Privacy Policy

  1. Introduction and Summary

This policy specifically relates to Rose & Thistle Social Ltd ("we" or "us") only. It details the types of personal data we may collect about you when you interact or register with us. Furthermore, this policy explains how we store and handle that data whilst maintaining its safety. A substantial amount of information is contained within this policy, but it is your legal right to be fully informed. Therefore, by reading this document in full, you should receive the detail required to understand what Rose & Thistle Social Ltd does with your data and how we maintain contact with you using the data you provide.

This page also explains how 'cookies' may influence your user experience via our website and third-party systems whilst detailing how you can opt out of our direct marketing.

EU GDPR – Data Protection Regulation 2018

The introduction of the new GDPR (General Data Protection Regulation 2018) in May 2018 outlines new rules for how businesses collect data. To use our services, we must collect, use and hold some of your personal and contact data. With this new regulation, you can change how we use your data or 'opt out' of certain items at any time by emailing us: info@roseandthistlesocial.com. Please note that if you opt out of certain items, you may be unable to access some or all of our services.

For ease of understanding, this document, 'data', refers to any personal details we collect from you or about your business. We may need to update this Privacy Policy at any time to ensure we are always compliant. Any significant changes likely to influence you as a customer will be communicated via email. You can view this Privacy Policy at any time at www.roseandthistlesocial.com

  1. Rose and Thistle Social

Rose & Thistle Social Ltd is a Social Media Agency based in Scotland. Rose & Thistle Social Ltd is registered with the ICO as a Data Processor and Data Controller.

  1. The relevant lawful bases for processing your data

Data protection law outlines several reasons for which a company may collect and process your data. Rose & Thistle Social Ltd has identified the lawful bases for processing your data as the following:

Consent

In certain circumstances, we can collect and process the data you provide us with your positive consent. For example, when you fill in a form or 'tick' a box to receive our newsletters.

Contractual obligation

In some cases, we need your personal data in order to comply with our contractual obligation to you. For example, if you purchase a social media management package, we require your contact details, including your home or registered business address and phone number.

Legal compliance

If the law requires us to, we may need to collect and process your data. For example, we may need to pass on your data to the police if, by chance, you are involved in or subject to criminal activity.

Legitimate interests

In specific situations, we require your data to pursue our legitimate interests in a way that may reasonably be expected to be able to run our business. Such action does not materially impact your rights, freedom or interests. For example, we may use your email address to contact you with specific information relating to your business and/ or our services which you have purchased, important notices or changes and any other relevant information that is fundamental to our contractual obligation to you as our customer.

  1. When do we collect your data?
  • When you book a service package, this is done through email, telephone, in person or social media, depending on how you contact us, or via invoice issued by 'Quickbooks'.
  • When you purchase an online course, this is done through the third-party booking system 'Podia' and 'Stripe'.
  • When you contact us with a query or feedback via email, telephone, social media or in person
  • When you complete any surveys or questionnaires generated by us
  • When you complete any online forms (when applicable) for specific reasons
  • When we use Zoom or our online Facebook group community, or when you use any premises that we operate in that uses CCTV – these systems may record your image during your visit, only for safety reasons and within public areas.

  1. What sort of data do we collect?

We use several third-party companies to support our business.

  • For our file storage and email provision, we use 'Google Workspace'
  • For our website hosting, we use 'Webflow' and 'Podia'
  • For the delivery of online support services, we use 'Zoom', 'Facebook' and 'Podia'
  • For online payments, we use 'Stripe' as our payment processor.
  • We use MailerLite, Google Forms, Bonjoro, Facebook, LinkedIn, Google, TikTok, Metricool, Agorapulse and Instagram for marketing purposes.

Please note that all third-party companies we use have their own and separate Privacy Policies, which can be viewed via the links below – beware when using external sites:

Google Workspace: https://support.google.com/docs/answer/13447401?sjid=17430243632456092725-EU

Webflow: https://webflow.com/legal/privacy

Stripe https://stripe.com/gb/privacy

Zoom: https://www.zoom.us/privacy

Podia: https://www.podia.com/privacy

MailerLite: https://www.mailerlite.com/legal/privacy-policy

Bonjoro: https://www.bonjoro.com/privacy-policy

Facebook: https://www.facebook.com/policy.php

Instagram: https://help.instagram.com/519522125107875?helpref=page_content

Linkedin: https://www.linkedin.com/legal/privacy-policy

Pinterest: https://policy.pinterest.com/en-gb/privacy-policy

TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/en

Google/Google Forms: https://policies.google.com/privacy  

If you contact Rose & Thistle Social Ltd by email, we will access your email address and may also request additional information such as your registered business or home address, phone number and the name and nature of your business, as well as social media handles for yourself and/or your business.

If you register for a Discovery Call, we will likely ask you for the following:

  • Your full name
  • Email address
  • Postal address
  • Telephone number
  • Social Media handles
  • Web address

If you access 'Zoom' to participate in a Discovery Call or meetings as part of your service, you may be required to issue your personal data through their secure site.

If you make a payment via Podia, the third-party payment platform 'Stripe' will be used to process and safely handle your payment. You will be required to issue your personal data through their secure site, including payment details.

If you get in touch with us for any other reason, specifically through our website 'contact form', we collect the following personal data through our website host, Webflow:

  • Full name
  • Email Address


We may collect specific personal data from you when using MailerLite and/or Google Forms services including, but not limited to:

  • Full name(s)
  • Contact number(s)
  • Email addresses
  • Opinions/Feedback (via online surveys or questionnaires) It is at your own discretion which information you choose to share with us, whether directly or via one of the third-party companies we use. Please be aware that some or all platforms may require essential information to meet contractual obligations to you as a customer.

3. How and why do we use your data?

We only collect the data concerning you that is absolutely essential. Given the nature of the services we offer, it is important that we collect reasonable contact details from customers to provide accurate and appropriate business advice.

To meet our contractual obligation to you as a customer, we will use your email address and mobile number in order to:

  • Send confirmations of Discovery Call or meeting bookings you have made
  • Send confirmations of Discovery Call or meeting bookings that you have requested we make on your behalf
  • Send invoices for payments and/ or outstanding payments
  • Inform you of any Discovery Call or meeting changes, or urgent notices
  • Notify you of any notable changes in Rose & Thistle Social Ltd policies or procedures
  • Notify you of any other relevant information that directly affects you as a customer

We will only use your email address to send you marketing and/ or promotional material if we have your consent to do so. We sometimes use MailerLite to send out email marketing campaigns. You can change how we use your data at any time and can request that we do so by emailing info@roseandthistlesocial.com.

Please be aware that some changes may result in us being unable to provide you with the services you initially requested and may therefore result in a request refusal. For example, if you are a current customer of Rose & Thistle Social Ltd and you ask us to remove your email address and telephone number from our records, we will then be unable to contact you about booking changes, new policy notices, outstanding balances and other important information relating to your bookings. In scenarios like this and depending on your situation, we may reasonably refuse your request.

Information you provide will be used for the purposes of booking calls (name, email address and phone number). If you do not provide us with specific details, we cannot fulfil our contractual obligations to you. For example, if you fail to provide your email address, we are unable to contact you via 'Zoom' to undertake our calls, meaning we are unable to fulfil our contractual obligation to you.

If the law requires, we may use your data and share this with law enforcement. For example, when a court order is submitted to share data with law enforcement agencies or a court of law, we are legally obliged to provide access to the personal data we have collected about you.

4. Direct marketing and opt-out

Only Abigail McLoughlin of Rose & Thistle Social Ltd, or duly authorised sub-contracted staff, can access or view your personal data only under legitimate business interests.

Rose & Thistle Social Ltd will only ever contact you with relevant and honest marketing material if we consent. If we do have your consent, we may periodically contact you via email to offer you our services which we feel you would be genuinely interested in. To support our marketing efforts, we may also use MailerLite, Podia, Facebook, LinkedIn and Instagram. To be able to use this service, we must upload your email address to the MailerLite system for us to be able to send out marketing campaigns or similar. You will not receive marketing or promotional emails through MailerLite if we do not have your consent, and you can opt out at any time after consenting. The same goes for Podia. For example, if you are a current customer and we launch a new offering that we feel you would be interested in, we may contact you to see if you would like to know more about the service. This includes courses, packages, training and events.

We never share your data with any third party other than those mentioned above under our contractual obligation to you.

If you no longer wish to receive direct marketing through email or MailerLite regarding Rose & Thistle Social Ltd offerings that may be of interest to you, then you can request to opt out by either:

  • Emailing: info@roseandthistlesocial.com
  • Clicking 'Unsubscribe' at the foot of an email (MailerLite or Podia platform only)

Please be aware that by opting out, we may be unable to offer some of our services to you, and you may miss out on some of our offerings. For example, if you ask us to remove you from the email mailing list(s), you will only receive information that is specific to your current service, and you will not receive any updates regarding new packages, procedures, challenges, special offers or similar. However, if you are in any doubt, please let us know, and we will be more than happy to clarify.

5. How we protect your data

The security of your data is extremely important to us. We have done our utmost to ensure that the third-party companies we use to support our business have sufficient security procedures and protection.

Classifications:

  • Rose & Thistle Social Ltd is the Data Controller
  • Google Workspace is a Data Processor that collects and stores your personal data on behalf of Rose & Thistle Social Ltd.
  • Podia is a Data Processor that collects and stores your personal data on behalf of Rose & Thistle Ltd.
  • Webflow is a Data Processor and is used to collect some of your personal data on behalf of Rose & Thistle Social Ltd.
  • Stripe is a Data Processor and handles our online payments via Podia.
  • MailerLite is a Data Processor and is used for online and email marketing on behalf of Rose & Thistle Social Ltd
  • Google Forms is a Data Processor and is used for online surveys and questionnaires for market research.
  • Bonjoro is a Data Processor and is used for marketing purposes and market research.
  • Google is a Data Processor and is used for online surveys and questionnaires for market research.

Rose & Thistle Social Ltd computing equipment is password protected, as is our access to the third-party websites we use to support our business, highlighted above. Only Rose & Thistle Social Ltd staff or duly authorised sub-contractors (e.g. admin staff) can view any personal data you provide to us (the aforementioned can only access or process any information you provide if they have signed a GDPR compliant data protection/confidentiality agreement.)

6. How long will we keep your data?

We only keep the data you provided us for as long as necessary. For example, if you book a Social Media Management package in January 2024, we will hold your details in our systems until you officially terminate your contract with us (allowing for any over-running of your package), as we will use your personal data to get in touch, to schedule meetings sessions. We will also request if you would like to stay on our database should you wish to return to services at a future date/want to stay up to date with new offers following the end of your package. Should you choose to decline such an offer or ask to be removed, we will then remove your details from our active customer files.

Beyond this point, we may still retain certain information regarding any payments/transactions you have made to us to meet our own legal obligations. Any contractual documents in which you share personal data with us will be kept for up to 6 years after the date of the original transaction in order to comply with our own legal obligations regarding the retention of financial records. Financial data, including payment documents and transaction details, may be stored for a period of up to 6 years after you cease activities with us due to our own legal obligations regarding the retention of financial records. Any other personal data you share with us, such as contact information via alternative methods such as email or text, are deleted 12 months after sharing unless you request us to remove such details before then.

Please note when you register any details with Google, Stripe, Webflow, MailerLite, Google Forms, Bonjoro, Facebook, LinkedIn, TikTok or Instagram, you hereby follow their Privacy Policy. Their data retention duration may differ from ours.

We can remove your details via our database at any time – to request your details be removed; please email us at info@roseandthistlesocial.com. Please be aware if you are a current customer of ours, and you request to remove some or all of the personal data you shared with us, we may be unable to offer some or all of the services you asked for when initially signing up, and we may be unable to carry out your request if you:

  • Are still an active customer – we need to have essential details about you to fulfil our contractual obligation to you.
  • Have an outstanding financial balance due to us, linked to a service we have provided to you – until such an amount is settled

Please note: web data is electronically deleted/removed, and any data in hard-copy format is disposed of via an appropriate confidential waste method.

7. Who do we share your data with?

Other than the companies mentioned above who support our business activities, we DO NOT share or sell your personal data to any other third-party company. Your personal data is important to us, so it is important for you to know that we only use it for our specific business purposes and nothing else. Please be aware that it may be necessary for us to share your information with local authorities, law enforcement and for any other legal reason and in such cases; we do not require your consent to do so.

8. Where your data may be processed

As a business, Rose & Thistle Social Ltd operates inside the European Economic Area (EEA) and therefore does not process the data that we receive from our operational support companies listed above outside the EEA. However, as we use third-party companies to support our business, your data may be processed outside the EEA before it reaches Rose & Thistle Social Ltd. Please refer to the respective company Privacy Policies for further guidance, links above.

Otherwise, it may be necessary from time-to-time for staff or nominated sub-contractors to process your personal data (such as a name) privately between you and/or staff via email or on social media platforms such as Facebook or Instagram and/ or via mobile phone for the purposes of:

  • Amending or updating booking details and/or coaching sessions at short notice
  • Co-ordinating events or similar quickly and easily

In addition, we have our private Facebook page, which is viewable to members of our Instagram Coaching Course, 'The IG Growth Accelerator', who visits online. If you choose to comment or share any personal data (such as names, addresses, phone numbers etc.) on this private Facebook page, other Facebook users may be able to see this data too. Please be aware that Facebook, Instagram and other social media platforms operate their own privacy policies, which are applicable when you use their respective sites/apps:

Facebook: https://www.facebook.com/about/privacy/update

Instagram: https://help.instagram.com/519522125107875?helpref=page_content

Such social media pages or groups associated with Rose & Thistle Social Ltd are created solely for genuine business purposes and to assist with delivering our services to customers efficiently and informatively. You, as a Data Subject, should not wilfully share any specific personal or sensitive data about yourself publicly on any Rose & Thistle Social Ltd associated social media platform. Please only do so at your own discretion and with full awareness of the potential risks of sharing such data. Any personal data that is wilfully shared with Rose & Thistle Social Ltd on social media platforms is carefully and professionally collected and processed by staff only. Although we treat such data confidentially to the best of our abilities, we do not recommend sharing sensitive data in this way (such as addresses, phone numbers, medical records or bank details) due to discrepancies and risks relating to social media security. We recommend that, only if necessary, you email any personal or sensitive data instead if circumstances permit.

PHOTOGRAPHY / VIDEOGRAPHY

We will only process or share personal data, such as photography and videography, for marketing purposes if you have permitted us to do so.

9. Your rights to privacy

It is important to know your rights. Whilst we are not experts in providing such advice, it is our understanding that you can request the following:

  • Access to the personal data we hold about you – free of charge
  • We correct or amend any personal data we hold about you, e.g. phone number or email address.
  • That we no longer send marketing or promotional material to you (If you wish to access, amend or remove the personal data that we hold about you, please email us: info@roseandthistlesocial.com and allow up to 30 days for your request to be processed and your data updated). This means that you may receive some communications in the period of 'cross-over' until the systems are fully updated. If we cannot satisfy your request for any reason, we will let you know why – this includes the refusal of your request and any uncontrollable delays we may face in obtaining your information at short notice.

Please be aware that if you have opted in at any point with us (or any company) to use or process your personal data, it is your legal right to be able to withdraw your consent at any time. You can do this via the contact method above.

We may, from time to time, rely on legitimate interest for using or processing your data; however, you may ask us to stop doing so in relation to your specific circumstance using the contact method above. We will only action such requests if we have no genuine reason to continue using or processing your personal data.

You can request that we stop using your personal data to contact you with marketing/promotional material at any time, even if you have given us previous consent. We will always honour such a request.

10. Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are used to give the owners of the website information about the visitors. Information such as what time of day they are coming to the website and how long they spend on there.

Cookies can also be used to improve websites. For example, we may see that lots of visitors from the south aren't accessing their area information, so we could improve the website by making that information more prominent and easier to find.

We don't use many cookies, but the ones we would like to place on your computer are on this table, along with an explanation of what we would use them for:

Google Analytics

_utma

_utmb

_utmc

_utmz

These cookies collect information about the way visitors access the information on our website. We use that information to make improvements and produce statistics such as the number of visitors to the site and the most popular pages being viewed. The cookies collect information anonymously.

More information on privacy and security from Google.

If you would like to learn more about cookies, how they are used, which ones are on your computer and how to remove them, visit: www.allaboutcookies.org.You can also choose to opt out of Google Analytics tracking your website activity. To do this, visit http://tools.google.com/dlpage/gaoptout.

When you use this website and agree for us to place cookies on your computer, you agree that we may use your personal information for the purposes set out in this statement.

Other than as set out above, we will not distribute your personal information to third parties unless we have your permission or are required to by law. We will not sell or lease your information to any third parties.

SITE TRACKING

We use tracking software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website to better meet the needs of visitors. This software does not enable us to capture any personally identifying information.

We may also gather other non-personal information (from which we cannot identify you), such as the type of your internet browser which we use to provide you with a more effective service.

By continuing to use www.roseandthistlesocial.com, or the "site", without acknowledging or taking action on the Cookie Notification that appears on the home page, you hereby agree to our/Webflows' use of cookies in the manner described in this notice. Cookies are small text files that are stored on your browser or hard drive on your computer or other device when you visit the site. This basically allows the site to recognise you, as a user, for the duration of your site visit (using a 'session cookie') or for repeat visits (a 'persistent cookie'). These are not harmful in any way and do not contain any sensitive data such as your date of birth, address or card details. Effectively, cookies are in place to improve the user experience when visiting websites, including ours. We use cookies for a number of purposes – some of which are strictly necessary, including but not limited to items such as language preferences and other user settings. Note that some cookies are automatically 'enabled' on browsers/devices, but read on should you need help adjusting your preferences regarding cookies. We use WordPress to host our website; please refer to their statement regarding cookies within their privacy policy (detailed above).

Please be aware that if you are using any external website, including Podia, Stripe, MailerLite or any other external website, their own privacy and cookies policy should be acknowledged/understood before website use. You can manage the cookies on your computer or devices through your internet browser/settings; help links are provided below.

Please note that Rose & Thistle Social Ltd is not responsible for the content of external websites:

Firefox: http://support.mozilla.org/en-US/kb/

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internetexplorer-delete-manage-cookies

Safari: https://support.apple.com/kb/PH19214

Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647

If you choose to disable the use of cookies, you may restrict your user experience on not only our site but also the websites of the third-party companies we use to support our business activities.

11. Relevant contact information

We have done our utmost to ensure that this policy is clear and helpful in allowing you to understand the way we handle your data, including your rights over it. Should you have a question that has not been answered above or simply want to discuss our Privacy Policy further, feel free to contact us by any of the following methods:

  • Email: info@roseandthistlesocial.com

To find out more information regarding the GDPR and to make any complaints, please visit the governing body website at: www.ico.org.uk.

Menu

About Us
Services
Contact Us
Privacy Policy

Find Us

LinkedIn
Instagram
Facebook
Company number:  SC773883
© Copyright Rose & Thistle Social Limited 2024. All Rights Reserved.