Privacy Policy
Last updated: 10 July 2026
This Privacy Policy explains how Orjinsoft ("we") processes your personal data as the operator of the Orjinsoft Gym platform (the web portal, the management panel and the mobile apps, together the "Platform"), in accordance with the EU General Data Protection Regulation ("GDPR") and applicable local data protection law.
1. Data Controller
Orjinsoft is the controller for account and platform data. When you join or purchase from a studio, that studio is an independent controller for its own membership relationship; the Platform acts as a processor on the studio's behalf for those records. You can reach us via the contact page.
2. Data We Process
- Account data: name, e-mail, phone, date of birth, address, profile photo.
- Membership & booking data: purchased memberships/packages, class bookings, attendance and cancellation history, credits.
- Payment data: payments are processed by payment providers (Stripe, iyzico). Your card number is never stored on our servers; we keep transaction records such as amount, date and the last 4 digits only.
- Technical data: IP address, session and security logs, device/browser information; in the mobile app additionally the app version, device model and push notification token.
3. Purposes and Legal Bases
- Contract performance: creating your account, bookings, purchases, membership management (Art. 6(1)(b) GDPR).
- Legal obligation: retention of invoicing and accounting records (Art. 6(1)(c) GDPR).
- Legitimate interest: security logging, fraud prevention, service improvement (Art. 6(1)(f) GDPR).
- Consent: marketing communication and optional notifications — withdrawable at any time (Art. 6(1)(a) GDPR).
4. Sharing
Your data is shared only as necessary: with the studio you book with or buy from, with payment providers (Stripe, iyzico), with our hosting and e-mail infrastructure providers, and with Google Firebase for mobile push notifications. We never sell your data.
5. Retention
Account data is kept for the duration of your membership. When you delete your account, it is permanently deactivated and the login identity is anonymised; records we are legally required to keep (e.g. invoicing/transaction records) are retained for the statutory period.
6. Your Rights
You have the right of access, rectification, erasure, restriction, data portability and objection (Art. 15–21 GDPR), and the right to lodge a complaint with a supervisory authority. You can delete your account yourself in the portal and in the app ("My account → Security → Delete account"). For any other request, use the contact page.
7. Cookies
The Platform uses strictly necessary cookies only (session, security such as request-forgery protection, language preference). No third-party marketing cookies are used.
8. Mobile Push Notifications
To deliver push notifications (booking confirmations/cancellations, reminders) we store your device push token. You can disable notifications in your device settings or in the app; logging out deactivates the token.
9. Changes
We may update this policy; material changes will be announced on the Platform. The current version is always published on this page.