Saunatech AS
Verification & compliance site

Privacy Policy

This policy explains how Saunatech AS handles personal information when you use this informational website and, where relevant, our sauna booking/operations services platform.

It is written as a high-level overview for users, partners, and compliance reviewers. Service-specific notices may provide additional details where needed.

Who we are (data controller)

  • Saunatech AS is the data controller for personal information covered by this policy.
  • Address: Kløverveien 12, 4326 Sandnes, Norway.
  • Privacy contact: privacy@saunatech.no.

What we collect

  • Contact information you send us: If you email us or use support channels, we collect the information you include in your message.
  • Account and booking information: If you use Saunatech services, we may process account details, reservation records, and service-related communication history.
  • Payment processing information: Payments are processed by Stripe and other payment partners as needed. We do not store full card numbers on our own systems.
  • Usage data and logs: We may process technical data such as IP address, device/browser information, timestamps, and basic cookie/session data required for essential functionality, security, and diagnostics.
  • Optional location data: If map/nearby features are offered, location data is used only when you choose to enable it.

How we use information

  • Provide, operate, and maintain our informational website and service platform.
  • Deliver customer support and respond to operational, legal, and privacy requests.
  • Process payments, refunds, and related transaction records through payment providers.
  • Protect security, prevent abuse/fraud, and investigate incidents.
  • Improve reliability, performance, and product quality over time.
  • We process information when needed to perform a contract or provide requested services.
  • We process information to comply with legal obligations (for example accounting, tax, and fraud-prevention requirements).
  • We may process information for legitimate interests, such as service security and reliability, balanced against your rights.
  • Where required, we rely on consent (for example optional features) and you can withdraw consent at any time.

Sharing

  • We share personal information with service providers that help us operate our services, such as hosting and email providers.
  • Payment-related information is shared with payment processors, including Stripe, to complete transactions and handle refunds/disputes.
  • We may disclose information where required by law, regulation, court order, or to protect rights, safety, and security.
  • We do not sell personal information.

International transfers

  • Some providers may process data outside Norway/EEA.
  • When transfers occur, we use safeguards required by applicable law, such as contractual protections and provider compliance commitments.

Retention

  • We retain information for as long as needed to provide services and support, meet legal/accounting obligations, resolve disputes, and enforce agreements.
  • When data is no longer needed, we delete it or anonymize it using reasonable processes.

Your rights

  • Depending on applicable law, you may request access, correction, deletion, restriction, objection, and data portability.
  • You may withdraw consent where processing is based on consent, without affecting prior lawful processing.
  • To protect account security, we may ask for reasonable identity verification before completing certain requests.
  • Some requests can be limited where exceptions apply under law, such as records required for legal compliance or dispute handling.
  • You may file a complaint with Datatilsynet (Norway) if you believe your data rights have been violated.

Security

  • We use reasonable technical and organizational measures to protect personal information.
  • No system is completely secure, and we cannot guarantee absolute security.

Children's privacy

  • Our informational site is not directed to young children.
  • If we learn that personal information was provided in violation of applicable law, we will take reasonable steps to remove it.

Contact and updates