Terms and Policies

Effective Date: May 13, 2021

Megaphone, a service offered by Spotify (“Megaphone,” “we,” or “us”). Megaphone is committed to treating the personal data we process with respect and sensitivity. We want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data. This Privacy Policy (“Policy”) aims to explain what we mean in further detail below.

1. About This Policy

This Policy sets out the essential details relating to our collection, use, and disclosure of personal data you use the website, Publisher Platform, Advertiser Services, and any other products and services that link to this Policy (collectively, the "Services"). 

In this policy we describe our personal data processing activities for the following types of data subjects: 

• Publishers (“Publishers”) who use our publisher-facing product (the “Publisher Platform”) that helps publishers of podcasts monetize their podcasts by inserting ads into the podcasts hosted by Megaphone. Publishers also have the option to utilize the Spotify Audience Network (“SPAN”) as part of our service offerings.
• Advertisers (“Advertisers”) who use our advertiser-facing services (the “Advertiser Services”) to help reach targeted audiences, which includes the SPAN and dsp.megaphone.fm (“Advertiser Dashboard”).
• Listeners (“Listeners”) of podcasts hosted by Megaphone, whether they are listening on Spotify or other third party audio streaming services. 

With respect to personal data about Publishers and Advertisers, Spotify is the data controller. With respect to  personal data about Listeners, if Spotify is processing the data as part of providing SPAN services, Spotify is the controller. In all other contexts with respect to Listeners, Spotify is the processor.

From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data we will provide you with more information and additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

2. Your Rights and Preferences

As provided by applicable privacy laws, you may have certain rights as individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:

• Right of access - the right to be informed of and request access to the personal data we process about you;
• Right to rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
• Right to erasure - the right to request that we delete your personal data;
• Right to restrict processing - the right to request that we temporarily or permanently stop processing all or some of your personal data;
• Right to data portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
• Right to object - the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
• the right to object to your personal data being processed for direct marketing purposes;
• Right to withdraw consent - If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
• Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).” We may decline requests to exercise these rights where we are unable to authenticate you as the person to whom the data relates.

In addition to the rights above, you always have the following choices regarding promotional communications and notifications:

• Promotional Communications - If you are a Publisher or Advertiser who have opted into receiving newsletters from us (which may include updates about new or improved products and features), you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

We do not sell Listener personal data and have taken substantial steps to identify and remediate any data sharing arrangements that could constitute a "sale" under the CCPA following our acquisition by Spotify. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.

If you are a Listener, depending on the service on which you listen to podcasts (e.g., Spotify or another service), that service’s privacy policies may apply to you in addition to this Policy, which may contain additional disclosures and rights. If you are a Listener and listen to podcasts on Spotify, Spotify’s user privacy policy can be found here. 

If you have any questions about your privacy, your rights, or how to exercise them, please see the “How to contact us” section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. For personal data of which we are the controllers, you can also contact and have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) or your local Data Protection Authority.

3. Personal Data We Collect About You

If you are a Publisher, the following tables below describe the categories of personal data we collect about you and how we collect it.

Data you choose to provide to us:

‍

Data we collect through your use of the Publisher Platform:

‍

If you are an Advertiser, the following tables below describe the categories of personal data we collect about you and how we collect it.

Data you choose to provide to us:

‍

Data we collect through your use of the Advertiser Services:

‍

If you are a Listener, the following tables below describe the categories of personal data we collect about you and how we collect it.

Data we collect through your listening of podcasts hosted by us:

‍

Data you choose to provide to us:

‍

Data about you we receive from other sources.

‍

4. Purposes of Processing

If you are a Publisher or Advertiser, when you use or interact with our platforms and services, we use a variety of technologies to process the personal data we collect about you for various reasons. If you are a Listener, when you listen to a podcast hosted by Megaphone, we process the personal data we collect about you to provide you a more personalized ad experience. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 3) used for these purposes:

5. Sharing of Information

With respect to personal data we are controllers of, we may share or disclose the  data under the following circumstances, or as otherwise described in this Policy:

• Within the Spotify group of companies. We may share your personal data with Spotify affiliates to carry out our daily business operations and to enable us to maintain and provide services to you.
• Service Providers. We may share your information with our agents and service providers that perform certain functions or services on our behalf, such as to host our Services, manage databases, facilitate payment or send communications for us. We have direct relationships with certain advertising, marketing and analytics services (including some of our measurement partners) who also are our service providers that help us collect and analyze personal data.
• In connection with a transfer of assets. If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your personal data to one or more third parties as part of that transaction;
• To comply with legal requirements. We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to a valid legal process, such as a search warrant, a court order, or a subpoena. We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
• Other parties with your consent. We may share information about you with third parties when you consent to such sharing.

6. Cookies

When you use the Publisher Platform or Advertiser Services, we or our third party partners may store some information on your device or device hard drive as a "cookie" or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of these services and for the purpose of facilitating and enhancing your communication and interaction with the Website.

We use the following types of cookies on the Publisher Platform and Advertiser Dashboard:

• Strictly necessary cookies. These are cookies that are required for the operation of our website. 
• Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it (such as Google Analytics).
• Functionality cookies. These are used to recognize you when you return to our website (such as cookies dropped by Intercom). 

We currently do not directly collect personal data about Listeners through cookies.

7. Opt-Outs

If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our service or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve personal data from your device without your knowledge.

More information about our specific online behavioral advertising practices can be found at https://megaphone.fm/adchoices as well as from our partner, Exelate (A Nielsen Company), at https://www.nielsen.com/us/en/legal/privacy-statement/. If you are a Listener and do not wish for Nielsen to provide us with your personal data, please opt-out at https://sites.nielsen.com/legal/privacy-statement/exelate-privacy-policy/opt-in-opt-out/#.

8.Links to Third Party Sites and Services

Our website may contain links to other websites or online services that are operated and maintained by third parties and that are not under the control of or maintained by Megaphone.  Such links do not constitute an endorsement by Megaphone of those other websites, the content displayed therein, or the persons or entities associated therewith. This Privacy Policy does not apply to this third-party content. We encourage you to review the privacy policies of these third-party websites or services.

9. Data Security

We are committed to protecting the personal data in our systems. We implement appropriate technical and organisational measures to help protect the security of personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.

If you are a Publisher or Advertiser and have an account with us, you are responsible for maintaining the confidentiality of your account password and for any access to or use of your account using your password, whether or not authorized by you.  Please notify us immediately of any unauthorized use of your password or account or any other breach of security.

10. Data Retention and Deletion

We keep your personal data only as long as necessary to provide you with the service you are using and for legitimate and essential business purposes, such as maintaining the performance of our services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. 

If you have elected to receive marketing communications from us, we retain information required to send these communications until you opt out of receiving these communications in accordance with our policies.

11. International Transfers

Spotify USA, Inc. is based in the United States and we process and store personal data in the United States and other countries. We may share your personal data globally with Spotify group companies in order to carry out the activities specified in this Policy. Spotify may also subcontract processing to, or share your personal data with, third parties located in countries other than your country. Your personal data, therefore, may be subject to privacy laws that are different from those in your country.

Personal data collected within the European Union and Switzerland may, for example, be transferred to and processed by third parties located in a country outside of the European Union and Switzerland. In such instances Spotify shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.

12. Changes to this Policy

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you. 

13. Contact Us

Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing contact@megaphone.fm or by writing to your relevant data controller at the address below.

If you reside within the U.S., the Spotify data controller can be reached at: 

Spotify USA Inc.
150 Greenwich St.
New York, NY 10007
USA

If you reside outside the U.S., the Spotify data controller can be reached at: 

Spotify AB
Regeringsgatan 19
111 53 Stockholm
Sweden