Home Services About US Contact

Privacy Policy

Last updated: 2026-05-27

Techbeh Limited ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you have.

This policy is written with the UK / EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK — Law no. 6698) in mind.

1. Who we are

Data controller: Techbeh Limited
Email: info@techbeh.com
50 Princes Street, Ipswich, England, IP1 1RJ

2. What data we collect

  • Technical & analytics data — your IP address (stored as a one-way SHA-256 hash, never in clear text), user-agent (also hashed), referrer URL, requested URL, language, HTTP method, an anonymous visitor identifier (sv_vid) and a bot-likelihood score. Stored in the analytics_events table.
  • Consent log — when you make a choice in the cookie banner, we store the decision (accept all / reject all / custom), the categories you allowed, the consent version, your language and a hashed IP/user-agent for audit purposes. Stored in the cookie_consents table.
  • Contact form — name, email, subject and message you submit through the contact page.
  • Form / application data — when you submit a visa application or any other form, we collect the fields you fill in (typically your name, contact details, nationality, travel intentions and any documents you choose to upload). These records are stored in the submissions table and used only to process your request.
  • Customer records — for clients we work with, we store basic company / individual details (name, email, phone, billing address, optional tax ID) for invoicing and account management.
  • Invoice & payment data — invoices, line items, statuses, payment amounts, currencies and (where applicable) the transaction reference returned by the payment provider. We do not store full card numbers; payments are processed entirely on the provider's side (Stripe, PayPal, iyzico).
  • Session data — when you log in to a protected area (admin only) we store a server-side session including your user id, role and CSRF token; this is purely transient and tied to the PHPSESSID cookie.

3. Why we use your data (legal basis)

  • To deliver the service you requested — process visa applications, send invoices, handle payments, respond to enquiries. Legal basis: performance of a contract or steps before entering into a contract.
  • To operate, secure and improve the site — log essential traffic, detect fraud and bots, troubleshoot errors. Legal basis: legitimate interests.
  • To send service-related emails — confirmations, invoice notifications, payment receipts. Legal basis: performance of a contract.
  • To respect your cookie preferences — only set analytics / marketing cookies if you opt in. Legal basis: consent (which you can withdraw at any time).
  • To comply with our legal obligations — invoicing, accounting, tax records. Legal basis: legal obligation.

4. Cookies

For details on cookies, see our Cookie Policy.

5. Email

Outgoing emails (account, contact, invoice, payment notifications) are sent through the PHPMailer library using our own SMTP credentials configured in the admin panel. Email addresses you provide are used only to communicate with you about the matter at hand.

6. Third parties we share data with

  • Payment processors — if you pay an invoice we redirect you to the relevant provider. The provider receives the payment amount, currency, your billing/contact details (as needed for the transaction), and may apply its own fraud-prevention checks. Each provider is an independent data controller for the data it collects; see their policies: Stripe, PayPal, iyzico.
  • Hosting / infrastructure — our website is hosted on a server we operate. Hosting providers may have incidental access to data while the service is being provided, governed by their own data-processing agreements.
  • Email delivery — outgoing email passes through the SMTP server configured in the admin panel.

We do not sell your personal data and we do not share it with advertisers.

7. International transfers

Because our payment processors and certain infrastructure services operate internationally, your data may be transferred outside your country of residence. Where this happens, the recipient is required to provide an adequate level of protection (e.g. Standard Contractual Clauses for transfers outside the UK/EEA).

8. How long we keep your data

  • Analytics events — up to 24 months, after which they are aggregated or deleted.
  • Cookie consent records — kept while your consent is valid (default 180 days) plus a reasonable retention period for audit.
  • Contact form / enquiries — up to 24 months unless we are required to keep them longer.
  • Customer & invoice records — retained as long as required by applicable accounting and tax law (typically 5–10 years).
  • Server logs — typically up to 90 days.

9. Your rights

Under GDPR and KVKK you have the right to:

  • access a copy of the personal data we hold about you;
  • have inaccurate data corrected;
  • request deletion ("right to be forgotten") subject to legal retention requirements;
  • restrict or object to certain processing;
  • data portability — receive your data in a structured, machine-readable format;
  • withdraw your consent at any time (e.g. via the cookie settings button) without affecting the lawfulness of prior processing;
  • lodge a complaint with your national supervisory authority — for the UK the Information Commissioner's Office (ICO), for the EU your local DPA, and for Turkey the Personal Data Protection Authority (KVKK Kurumu).

To exercise any of these rights, email us at info@techbeh.com. We will respond within 30 days.

10. How we keep your data safe

  • All inbound traffic is served over HTTPS (TLS).
  • IP addresses and user-agent strings are stored as one-way SHA-256 hashes (salted), so original values cannot be recovered.
  • Passwords are stored hashed with PHP's password_hash() (bcrypt).
  • Database access is restricted to the application user with the minimum privileges needed.
  • CSRF tokens protect all state-changing requests.
  • Payment data never touches our servers; it is handled entirely by the payment provider.

11. Children

Our services are not directed at children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the most recent change was made. Material changes will also be highlighted on the site.

13. Contact

For any privacy-related question, please contact us at info@techbeh.com.