Privacy policy

Last updated: 20th May 2025

At The Black Thistle Plants Ltd (“we”, “us”, or “our”), your privacy matters. We’re committed to protecting your personal data and being transparent about how we use it. This policy explains what information we collect, why we collect it, and what your rights are under the UK General Data Protection Regulation (UK GDPR).

1. What We Collect

We may collect and store the following information when you interact with us:

  • Name, email address, phone number, postal address

  • Order details (items purchased, date, payment method)

  • Workshop bookings and attendance

  • Email preferences (if you've subscribed)

  • Technical data like browser type and pages visited (via cookies/analytics)

2. Why We Collect It

We use your information to:

  • Process purchases and workshop bookings

  • Respond to enquiries and customer support requests

  • Send updates (if you’ve joined our mailing list)

  • Improve your experience on our website

  • Comply with legal and financial obligations

We will only send marketing emails if you’ve given us consent — and you can unsubscribe at any time.

3. How Your Data is Stored & Protected

Your data is stored securely via trusted third-party services:

  • Stripe – for secure payment processing

  • Squarespace – for website hosting and ecommerce

  • Squarespace Email Marketing – for newsletters and announcements

  • Acuity Scheduling – for booking and managing workshop places

We implement appropriate security measures to protect your data against unauthorised access, disclosure or misuse.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contractual necessity: to fulfil your order or booking

  • Consent: for email marketing and newsletter subscriptions

  • Legitimate interest: to improve our services and understand customer preferences

  • Legal obligation: to retain transaction records for tax and accounting

5. How Long We Keep Your Data

We retain personal data only as long as necessary:

  • For purchase and tax records: up to 7 years

  • For mailing lists: until you unsubscribe

  • For customer enquiries: up to 1 year after final communication

You may request deletion at any time unless we’re required to keep data for legal reasons.

6. Sharing Your Data

We do not sell or trade your data.
We only share it with service providers that help us run the business:

  • Stripe

  • Squarespace

  • Acuity Scheduling

  • Mailing and analytics platforms (such as Squarespace Email Marketing)

We only use providers that comply with GDPR and maintain appropriate data protection standards.

7. Your Rights

Under GDPR, you have the right to:

  • Access a copy of the data we hold about you

  • Request correction or deletion of your personal data

  • Withdraw consent at any time (e.g. unsubscribe from emails)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact us at: hello@theblackthistle.co.uk

8. Contact Us

The Black Thistle
10 Market Place, Shepton Mallet, Somerset. BA4 5AZ
hello@theblackthistle.co.uk