Effective Date: May 13, 2021
This Policy sets out the essential details relating to our collection, use, and disclosure of personal data you use the website, Publisher Platform, Advertiser Services, and any other products and services that link to this Policy (collectively, the "Services").
In this policy we describe our personal data processing activities for the following types of data subjects:
With respect to personal data about Publishers and Advertisers, Spotify is the data controller. With respect to personal data about Listeners, if Spotify is processing the data as part of providing SPAN services, Spotify is the controller. In all other contexts with respect to Listeners, Spotify is the processor.
From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data we will provide you with more information and additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.
As provided by applicable privacy laws, you may have certain rights as individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).” We may decline requests to exercise these rights where we are unable to authenticate you as the person to whom the data relates.
In addition to the rights above, you always have the following choices regarding promotional communications and notifications:
We do not sell Listener personal data and have taken substantial steps to identify and remediate any data sharing arrangements that could constitute a "sale" under the CCPA following our acquisition by Spotify. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.
If you have any questions about your privacy, your rights, or how to exercise them, please see the “How to contact us” section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. For personal data of which we are the controllers, you can also contact and have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) or your local Data Protection Authority.
If you are a Publisher, the following tables below describe the categories of personal data we collect about you and how we collect it.
Data you choose to provide to us:
Data we collect through your use of the Publisher Platform:
If you are an Advertiser, the following tables below describe the categories of personal data we collect about you and how we collect it.
Data you choose to provide to us:
Data we collect through your use of the Advertiser Services:
If you are a Listener, the following tables below describe the categories of personal data we collect about you and how we collect it.
Data we collect through your listening of podcasts hosted by us:
Data you choose to provide to us:
Data about you we receive from other sources.
If you are a Publisher or Advertiser, when you use or interact with our platforms and services, we use a variety of technologies to process the personal data we collect about you for various reasons. If you are a Listener, when you listen to a podcast hosted by Megaphone, we process the personal data we collect about you to provide you a more personalized ad experience. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 3) used for these purposes:
With respect to personal data we are controllers of, we may share or disclose the data under the following circumstances, or as otherwise described in this Policy:
When you use the Publisher Platform or Advertiser Services, we or our third party partners may store some information on your device or device hard drive as a "cookie" or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of these services and for the purpose of facilitating and enhancing your communication and interaction with the Website.
We use the following types of cookies on the Publisher Platform and Advertiser Dashboard:
We currently do not directly collect personal data about Listeners through cookies.
If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our service or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve personal data from your device without your knowledge.
More information about our specific online behavioral advertising practices can be found at https://megaphone.fm/adchoices as well as from our partner, Exelate (A Nielsen Company), at https://www.nielsen.com/us/en/legal/privacy-statement/. If you are a Listener and do not wish for Nielsen to provide us with your personal data, please opt-out at https://sites.nielsen.com/legal/privacy-statement/exelate-privacy-policy/opt-in-opt-out/#.
We are committed to protecting the personal data in our systems. We implement appropriate technical and organisational measures to help protect the security of personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
If you are a Publisher or Advertiser and have an account with us, you are responsible for maintaining the confidentiality of your account password and for any access to or use of your account using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security.
We keep your personal data only as long as necessary to provide you with the service you are using and for legitimate and essential business purposes, such as maintaining the performance of our services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes.
If you have elected to receive marketing communications from us, we retain information required to send these communications until you opt out of receiving these communications in accordance with our policies.
Spotify USA, Inc. is based in the United States and we process and store personal data in the United States and other countries. We may share your personal data globally with Spotify group companies in order to carry out the activities specified in this Policy. Spotify may also subcontract processing to, or share your personal data with, third parties located in countries other than your country. Your personal data, therefore, may be subject to privacy laws that are different from those in your country.
Personal data collected within the European Union and Switzerland may, for example, be transferred to and processed by third parties located in a country outside of the European Union and Switzerland. In such instances Spotify shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing email@example.com or by writing to your relevant data controller at the address below.
If you reside within the U.S., the Spotify data controller can be reached at:
Spotify USA Inc.
150 Greenwich St.
New York, NY 10007
If you reside outside the U.S., the Spotify data controller can be reached at:
111 53 Stockholm