Privacy Policy

We respect your privacy and have developed this privacy policy to demonstrate our commitment to protecting your privacy.


Purpose of Policy

Who we are

  • Information collection
  • Information you give us
  • Information about your interactions with us
  • Information from third parties
  • Sensitive personal data

Legal basis

  • Performance of a Contract
  • Legitimate Interest
  • Legal or Regulatory Obligation
  • Explicit Consent

Marketing Communications

Other processing activities

Third parties

  • Service Providers
  • Apps
  • Social Media
  • Links

Your debit and credit card information

Security of your personal information

Maintaining your personal information

  • Retention Periods

Your rights to your personal information

Contact details and further information

  • Advice & Registration
  • Privacy Policy Changes

Purpose of Policy

We are committed to protecting your personal information and being transparent about what information we hold about you.

Using personal information allows us to develop a better understanding of our customers and in turn to provide you with relevant and timely information about both products and the company.

The purpose of this policy is to give you a clear explanation about how we collect and use the information obtained from you directly and from third parties.

We use your information in accordance with all applicable laws concerning the protection of personal information.

This policy explains:

  • What information we may collect about you
  • How we may use that information
  • In what situations we may disclose your details to third parties
  • Our use of cookies to improve your use of our website
  • Information about how we keep your personal information secure, how we maintain it and your rights to be able to access it.

If you have any queries about this policy, please use the contact details at the end of this policy.

For our terms and conditions of sales, please visit our Terms and Conditions page.

Who We Are

Natalie Grace Cosmetics Ltd is a Scottish registered company (SC637600). In addition, Natalie Grace Make Up Artist is a wholly owned subsidiary site by Natalie Grace Cosmetics Ltd. When we refer to “we” or “our” or “us” or “Natalie Grace” we are referring to Natalie Grace Cosmetics Ltd and Natalie Grace Make Up Artist.

Information Collection

Natalie Grace collects various types of information about you during interactions and purchases you make.

By submitting your details, you agree to Natalie Grace (and where applicable, affiliates and partners that we work with) to provide you with the services, activities and online content you select.

Information you give us

When you register with one of our online systems to buy products we’ll store personal information you give us such as your name, email address, postal address, telephone number and card details.

We will also store a record of your purchases. From time to time we may also collect, use and share aggregated data such as statistical or demographic data. This may be derived from personal data that we hold but this is not considered personal data by law as it does not directly or indirectly reveal your identity.

Information about your interactions with us

When you participate in our activities, such as posts, newsletters, blogs etc we collect information about how you interact with our content and adverts. Also, when we send you a mailing we store a record of this, and in the case of emails, where possible, we keep a record of which ones you have opened and which links you have clicked on.

Information from third parties

We occasionally receive information about you from third parties. For example, we may receive information such as name and email and/or postal address when purchasing via external sellers to fulfill orders, via analytics providers such as Google, advertising networks such as Facebook or from search information providers such as Google AdWords.

We also use cookies, which are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used.

We use cookies to keep track of your basket as well as to identify how the website is being used and what improvements we can make.

Natalie Grace will never purchase data nor sell data with third parties.

Sensitive personal data

Data laws recognize that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not actively collect this type of information about our customers unless there is a clear reason for doing so.

Legal Basis

We will only use your personal information when the law allows us to.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information.

Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been stipulated.

Performance of a Contract

This is where we need to perform the contract we are about to enter into or have already entered into with you.

Legitimate Interest

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, based on your purchase history, we may contact you about other similar items that we have in stock.

Legal or Regulatory Obligation

Where we need to comply with legal and regulatory requests from governing bodies like the police.

Explicit Consent

Where we have your explicit consent before using your personal information in that specific situation.

Marketing Communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful, and never excessive. To do this, we use data that we have stored about you, such as which events you have booked for in the past, as well as any contact preferences you may have told us about.

We use legitimate interest as the legal basis for collating a list of customers to communicate with by post and email but for your peace of mind we use explicit consent (via the contact preferences set when you created your account) as the final check prior to sending these communications .

This means that once we have collated our list of customers who match our search criteria, we run that through a consent check which produces a final list of those who wish to hear from us by email.

To change your contact preferences, you can use the contact details at the end of this policy or update them in your online account with us.

As part of our service to you, we may contact you by email or telephone to provide essential information related to your purchases.

Other processing activities

We may analyse data we hold about you to ensure that the content and timing of the communications we send is as relevant to you as possible, as well as analyse data we hold about you to identify and prevent fraud.

In order to improve our website, we may analyse information about how you use it and the content and ads that you interact with.

Such information is compiled using publicly available data about you.

In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden.

You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.

Third Parties

In general, we will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies).

Service Providers

Natalie Grace will keep your information completely confidential, including never disclosing any private or sensitive data when providing analytical reports of business activities.

Natalie Grace requires these third parties to comply strictly with its instructions and that they do not use your personal information for their own business purposes unless you have explicitly consented to the use for your personal information in this way. This permission would be obtained separately from the standard permissions currently in place along with documentation stipulating the full details of the requests.


We may offer the facility for you to sign-in to our systems vis a third-party service app (e.g. Facebook) to interact with us. In such instances you will be presented with a dialog box, which will ask for your permission to allow your personal information to be shared with Natalie Grace.

Whilst Natalie Grace may endeavour to offer you an alternative option that will enable you to interact with us without using a third-party, this may not always be possible.

Social Media

If you choose to interact with us via any of our social media streams (e.g. Facebook, Twitter, Instagram etc) Natalie Grace may receive or have access to information about you, this is based upon what you have chosen to chare in your social media accounts. Natalie Grace do not use this information and relies solely on the social media channels aggregated marketing data tools along with posts directly on our pages.

To change any permission or to manage the viewing of our posts, please refer to your social media provider.

Links and, contain links to other websites that are not owned or controlled by Natalie Grace and will take you away from our website(s) and therefore are not responsible for the policies governing these websites, including anything data related.

Your Debit and Credit Card Information

If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

You can find more information about this standard here.

For transparency in our payment system (PayPal) has the functionality to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number.

If you don’t have a PayPal account, there is an option to enter your card details without an account, however your details will still be retained in order to provide refunds where appropriate.

Security of your Personal information

We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.

We will not transfer, process or store your data anywhere that is outside of the European Economic Area, unless we have a contractual agreement in place that is of an equivalent standard to GDPR.

Maintaining your Personal Information

If you wish to make changes to the information or permission you provided, log into your account via

Should you solely wish e-mails to stop, you can also use the “Unsubscribe” link at the bottom of one of our e-mails. This will stop any of the similar emails being sent to your email address, however it will not stop service related emails as they are not subject to permissions under legitimate interest.

For logging exclusions from processing activities or any other amendments you require that are not covered above, please see the Contact Details & Further Information section of this policy.

Any objections you make to any processing of your data will be stored against your customer record on our system so that we can comply with your requests.

Retention periods

We will hold your personal information on our systems for as long as is necessary for the relevant activity.

If you request that your account be deleted we will deactivate it on the database and, while Natalie Grace cannot use the personal information, it will remain on the system for administration and financial regulatory purposes before being fully deleted, timescale for this will be determined on a case-by-case basis. During this time, you can request for it to be reactivated at any point.

On occasion Natalie Grace may approach customers and clients to submit material for use on social media and the website. In these instances Natalie Grace will provide a contract for the use of these materials, which will detail the required retention period.

Your Rights to your Personal Information

Under the General Data Protection Regulations, you have rights, which are detailed below.

Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below. If you are a European citizen and consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, i.e. the Information Commissioner’s Office.

Request access to your personal information

You have a right to request a copy of the personal information that we hold about you.

Request correction of your personal information

You have the right to request that we correct the personal information we hold about you, although we may need to verify the accuracy of the new information you provide to us.

Request deletion of your personal information

You have the right to request that we delete or remove personal information where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons - which will be notified to you at the time of your request.

Object to processing of your personal information

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your informatio which override your rights and freedoms.

Request restriction of processing your personal information

You have the right to request that we suspend the processing of your personal data in the following scenarios:

  • (a) if you want us to establish the accuracy of the data;
  • (b) where our use of the data is unlawful, but you do not want us to erase it;
  • (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
  • or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal information

You have the right to request that the personal information we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Right to withdraw consent

In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Please also note the following: -

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

Contact Details and Further Information

If you have any questions regarding any part of this privacy policy, or to change your permissions we hold for you – including objection to any processing of your personal information, please feel free to contact us using the details below.

Please put your request in writing to us using either of the details below.

By Email:

Advice & Registration

Natalie Grace is advised and/or registered with the following organisations to ensure we are doing everything we can to protect you and your information.

Information Commissioner's Office

Payment Card Industry Data Security Standards Council

Office of the Scottish Charity Regulator (UK)

The companies we use to manage data are solely responsible for ensuring they are fully up to date and compliant. Natalie Grace receives regular updates on their compliance results to ensure they are being renewed and maintained.

Privacy Policy Changes

This Privacy Policy may be updated periodically, so you may wish to check it each time you submit personal information. We will endeavour to date the most recent revisions. If you do not agree with any changes, please do not continue to use or submit personal information to Natalie Grace.