Defne Agency Policies

Privacy Policy

How we collect, use, share and protect information across our web, e-commerce, social media, graphic design and Shopify/Ikas setup services.

Last updated: 21 Oct 2025
Questions? hello@defneagency.com

Introduction

Defne Agency (“we”, “us”, “our”) provides: (i) web and e-commerce design/development; (ii) social media content and management; (iii) graphic design; and (iv) platform setups such as Shopify/Ikas, app integrations and store migrations. This Privacy Policy explains how we handle personal data when you visit our site, contact us, or engage our services.

We act as a data controller for our website and business operations. When we process personal data provided by clients to deliver their projects, we may act as a data processor—in that case, a Data Processing Addendum (DPA) can apply.

Data We Collect

Contact & Business Information
  • Name, email, phone, company name, role/title
  • Billing/shipping addresses; tax identifiers where required by law
Project Materials
  • Brand assets, style guides, product catalogs, copy, media files
  • Access credentials you share (e.g., CMS, Shopify, analytics, staging)

Tip: We recommend creating limited-scope accounts and revoking access after project completion.

Usage & Analytics

Limited telemetry for websites or apps we build/host/monitor (aggregated where feasible). See our Cookie Policy.

Payments

Invoices and transaction references. We do not store full card details; your chosen payment processor handles that information.

How We Use Data (Lawful Bases)

  • Contract: To scope, build, deliver and support your project and manage our relationship.
  • Legitimate Interests: Service improvement, troubleshooting, preventing abuse/fraud, ensuring security.
  • Consent: Optional marketing communications and non-essential cookies/analytics where required.
  • Legal Obligations: Tax/accounting, compliance, responding to lawful requests.

Sharing & Subprocessors

We engage carefully selected vendors (hosting, email, analytics, project management, payment gateways, app integrations) strictly to deliver our services. Access is limited to what is necessary, governed by contracts and confidentiality.

Upon request, we can provide a current list of subprocessors or publish a dedicated page.

International Transfers

Where personal data moves internationally (e.g., between the EU/UK and other regions), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms and conduct risk-based vendor assessments.

Security Measures

  • Encryption in transit (HTTPS), hardened hosting, and regular patching
  • Role-based, least-privilege access; access logging where available
  • Secrets/credentials stored with restricted access; rotate on staff changes
  • Backups and disaster-recovery measures at the infrastructure level

No system is perfectly secure. If we become aware of a data incident affecting you, we will notify you without undue delay in line with legal obligations.

Retention

We retain personal data only as long as reasonably necessary for the purposes above, including meeting legal, regulatory, tax, accounting or reporting requirements.

  • Project materials: kept through delivery + reasonable archive period for support; remove on request unless legal needs apply.
  • Invoices & tax records: kept per applicable law (e.g., 5–10 years depending on jurisdiction).
  • Marketing preferences: retained until you opt out or data becomes inactive.

Your Rights & Requests (DSR)

Subject to applicable law (e.g., GDPR/UK GDPR), you may:

  • Request access to, or a copy of, your personal data
  • Request correction or deletion; restrict or object to processing
  • Request portability (machine-readable copy) where applicable
  • Withdraw consent where processing relies on consent
  • Lodge a complaint with your local supervisory authority

How to submit: email hello@defneagency.com. We may need to verify your identity.

Marketing Choices

You can opt out of marketing emails using unsubscribe links at any time. Cookie/analytics preferences can be set in our Cookie Policy or via your browser.

Children’s Privacy

Our services are not directed to children. If you believe a child provided personal data to us, please contact us so we can remove it.

Changes to This Policy

We may update this policy periodically. We will post the new version here and adjust the “Last updated” date.

Contact

Defne Agency — Merkezefendi / Denizli, TURKEY
Email: hello@defneagency.com · Phone: +90 555 111 22 33