Privacy Policy

At Thistle Type, your privacy is our priority. We are committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and other relevant data protection laws.

Who We Are

Thistle Type is an online font store based in Scotland. We sell digital font products through a website powered by WordPress and WooCommerce. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our site, make a purchase, or interact with us in any other way.

Legal Basis for Processing Your Information (Under GDPR)
We only process your personal data when we have a lawful basis for doing so, including:

  • Contractual necessity – to process and fulfil your orders.
  • Consent – for optional communications like newsletters.
  • Legal obligation – to comply with applicable laws, including tax, VAT, and accounting requirements in the UK, EU, or other relevant jurisdictions.
  • Legitimate interests – to improve our services, prevent fraud, and maintain security.
Personal Data We Collect

A. Information You Provide
When you place an order, sign up for our newsletter, or contact us, we may collect:

  • Full name.
  • Billing and shipping address.
  • Email address.
  • Phone number.
  • Payment details (processed securely via third-party payment gateways – we do not store your card information).

B. Information Collected Automatically
When you browse our website, we collect certain technical data using cookies and analytics tools:

  • IP address.
  • Device type and browser.
  • Time zone and approximate location.
  • Pages viewed, time spent, and other usage data.
How We Use Your Information

We use your personal data to:

  • Process and fulfil your orders.
  • Communicate with you about purchases or inquiries.
  • Generate and store invoices in compliance with UK and EU VAT law.
  • Maintain transaction records for tax reporting and auditing purposes.
  • Send marketing emails (only if you’ve opted in).
  • Improve our website and customer experience.
  • Detect and prevent fraud or abuse.
Sharing Your Data

We only share your data when necessary to operate our business, deliver services, or comply with legal obligations. We may share your information with:

  • WooCommerce – Our e-commerce platform, used to manage your orders and customer data.
  • Payment Processors – Such as Stripe or PayPal, for secure transactions.
  • Email Marketing Tools – If you subscribe to our newsletter.
  • Analytics Providers – To help us understand site usage and improve user experience.
  • Tax and Accounting Authorities – where required by law, we may share transaction details with HMRC (UK tax authority), EU tax authorities, or professional accountants to comply with VAT and tax obligations.
  • Legal Authorities – When required by law, regulation, or legal process.

We do not sell or rent your personal data to third parties.

International Data Transfers

Some of our service providers may store or process your data outside the UK or European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) in compliance with GDPR.

How Long We Keep Your Data

We retain your personal data only as long as necessary to:

  • Fulfil your orders.
  • Comply with legal and accounting requirements.
  • Resolve disputes.
  • Enforce our agreements.
  • When your data is no longer needed, we securely delete or anonymise it.

We are required to keep VAT and tax-related records for at least 6 years under UK law and up to 10 years under EU VAT regulations for digital services. When your data is no longer needed, we securely delete or anonymise it.

Your Rights Under Data Protection Law

You have the following rights under the UK GDPR and EU GDPR:

  • Access – Request a copy of your personal data.
  • Rectification – Ask us to correct inaccurate or incomplete information.
  • Erasure – Request deletion of your data under certain conditions.
  • Restriction – Ask us to pause processing in specific cases.
  • Data Portability – Request your data in a structured, machine-readable format.
  • Objection – Object to certain types of processing, including marketing.
  • Withdraw Consent – You may opt out of marketing or withdraw other consents at any time.

To exercise any of these rights, contact us at support@thistletype.com

If you are dissatisfied with our handling of your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local data protection authority.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable core site functionality.
  • Understand how visitors use our site.
  • Tailor your experience and preferences.

By using our website, you consent to the use of cookies unless you disable them in your browser. For more details, please see our Cookie Policy.

Marketing and Newsletter Communications

We will only send you marketing communications if you have opted in. You can unsubscribe at any time by:

We respect your preferences and will promptly remove you from our mailing list upon request.

Data Security

We take appropriate technical and organisational measures to safeguard your personal data, including:

  • Secure website hosting.
  • Data encryption during transfer.
  • Access controls and regular monitoring.
  • Payment details handled by PCI-compliant third-party processors.
Governing Law

This Privacy Policy is governed by the laws of Scotland and the United Kingdom. Any disputes arising in relation to this policy shall be subject to the exclusive jurisdiction of the Scottish courts.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page. We recommend reviewing it periodically.

Contact Us

If you have any questions about this policy or your data, please contact us at support@thistletype.com

– Updated: 3 September 2025

Shopping Cart
Scroll to Top