Date of Last Revision: October 23, 2019
- About this Policy
- Your rights and your preferences: Giving you choice and control
- Personal data we collect from you
- What we use your personal data for
- Sharing your personal data
- Data retention and deletion
- Transfer to other countries
- Keeping your personal data safe
- Changes to this Policy
- How to contact us
Thanks for choosing Anchor, a service offered by Spotify ("Anchor", "we", "our", "us"), which allows creators the opportunity to create, share and monetize podcasts.
2. About this Policy
This Policy sets out the essential details relating to your personal data relationship with us when you use the Anchor website, mobile applications, and any other products and services that link to this Policy (collectively, the "Services").
From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data we will provide you with more information and additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.
3. Your rights and your preferences: Giving you choice and control
The General Data Protection Regulation or "GDPR" gives certain rights to individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:
- Right of access - the right to be informed of and request access to the personal data we process about you;
- Right to rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
- Right to erasure - the right to request that we delete your personal data;
- Right to restrict processing - the right to request that we temporarily or permanently stop processing all or some of your personal data;
- Right to data portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
- Right to object -
- the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
- the right to object to your personal data being processed for direct marketing purposes;
- Right to withdraw consent - If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
In addition to the rights above, you always have the following choices regarding promotional communications and notifications:
- Promotional Communications - you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
- Mobile Push Notifications/Alerts - with your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
If you have any questions about your privacy, your rights, or how to exercise them, please see the “How to contact us” section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. However, you can also contact and have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or your local Data Protection Authority.
4. Personal data we collect from you
Personal data you provide to us
We collect personal data that you provide to us:
|Categories of personal data||Description of category|
|User Data||If you are a creator, you will be required to provide certain required personal data to create an account, such as your name, email address, password, and address. You also have the option to provide us other information about yourself, such as a profile photo, biography, country information, and website.|
|Payment and Purchase Data||If you are a listener and choose to support a creator, we collect your name and email address. Our payment processor collects your payment information.|
|Payment and Purchase Data||Contests, Surveys and Sweepstakes Data When you complete any forms, submit a survey, or participate in a contest, we collect the personal data you provide.|
Personal data collected when you use the services (“Usage Data”)
When you use the Services, we collect certain data automatically. Usage Data includes:
|Categories of personal data||Description of category|
|User content||When you create and share content using our Services, we collect any personal data included in that content.|
|Log data||Information that your browser automatically sends whenever you use the Services. Log Data includes your Internet Protocol (“IP”) address, browser type and settings, the date and time of your request, and how you interacted with the Services.|
|Device information||Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.|
|Other usage information||We collect information about how you use our Services and Spotify’s other services, such as the types of content that you post or listen to, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities.|
Personal data collected from other sources
|Categories of personal data||Description of category|
|Data from Social Media Services||If you create an account or log in to the Services using credentials from social media services such as Facebook, Google, or Twitter (“Social Media Services”), we will have access to certain information from that Social Media Service, such as your name and email address in accordance with the authorization procedures determined by such Social Media Service.|
5. What we use your personal data for
When you use or interact with the Services, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 4) used for these purposes:
|Description of why Anchor processes your personal data ('processing purpose')||Legal Basis for the processing purpose||Categories of personal data used by Anchor for the processing purpose|
|To provide, personalize, and improve our Services, for example, by allowing creators to create and distribute their content and to allow listeners to support that content.|
|To provide, personalize, and improve your experience with the Services and other services and products provided by Spotify, for example by providing customized, personalized, or localized content, recommendations, features, and advertising.|
|To understand how you access and use the Services to ensure technical functionality of the Services, develop new products and services, and analyze your use of the Services, including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Services.|
|To communicate with you for Service-related purposes.|
|To process your payment to prevent or detect fraud including fraudulent payments and fraudulent use of the Services.|
|To communicate with you, either directly or through one of our partners, for marketing, research, participation in contests, surveys and sweepstakes, promotional purposes, via emails, notifications, or other messages, consistent with any permissions you may have communicated to us.|
7. Data retention and deletion
We keep your personal data only as long as necessary to provide you with the Services and for legitimate and essential business purposes, such as maintaining the performance of the Services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal data, such as your user data and user content, for as long as you are a user of the Services.
If you have elected to receive marketing communications from us, we retain information required to send these communications until you opt out of receiving these communications in accordance with our policies.
9. Transfer to other countries
Spotify USA, Inc. is based in the United States and we process and store personal data in the United States and other countries. Therefore, we and our service providers may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
If you are accessing our Services from the EU/EEA or other regions, please note that your personal data will be transmitted to our servers in the United States and the data may be transmitted to our service providers supporting our business operations (described above). In such instances we will ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.
11. Keeping your personal data safe
We are committed to protecting our users’ personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
Your password protects your user account, so we encourage you to use a strong password that is unique to your Anchor account, never share your password with anyone, limit access to your computer and browser, and log out after having used the Services.
The Services are not directed to children under the age of 13 years. The Services are also not offered to children whose age makes it illegal to process their personal data or requires parental consent for the processing of their personal data under the GDPR or other local law.
We do not knowingly collect personal data from children under 13 years or under the applicable age limit (the “Age Limit”). If you are under the Age Limit, please do not use the Services, and do not provide any personal data to us.
If you are a parent of a child under the Age Limit and become aware that your child has provided personal data to us, please contact us, and you may request exercise of your applicable rights detailed in the ‘Your rights and your preferences: Giving you choice and control’ Section 3 of this Policy.
If we learn that we have collected the personal data of a child under the age of 13 years, we will take reasonable steps to delete the personal data. This may require us to delete the Anchor account for that child.
13. Changes to this Policy
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
14. How to contact us
Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing firstname.lastname@example.org or by writing to your relevant data controller at the address below.
Data controller if you reside in the US:
Data controller if you reside in any other country than the US: