye.
Phone: +90 539 635 13 25