PRIVACY POLICY

Last Updated: May 6, 2025

Welcome to PianoHiTech (the "Site"). Your privacy is critically important to us. This Privacy Policy outlines the types of personal data we may collect, how we use and protect that data, and your rights concerning your data, in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

1. Data Controller

The Data Controller responsible for the processing of personal data collected through this Site is:
PianoHiTech
[Your Full Name or Formal Business Name, if applicable]
[Your Physical Address or Registered Office, if applicable - Optional if not a formal entity, but contact info is needed]
Contact email address for privacy-related inquiries: [pianothc791@gmail.com]

2. Types of Data Collected

We collect various types of data:

• Browsing Data (Log Data): The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment. This data is used solely for the purpose of obtaining anonymous statistical information on the use of the site, to check its correct functioning, and for security reasons. This data may be used to ascertain responsibility in case of hypothetical computer crimes against the site. This data is automatically collected by our hosting providers (e.g., Hostinger, Vercel).

• Data Provided Voluntarily by the User:

  • MIDI Files Uploaded to the "MIDI Visualizer": Users can upload MIDI files to utilize the "MIDI Visualizer" application embedded on our Site (hosted via Vercel). These files are processed by the application solely to enable visualization, playback, and potential export as a PNG image, as requested by the user during their active session. Important: PianoHiTech does NOT permanently store the MIDI files uploaded by users on its servers, nor are these files associated with any user-identifying data after the user session ends. The processing is temporary and strictly necessary to provide the requested service. Users are solely responsible for ensuring they have the necessary rights to upload and process any MIDI file they choose to use with this tool (Please refer to our Terms and Conditions).

  • Registration Data: If you choose to register an account on our Site, we collect the email address you voluntarily provide. This email address is stored using tools or dashboards provided by our hosting provider (Hostinger) to manage user accounts. No other personal data is required for basic registration.

  • Contact Data: If you contact us via email or other channels provided on the Site, we may collect your name, email address, and the content of your message to respond to your inquiry.

• Cookies: We use technical cookies to ensure the proper functioning of the Site. For more details, please refer to the "Cookie Policy" section below.

3. Purposes and Legal Basis for Processing

We process your data for the following purposes and based on the following legal grounds:

• To Provide Requested Services: (e.g., visualize an uploaded MIDI file, manage your user registration and access): The legal basis is the performance of a contract or pre-contractual measures requested by you (Art. 6.1.b GDPR).

• To Ensure Site Functionality and Security: The legal basis is our legitimate interest in maintaining a secure and operational website (Art. 6.1.f GDPR).

• To Obtain Anonymous Statistical Information on Site Usage: The legal basis is our legitimate interest in improving our service (Art. 6.1.f GDPR). (Note: If using analytics requiring consent, the basis would be consent).

• To Respond to Contact Requests: The legal basis is the performance of pre-contractual measures requested by you or our legitimate interest in providing support (Art. 6.1.b or 6.1.f GDPR).

• To Comply with Legal Obligations: If necessary, we may process data to comply with laws or authorities' orders (Art. 6.1.c GDPR).

4. Data Processing Methods and Retention Period

Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data.

Data is kept for the time strictly necessary to achieve the purposes for which it was collected:

• Browsing Data is kept for short periods according to the hosting providers' policies, except for potential investigations by judicial authorities.

• Uploaded MIDI Files are not retained after the user's processing session.

• Contact Data provided voluntarily is kept for the time necessary to manage the request.

• Registration Data (email address) is kept as long as the user's account is active or until the user requests deletion, subject to any overriding legal or technical requirements.

• Cookies have variable retention periods (see Cookie Policy).

5. Data Disclosure and Transfer

Your personal data will not be disseminated. It may be disclosed to third parties who typically act as Data Processors (Art. 28 GDPR) on our behalf, namely:

• Individuals, companies, or professional firms providing assistance and consultancy to the Data Controller.

• Third-party technical service providers (e.g., hosting providers like Hostinger and Vercel, IT service providers).

• Judicial or administrative authorities, where required by law.

An updated list of Data Processors may always be requested from the Data Controller.
Data is processed by the Controller mainly within the European Union. However, some service providers (like Vercel) may be based or have servers outside the European Economic Area (EEA), such as the USA. In such cases, the transfer is carried out based on Adequacy Decisions of the European Commission or Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an adequate level of data protection.

6. Cookie Policy

• What are Cookies: Cookies are small text files that websites visited by users send to their terminals (usually the browser), where they are stored before being re-transmitted to the same sites at the next visit by the same user.

• Cookies Used by this Site:

  • Technical Cookies: We use cookies that are strictly necessary to ensure the functioning of the Site and allow navigation. These cookies do not require user consent. They include session cookies (which expire when the browser is closed) and persistent cookies (used to remember user preferences or actions across sessions).

  • [Optional: Anonymized Analytical Cookies]: [If you use analytics like Google Analytics in anonymized mode without data cross-referencing, describe it here. They might be considered technical.]

  • [Optional: Non-Anonymized Analytical / Profiling / Third-Party Cookies]: [If you use cookies that collect identifiable data, track users, or are set by third parties like social networks or advertising platforms, you MUST describe them here and obtain PRIOR CONSENT via a proper cookie banner.] Currently, we declare that we do NOT use cookies requiring prior user consent.

• How to Manage Cookies: You can manage cookie preferences directly within your browser and prevent – for example – third parties from installing them. Through browser preferences, it is also possible to delete Cookies installed in the past. Note that disabling all Cookies may compromise the functioning of this site. You can find information about how to manage Cookies in your browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Internet Explorer / Edge.

7. Data Subject Rights

As a data subject, you have the right, under Articles 15-22 of the GDPR, to request from the Data Controller:

• Access to your personal data;

• Rectification or erasure ('right to be forgotten') of your data;

• Restriction of processing concerning you;

• To object to the processing;

• Data portability (receive data in a structured, commonly used, machine-readable format);

• To withdraw consent at any time (where processing is based on consent), without affecting the lawfulness of processing based on consent before its withdrawal;

• To lodge a complaint with a supervisory authority (e.g., the Garante per la Protezione dei Dati Personali in Italy, or your local authority).

You can exercise your rights by sending a request to the Controller's email address: [pianothc791@gmail.com].

8. Changes to this Privacy Policy

We reserve the right to make changes to this privacy policy at any time by giving notice to Users on this page. Please check this page regularly, referring to the date of the last modification listed at the top. If you object to any of the changes to the Policy, you must cease using this Site and can request that the Data Controller remove your Personal Data.

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to giuseppelorenzetti79@gmail.com.