Privacy Policy

Privacy Policy

Last Updated: 3 October 2025

Paper Thistle (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data in a safe and responsible manner. This Privacy Policy explains how we collect, use, and share your information when you use our website, purchase products, subscribe to our membership programme, or interact with us.

1. Information We Collect

We may collect the following types of personal data:

1.1 Account and Contact Information

  • Name, email address, postal address, telephone number, and payment details.

  • Account login details if you create an account on our site.

1.2 Communications Data

  • Emails, messages, or phone calls you send to us.

  • Your preferences regarding marketing communications.

1.3 Transaction and Membership Data

  • Products you purchase, delivery addresses, and payment history.

  • Membership subscription details (e.g., start date, renewal date, and billing status).

1.4 Technical and Usage Data

  • IP address, browser type, device information, pages visited, and browsing behaviour.

  • Cookies and similar technologies (see our Cookie Policy).

2. How We Use Your Personal Data

We use your data for the following purposes:

2.1 To Provide Our Services

  • Process orders and payments.

  • Deliver products.

  • Manage your account and membership subscription.

  • Respond to enquiries or complaints.

2.2 Marketing and Communications
We may contact you via email, SMS, or post to:

  • Promote our products, services, or special offers.

  • Send newsletters and updates relevant to your interests or membership.

You can opt-out at any time by following the unsubscribe link in emails, contacting us directly, or updating your preferences in your account.

2.3 Improving Our Website and Services

  • Analyse website usage and performance.

  • Personalise content and offers.

2.4 Legal and Safety Purposes

  • Comply with legal obligations.

  • Prevent fraud or other unlawful activities.

3. Legal Basis for Processing

We rely on the following legal grounds to process your personal data:

  • Performance of a contract: to deliver products or manage your membership.

  • Consent: for marketing communications and cookies.

  • Legal obligation: to comply with UK laws.

  • Legitimate interests: to improve our services, prevent fraud, and ensure security.

4. How We Share Your Data

We do not sell your personal data. We may share it with:

  • Service providers and partners – e.g., payment processors (Stripe), delivery companies, IT service providers.

  • Marketing platforms – e.g., email or SMS service providers.

  • Legal or regulatory authorities – when required by law or to protect our rights.

All third parties are required to handle your data securely and in accordance with applicable data protection laws.

5. Marketing Preferences

When you provide your consent, we may send you promotional messages via:

  • Email – newsletters, product updates, special offers.

  • SMS / text messages – personalised promotions or order notifications.

  • Post – catalogues, vouchers, or marketing letters.

You can withdraw your consent at any time without affecting your other dealings with us.

6. Cookies and Tracking

We use cookies and similar technologies to improve your experience, analyse site usage, and deliver relevant marketing. For full details, see our Cookie Policy.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined above or as required by law. This generally includes:

  • Account and transaction data: up to 7 years for accounting and legal purposes.

  • Membership data: retained for the duration of your active subscription and up to 12 months thereafter for audit purposes.

  • Marketing data: until you withdraw consent.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate or incomplete data.

  • Request deletion of your data (“right to be forgotten”).

  • Object to processing or withdraw consent.

  • Request restriction of processing.

  • Receive your data in a portable format.

  • Lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise these rights, contact us at hello@paperthistle.co.uk.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse.

10. International Transfers

Some of our service providers may operate outside the UK. Where we transfer your data internationally, we ensure adequate safeguards are in place to protect your personal information, in compliance with UK GDPR.

11. Children’s Privacy

Our website is not intended for children under 16. We do not knowingly collect personal data from children.

12. Changes to this Policy

We may update this Privacy Policy occasionally. The “Last Updated” date at the top reflects the most recent changes.

13. Contact Us

For questions or concerns about this Privacy Policy or how we process your data:

Paper Thistle
Email: hello@paperthistle.co.uk
Address: Paper Thistle, Third Floor, 3 Hill Street, Edinburgh, Scotland, EH2 3JP