Privacy Policy

Privacy Policy

Last Updated: 23.02.2026

At Sea Scrub Sauna, we respect your privacy and are committed to protecting your personal information. This policy explains how we collect, use, and safeguard your data when you book sessions, sign up to our newsletter, or visit our website

Who We Are

Data Controller: Sea Scrub Sauna
Registered Address: 274 Northdown Road, Margate, Kent, England, CT9 2PT Sea Scrub Sauna  LTD
Contact Email: [email protected]
ICO Registration Number: 00010135219

If you have any questions about how we handle your data, please contact us at the email above.

What Personal Data We Collect

We collect different types of personal information depending on how you interact with us:

When you book a sauna session:

  • Name
  • Email address
  • Phone number
  • Payment information (processed securely by our payment provider)
  • Booking history and preferences
  • Any health information you disclose during the booking process
  • Guardian and waiver information for visitors under 18

When you sign up to our newsletter:

  • Email address
  • First name
  • Marketing preferences

When you visit our website:

  • Website usage data (pages viewed, time spent on site)
  • Device and browser information
  • IP address
  • Cookie data (see Cookies section below)

When you contact us:

  • Your name and contact details
  • The content of your message
  • Any other information you choose to provide

How We Collect Your Information

We gather your personal data through:

  • Our online booking system (Periode)
  • Newsletter signup forms (Mailchimp)
  • Contact forms on our website
  • Email and phone communications
  • On-site paper waivers and consent forms
  • Our website chat widget (Tidio)
  • Social media interactions
  • Website cookies and analytics

Why We Use Your Information (Lawful Basis)

Under UK GDPR, we must have a lawful basis for processing your personal data. Here’s why we use your information and our legal basis for doing so:

Contractual Necessity – To process your bookings:

  • Confirming and managing your sauna session bookings
  • Processing payments
  • Sending booking confirmations and reminders
  • Providing customer service related to your bookings

Legitimate Interests – To improve our service:

  • Analysing website usage to improve customer experience
  • Understanding booking patterns to optimise our schedule
  • Responding to feedback and enquiries
  • Maintaining records for business operations

Legal Obligation – To comply with the law:

  • Retaining financial records for tax and accounting purposes
  • Maintaining health and safety records where required

Consent – When you’ve given us permission:

  • Sending marketing emails and newsletters
  • Using cookies for analytics and advertising (see Cookies section)
  • Collecting and processing health information disclosed during booking

Special Category Data – Health Information: When you disclose medical conditions or health information during the booking process, we process this under explicit consent. This helps us ensure sauna sessions are safe for you and allows us to provide appropriate guidance. You can withdraw this consent at any time, though we may not be able to proceed with your booking if health disclosure is necessary for safety reasons.

Who We Share Your Data With

We share your personal information with trusted third parties who help us run our business:

Essential Service Providers:

  • Periode – Our booking system provider
  • Stripe and Adyen – Payment processors who securely handle card payments
  • Mailchimp – Email marketing platform (may use advertising partners including Meta/Facebook, Google, and Pinterest when you sign up to our newsletter)
  • Tidio – Customer service chatbot

Analytics and Marketing:

  • Koko Analytics – Privacy-friendly website analytics (data stored on our own servers, not shared with third parties)

Business Operations:

  • Our accountant and financial advisors
  • Legal advisors when necessary

We only share the minimum information necessary for these services to function. All third parties are required to keep your data secure and use it only for the purposes we specify.

We will never sell your personal data to third parties for marketing purposes.

How Long We Keep Your Data

We retain different types of data for different periods:

Booking Records:

  • Active customer records: Retained while you’re an active customer and for 7 years after your last booking (for accounting and legal purposes)

Financial Information:

  • Payment records: 7 years (legal requirement for tax purposes)

Marketing Data:

  • Newsletter subscriptions: Until you unsubscribe or request deletion
  • Marketing preferences: Until you withdraw consent

Website Analytics:

  • Koko Analytics data: 12 months

Health Disclosures:

  • Guardian waivers for minors: 6 years Customer Service Communications:

Customer Service Communications:

  • Email correspondence: 7 years
  • Tidio Chat transcripts: 90 Days

We regularly review our data retention practices and securely delete information when it’s no longer needed.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access You can request a copy of all personal data we hold about you. We’ll provide this within 30 days of your request.

Right to Rectification If any information we hold is inaccurate or incomplete, you can ask us to correct it.

Right to Erasure (Right to be Forgotten) You can request that we delete your personal data in certain circumstances, such as when it’s no longer necessary for the purposes we collected it.

Right to Restrict Processing You can ask us to limit how we use your data in certain situations, such as while we verify its accuracy.

Right to Object You can object to us processing your data for direct marketing purposes or based on legitimate interests.

Right to Data Portability You can request your data in a commonly used, machine-readable format to transfer to another service provider.

Right to Withdraw Consent Where we process your data based on consent (such as for marketing emails), you can withdraw that consent at any time.

How to Exercise Your Rights: To exercise any of these rights, contact us at [email protected] . We’ll respond within 30 days. There’s usually no charge for making a request, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies to improve your experience and understand how you use our site.

Essential Cookies:

Mailchimp Session Cookie (mcforms-sessionId)

  • Purpose: Remembers your interaction with newsletter signup forms
  • Duration: Session only (deleted when you close your browser)
  • Type: First-party

Analytics Cookies:

Koko Analytics (_koko_analytics_pages_viewed)

  • Purpose: Tracks which pages you visit to help us improve the website
  • Duration: Until midnight on the day of your visit
  • Type: First-party
  • Privacy-friendly: Data stored on our own servers, not shared with third parties, GDPR compliant

Third-Party Cookies (Newsletter Signup Only):

When you sign up to our newsletter via Mailchimp, the following third-party cookies may be set:

  • Facebook Pixel – For Mailchimp’s advertising integrations
  • Google Analytics and Google Ads – For Mailchimp’s advertising integrations
  • Pinterest – For Mailchimp’s advertising integrations

These cookies enable Mailchimp to provide analytics and advertising features. Important: These cookies are only set when you actively interact with our newsletter signup forms, not during general browsing of the site.

How to Control Cookies:

Most web browsers allow you to control cookies through their settings:

  • You can set your browser to refuse all cookies or alert you when cookies are being sent
  • You can delete cookies that have already been set
  • Be aware that disabling cookies may affect your ability to use certain features of our website

You can also opt out of third-party advertising cookies through:

  • Your browser settings
  • The Digital Advertising Alliance opt-out page (youronlinechoices.com/uk)
  • Google’s ad settings (adssettings.google.com)
  • Facebook’s ad preferences (facebook.com/ads/preferences)

For more information about cookies, visit allaboutcookies.org.

Children’s Privacy

We take the privacy of children seriously.

Sauna Sessions for Minors:

  • Children under 5 are not permitted in the sauna
  • Ages 5-12 can only join private sessions and require guardian supervision
  • Ages 12-18 can join social sessions with adult supervision
  • Cold plunge access is restricted to ages 16+
  • All children under 16 must be supervised at all times

Guardian Consent: A guardian waiver must be signed on-site before children can use our facilities. This waiver includes:

  • Guardian contact information
  • Emergency contact details
  • Health disclosures relevant to sauna safety
  • Consent for the child to use our facilities

We process this information under the lawful basis of explicit consent and contractual necessity (to provide the service safely). Guardian consent can be withdrawn at any time, though this would prevent the child from using our facilities.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it:

Technical Measures:

  • SSL encryption on our website (all data transmitted between your browser and our servers is encrypted)
  • Secure password policies for staff accessing customer data

Organisational Measures:

  • Restricted staff access to customer data (only staff who need it for their role can access it)
  • Regular staff training on data protection
  • Documented data breach response procedures
  • Regular security reviews and updates

While we do everything we can to protect your data, no method of transmission over the internet or electronic storage is 100% secure. If you suspect any unauthorised access to your account, please contact us immediately.

Data Breach Handling

While we take every precaution to protect your personal information, we recognise that no system is completely immune to security incidents.

If we discover a data breach that affects your personal information:

Within 72 hours of becoming aware: We’ll assess the nature and severity of the incident and notify the Information Commissioner’s Office (ICO) if the breach poses a risk to your rights and freedoms.

If the breach is serious: If there’s a high risk to you (for example, if financial information or sensitive health data is compromised), we’ll contact you directly by email or phone as quickly as possible. This notification will explain:

  • What happened
  • What data was affected
  • What we’re doing about it
  • What steps you can take to protect yourself

Our internal process: All data breaches, regardless of size, are logged and investigated by our senior management team. We’ll identify how the breach occurred, what data was affected, and implement measures to prevent similar incidents in the future.

What we won’t do: We’ll never ask you to provide passwords, payment details or other sensitive information in response to a breach notification. If you receive suspicious communications claiming to be from Sea Scrub Sauna following a data incident, contact us directly at [email protected]  to verify.

Your rights: If you believe we’ve mishandled a data breach affecting your information, you have the right to lodge a complaint with the ICO (see Complaints section below).

Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or services. When we make changes, we’ll update the “Last Updated” date at the top of this page.

If we make significant changes that affect how we use your personal data, we’ll notify you by:

  • Email (if we have your email address)
  • A prominent notice on our website
  • During your next booking

We encourage you to review this policy periodically to stay informed about how we protect your information.

Complaints and Further Information

How to Complain:

If you’re unhappy with how we’ve handled your personal data, please contact us first at [email protected] . We’ll do our best to resolve your concerns.

If you’re not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
 Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113
Website: ico.org.uk
Online reporting: ico.org.uk/make-a-complaint

Your right to complain is a fundamental part of UK GDPR. We won’t penalise you or treat you differently for making a complaint.

Newsletter Signup Notice

Important: By signing up to our newsletter, you agree to this privacy policy and Mailchimp’s use of cookies for analytics and advertising purposes.

You can unsubscribe from our newsletter at any time by clicking the “unsubscribe” link at the bottom of any email we send you, or by contacting us at [email protected].

Questions?

If anything in this policy is unclear or you have questions about how we handle your data, please don’t hesitate to contact us at [email protected].

We’re here to help, and we’re always happy to explain our practices in more detail.

Contact Info:

Margate: 07886 383693

Whitstable: 07886 383720

Macknade: 07361 226736

Folkestone: 07869 506836

Email: [email protected]
[email protected]

Join Our Team

Terms & Conditions

© 2026 Sea Scrub Sauna | Designed by Johnston Marketing
Apple Pay
Google Pay
Maestro
Mastercard
Visa

Sign Up To Be First In The Know

* indicates required