We are committed to protecting your personal information and complying with the General Data Protection Regulation (GDPR). This Privacy Policy explains what data we collect, how we use it, the legal bases for processing, and your rights.

1. Data Controller

Baked Sauna Ltd
Scotland Rd, Zelah, Truro TR4 9JG
Email: info@bakedsauna.co

We are the Data Controller responsible for your personal data.

2. Information We Collect

We collect and process the following types of data:

a. Personal Data Provided by You

• Name

• Email address

• Phone number

• Billing details

• Booking information (dates, times, preferences)

b. Technical Data

• IP address

• Browser type

• Device information

• Cookie data

c. Payment Information

Handled securely by third-party payment processors Stripe & PayPal. We do not store payment card details.

3. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

• Contract: To process, confirm, and manage your sauna bookings and payments.

• Consent: For sending marketing emails or newsletters. You may withdraw consent at any time.

• Legitimate Interests: To improve website performance, ensure security, and manage customer service.

• Legal Obligation: For financial record-keeping and compliance with tax laws.

4. How We Use Your Data

We use your information to:

• Manage bookings and payments

• Send confirmations, reminders, or changes to your reservation

• Provide customer support

• Improve website performance and security

• Send optional marketing communications (only when consent is given)

We do not sell or rent your data.

5. Sharing Your Data

We may share your data with:

• Payment processors (e.g., Stripe, PayPal)

• Booking platforms or scheduling tools

• Website hosting and analytics providers

Where data is transferred outside the EU/EEA (for example, to US-based providers), we ensure GDPR compliance through:

• Standard Contractual Clauses (SCCs), or

• Provider participation in an approved adequacy mechanism

All third parties must comply with GDPR and process data securely.

6. Data Retention

We keep your data only as long as needed for each purpose:

• Booking and payment records: 6 years (legal and tax obligations)

• Marketing emails: Until you unsubscribe or request deletion

• Analytics and cookies: Typically 12–24 months (depending on provider settings)

7. Cookies

We use essential and non-essential cookies.

Essential Cookies

Required for website functionality and booking processes.

Non-Essential Cookies (e.g., analytics)

Used only with your consent. You may manage cookie preferences via our cookie banner.

You can disable cookies through your browser settings at any time.

8. Your GDPR Rights

You have the right to:

• Access your data

• Correct inaccurate data

• Request deletion of your data

• Restrict processing

• Object to processing based on legitimate interests

• Withdraw consent for marketing

• Request data portability

To exercise these rights, contact us at info@bakedsauna.co

If you believe your data has been mishandled, you may lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO).

9. Security

We use technical and organisational measures to keep your data secure. While no system is completely secure, we follow industry best practices.

10. Changes to This Policy

We may update this Privacy Policy occasionally.
Changes will be posted on this page with an updated revision date.