The Salty Sauna — Duncannon BeachThe Salty SaunaBook

Privacy policy

This policy describes how The Salty Sauna, Duncannon, Co. Wexford ("we", "us") handles personal information when you use our website, create an account, or make a booking. It is written with the EU General Data Protection Regulation (GDPR) in mind. If you have questions, use the contact details shown in the site footer or on our booking pages.

Data controller

The data controller for personal data processed through this website and our booking service is The Salty Sauna, operating at Duncannon, Co. Wexford, Ireland.

What we collect

Depending on how you use the site, we may process the following categories of data:

  • Booking and checkout: name, email address, optional phone number, session date and time, number of guests, voucher codes you enter, and related booking status. We may link a booking to your account when you are signed in.
  • Account (optional): if you sign in, we store your account identifier, email, display name, and profile image when provided by your sign-in method (for example Google). We may store a loyalty or membership reference (such as a visit count and a short code for staff verification) and a saved cart (date, time, quantity, voucher) to make checkout easier.
  • Payments: payments are processed by Stripe. We do not receive or store your full card number or CVC on our servers. We may store Stripe identifiers (such as Checkout Session or Payment Intent IDs) to reconcile payments with bookings.
  • Sign-in tokens: if you use email magic links or social sign-in, our authentication provider stores the technical data needed for secure login (for example session tokens and, where applicable, OAuth tokens managed by our auth library).
  • Technical data: standard server and security logs may include IP address, browser type, and timestamps when you use the site, to operate and protect the service.

How we use your data

We use personal data to:

  • Take and manage bookings, including capacity, payments, and customer support.
  • Operate optional accounts, sign-in, and loyalty features you choose to use.
  • Meet legal, accounting, and tax obligations where they apply.
  • Protect the security and integrity of the website and our systems.

Under GDPR, we rely on appropriate lawful bases, including performance of a contract (processing necessary to complete your booking), legitimate interests (for example fraud prevention and improving the service, balanced against your rights), and consent where we ask for it explicitly.

Processors and sharing

We use trusted service providers to run the site. They process data only on our instructions and under appropriate agreements:

  • Stripe— payment processing. Stripe's privacy notice applies to payment data they handle.
  • Hosting and database — storage of booking and account data on infrastructure we configure for the service.
  • Email delivery — if email sign-in or transactional email is enabled, our SMTP or email provider sends messages on our behalf.
  • Google — if Google sign-in is enabled, Google processes authentication according to your Google account settings.

We do not sell your personal information. We may disclose data if required by law or to protect our rights and the safety of guests and staff.

Retention

We keep booking and payment-related records for as long as needed to run the business, resolve disputes, and comply with accounting and tax rules. Account and sign-in data are kept while your account exists or until you ask us to delete it, subject to any overriding legal retention requirements. Technical logs are typically kept for a limited period for security and diagnostics.

International transfers

Some providers (for example Stripe or cloud infrastructure) may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as Standard Contractual Clauses or providers' compliance measures as described in their documentation.

Your rights (GDPR)

If GDPR applies to you, you may have the right to access, rectify, or erase your personal data, to restrict or object to certain processing, and to data portability where applicable. You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal. You may lodge a complaint with the Data Protection Commission in Ireland or your local supervisory authority.

To exercise these rights, contact us using the details in the site footer. We may need to verify your identity before fulfilling a request.

Cookies and similar technologies

We use cookies and similar technologies that are necessary for the website to function, including to keep you signed in and to protect forms and checkout. You can control cookies through your browser settings; disabling essential cookies may prevent sign-in or booking from working correctly.

Children

Our sauna sessions are for guests aged 16 and over (see our terms). We do not knowingly collect personal data from children for marketing purposes. If you believe we have collected a child's data in error, please contact us.

Changes

We may update this policy from time to time. Please review this page periodically; material changes will be communicated where appropriate (for example on the website).