Privacy Policy
Last updated: 12 February 2026
1. Introduction — Who We Are
This privacy policy explains how Terzi Enterprises (trading as Nihal Terzi Consulting), a company registered in Ireland, collects, uses, stores, and protects your personal data when you visit our website nihalterzi.com or interact with our services.
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) (EU 2016/679) and the Data Protection Act 2018 (Ireland).
For the purposes of data protection law, the data controller is:
Terzi Enterprises (trading as Nihal Terzi Consulting)
Email: nihal@nihalterzi.com
UK Phone: +44 (0) 7929 00 00 72
Turkish Phone: +90 534 279 3076
2. What Data We Collect and Why
We collect personal data only when it is necessary for the purposes described below. We do not collect more data than we need.
Contact Form Submissions
When you submit a message through our website contact form, we collect:
- Name — so we can address you personally
- Email address — so we can respond to your enquiry
- Phone number (optional) — if you prefer to be contacted by phone
- Service interest — so we can provide relevant information about our consultancy services
- Message content — the details of your enquiry
Calendly Bookings
When you book a strategy call through Calendly (our third-party booking service), the following data is collected by Calendly and shared with us:
- Name
- Email address
- Appointment details (date, time, and any notes you provide)
Please note that Calendly is a third-party service with its own privacy policy. See Section 5 below for more details.
Automatically Collected Information
When you visit our website, we may automatically collect limited technical data necessary for the website to function, such as your browser type and session information. We do not currently collect analytics data, though we may introduce analytics cookies in the future (see Section 6).
3. Legal Basis for Processing
Under the GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:
| Legal Basis | When It Applies |
|---|---|
| Consent (Article 6(1)(a)) | When you voluntarily submit a contact form or book a call through Calendly. You may withdraw your consent at any time. |
| Contractual necessity (Article 6(1)(b)) | When processing is necessary to take steps at your request before entering into a consultancy contract, or to perform an existing contract with you. |
| Legitimate interests (Article 6(1)(f)) | When we process data to respond to enquiries, improve our services, or maintain the security and performance of our website, provided these interests are not overridden by your rights. |
4. How We Use Your Data
We use the personal data we collect for the following purposes:
- Responding to your enquiries and providing information about our consultancy services
- Scheduling and conducting strategy calls and consultations
- Taking pre-contractual steps and performing our obligations under any consultancy agreement
- Communicating with you about your booking or project
- Maintaining internal business records
- Improving our website and services
We do not use your data for automated decision-making or profiling. We do not currently send marketing emails. If we introduce marketing communications in the future, we will seek your explicit consent first.
5. Third-Party Services
We use a limited number of third-party services that may process your personal data:
Calendly
We use Calendly to manage appointment bookings. When you book a call, your name, email, and appointment details are processed by Calendly. Calendly is based in the United States and processes data in accordance with its own privacy policy. Calendly relies on Standard Contractual Clauses (SCCs) and other safeguards for international data transfers. You can review Calendly's privacy policy at calendly.com/privacy.
Google Fonts
Our website uses Google Fonts to display typography. When you load our pages, your browser may make requests to Google's servers to retrieve font files. This may result in your IP address being transmitted to Google. Google's privacy policy applies to this data. You can review it at policies.google.com/privacy.
We do not sell, trade, or otherwise transfer your personal data to any other third parties. We do not use third-party advertising or marketing platforms.
6. Cookies
Cookies are small text files stored on your device when you visit a website. Our current use of cookies is limited to what is strictly necessary for the website to function.
Cookies We Currently Use
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Session cookie | Maintains your browsing session | Essential | Session (deleted when you close your browser) |
| Cookie consent preference | Remembers whether you have accepted or declined cookies | Essential | 12 months |
Essential cookies do not require your consent under GDPR, as they are strictly necessary for the website to operate.
Future Cookies
We plan to introduce analytics cookies in the future to help us understand how visitors use our website and improve the user experience. When we do, we will update this policy, implement a cookie consent mechanism, and request your consent before placing any non-essential cookies on your device.
You can control and delete cookies through your browser settings. Please note that disabling essential cookies may affect website functionality.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 24 months from the date of submission, unless a business relationship is established |
| Calendly booking data | 24 months from the date of the appointment, unless a business relationship is established |
| Client project data | 6 years from the end of the business relationship (in line with Irish statutory requirements) |
| Cookie consent preferences | 12 months |
After the applicable retention period, your data will be securely deleted or anonymised. If you request deletion of your data before the retention period expires, we will comply unless we have a legal obligation to retain it.
8. Your Rights Under GDPR and Irish Law
Under the GDPR and the Data Protection Act 2018 (Ireland), you have the following rights in relation to your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can request that we correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — You can request that we delete your personal data, subject to certain legal exceptions.
- Right to data portability — You can request your data in a structured, commonly used, machine-readable format so you can transfer it to another controller.
- Right to object — You can object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
- Right to restrict processing — You can request that we limit how we use your data in certain circumstances.
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint — You have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority for data protection.
To exercise any of these rights, please contact us using the details below. We will respond to your request within one month, as required by law. In certain circumstances, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for it.
Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
Phone: +353 (0)1 765 0100 / 1800 437 737
Email: info@dataprotection.ie
9. International Data Transfers
As an Ireland-registered company, we primarily process and store data within the European Economic Area (EEA). However, some of the third-party services we use may transfer data outside the EEA:
- Calendly is based in the United States. Calendly relies on Standard Contractual Clauses (SCCs) approved by the European Commission and other supplementary measures to ensure an adequate level of data protection when transferring personal data from the EEA to the US.
- Google Fonts may involve data transfers to Google servers located in the United States or other countries. Google participates in the EU-US Data Privacy Framework and uses SCCs for international transfers.
We do not transfer personal data to any country outside the EEA unless appropriate safeguards are in place, as required by Chapter V of the GDPR.
10. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page.
We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this privacy policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:
Terzi Enterprises (trading as Nihal Terzi Consulting)
Email: nihal@nihalterzi.com
UK Phone: +44 (0) 7929 00 00 72
Turkish Phone: +90 534 279 3076
Website: nihalterzi.com
We aim to resolve any data protection concerns promptly and fairly. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC).