Privacy Policy

Effective date: 09 February 2026

Controller:
Asora B.V., trading under the name “Orchesi”
Industriestraat 22
6135 KH Sittard
The Netherlands
KvK: 88056422
VAT: NL864490008B01

Email: support@orchesi.com

1. Introduction

This Privacy Policy explains how Orchesi processes personal data when you use our software platform (“Service”). We comply with the General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

2. Roles under GDPR

Depending on the context:

  • Orchesi is the data controller for:
    • account creation
    • billing and payments
    • support communications
    • marketing and product updates
  • Associations are the data controller for:
    • member management
    • scheduling
    • attendance
    • uploaded content
  • Orchesi acts as data processor when processing member data on behalf of an Association.

3. Personal Data We Process

3.1 Account and Profile Data

  • Name
  • Email address
  • Profile photo (optional)
  • Birthday (optional)
  • Language and notification preferences

3.2 Association Data

  • Association name
  • Role within the Association
  • Member status (active/inactive)

3.3 Usage Data

  • Login timestamps
  • Feature usage
  • Device and browser information

3.4 Uploaded Content

  • Photos
  • PDF files
  • Messages and comments

3.5 Billing Data

  • Subscription plan
  • Active member count
  • VAT number (if provided)
  • Payment status

Note: Payment details (e.g. card numbers) are processed by Stripe and are not stored by Orchesi.

4. Legal Bases for Processing

We process personal data based on:

  • performance of a contract
  • legal obligations (e.g. tax law)
  • legitimate interests (security, service improvement)
  • consent (where required)

5. Communications

Orchesi may send:

  • service-related emails
  • account and billing notifications
  • push notifications within the app

We do not send SMS or WhatsApp messages.

6. Cookies and Tracking

Orchesi uses functional and analytical cookies necessary for operation and improvement of the Service. Where legally required, consent will be requested. You can read more about our cookie-usage in our cookie policy.

7. Data Sharing

We share data only with:

  • infrastructure and hosting providers
  • payment processors
  • analytics and monitoring providers

All processors are bound by confidentiality and GDPR-compliant agreements.

8. Data Retention

  • Account and Association data is retained while the account is active.
  • After termination, data is deleted within 30 days, unless legal retention is required.
  • Backup data is overwritten according to standard retention cycles.

9. Data Subject Rights

You have the right to:

  • access your personal data
  • request correction or deletion
  • object to processing
  • request restriction of processing
  • request data portability (Article 20 GDPR)

Important: Orchesi does not provide general export functionality.
Data portability is handled only upon explicit request and limited to personal data that must legally be provided.

Requests can be sent to: support@orchesi.com

10. Security Measures

Orchesi applies appropriate technical and organisational measures, including:

  • encrypted connections (TLS / SSL)
  • access controls
  • role-based permissions
  • regular security updates

11. International Transfers

Data is processed within the European Economic Area (EEA). If data is transferred outside the EEA, appropriate safeguards (such as Standard Contractual Clauses) are applied.

12. Changes

This Privacy Policy may be updated. Material changes will be communicated via the Service or email.

13. Contact

Questions or complaints can be sent to support@orchesi.com

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).