Privacy Policy

Privacy Policy

At Natylia, we are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit or make a purchase from our store at https://natylia.com/.

Our data practices comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR).

Section 1 – What Data Do We Collect?

When you purchase from our store, we collect the personal information you provide, such as your name, address, and email address, as part of the buying and selling process. When you browse our store, we automatically receive your computer's Internet Protocol (IP) address to help us understand your browser and operating system.

Email marketing: With your explicit consent, we may send you emails about new products, promotions, and updates. You may opt out at any time by clicking the unsubscribe link in any marketing email.

Section 2 – Consent

How do you give consent? When you provide personal information to complete a transaction, verify your payment, place an order, arrange delivery, or process a return, you consent to our collecting and using that information for that specific purpose only. If we need your information for another purpose, such as marketing, we will request your explicit consent in advance.

How do you withdraw consent? If you change your mind after opting in to marketing communications, you may withdraw consent at any time by contacting us at info@natylia.com or by using the unsubscribe link in our emails.

Section 3 – Disclosure of Data

We may share your personal information with third parties only where necessary to fulfil your order (such as payment processors and delivery partners) or where required by law. We do not sell your personal data. Any third-party service providers we use are required to handle your data in compliance with applicable data protection law.

Section 4 – Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to fulfil your purchase and deliver your order.
  • Legitimate interests: Improving our store, preventing fraud, and ensuring security.
  • Consent: For marketing communications, where you have opted in.
  • Legal obligation: Where we are required to process data by law.

Section 5 – Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Order and transaction records are typically retained for up to 7 years for accounting and legal compliance purposes.

Section 6 – Third-Party Services

Our store is hosted on Shopify Inc., which provides us with the online e-commerce platform. Shopify's privacy policy is available at https://www.shopify.com/legal/privacy. Third-party providers such as payment gateways and shipping partners maintain their own privacy policies. We encourage you to review those policies. Our website may also use Google Analytics to analyse traffic and improve our services.

Section 7 – Security

We take reasonable technical and organisational measures to protect your personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Whilst no method of transmission over the Internet is 100% secure, we follow industry best practices to safeguard your data.

Section 8 – Cookies

We use cookies and similar technologies to operate and improve our website, remember your preferences, and analyse usage. You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

Section 9 – Your Rights

Under the UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct inaccurate or incomplete data.
  • Right to erasure: You may request that we delete your personal data, subject to legal obligations.
  • Right to restriction: You may request that we limit how we process your data.
  • Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to the processing of your data for direct marketing purposes at any time.

To exercise any of these rights, please contact us at info@natylia.com. We will respond within 30 days.

UK customers: If you are based in the United Kingdom and have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection. You can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.

EU customers: If you are based in the EU, you may contact your local data protection authority.

Section 10 – Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes take effect immediately upon posting on this page. We will notify you of significant changes by email where possible.

Contact: For any privacy-related questions, please contact us at info@natylia.com.