Effective Date: February 26, 2026 | Version: 1.0 | Last Updated February 26, 2026
Walter de Minicis ("we", "us", or "our") operates the Telìa website and music platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the Service.
Please read this policy carefully. By using the Service, you acknowledge you have read and understood it.
1. Data controller
The data controller responsible for your personal data is:
Walter de Minicis
Via Mura degli Angeli 25, 16127 Genova, Italy
Email: privacy@teliamusic.com
We have not appointed a DPO as we do not meet the thresholds under Article 37 GDPR.
2. Data we collect
Account data
When you create an account we collect: email address, display name, and (optionally) profile information you choose to provide. Passwords are stored as irreversible hashes — we cannot recover them.
Usage data
When you interact with the Service we may collect: pages visited, tracks played, playlists created, search queries, feature usage patterns, and timestamps of interactions.
Technical data
We automatically receive: IP address (from Cloudflare), browser type and version, operating system, device type, referring URL, and approximate geographic location (country/region derived from IP).
Communication data
If you contact us via the contact form or by email, we retain the content of your message and your email address in order to respond.
Analytics data
If you consent to statistics cookies, Google Analytics and Microsoft Clarity collect anonymised behavioural data. Clarity may also record session replays and heatmaps. This data is subject to the respective third-party privacy policies.
Marketing / advertising data
If you consent to marketing cookies, Meta (Facebook) Pixel may collect information about your interactions with our site for advertising purposes. YouTube may set cookies when you view embedded videos.
Address autocomplete
When you use the address fields in your account profile, we load Google Maps Places API to suggest and auto-fill address information. This sends the characters you type to Google's servers to generate suggestions. No address data is stored by Google beyond the duration of the lookup. This feature is used solely to improve form accuracy and is loaded only on account pages. Legal basis: legitimate interests (Art. 6(1)(f) GDPR) — providing a convenient and accurate checkout experience.
3. Legal bases for processing (GDPR)
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the Service (account creation, music playback) | Account data, usage data | Contract — Art. 6(1)(b) GDPR |
| Authentication and security | Account data, technical data | Legitimate interests — Art. 6(1)(f): keeping the service secure |
| Analytics and service improvement | Usage data, technical data (via GA / Clarity) | Consent — Art. 6(1)(a) GDPR (statistics cookies) |
| Personalised advertising | Usage data (via Meta Pixel) | Consent — Art. 6(1)(a) GDPR (marketing cookies) |
| Responding to enquiries | Communication data | Legitimate interests — Art. 6(1)(f): responding to requests |
| Legal compliance | Any data required by law | Legal obligation — Art. 6(1)(c) GDPR |
4. How we use your data
- To create and manage your account
- To deliver the music streaming service
- To send transactional emails (password reset, email confirmation)
- To respond to your support requests
- To analyse how the Service is used and improve it
- To detect and prevent fraud and abuse
- To comply with legal obligations
- To serve relevant advertising (only with marketing consent)
5. Sharing your data with third parties
We do not sell your personal data. We share data with the following third-party service providers only to the extent necessary to operate the Service:
| Recipient | Purpose | Privacy policy |
|---|---|---|
| Cloudflare, Inc. (USA) | CDN, DDoS protection, infrastructure; processes IP addresses and headers | cloudflare.com/privacypolicy |
| Google LLC (USA) | Google Analytics (statistics — with consent), Google Tag Manager, YouTube embeds (external media — with consent), Google Ads remarketing (marketing — with consent), Google Maps Places API (address autocomplete on account pages — functional) | policies.google.com/privacy |
| Meta Platforms, Inc. (USA) | Meta Pixel for advertising measurement (marketing — with consent) | facebook.com/policy |
| Microsoft Corporation (USA) | Microsoft Clarity for session analytics (statistics — with consent) | privacy.microsoft.com |
| Resend, Inc. (USA) | Transactional email delivery (account-related emails) | resend.com/privacy |
6. International data transfers
Google, Meta, Microsoft, Cloudflare, and Resend are US-based companies. Transfers of personal data from the EU/UK to the USA are covered by one or more of the following safeguards:
- EU–US Data Privacy Framework (DPF): Google, Meta, and Microsoft participate in the DPF, which the European Commission has recognised as providing adequate protection (Decision of 10 July 2023).
- Standard Contractual Clauses (SCCs): Where DPF does not apply, transfers are protected by the EU Commission-approved SCCs (2021). For UK transfers, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.
7. Data retention
| Data category | Retention period |
|---|---|
| Account data | Until you delete your account, plus 30 days for recovery |
| Communication data (support emails) | 3 years from last contact |
| Analytics data (GA, Clarity) | Governed by Google and Microsoft respectively (up to 26 months for GA) |
| Server logs (IP, technical data) | Up to 90 days (Cloudflare standard) |
| Cookie consent records | 365 days (stored in telia_consent cookie) |
8. Your rights
Under GDPR (EU and UK users)
You have the right to:
- Access — obtain a copy of your personal data
- Rectification — correct inaccurate data
- Erasure ("right to be forgotten") — request deletion of your data
- Restriction — request that we limit how we process your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — at any time, for processing based on consent (this does not affect the lawfulness of prior processing)
- Lodge a complaint — with your national supervisory authority
Supervisory authorities:
- Italy: Garante per la Protezione dei Dati Personali
- UK: Information Commissioner's Office (ICO)
- Other EU states: find your authority at edpb.europa.eu
To exercise any of these rights, contact us at privacy@teliamusic.com. We will respond within 30 days (extendable to 3 months for complex requests, with notice).
Under CCPA / CPRA (California residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:
- Right to know — what categories of personal information we collect, use, disclose, and sell/share
- Right to delete — request deletion of your personal information
- Right to correct — request correction of inaccurate information
- Right to opt out of sale or sharing — we do not "sell" personal information for money, but we may "share" data with advertising partners (Meta Pixel) which constitutes sharing under CPRA. You can opt out via the Cookies Preferences panel by rejecting marketing cookies.
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights
Categories of personal information collected (CCPA categories)
| CCPA category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, IP address, device ID | Yes |
| Internet or network activity | Pages visited, tracks played, search queries | Yes |
| Geolocation data | Country/region derived from IP | Yes (approximate only) |
| Inferences | Music preferences inferred from usage | Yes |
| Commercial information | Purchase history, financial information | No |
| Sensitive personal information | Social security number, biometrics, health data | No |
To exercise your CCPA rights, contact us at privacy@teliamusic.com. We will verify your identity before processing the request.
9. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals, as described in Article 22 GDPR.
10. Children's privacy
The Service is not directed to children under 13 (or under 16 for EU/UK users where we process data based on consent). We do not knowingly collect personal data from children below these ages. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe we have collected data from a child, please contact us immediately.
11. Security
We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unlawful access, disclosure, alteration, or destruction. These include TLS encryption in transit, Cloudflare DDoS protection, hashed password storage, and access controls. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by displaying a notice on the Service and/or sending an email to registered users, and update the "effective date" at the top of this page. We encourage you to review this policy periodically.
13. Contact us
For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact us at:
Walter de Minicis
Via Mura degli Angeli 25, 16127 Genova, Italy
Email: privacy@teliamusic.com
Walter de Minicis — Privacy Policy — Version 1.0 — February 26, 2026