Privacy Policy

Who we are

The following definitions should help you understand this policy.  When we say “we,” “us,” and “our,” we are referring to The Littlest Thistle, a UK based company.  Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

When a visitor uses the contact form on the site it e-mails the site owner with the contents of the form along with contact details for a reply.  These details are not stored within the site, and the e-mail is deleted within a year if no further follow-up has been requested.  Information submitted via the contact form is never used for marketing purposes.


If you leave a comment on our site you may choose to opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We take your privacy extremely seriously and we will never share your data with any third parties with the exception of:

  • Should you sign up to our newsletter for Thistle Patch Retreats, your name and e-mail address will be stored within the site owner’s account at Mailchimp.  Please see this page for further information on Mailchimp’s privacy policies.
  • When you buy from our web store you will be redirected to Paypal for payment purposes.  This means that we have no access to any of your financial data, all card details and transactions are handled by Paypal only.  You can find their privacy policies here.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile – note that your address is required for purchases due to VAT requirements for digital downloads within the EU. All users can see, edit, or delete their own personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

User accounts which have been inactive for 7 years or more will be deleted.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.  We will respond to your request within 1 month if not sooner.

Where we send your data

Visitor comments may be checked through an automated spam detection service, Akismet.  This includes the commenter’s IP address, user agent, referrer, and Site URL along with other information directly provided by the commenter such as their name, username, email address, and the comment itself.

Should you make a purchase from this site, data will be passed to Paypal for the purposes of the financial transaction only (see further information below)

Additional information

How we protect your data

This site is protected by Wordfence security which is constantly updated in order to try and prevent attacks from external users.  The site owner has the only account with permissions to see your data and it is never shared with any third parties.  Our account security requires that each account must have a password associated with it.  Users will have 2 failed attempts to login to their account, after which their IP address will be locked out for 2 months.

What data breach procedures we have in place

If a security breach occurs on our system that materially affects you, for example that the site is hacked, then we will notify you as soon as possible and later report the action we took in response.

What third parties we receive data from

If you choose to purchase from this site, we will receive confirmation of a successful transaction from Paypal, however we will not receive any financial details from them.

What automated decision making and/or profiling we do with user data

We do not carry out any automated processing on user data with the exception of blog comments passing through an automated spam detection service.

Store data

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Billing address: we’ll ask you to enter this so we can calculate VAT where appropriate for digital downloads

We’ll also use cookies to keep track of cart contents while you’re browsing our site.  You will be shown a cookie consent form the first time you visit this site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, email address and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings

If you create an account, we will store your name, address, telephone number and email which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, telephone number, email address and billing address.

We will also store comments or reviews, if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, Administrators can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, telephone number, email address, and billing information.  Note that as all billing is carried out via Paypal we will have no access to your financial data, only to the e-mail address attached to the account which was used for payment

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We share the following information with third parties who help us provide our orders and store services to you:


We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.