Privacy Policy

Pursuant to GDPR (EU) 2016/679

1. Data Controller

The controller within the meaning of the GDPR is:
OrigoSoft e.U, Tamas Rez
Kesselmannstraße 22
5324 Faistenau, Austria
Email:
Phone:
Registration number: FN 477731 x, ATU

2. Data Collected and Purpose

We process the following personal data:

  • Name and email address — for identification and communication
  • Date of birth (full date or year only) — for identity verification, member administration, and federation reporting
  • Gender — for correct salutation (optional)
  • Consumption data (products, quantities, prices, timestamps) — for billing
  • Payment data (amount, date) — for accounting
  • Booking data (resource, time ranges, participant count, status, booking reference, no-show/cancellation metadata) — for reservation management
  • Free-text booking notes (member notes, internal notes) — for operational handling of bookings
  • Booking finance data (amount, currency, billing status, linked payment request) — for proper settlement
  • Sport profiles (federation ID per sport) — for federation reporting and licensing purposes; legal basis: Art. 6(1)(b) GDPR
  • Tournament participation data (player name, date of birth/year, federation ID, match result, round) — for tournament administration and federation reporting; applies to both tenant members and external (non-member) participants; legal basis: Art. 6(1)(b) or (f) GDPR
  • Consent IP address — as proof of granted consent
  • Phone number — for contact (optional, if provided)
  • Login logs — for security and traceability
  • Wallet pass data (serial number, platform, issue date) — for providing the member pass via Apple Wallet or Google Wallet; only for members who actively add the pass; legal basis: Art. 6(1)(a) GDPR (consent)

Legal basis: Art. 6(1)(b) GDPR (performance of contract), Art. 6(1)(c) GDPR (legal retention obligations), and Art. 6(1)(f) GDPR (legitimate interest in proper accounting and tournament documentation).

3. Retention Periods and Erasure

Member data (name, email, date of birth, gender, phone number)

Inactive member accounts without activity are automatically anonymised after 2 year(s). After anonymisation, no conclusions can be drawn about the person concerned.

Sport profiles (federation IDs)

Sport profiles are permanently deleted when a member account is anonymised.

Tournament participation data (match results)

Match results are retained indefinitely for statistical and documentary purposes. When a member account is anonymised, the personal link is severed: the player name and date of birth are removed from the match record and the link to the member account is deleted. The result itself is retained in anonymous form. External (non-member) tournament participants may request deletion of their data by contacting the tenant in writing.

Wallet pass data

The wallet pass serial number and platform assignment are stored for the duration of active use. When the member pass is regenerated, the existing wallet pass is automatically invalidated. When an account is anonymised, all wallet pass data (including device IDs and push tokens) is deleted immediately.

Email campaigns

Email campaign delivery logs are deleted along with activity logs after 2 year(s). The recipient's email address is removed from all campaign logs when the account is anonymised.

Consent IP address

The IP address collected during registration is automatically deleted after 1 year(s). The timestamp of consent is retained as proof.

Accounting data (consumption, payments, payment requests, booking finance)

Consumption and payment data are subject to legal retention obligations (for example, under Section 132 BAO in Austria) and are therefore retained for 7 years. After account anonymisation, these records remain only in aggregated, non-personal form; assignment to a natural person is no longer possible.

Booking notes and internal notes

Free-text booking notes are removed when an account is anonymised, where they may still contain personal data.

Activity log (audit log)

Security and activity logs are automatically deleted after 2 year(s).

4. Your Rights

  • Access (Art. 15 GDPR) — You may review and export your stored data at any time.
  • Rectification (Art. 16 GDPR) — You may correct your data in your profile.
  • Erasure (Art. 17 GDPR) — You may request anonymisation of your account. Accounting-relevant data remains in anonymised form in line with legal retention obligations.
  • Data portability (Art. 20 GDPR) — You may export your data as JSON or CSV.
  • Objection (Art. 21 GDPR) — Please contact the controller named above.

5. Cookies and Technical Data

This application uses only technically necessary session cookies. No tracking cookies, analytics tools, or advertising services are used. The session is deleted on logout.

6. Data Sharing

Personal data is generally not shared with third parties, sold, or used for advertising purposes.

Exception: When using the wallet pass feature, the member's name, club name, and QR code identifier are transmitted to Apple Inc. (Apple Wallet) or Google LLC (Google Wallet). This only occurs at the member's explicit request. The respective provider's privacy policy applies.

When a VAT identification number is provided, it is transmitted to the EU Commission's VIES system (ec.europa.eu/taxation_customs/vies) for validity verification. Only the VAT number and country code are transmitted.

For online payments, name, email address, and payment amount are transmitted to the payment service provider Mollie B.V. (Netherlands). Mollie acts as a data processor under Art. 28 GDPR. More information: mollie.com/privacy.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. In Austria, this is the Austrian Data Protection Authority (DSB).

Version 8 — June 29, 2026