Skip to main content
Privacy Policy - Marque Natural Stones

PRIVACY POLICY

How We Protect Your Data

Privacy Policy

Last updated: February 2026

Marque Natural Stones ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Policy explains how we collect, use, store, transfer, and safeguard your personal data when you visit marque.tr (the "Website") or otherwise interact with us.

We process personal data in accordance with:

  • The General Data Protection Regulation (EU) 2016/679 ("GDPR")
  • The Turkish Law on the Protection of Personal Data No. 6698 ("KVKK")
  • The EU ePrivacy Directive

This Policy should be read together with our Cookie Policy, which describes cookies and similar technologies, analytics and infrastructure providers (including Google Analytics and Cloudflare where used), and how you can manage your preferences.

1. Data Controller

Marque Natural Stones
Hoşnudiye Mah. 732. Sk. Kent Plaza No: 6/22
Tepebaşı, Eskişehir 26130
Turkey

Email: [email protected]
Phone: +90 (222) 606 06 61

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

a) Identity and Contact Data

  • Name and surname
  • Email address
  • Phone number
  • Company name
  • Country
  • Information you provide in your message

b) Communication Data

  • Records of correspondence
  • Inquiry history
  • Customer service interactions

c) Technical and Usage Data

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Pages visited
  • Date and time of access
  • Referring URL

d) Marketing Data

  • Newsletter subscription status
  • Communication preferences

3. Purposes of Processing and Legal Basis

A. Responding to Inquiries

Purpose: To respond to contact form submissions, quotation requests, and business communications.

Legal Basis:

  • GDPR Art. 6(1)(b) (pre-contractual or contractual necessity)
  • GDPR Art. 6(1)(f) (legitimate interest in conducting business activities)
  • KVKK Art. 5/2(c) and 5/2(f)

B. Newsletter and Marketing Communications

Purpose: To send updates, announcements, and promotional communications.

Legal Basis:

  • GDPR Art. 6(1)(a) (consent)
  • KVKK Art. 5/1 (explicit consent)

Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

C. Website Operation, Analytics and Security

Purpose: To maintain website functionality, ensure network and information security, prevent misuse, and improve performance.

Legal Basis:

  • GDPR Art. 6(1)(f) (legitimate interest)
  • KVKK Art. 5/2(f)

Our legitimate interest includes ensuring system security, preventing fraud, protecting our digital infrastructure, and improving user experience. In practice this may involve:

  • Google Analytics (GA4), where configured: when our cookie consent banner is enabled, we use Google Consent Mode so measurement storage for Google tags is aligned with your analytics choice; when the banner is disabled, measurement may load without that step. A GTM-… container ID is not interchangeable with a G-… GA4 measurement ID in our configuration.
  • Cloudflare: we may use Cloudflare for CDN, caching, security, and routing; Cloudflare may process connection metadata (for example for bot management or country hints such as CF-IPCountry when the request passes through its network). If Web Analytics / Insights is enabled, a beacon may send aggregated metrics to Cloudflare.
  • First-party server logs and internal statistics: for example aggregated page views or visit counters stored on our infrastructure. This processing is separate from third-party analytics cookies and is not governed by the same browser “accept analytics” control.
  • Engagement signals: our Website may send small first-party POST requests (for example via sendBeacon) to record approximate time on certain pages; data is sent to our own endpoint, not to ad networks.
  • Content delivery: stylesheets for web fonts may be requested from Google Fonts and scripts or libraries from CDNs such as cdnjs.cloudflare.com; those providers may process connection data under their own terms.

For cookie names, categories, and how to manage consent in the browser, see our Cookie Policy.

D. Legal Obligations

Purpose: To comply with applicable legal obligations and to establish, exercise, or defend legal claims.

Legal Basis:

  • GDPR Art. 6(1)(c)
  • KVKK Art. 5/2(a) and 5/2(ç)

4. Method of Collection

Personal data may be collected:

  • Through contact forms on the Website
  • Via email communication
  • Through newsletter subscription forms
  • Via cookies and analytics tools
  • Through electronic communication channels

Data may be collected automatically or manually in electronic environments.

5. Data Retention

We retain personal data only for as long as necessary for the purposes stated above:

  • Contact and inquiry data: up to 24 months after the last communication
  • Newsletter data: until consent is withdrawn
  • Technical logs: up to 12 months
  • Legal records: as required under applicable legislation

Upon expiry of retention periods, data is securely deleted, destroyed, or anonymised in accordance with applicable laws.

6. International Data Transfers

Your personal data may be processed within Turkey and the European Economic Area (EEA).

Where personal data is transferred outside the EEA or Turkey (for example, when using analytics or email service providers), we ensure appropriate safeguards are implemented, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Explicit consent where required under KVKK
  • Additional technical and organisational measures

7. Disclosure to Third Parties

We do not sell personal data.

We may share personal data with:

  • Hosting providers
  • IT and website service providers
  • Content delivery network, security and DNS providers (including Cloudflare when we use its services for the Website)
  • Analytics and measurement providers (for example Google Analytics when configured on the Website)
  • Email and marketing platforms
  • Legal and regulatory authorities where required

All third-party service providers are contractually bound by confidentiality and data protection obligations.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure server infrastructure
  • Access control mechanisms
  • Data minimisation principles
  • Regular monitoring and system updates

9. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

10. Your Rights Under GDPR

If you are located in the European Union, you have the right to:

  • Access your personal data
  • Request rectification
  • Request erasure
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with the supervisory authority in your EU Member State of residence, place of work, or place of the alleged infringement

11. Your Rights Under KVKK (Turkey)

Under Article 11 of KVKK, you have the right to:

  • Learn whether your personal data is processed
  • Request information regarding processing
  • Learn the purpose of processing and whether it is used appropriately
  • Know the third parties to whom data is transferred
  • Request correction of incomplete or inaccurate data
  • Request deletion or destruction of personal data
  • Request notification of such actions to third parties
  • Object to adverse outcomes resulting from automated processing
  • Claim compensation for damages arising from unlawful processing

You may submit your requests:

Before fulfilling your request, we may request additional information to verify your identity.

Requests will be evaluated and concluded within 30 days in accordance with applicable legislation. If applicable, fees may be charged according to the tariff determined by the Turkish Personal Data Protection Authority.

You also have the right to lodge a complaint with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu).

12. Children

The Website is not intended for individuals under the age of 16 (or 18 where required under applicable local law). We do not knowingly collect personal data from children.

13. Updates to This Policy

We may update this Policy to reflect legal, technical, or operational changes. The updated version will be published on this page with a revised "Last updated" date.