Privacy & Cookie Policy


This privacy notice tells you what to expect us to do with your personal information when you make contact with us or buy one of our products.


Our contact details

Rosa Macher
Thorn Barn


How we get your information

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made an enquiry

  • You wish to attend, or have attended, one of our pop-up stores

  • You are representing your business, for example, you contact us to offer your services

  • You are following up a meeting at an event

  • You have signed up to receive mailing information from us

We also receive personal information about you indirectly in the following circumstances:

·      Someone has made a purchase on your behalf and has asked us to send the item(s) to you

·      You work with someone with whom we have a work contract and they have given your details to us for work purposes.

We receive information by person, via email, via the contact form on our website or via our Instagram account.

We only request the information we need in order to respond effectively and efficiently to your enquiry or order:

·      Contact form: you will be asked to provide your first name, last name, email address

·      Order: you will be asked to provide your first name, last name, email address, shipping address, delivery address, telephone number and although you will be required to input your payment card details, we will see only the last 4 digits of payment card used

·      Mailing list: email address

·      Face to face meeting follow-ups: first name, last name, email address

Where we have a business relationship, we will request only the information necessary to effect that working relationship and we will explain why we need it on an individual basis.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.

Retention of information

We retain information only for as long as we need it and as long as our business-client relationship continues.

We will delete your information immediately if you withdraw your consent for us to process it. Where you make an enquiry, we respond and there is no subsequent follow-up, we will delete your information after 6 months.

We retain all details relating to payments, expenses and tax for the length of time specified by HMRC in the UK. 

Sharing your information

Internal access to your information is strictly controlled and on ‘a need to know’ basis only.

When you make an order through our website for delivery, we share your name, contact number and shipping address with DHL, our courier company.  Please read DHL’s Data Privacy Policy for the steps they take to protect information.

Otherwise we would only share your information with a third party if we were required to by law, for example by court order.

We do not share any of your information with third parties for the purposes of direct marketing.

Our emails

We use Microsoft Office 365 to manage our emails. You can read more about the steps they take to keep information secure in their security documentation. Here is a link to the Microsoft Privacy Policy for more information.

Your rights

Under data protection law, you have rights we need to make you aware of:

Right of access you have the right to ask us for copies of your personal information.

Right to rectification you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to erasure you have the right to ask us to erase your personal information in certain circumstances for example we no longer need it, you initially consented to receive information from us by making an enquiry but have subsequently changed your mind.

Right to restrict the use of your information we no longer need to keep your information but you want us to in order to create, exercise or defend any legal claims. 

Our website

Our website is built on a software platform called Squarespace. It is also hosted by them. You can read more about the way they ensure site users’ privacy is protected under EU Data Protection laws here:

Squarespace and GDPR
Squarespace Privacy Policy

When someone visits our website we use Google Analytics and Squarespace Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can find out more about all of this here:

Squarespace Analytics
Google Analytics and Squarespace
Google Privacy Policy

How do we use cookies?

We use cookies, small pieces of data that websites store on a device, to help our website run effectively and to provide the best experience for our site visitors. Some of these are functional and required cookies that allow visitors to navigate around the website. Others are analytical and performance cookies. You can find more information here about the cookies in use on our website.

You are in control of cookies and here are some quick links for you to find out how to manage cookies on popular browsers:

Google Chrome
Apple Safari - mobile devices & Apple Safari - Mac
Microsoft Edge
Mozilla Firefox
Microsoft Internet Explorer

You can also find out more about cookies on these two websites If you want further information about cookies on these two websites  or

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when it's necessary for the purposes of our legitimate interests.

Links to other websites

Where we provide links to websites of third parties, this policy does not cover how that business uses or processes personal information. We encourage you to read the privacy policies on the other websites you visit.

 Making a complaint

We take our legal responsibilities under data protections laws seriously. If you have any concerns about the way we have handled your information you should contact us at

If, following our response, you remain dissatisfied you have the right to complain to the Information Commissioner’s Office, the UK's independent body set up to uphold information rights.

 Changes to this policy

We keep this policy under regular review to make sure it is up to date and accurate.

February 2019