Last updated: 17 November 2025

1. Who we are

This Privacy Policy explains how Natasha Barrett & Co. (“Natasha Barrett & Co.”, “we”, “us”, “our”) collects, uses, and protects your personal data when you:

visit our websites and landing pages, download our resources, join our email list or membership, purchase our products or services, or interact with us on social media or via support.

Data Controller:
Natasha Barrett & Co., based in Johannesburg, South Africa.
Email: [email protected]

If you are in the European Economic Area (EEA) or UK, we process your personal data in accordance with the GDPR and UK GDPR where applicable.

This policy does not create a contract between you and us. It is provided for transparency.

2. What data we collect

We collect and process the following categories of personal data:

a) Identification & contact data

First and last name

Email address

Country and/or time zone

Business name and role (if provided)

Social media handle (if you contact us via social platforms)

b) Transaction & account data

Products/services you purchase or access

Billing address (if required for invoices)

Partial payment details (we do not store full card numbers; these are processed by third-party payment processors)

Subscription status, cancellations, and refund history

Membership and login details (username, hashed password)

c) Communication data

Emails you send us and our replies

Form submissions (contact forms, waitlists, applications, surveys, Q&A submissions)

Support requests and internal notes on how we responded

d) Usage & technical data

IP address

Device type, browser type and version

Pages visited, links clicked, time spent on pages

Referring source (e.g., ad, email, social media link)

General location based on IP (city/country level, not precise geo-tracking)

e) Marketing & preference data

Your consent/opt-in records (how and when you signed up)

Email engagement (opens, clicks, unsubscribes)

Preferences you share (e.g., “interested in freelancing content”, “don’t want ads about X”)

We do not intentionally collect special category data (e.g., health, religion, political opinions) and we do not use automated decision-making that produces legal or similarly significant effects.

3. How we collect your data

We collect data in three primary ways:

Directly from you

When you fill in a form (opt-in, application, checkout, contact, survey).

When you purchase, join a program, book a call, or message us.

Automatically

Via cookies, pixels, and similar technologies when you visit our pages or open our emails.

From third parties (where lawful)

Payment processors and checkout tools.

Analytics and advertising platforms.

Social media platforms when you interact with our content or ads.

4. Legal bases for processing (GDPR)

If you are in the EEA/UK, we rely on the following legal bases:

Contract (Art. 6(1)(b)) – to provide products, services, and memberships you purchase or request.

Consent (Art. 6(1)(a)) – for email marketing, certain cookies, and optional data you choose to share.

Legitimate interests (Art. 6(1)(f)) – to run and protect our business (analytics, site security, basic tracking, improvement of services, limited direct marketing where allowed).

Legal obligation (Art. 6(1)(c)) – to comply with tax, accounting, and other legal requirements.

Where we rely on consent, you can withdraw it at any time (see Section 11).

5. How we use your data

We use your personal data to:

Provide and manage our services

Set up and manage your account or membership.

Deliver digital products, content, and program access.

Process payments, invoices, and receipts.

Communicate with you

Respond to enquiries and support requests.

Send service emails (e.g., login details, purchase confirmations, program updates).

Marketing and audience growth

Send emails and messages you explicitly signed up for (newsletters, launch campaigns, promotions).

Show you relevant content, offers, and ads based on your interactions and preferences.

Analytics and improvement

Understand how people use our site and offers.

Test and improve our pages, funnels, and customer experience.

Security, fraud prevention, and legal

Protect our systems and data from abuse or attacks.

Meet legal obligations (e.g., record-keeping for tax).

We do not sell your personal data.

6. Cookies and tracking technologies

We use cookies and similar technologies (pixels, tags, scripts) to:

Make our website function properly (essential cookies).

Remember your preferences (functional cookies).

Analyse site usage and performance (analytics cookies).

Run and measure marketing campaigns (advertising cookies, pixels).

Where required by law, we obtain your consent for non-essential cookies via a banner or pop-up when you first visit.

You can:

Change your browser settings to block or delete cookies.

Use the cookie settings on our site (where available).

Blocking certain cookies may affect how our site functions.

7. Marketing communications

If you opt in to our email list or marketing, we will send you:

Newsletters, tips, and educational content.

Information about free resources, workshops, and events.

Promotions for our products, programs, and services.

You can opt out at any time by:

Clicking “unsubscribe” at the bottom of any marketing email, or

Contacting us at [email protected] with your request.

Service-related emails (e.g., purchase confirmations, account notices) may still be sent as they are necessary to perform our contract with you.

8. Sharing your data

We share your data only when necessary and lawful, with:

Service providers / processors

Website hosting and maintenance

Email marketing and CRM platforms

Payment processors and checkout platforms

Analytics and advertising platforms

Customer support and form tools

Professional advisers

Accountants, legal advisers, and similar professionals, where required.

Authorities

If we are legally required to do so (e.g., tax authorities, regulators, law enforcement).

We require processors to handle your data securely and only according to our instructions, in line with GDPR where applicable.

We do not sell or rent your personal data.

9. International transfers

Our business is based in South Africa and we may use service providers located outside your country, including outside the EEA/UK.

Where we transfer personal data from the EEA/UK to countries that are not considered to provide an adequate level of data protection, we rely on appropriate safeguards, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission, or

Other lawful transfer mechanisms under GDPR/UK GDPR.

You can contact us for more information about these safeguards.

10. Data retention

We keep your personal data only as long as necessary for the purposes described in this policy, including to:

Provide the services and products you have requested or purchased;

Maintain business and financial records (usually 5–10 years for tax and accounting, depending on applicable law);

Resolve disputes and enforce our agreements.

When data is no longer needed, we will delete or anonymise it.

11. Your rights under GDPR (EEA/UK)

If you are in the EEA or UK, you have the following rights in relation to your personal data, subject to certain conditions and exceptions:

Right of access – to know whether we process your data and to obtain a copy.

Right to rectification – to correct inaccurate or incomplete data.

Right to erasure (“right to be forgotten”) – to request deletion of your data where there is no good reason for us to continue processing it.

Right to restriction of processing – to limit how we use your data in certain cases.

Right to data portability – to receive your data in a structured, commonly used format and to transmit it to another controller where technically feasible.

Right to object – to processing based on legitimate interests, and to direct marketing (including profiling for marketing).

Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully. We would appreciate the chance to address your concerns first.

12. Children’s data

Our services are not directed at children under 18 and we do not knowingly collect personal data from children under 18 without verifiable parental consent.

If you believe a child has provided us with personal data without parental consent, contact us at natashabarrett.co and we will take appropriate steps to delete it.

13. Data security

We take appropriate technical and organisational measures to protect your personal data, including:

Limiting access to personal data to those who need it for their role.

Using secure tools and platforms with appropriate safeguards.

Requiring passwords and, where possible, two-factor authentication.

Regularly reviewing our security practices.

However, no system or transmission over the internet can be guaranteed 100% secure. You are responsible for keeping your account credentials confidential.

14. Third-party links

Our website, emails, or programs may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties.

We encourage you to read the privacy policies of every site you visit.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do:

We will update the “Last updated” date at the top, and

Where required by law, we will notify you of material changes (e.g., by email or via a notice on our site).

Your continued use of our services after such changes constitutes your acknowledgement of the updated policy.

16. Contact us

If you have questions about this Privacy Policy or how we handle your personal data, contact:

Natasha Barrett & Co.
Email: [email protected]