Privacy Policy

 1. Who We Are

Thistle Type is a digital type foundry based in Scotland and operated by Rachael Arnott as a sole trader.

For the purposes of the UK GDPR and EU GDPR, the data controller is:
Rachael Arnott
Trading as Thistle Type
Email: hello@thistletype.com

This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website, make a purchase, or otherwise interact with us.

2. Legal Basis for Processing Your Information

We only process your personal data where we have a lawful basis to do so under data protection law. These include:

  • Contractual necessity – to process and fulfil your orders and provide purchased digital products.
  • Consent – for optional communications such as newsletters.
  • Legal obligation – to comply with tax, VAT, accounting, and regulatory requirements in the UK, EU, or other relevant jurisdictions.
  • Legitimate interests – to operate, improve, and secure our website, prevent fraud, and maintain business records.
3. Personal Data We Collect

A. Information You Provide
When you place an order, subscribe to our newsletter, or contact us, we may collect:

  • Full name
  • Billing address
  • Email address
  • Phone number (if provided)
  • Order and transaction details

Payment information is processed securely via third-party payment providers. We do not store full card details.

B. Information Collected Automatically
When you visit our website, we use Google Analytics to collect limited information about how the site is used. This information does not personally identify you and may include:

  • Pages visited and general usage activity
  • Referral source (how you arrived at the website)
  • Device and browser type
  • Approximate geographic location
  • General site interaction and performance data

Google Analytics is configured in a privacy-focused manner where possible, with advertising and personalisation features disabled. Analytics cookies are only used where consent has been provided through our cookie preferences tool.

The information collected is used solely to help us understand and improve the performance, usability, and content of our website.

4. How We Use Your Information

We use your personal data to:

  • Process and fulfil orders
  • Deliver digital products
  • Generate and retain invoices in compliance with UK and EU VAT law
  • Maintain transaction records for tax reporting and auditing
  • Respond to enquiries and provide customer support
  • Send marketing communications where you have opted in
  • Improve website performance and user experience
  • Detect and prevent fraud or misuse
5. Sharing Your Data

We only share personal data where necessary to operate our business, deliver services, or comply with legal obligations.

We may share data with:

  • WooCommerce (WordPress) – to operate our online store and manage orders
  • Payment processors (such as Stripe or PayPal) – to process secure payments
  • Email marketing providers – if you subscribe to our newsletter
  • Analytics providers – to understand website usage
  • Professional advisers – such as accountants
  • Tax authorities, including HMRC and relevant EU tax authorities, where required under VAT or accounting laws
  • Legal authorities, where required by law or legal process

We do not sell or rent your personal data to third parties.

6. International Data Transfers

Some service providers may store or process your data outside the UK or European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are in place, such as adequacy decisions or Standard Contractual Clauses approved under UK and EU data protection law.

7. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil your order
  • Comply with legal and accounting obligations
  • Resolve disputes
  • Enforce our agreements

Under UK law, VAT and accounting records must be retained for at least 6 years. Under EU VAT rules for digital services, certain records may need to be retained for up to 10 years.

When personal data is no longer required, it is securely deleted or anonymised.

8. Your Rights Under Data Protection Law

Under the UK GDPR and EU GDPR, you have the right to:

  • Access – request a copy of your personal data
  • Rectification – request correction of inaccurate or incomplete data
  • Erasure – request deletion of your data in certain circumstances
  • Restriction – request limited processing in specific cases
  • Data portability – receive your data in a structured, machine-readable format
  • Object – object to certain types of processing, including marketing
  • Withdraw consent – where processing is based on consent

To exercise any of these rights, contact hello@thistletype.com.

If you are dissatisfied with our handling of your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local data protection authority within the EU.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable essential website functionality
  • Improve performance and user experience

We also use Google Analytics in a privacy-focused manner to help us understand how visitors use our website and improve its performance. Analytics cookies are only used where consent has been provided.

For more information, please see our Cookie Policy.

10. Marketing Communications

We will only send you marketing emails if you have opted in.

You may unsubscribe at any time by:

We will promptly remove you from marketing communications upon request.

11. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Secure website hosting
  • Encryption of data in transit
  • Access controls and monitoring
  • Use of PCI-compliant third-party payment processors
12. Governing Law

This Privacy Policy is governed by the laws of Scotland.

If you are a consumer resident in the UK or EU, you may also rely on mandatory data protection rights available in your country of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on this page. We recommend reviewing it periodically.

14. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact: hello@thistletype.com