Privacy Policy & GDPR

Privacy Statement

We view data privacy as a fundamental component of doing business. Our Privacy Statement and practices are focused on processing personal data appropriately and lawfully, while providing confidentiality, integrity and availability.

This Privacy Statement applies to owned and operated by Ltd primary operational entity, incorporated in UK. For the purpose of this Privacy Statement, the terms “SaunaGrow”, “RoomAuction”, “we”, “us”, or “our”, refers to the whole company.

This Privacy Statement represents the full online privacy policy applicable to our activities. The Privacy Statement explains the types of information we collect, how we use, share, and secure the information you provide. It also describes your choices regarding use, access and correction of your personal data.

We process personal data within the EU. Our activities are governed in accordance with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), which is a directly binding legislative act. The GDPR protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

RoomAuction is considered to be the data controller and will determine the purposes and means of the processing of personal data.

Personal data

Personal data means any information relating to an identified or identifiable natural person. Personal data includes all types of information that directly or indirectly identify a person, such as names, dates of birth, addresses, e-mail addresses, telephone numbers etc.


Our Privacy Statement is based on the following data protection principles:

  • The processing of personal data shall take place in a lawful, fair and transparent way;
  • The collecting of personal data shall only be performed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • The collecting of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
  • The personal data shall be accurate and where necessary, kept up to date;
  • Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Personal data shall be kept in a form which permits identification for no longer than it is necessary for the purpose for which the personal data are processed;
  • All personal data shall be kept confidential and stored in a manner that ensures appropriate security;
  • Personal data shall not be shared with third parties unless the transfer is necessary in order for RoomAuction to deliver the services in the Agreement;
  • You have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability.

Collection and Use of personal data

If you would like to benefit from our services and submit information to us, you may be asked to provide personal data in order for us to operate and improve our business and services. Personal data may be submitted via our website, mobile apps, email, other electronic or software solutions supported by us, postal service or phone. All personal data is collected in accordance with the GDPR. We will process personal data only to the extent required for a specified, explicit and legitimate purpose or for a purpose required by law in places where we operate.

We primarily collect personal data such as names, e-mail addresses, telephone numbers. We collect this personal data for the purpose of delivering our Service. Business advise is the core business of SaunaGrow.

Furthermore, we collect personal data for other purposes such as statistics, administration and communication, IT and security administration, physical security, authentication and authorization systems, support systems, collaboration of internal projects and organizational teams and activities.

We will use personal data for the purpose it is collected, and keep the data for no longer than necessary for that purpose. We may retain your information for as long as your account is active or as needed to provide services, comply with our legal obligations or any of the purposes listed above. Access to personal data is strictly limited to personnel of Ltd and it’s controlled subsidiaries and affiliates who have appropriate authorization and a clear business need for the data.

Our website and our partners use cookies or similar technologies to ensure the best user experience and to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. Cookies are small text files that are placed on your device to track usage patterns and record preferences. Our cookies do not contain information that can directly identify persons. We gather certain information automatically by the use of cookies and tracking technologies such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our site (e.g. HTML pages, graphics), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer site. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit the use of certain features or functions on our website or service.

Sharing of personal data

We will only transfer the personal data to third parties under the conditions as listed below:

  • if you have given consent;
  • if it is for a purpose directly related to the original purpose for which the personal data was collected;
  • if it is necessary for the preparation, negotiation and fulfilling the Agreement with you;
  • if it is required due to legal obligation, administrative or court order;
  • if it is required for the establishment or protection of legal claims or in defense of court actions;
  • if it is required for responding to lawful requests by public authorities, including to meet national security or law enforcement requirements
  • if it serves the prevention of misuse or other illegal activities, such as deliberate attacks, to ensure data security.

Service providers will only be permitted to obtain the personal data that they need to deliver their service. We will not disclose personal data to third parties for the purpose of allowing them to market their products or services to you. If you do not want us to share personal data with these companies, please contact the Data Protection Officer (“DPO”), Boleslaw Drapella, e-mail:

Security of processing

The security of your personal data is important to us. We will process personal data securely, apply and maintain appropriate and generally accepted standards of technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Questions about the security of personal data, can be directed to the DPO, Boleslaw Drapella, e-mail:

Your data protection rights

You have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability, at any time. To help us keep personal data updated, we advise you to inform us of any changes or discrepancies. To view and/or edit personal data, or receive information on how long we intend to retain personal data or other questions related to the access of personal data, or if you would like to request that we provide you with information about whether we hold, or process on behalf of a third party, any of your personal data, please contact the DPO, Boleslaw Drapella, e-mail: We will respond to your request within a reasonable timeframe.

Marketing e-mails and Advertising Preferences

Upon consent we are allowed to send marketing e-mails. This specific form of consent must be freely given, specific informed and unambiguous. These requirements are fulfilled when you opt-in to receive marketing e-mails (actively agreed).

You will always have the right to object, on request and free of charge, to the processing of your personal data relating for purposes of direct marketing activities without having to provide specific justifications. You can do so by using the “Unsubscribe” link found in emails received from us or by contacting us at If you object, your personal data will no longer be processed for direct marketing.

The marketing e-mails contain information which we believe may be of interest, such as the latest news on our products and services.

We partner with a third party to display advertising on our website or to manage our advertising on other sites. Our third party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here [or if located in the European Union click here]. Please note you will continue to receive generic ads.


The Privacy Statement is under the responsibility of DPO who is ensuring compliance with the Privacy Statement on a daily basis and is involved in all issues related to the protection of personal data.

We are responsible for and will at any given time be able to demonstrate compliance with the GDPR as well as our principles set out in this Privacy Statement. We shall maintain records of processing activities under our responsibility containing the information required by the GDPR and where applicable make the records available to the supervisory authority on request.

Any inquiries concerning this Privacy Statement can be directed to the DPO, Bolesław Drapella, e-mail:


You have the right to file a complaint concerning our processing of your personal data. All queries and complaints shall be handled in a timely manner by the DPO in accordance with internal procedures. Complaints can be submitted to the DPO, Boleslaw Drapella, e-mail:

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at

In the unlikely event that you consider that our processing of your personal data infringes the GDPR, you may also lodge a complaint with a supervisory authority.

Changes to this Privacy Statement

This Privacy Statement may be updated from time to time, e.g. due to modifications of relevant legislation or changes to our corporate structure. If any material changes are made, you will be notified by e-mail or by means of notice on the website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.


7 The Southend, Ledbury,

HR8 2EY , United Kingdom

VAT GB 840 7458 20 , Company No: 5195474

Effective Date: January 12, 2019