Anchor Privacy Policy

Date of Last Revision: October 23, 2019

Introduction
About this Policy
Your rights and your preferences: Giving you choice and control
Personal data we collect from you
What we use your personal data for
Sharing your personal data
Data retention and deletion
Cookies
Transfer to other countries
Links
Keeping your personal data safe
Children
Changes to this Policy
How to contact us

1. Introduction

Thanks for choosing Anchor, a service offered by Spotify ("Anchor", "we", "our", "us"), which allows creators the opportunity to create, share and monetize podcasts.

We want to give you the best possible experience to ensure that you enjoy our service today, tomorrow and in the future. Your privacy and the security of your personal data is, and will always be, enormously important to us. So, we want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you share your personal data. That is our objective, and this Privacy Policy (the "Policy") will explain what we mean in further detail below.

2. About this Policy

This Policy sets out the essential details relating to your personal data relationship with us when you use the Anchor website, mobile applications, and any other products and services that link to this Policy (collectively, the "Services").

From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data we will provide you with more information and additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

3. Your rights and your preferences: Giving you choice and control

The General Data Protection Regulation or "GDPR" gives certain rights to individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:

Right of access - the right to be informed of and request access to the personal data we process about you;
Right to rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
Right to erasure - the right to request that we delete your personal data;
Right to restrict processing - the right to request that we temporarily or permanently stop processing all or some of your personal data;
Right to data portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
Right to object -
- the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
- the right to object to your personal data being processed for direct marketing purposes;
Right to withdraw consent - If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

In addition to the rights above, you always have the following choices regarding promotional communications and notifications:

Promotional Communications - you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Mobile Push Notifications/Alerts - with your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

If you have any questions about your privacy, your rights, or how to exercise them, please see the “How to contact us” section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. However, you can also contact and have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or your local Data Protection Authority.

4. Personal data we collect from you

Personal data you provide to us

We collect personal data that you provide to us:

Categories of personal data	Description of category
User Data	If you are a creator, you will be required to provide certain required personal data to create an account, such as your name, email address, password, and address. You also have the option to provide us other information about yourself, such as a profile photo, biography, country information, and website.
Payment and Purchase Data	If you are a listener and choose to support a creator, we collect your name and email address. Our payment processor collects your payment information.
Payment and Purchase Data	Contests, Surveys and Sweepstakes Data When you complete any forms, submit a survey, or participate in a contest, we collect the personal data you provide.

Personal data collected when you use the services (“Usage Data”)

When you use the Services, we collect certain data automatically. Usage Data includes:

Categories of personal data	Description of category
User content	When you create and share content using our Services, we collect any personal data included in that content.
Log data	Information that your browser automatically sends whenever you use the Services. Log Data includes your Internet Protocol (“IP”) address, browser type and settings, the date and time of your request, and how you interacted with the Services.
Cookies	Information from cookies stored on your device. Please see our Cookie Policy to learn more about how we use cookies.
Device information	Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
Other usage information	We collect information about how you use our Services and Spotify’s other services, such as the types of content that you post or listen to, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities.

Personal data collected from other sources

Categories of personal data	Description of category
Data from Social Media Services	If you create an account or log in to the Services using credentials from social media services such as Facebook, Google, or Twitter (“Social Media Services”), we will have access to certain information from that Social Media Service, such as your name and email address in accordance with the authorization procedures determined by such Social Media Service.

5. What we use your personal data for

When you use or interact with the Services, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 4) used for these purposes:

Description of why Anchor processes your personal data ('processing purpose')	Legal Basis for the processing purpose	Categories of personal data used by Anchor for the processing purpose
To provide, personalize, and improve our Services, for example, by allowing creators to create and distribute their content and to allow listeners to support that content.	Performance of a Contract Legitimate Interest	User Data Usage Data Payment and Purchase Data
To provide, personalize, and improve your experience with the Services and other services and products provided by Spotify, for example by providing customized, personalized, or localized content, recommendations, features, and advertising.	Performance of a Contract Legitimate Interest	User Data Usage Data Payment and Purchase Data
To understand how you access and use the Services to ensure technical functionality of the Services, develop new products and services, and analyze your use of the Services, including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Services.	Performance of a Contract Legitimate Interest	User Data Usage Data
To communicate with you for Service-related purposes.	Performance of a Contract Legitimate Interest	User Data Usage Data
To process your payment to prevent or detect fraud including fraudulent payments and fraudulent use of the Services.	Performance of a Contract Compliance with legal obligations Legitimate Interest	User Data Usage Data Payment and Purchase Data
To communicate with you, either directly or through one of our partners, for marketing, research, participation in contests, surveys and sweepstakes, promotional purposes, via emails, notifications, or other messages, consistent with any permissions you may have communicated to us.	Consent Legitimate Interest	User Data Contests, Surveys and Sweepstakes Data
To comply with legal obligations and legal process, respond to requests from public and government authorities including public and government authorities outside your country of residence; enforce our Terms of Use; and to protect our rights, privacy, safety or property of others.	Legitimate Interest	User Data Usage Data Device information Payment and Purchase Data

6. Sharing your personal data

We may share or disclose your personal data under the following circumstances, or as otherwise described in this Policy:

With Your Consent or at Your Direction. The Services are designed to enable creators to broadly and instantly disseminate information to a wide range of listeners and services. When you share information or content via the Services, you should think carefully about what you are making public.
Public Profile Information and Posts. Your public user profile information and public posts are immediately delivered via RSS feeds and our APIs to our partners and other third parties, including search engines, developers, and publishers that integrate the Services content into their services.
Social Media Services. If you elect to access and use Social Media Services, you will be sharing your information (which could include personal data) with those Social Media Services and others on the Social Media Services platform.
Vendors and Service Providers. To assist us in meeting business operations needs and to perform certain services and functions: providers of hosting, email communication and customer support services, analytics, marketing, advertising (for more details on the third parties that place cookies through the Services, please see our Cookie Policy). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
Within the Spotify Group of Companies. We will share your personal data with other companies in the Spotify Group to carry out our daily business operations and to enable us to maintain and provide the Services to you.
Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your personal data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
Legal Requirements. We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process, such as a search warrant, a court order, or a subpoena. We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

We also share personal data with partners that provide analytics services and serve advertisements on our behalf across the web and in mobile applications. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.

7. Data retention and deletion

We keep your personal data only as long as necessary to provide you with the Services and for legitimate and essential business purposes, such as maintaining the performance of the Services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal data, such as your user data and user content, for as long as you are a user of the Services.

If you have elected to receive marketing communications from us, we retain information required to send these communications until you opt out of receiving these communications in accordance with our policies.

8. Cookies

The Services use cookies to operate and administer the Services, gather usage data, and make it easier for you to use the Services during future visits.

What Are Cookies? A “cookie” is a piece of information sent to your browser by a website you visit. By choosing to use our Services after having been notified of our use of cookies in the ways described in this Policy, and, in applicable jurisdictions, through notice and unambiguous acknowledgement of your consent, you agree to such use.

Some cookies expire after a certain amount of time, or upon logging out (session cookies), others remain on your computer or terminal device for a longer period (persistent cookies). Our Services use first party cookies (cookies set directly by Spotify) as well as third party cookies, as described below. For more details on cookies please visit All About Cookies.

Type of Cookies Used. The Services use the following technologies:

Strictly Necessary Cookies: Used to provide Users with the Services and to use some of their features, such as the ability to log-in and access to secure areas. These cookies are served by Spotify and are essential for using and navigating the Services. Without these cookies, basic functions of our Services would not work. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them.
Analytics/Performance: Used to better understand the behavior of the Users on our Services and improve our Services accordingly, for example by making sure Users are finding what they need easily. The Site uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). You can prevent your data from being collected by Google Analytics on our Services by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser. For more information on Google Analytics privacy practices, read here.
Your Choices. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Services and you may not be able to benefit from the full functionality of the Services. If you access the Services on your mobile device, you may not be able to control tracking technologies through the settings.

9. Transfer to other countries

Spotify USA, Inc. is based in the United States and we process and store personal data in the United States and other countries. Therefore, we and our service providers may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.

If you are accessing our Services from the EU/EEA or other regions, please note that your personal data will be transmitted to our servers in the United States and the data may be transmitted to our service providers supporting our business operations (described above). In such instances we will ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.

10. Links

Please note that this Policy only applies to the Services. When using the Services, you may find links to other websites not operated or controlled by us (“Third Party Sites”), including the Social Media Services. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing these links we do not imply that we endorse or have reviewed these Third Party Sites. Please contact any Third Party Sites directly for information on their privacy practices and policies.

11. Keeping your personal data safe

We are committed to protecting our users’ personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.

Your password protects your user account, so we encourage you to use a strong password that is unique to your Anchor account, never share your password with anyone, limit access to your computer and browser, and log out after having used the Services.

12. Children

The Services are not directed to children under the age of 13 years. The Services are also not offered to children whose age makes it illegal to process their personal data or requires parental consent for the processing of their personal data under the GDPR or other local law.

We do not knowingly collect personal data from children under 13 years or under the applicable age limit (the “Age Limit”). If you are under the Age Limit, please do not use the Services, and do not provide any personal data to us.

If you are a parent of a child under the Age Limit and become aware that your child has provided personal data to us, please contact us, and you may request exercise of your applicable rights detailed in the ‘Your rights and your preferences: Giving you choice and control’ Section 3 of this Policy.

If we learn that we have collected the personal data of a child under the age of 13 years, we will take reasonable steps to delete the personal data. This may require us to delete the Anchor account for that child.

13. Changes to this Policy

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.

14. How to contact us

Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing privacy@spotify.com or by writing to your relevant data controller at the address below.

Data controller if you reside in the US:

Spotify USA, Inc.150 Greenwich StNew York, NY 10007USA

Data controller if you reside in any other country than the US:

Spotify ABRegeringsgatan 19111 53 StockholmSweden