← Back to Founder Academy
CHECKLIST · 12 ITEMS · 3 SECTIONS
Mandatory Legal Texts for Your E-Commerce Site
Running an e-commerce site under Turkish law requires more than listing products: consumer rights, data privacy and operational rules require specific texts to be live and accepted. This checklist covers the 12 mandatory documents grouped into 3 sections.
Vircon Legal · virconlegal.com
SECTION 1 · 4 ITEMS
Consumer Law Documents
Distance sale, withdrawal rights, returns, delivery, and warranty. The documents the consumer sees and accepts before checkout.
An e-commerce sale is a "distance sale" under Law No. 6502. Before purchase, the consumer must be given a Pre-Information Form stating the seller's identity, key product features, VAT-inclusive price, payment and delivery terms, and the 14-day right of withdrawal. At order confirmation a Distance Sale Agreement is concluded and must be delivered to the consumer via a durable medium (PDF). The seller bears the burden of proof; consent logs and delivered contracts must be archived.
Beyond the 14-day withdrawal right, the procedures available to the consumer in case of dissatisfaction or product defect must be clear. The policy should state acceptance conditions (original packaging/label), who bears the return shipping cost, required documentation, and the timeline for refund (legal limit: 14 days to the payment instrument).
Preparation time, partnered couriers, estimated delivery windows, undeliverable scenarios (no recipient, wrong address) and shipping fees must be displayed clearly. Regional surcharges or cash-on-delivery commissions should be shown at the basket stage.
The statutory warranty period is 2 years. The consumer's 4 statutory remedies against defective goods must be stated: (i) free repair, (ii) refund, (iii) replacement, (iv) price reduction proportional to the defect. Authorized service info and warranty certificate request channel should be included. Certain categories (white goods, electronics) have category-specific extended warranty rules set by the Ministry.
SECTION 2 · 4 ITEMS
Data Protection & Transparency
KVKK (Turkish GDPR), cookies, and commercial electronic communications. The texts that manage user rights and consent at every data collection point.
As the data controller, you must inform users of which personal data (name, address, email, IP, purchase history) is collected, the purposes of processing, retention practices and third-party sharing. The lawful basis for each data category (explicit consent, contract performance, legitimate interest, etc.) must be stated separately. Legal basis: Law No. 6698 (KVKK) Art. 10. Related practice area: Privacy & Cybersecurity.
Broader than the KVKK notice. It covers security measures, the conditions under which data is shared with third parties (couriers, payment service providers, virtual POS, cloud), retention periods, and how data subjects can exercise their rights (access, rectification, erasure, objection). VERBIS-registered contact details must be clearly visible.
The types of cookies (session, persistent, third-party), their purposes (session management, analytics, targeted advertising) and how users can control them must be explained. Explicit opt-in consent is required for non-essential cookies, with the ability to withdraw consent at any time. Implicit consent ("by continuing to browse you accept") is no longer sufficient under recent Authority rulings.
Sending commercial electronic messages (email/SMS/call) requires prior explicit consent. A separate, optional opt-in checkbox must be presented; consent bundled with a membership agreement is invalid. Every message must include an "UNSUBSCRIBE" link, and consent must be revocable in one click. All consents must be stored in the İYS (Message Management System) and verified before sending.
SECTION 3 · 4 ITEMS
Site Usage & Operations
Site rules, membership, complaints process, and pricing. The other mandatory texts the consumer encounters on their journey.
Sets out the rules for using the site and its services (blog, forum, membership, user comments). Prohibited activities (copyright infringement, defamation, spam, scraping), the site administrator's content removal authority, liability for service interruptions, intellectual property rights and liability limitations are governed here. If user-generated content exists (reviews, comments), include a moderation policy and the deemed user license.
If the site requires membership, the terms, fees (if any), suspension/termination conditions and party rights must be governed. For subscription models (premium, product box), auto-renewal and cancellation flow are subject to consumer protection rules. Membership cancellation must be available in one click from the user panel; "email us to cancel" practices are legally risky under Law No. 6502.
Under Law No. 6502, consumer complaints must be answered in writing within 30 days. The site must provide a complaint channel (online form, email, telephone) accessible also to non-members. References to Consumer Arbitration Committees and Consumer Courts (monetary jurisdiction thresholds) can also be added as guidance.
Prices must be shown VAT-inclusive. Accepted payment methods (credit/debit card, bank transfer, cash-on-delivery, digital wallets) and any surcharges (COD commission, instalment differential) must be disclosed. Instalment options should be visible together with their additional cost. Showing indicative shipping at the basket level is also a consumer-protection best practice.
Important: It is not enough to merely have these texts on the site. The consumer must be able to access and accept them before purchase. Otherwise the 14-day withdrawal period does not begin, administrative fines may apply, and the consumer may rescind the agreement without notice. The seller bears the burden of proof: archive consent logs, IPs, contract versions and delivered PDFs. Industry-specific regulation (timeshare, financial services, food/health, digital content) may require additional documents.
This checklist is provided for general information only and does not constitute legal advice.
This checklist is provided for general information only and does not constitute legal advice.
Next step
Book a free 30-minute intro call
Once you've worked through this checklist, pick a time below for a personalized risk review and prioritization of any remaining items.