Privacy Policy

1. Introduction

ShopByCountries.com ("we," "our," or "us") operates https://www.shopbycountries.com (the "Service"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of your personal data when you use our Service. By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.

Data Controller: ShopByCountries.com

2. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our Service.

2.1. Information You Provide

When you interact with our Service, you may provide us with:

• Contact Information: Name, email address, and any other information you provide when contacting us through our contact forms
• Communications: Messages, feedback, or inquiries you send to us
• Account Information: If you create an account, we may collect username, password (hashed), and profile information

2.2. Information Automatically Collected

When you visit our Service, we automatically collect certain information about your device and usage patterns:

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, search queries, filter usage
• Location Data: General geographic location derived from IP address (country/region level)
• Technical Data: IP address (hashed for privacy), referral URLs, timestamps

3. Automatically Collected Data

We use various technologies to automatically collect information about your interactions with our Service:

• Log Files: We collect information that your browser sends whenever you visit our Service, including IP addresses (which we hash for privacy), browser type, pages visited, and timestamps
• Analytics: We use analytics tools to understand how users interact with our Service, including page views, user flows, and engagement metrics
• Performance Data: We collect data about Service performance, errors, and technical issues to improve reliability

We do not store raw, unhashed IP addresses. All IP addresses are processed and hashed using industry-standard cryptographic methods to protect your privacy while maintaining security and fraud prevention capabilities.

4. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect and store information about your preferences and activity on our Service.

4.1. Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly (e.g., authentication, security, language preferences)
• Functional Cookies: Remember your preferences and settings (e.g., theme selection, language choice)
• Analytics Cookies: Help us understand how visitors use our Service (e.g., page views, user flows)
• Advertising Cookies: Used by third-party advertising partners to deliver relevant advertisements

For detailed information about our use of cookies, please see our Cookie Policy.

5. How We Use Your Information

We use the information we collect for the following purposes:

• Service Operation: To provide, maintain, and improve our Service
• Security: To detect, prevent, and address security issues, fraud, and abuse
• Communication: To respond to your inquiries, provide customer support, and send important service updates
• Analytics: To analyze usage patterns, understand user preferences, and improve Service functionality
• Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights
• Personalization: To customize your experience, remember your preferences, and provide relevant content
• Research: To conduct research and analysis to improve our Service and develop new features

6. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you have given clear consent for specific processing activities (e.g., marketing communications, non-essential cookies)
• Contract Performance (Article 6(1)(b)): When processing is necessary to perform a contract with you or take steps at your request before entering into a contract
• Legal Obligation (Article 6(1)(c)): When processing is necessary to comply with legal obligations (e.g., tax records, data retention requirements)
• Legitimate Interests (Article 6(1)(f)): When processing is necessary for our legitimate interests, such as:
  • Service security and fraud prevention
  • Analytics and service improvement
  • Network and information security
  • Direct marketing (where permitted by law)
  We balance our legitimate interests against your privacy rights and will not process data where your interests override ours.

KVKK Compliance (Turkey): In accordance with the Turkish Personal Data Protection Law (KVKK), we process personal data based on explicit consent, legal obligations, or legitimate interests as permitted by law.

7. Data Sharing and Third Parties

We do not sell your personal information. We may share your information in the following circumstances:

7.1. Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

• Hosting and cloud storage providers
• Analytics and performance monitoring services
• Email and communication services
• Payment processors (if applicable)
• Security and fraud prevention services

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

7.2. Advertising Partners

We may work with third-party advertising partners (such as Google AdSense) who may use cookies and similar technologies to deliver personalized advertisements. These partners have their own privacy policies governing their use of data.

7.3. Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent or investigate fraud or security issues

7.4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1. Retention Periods

• Contact Form Submissions: Retained for 3 years from the date of submission, unless you request earlier deletion
• Analytics Data: Aggregated and anonymized data may be retained indefinitely; personal identifiers are removed after 26 months
• Log Files: Retained for 90 days for security and debugging purposes, then deleted or anonymized
• Account Information: Retained for the duration of your account's existence and for a reasonable period after account closure for legal and security purposes

8.2. Deletion

When we no longer need your personal information, we will securely delete or anonymize it. You may also request deletion of your personal information at any time by contacting us (see Section 14).

9. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: We use industry-standard encryption (TLS/SSL) to protect data in transit
• Access Controls: We limit access to personal information to authorized personnel who need it to perform their duties
• Security Monitoring: We continuously monitor our systems for security threats and vulnerabilities
• Data Minimization: We collect and retain only the minimum amount of personal information necessary
• Regular Updates: We keep our systems and software updated with the latest security patches
• Incident Response: We have procedures in place to respond to security incidents and data breaches

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

10.1. Transfer Safeguards

When we transfer personal data from the European Economic Area (EEA) or other jurisdictions with strict data protection laws, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules (where applicable)
• Other mechanisms recognized by applicable data protection laws

10.2. Your Rights

By using our Service, you consent to the transfer of your information to countries that may have different data protection standards. You have the right to withdraw this consent, but doing so may affect your ability to use certain features of our Service.

11. Your Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights:

11.1. GDPR Rights (European Users)

If you are located in the EEA or UK, you have the following rights:

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing (Article 18): Request limitation of how we process your data
• Right to Data Portability (Article 20): Request transfer of your data to another service provider
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

11.2. KVKK Rights (Turkish Users)

If you are located in Turkey, under the Personal Data Protection Law (KVKK), you have the right to:

• Learn whether your personal data is being processed
• Request information about processing activities
• Learn the purpose of processing and whether data is used for intended purposes
• Know third parties to whom data is transferred
• Request rectification of incomplete or inaccurate data
• Request deletion or destruction of personal data
• Request notification of third parties to whom data has been transferred regarding rectification, deletion, or destruction
• Object to negative consequences resulting from analysis of processed data
• Request compensation for damages arising from unlawful processing

11.3. Other Jurisdictions

Users in other jurisdictions may have similar rights under applicable local laws. We will honor all legally recognized privacy rights.

11.4. Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

12. Children's Information

Our Service is not intended for children under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information promptly.

In certain jurisdictions, we may require parental consent for users under 18. We comply with applicable laws regarding the collection of information from minors, including the Children's Online Privacy Protection Act (COPPA) in the United States.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification (if you have provided an email address)
• Displaying a prominent notice on our Service

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Service after changes become effective constitutes acceptance of the updated policy.

If you do not agree with the changes, you may stop using our Service or contact us to request deletion of your information.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time: We aim to respond to all privacy-related inquiries within 30 days, as required by applicable data protection laws.

14.1. Supervisory Authorities

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

• EU/EEA: Contact your local data protection authority. A list is available at edpb.europa.eu
• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Turkey: Personal Data Protection Authority (KVKK) - kvkk.gov.tr