SinfoniaOne
Open app
Legal

Privacy policy

This statement informs you about the type, scope and purpose of the processing of personal data within this online offering and the associated application "SinfoniaOne". The basis is the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1. Controller

The controller responsible for data processing is:

Tobias Riener
Riedmüllerstraße 3, 3340 Waidhofen an der Ybbs, Austria
Email: office@riener.dev

Data protection inquiries exclusively via the email address above.

2. Legal bases

The processing of personal data is based on the following provisions of the GDPR:

  • Art. 6(1)(a) – consent,
  • Art. 6(1)(b) – performance of a contract and pre-contractual measures,
  • Art. 6(1)(c) – compliance with legal obligations,
  • Art. 6(1)(f) – legitimate interest (operation, security, analytics).

3. Processed data

On this website:

  • Technical access data (IP address, user agent, referrer, timestamp) – only to the extent required for operation and security,
  • data submitted voluntarily (e.g. by email).

In the SinfoniaOne application:

  • Master data (name, email, optionally phone, profile picture, date of birth),
  • association membership, roles and permissions,
  • uploaded content (scores, sheet music PDFs, setlists, recordings),
  • billing data for paid modules (name, billing address, VAT ID, payment history).

4. Hosting & server logs

The website and the application are operated on servers within the European Union. On access, technical access data are stored in log files and deleted or anonymised after no more than 30 days. The legal basis is Art. 6(1)(f) GDPR (operation, security).

5. Cookies & local storage

Technically necessary cookies and localStorage entries are used for login, language selection and design preference (light/dark). No third-party tracking or advertising cookies are set.

6. Processors

Selected service providers are used to deliver individual features. Data processing agreements pursuant to Art. 28 GDPR have been concluded with all of them. Currently relevant:

  • Stripe Payments Europe, Ltd. (Ireland) – payment processing for paid modules.
  • Email delivery – transactional messages (e.g. invitations, confirmations) via mail infrastructure operated in the EU.
  • Hosting & storage – within the EU, including object storage for uploads.

Stripe may transfer data to third countries in the course of payment processing; the EU Commission's standard contractual clauses apply there.

7. Retention

Personal data is only stored as long as necessary for the respective purpose. Billing-relevant data is stored in accordance with statutory retention obligations (Austrian UGB/BAO, typically 7 years). Deleted content in SinfoniaOne remains in the trash and can be restored or permanently removed by authorised persons.

8. Your rights

You have the following rights vis-à-vis the controller regarding your personal data:

  • right of access (Art. 15 GDPR),
  • rectification (Art. 16 GDPR),
  • erasure (Art. 17 GDPR),
  • restriction of processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • objection to processing (Art. 21 GDPR),
  • withdrawal of consent (Art. 7(3) GDPR).

Requests informally by email to office@riener.dev.

9. Contact & right to lodge a complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority: www.dsb.gv.at.

Last updated: April 2026