Spotify Privacy Policy

Effective as of 24 February 2021

1 Introduction

2 About this Policy

3 Your rights and your preferences: Giving you choice and control

4 Personal data we collect from you

5 What we use your personal data for

6 Sharing your personal data

7 Data retention and deletion

8 Transfer to other countries

9 Links

10 Keeping your personal data safe

11 Children

12 Changes to this Policy

13 How to contact us

1. Introduction

Thanks for choosing Spotify!

At Spotify, we want to give you the best possible experience to ensure that you enjoy our service. To do this we need to understand your streaming habits so we can deliver an exceptional and personalized service specifically for you. Your privacy and the security of your personal data is, and will always be, enormously important to us. So, we want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data.

That is our objective, and this Privacy Policy ("Policy") will explain exactly what we mean in further detail below.

2. About this Policy

This Policy sets out the essential details relating to your personal data relationship with Spotify USA Inc. The Policy applies to all Spotify services and any associated services (referred to as the 'Spotify Service'). The terms governing your use of the Spotify Service are defined in our Terms and Conditions of Use (the "Terms and Conditions of Use").

From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any material change to the way we collect or process your personal data we will provide you with more information or additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

The aim of this Policy is to:

Ensure that you understand what personal data we collect about you, the reasons why we collect and use it, and who we share it with;
Explain the way we use the personal data that you share with us in order to give you a great experience when you are using the Spotify Service; and
Explain your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.

We hope this helps you to understand our privacy commitments to you. For further clarification of the terms used in this Policy please visit our Privacy Center on spotify.com. For information on how to contact us if you ever have any questions or concerns, please see Section 13 'How to contact us' below. Alternatively, if you do not agree with the content of this Policy, then please remember it is your choice whether you want to use the Spotify Service.

3. Your rights and your preferences: Giving you choice and control

The General Data Protection Regulation or "GDPR" gives certain rights to individuals in relation to their personal data. Accordingly, we are happy to offer transparency and access controls to help users take advantage of those rights. As available and except as limited under applicable law, the rights afforded to individuals are:

Right of access - the right to be informed of, and request access to, the personal data we process about you;
Right to rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
Right to erasure - the right to request that we delete your personal data;
Right to restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data;
Right to object -
- the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
- the right to object to your personal data being processed for direct marketing purposes;
Right to data portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party's service; and
Right not to be subject to automated decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

In order to enable you to learn more about these rights, exercise these rights with ease, and record your preferences in relation to how Spotify uses your personal data, we provide the following resources:

Privacy Settings - allows you to exercise choices about the processing of certain personal data, and an automated 'Download your data' function to download basic account and usage information.
Privacy Center - provides a convenient central location where you can find more information about how Spotify uses your personal data, your rights in relation to your personal data, and how to exercise those rights.
Notification Settings - allows you to choose which marketing communications you receive from Spotify. You may toggle these settings to opt in or out of receiving different types of email and push notifications. Please note that email marketing messages from Spotify include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you). Clicking on the link in an email will opt you out of further messages of that category (e.g. Artist Updates). You can use the Notification Settings page to exercise choices about all categories of email and push marketing communication.
Cookies Policy - provides more information on how we use cookies, including for interest-based advertising. You will also find information about how you can manage your cookie preferences and opt-out of certain types of tracking; and
Customer Support resources - We have several pages on our customer support site which provide further guidance about data protection questions. A key source of information is the Data Rights and Privacy Settings article which includes answers to "frequently asked questions" about personal data processing in the Spotify Service.

If you have any questions about your privacy, your rights, or how to exercise them, please contact our Data Protection Officer using the 'Contact Us' form on the Privacy Center. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. However, you can also contact and have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or your local Data Protection Authority.

If you are a resident of the state of California, USA, please see our supplemental policy "Additional California Privacy Disclosures" which discusses additional privacy rights you may have under applicable law regarding the processing of your personal data.

4. Personal data we collect from you

We have set out in the tables below the categories of personal data we collect and use about you and how we collect it:

The table below describes personal data collected when you sign up for the Spotify Service:

Categories of personal data	Description of category
User Data	This is the personal data that is provided by you or collected by us to enable you to sign up for and use the Spotify Service. Depending on the type of Spotify Service plan you sign up for, this may include your username, email address, phone number, birth date, gender, street address, and country. Some of the personal data we will ask you to provide is required in order to create your account. You also have the option to provide us with additional personal data in order to make your account more personalized. The exact personal data we will collect depends on the type of Spotify Service plan you sign up for, how you create an account, and whether you use third party services (such as Facebook) to sign up and use the Spotify Service. If you use a third party service to create an account, we will receive personal data via that third party service but only when you have consented to that third party service sharing your personal data with us. Please note that the available plans and sign-up options may differ by country.

Categories of personal data

Description of category

User Data

This is the personal data that is provided by you or collected by us to enable you to sign up for and use the Spotify Service. Depending on the type of Spotify Service plan you sign up for, this may include your username, email address, phone number, birth date, gender, street address, and country. Some of the personal data we will ask you to provide is required in order to create your account. You also have the option to provide us with additional personal data in order to make your account more personalized. The exact personal data we will collect depends on the type of Spotify Service plan you sign up for, how you create an account, and whether you use third party services (such as Facebook) to sign up and use the Spotify Service. If you use a third party service to create an account, we will receive personal data via that third party service but only when you have consented to that third party service sharing your personal data with us. Please note that the available plans and sign-up options may differ by country.

The table below describes personal data collected through your use of the Spotify Service:

Categories of personal data	Description of category
Usage Data	This is the personal data that is collected about you when you’re accessing and/or using the Spotify Service, including: Information about your type of Spotify Service plan. Information about your interactions with the Spotify Service such as your search queries (including the date and time of any requests you make), streaming history, playlists you create, your library, your browsing history, and your interactions with the Spotify Service, content, other Spotify users. This also may include details of your use of third party applications in connection with the Spotify Service. Inferences drawn about your interests and preferences based on your usage of the Spotify Service. User Content (as defined in the Terms and Conditions of Use) you post to Spotify, such as photos, playlist titles, and interactions with the Spotify Customer Service team. Please note that we will only access your camera or photos from your device if you give us permission to do so, and we will only access images that you specifically choose to share with us and metadata related to those images, such as the type of file and the size of the image. We will never scan or import your device’s photo library or camera roll. Certain technical data, which may include: URL information; online identifiers including cookie data and IP addresses; information about the types of devices you are using such as unique device IDs, network connection type (e.g. wifi, 3G, LTE, Bluetooth), provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and Spotify application version; device attributes of devices on your wifi network that are available to connect to the Spotify Service (such as speakers); your non-precise location, which may be derived or inferred from certain technical data (e.g., your IP address, language setting of your device, or payment currency), to comply with geographic requirements in our licensing agreements, and deliver personalized content and advertising to you; and motion-generated or orientation-generated mobile sensor data (e.g. accelerometer or gyroscope) required for the purposes of providing specific features of the Spotify Service to you.
Plan Verification Data	For users of certain plans like the Premium Family Plan and Premium Duo Plan, we may use a third party mapping application (such as Google Maps) and/or your device’s location service to help you verify your address. This data is collected for the sole purpose of verifying eligibility for the Premium Family Plan and Premium Duo Plan and is not used for advertising or any other purpose.

Categories of personal data

Description of category

Usage Data

This is the personal data that is collected about you when you’re accessing and/or using the Spotify Service, including:

Information about your type of Spotify Service plan.
Information about your interactions with the Spotify Service such as your search queries (including the date and time of any requests you make), streaming history, playlists you create, your library, your browsing history, and your interactions with the Spotify Service, content, other Spotify users. This also may include details of your use of third party applications in connection with the Spotify Service.
Inferences drawn about your interests and preferences based on your usage of the Spotify Service.
User Content (as defined in the Terms and Conditions of Use) you post to Spotify, such as photos, playlist titles, and interactions with the Spotify Customer Service team. Please note that we will only access your camera or photos from your device if you give us permission to do so, and we will only access images that you specifically choose to share with us and metadata related to those images, such as the type of file and the size of the image. We will never scan or import your device’s photo library or camera roll.
Certain technical data, which may include:
- URL information;
- online identifiers including cookie data and IP addresses;
- information about the types of devices you are using such as unique device IDs, network connection type (e.g. wifi, 3G, LTE, Bluetooth), provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and Spotify application version;
- device attributes of devices on your wifi network that are available to connect to the Spotify Service (such as speakers);
- your non-precise location, which may be derived or inferred from certain technical data (e.g., your IP address, language setting of your device, or payment currency), to comply with geographic requirements in our licensing agreements, and deliver personalized content and advertising to you; and
- motion-generated or orientation-generated mobile sensor data (e.g. accelerometer or gyroscope) required for the purposes of providing specific features of the Spotify Service to you.

Plan Verification Data

For users of certain plans like the Premium Family Plan and Premium Duo Plan, we may use a third party mapping application (such as Google Maps) and/or your device’s location service to help you verify your address. This data is collected for the sole purpose of verifying eligibility for the Premium Family Plan and Premium Duo Plan and is not used for advertising or any other purpose.

The table below describes personal data that you choose to give us that enables us to provide you with additional features/functionality

Categories of personal data	Description of category
Voice Data	If voice features are available in your market, we collect your voice data with your permission to provide you with additional features and functionalities, such as interacting with the Spotify Service with your voice. For more information see our Voice Control Policy.
Payment and Purchase Data	We may collect certain personal data if you sign up for a Trial or purchase any of our Paid Subscriptions (as defined in the Terms and Conditions of Use) or make other purchases through the Spotify Service. The exact personal data collected will vary depending on the payment method (e.g. direct via your mobile phone carrier or by invoice) but will include information such as: Name; Date of birth; Credit or debit card type, expiration date, and certain digits of your card number; Postal code; Mobile phone number; and Details of your purchase and payment history.
Contests, Surveys and Sweepstakes Data	When you complete any forms, respond to a survey or questionnaire, or participate in a contest, we collect the personal data you provide.

The table below describes personal data collected from third party sources

We collect personal data about you from various third parties. These third party sources vary over time and include the following:

Categories of third party sources	Description of category
Authentication partners	If you register for or log into our services using third party credentials (e.g. Facebook), we will import your information from such third party to help create your account with us.
Technical service partners	We work with technical service partners that provide us with certain data, such as mapping IP addresses to non-precise location data (e.g., city, state), to enable us to provide the Spotify Service, content, and features.
Payment partners	If you choose to pay for a service or feature by invoice, we may receive data from our payment partners to enable us to send you invoices, process your payment and provide you with what you’ve purchased.
Advertisers and other advertising partners	We may obtain certain data about you, such as cookie id, mobile device id, or email address, and inferences about your interests and preferences from certain advertisers and advertising partners that allow us to deliver more relevant ads and measure their effectiveness.

5. What we use your personal data for

When you use or interact with the Spotify Service, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 4 'Personal data we collect from you') used for these purposes:

Description of why Spotify processes your personal data (‘processing purpose’)	Legal Basis for the processing purpose	Categories of personal data used by Spotify for the processing purpose
To provide and personalize the Spotify Service.	Performance of a Contract Legitimate Interest Consent	User Data Usage Data Payment and Purchase Data Plan Verification Data Voice Data
To understand, diagnose, troubleshoot, and fix issues with the Spotify Service.	Performance of a Contract Legitimate Interest	User Data Usage Data
To evaluate and develop new features, technologies, and improvements to the Spotify Service.	Legitimate Interest Consent	User Data Usage Data Voice Data
For marketing, promotion, and advertising purposes.	Legitimate Interest Consent	User Data Usage Data Voice Data
To comply with legal obligations and law enforcement requests.	Compliance with legal obligations Legitimate interest	User Data Usage Data Payment and Purchase Data Plan Verification Data Voice Data Contests, Surveys and Sweepstakes Data
To fulfill contractual obligations with third parties, for example licensing agreements and to take appropriate action with respect to reports of intellectual property infringement and inappropriate content.	Legitimate interest	User Data Usage Data Payment and Purchase Data
To establish, exercise, or defend legal claims.	Legitimate interest	User Data Usage Data Payment and Purchase Data Plan Verification Data Voice Data Contests, Surveys and Sweepstakes Data
To conduct business planning, reporting, and forecasting.	Legitimate Interest	User Data Usage Data Payment and Purchase Data
To process your payment.	Performance of a Contract Compliance with legal obligations	User Data Payment and Purchase Data
To detect fraud, including fraudulent payments and fraudulent use of the Spotify Service.	Performance of a Contract Compliance with legal obligations Legitimate Interest	User Data Usage Data Payment and Purchase Data Plan Verification Data
To conduct research, contests, surveys, and sweepstakes.	Performance of a Contract Legitimate Interest Consent	User Data Usage Data Contests, Surveys and Sweepstakes Data

In jurisdictions where legitimate interest is not recognized as a legal basis, we rely on contractual necessity or consent.

If you require further information about the balancing test that Spotify has undertaken to justify its reliance on the legitimate interest legal basis under the GDPR, please see Section 13 'How to contact us' for further details on how to contact us.

6. Sharing your personal data

We have set out the categories of recipients of the personal data collected or generated through your use of the Spotify Service.

Publicly available information

The following personal data will always be publicly available on the Spotify Service: your name and/or username, profile picture, who you follow and who follows you on the Spotify Service, your recently played artists, and your public playlists.

Personal data you may choose to share

The following personal data will only be shared with the categories of recipients outlined in the table below if:

you choose to make use of a specific Spotify Service feature where sharing of particular personal data is required for the proper use of the Spotify Service feature; or
you grant us your permission to share the personal data, e.g. by selecting the appropriate setting in the Spotify Service or authorizing Spotify through a presented consent mechanism.

Categories of Recipients	Reason for sharing
Third party applications and devices you connect to your Spotify Account	If you connect your Spotify account to a third party application and/or device(s), such as, social media, audio, television, or automotive platforms and services, Spotify shares technical data with the operator of that third party application and/or device in order to connect your Spotify account, and/or facilitate playback of the Spotify Service. With respect to certain third parties which may request or require that we share your information with them, your permission will be requested before we provide your information to such third parties.
Support community	When you register for a Spotify Support Account on the Spotify Support Community, we will ask you to create a specific Spotify Support Community username. This will be publicly displayed to anyone who accesses the Spotify Support Community along with any questions or comments you post.
Your Spotify followers	There may be times when you want us to share information about your use of the Spotify Service with other Spotify users known as ‘Your Spotify Followers’. For example, you have the ability to make both private and public playlists. If you share your private playlists with others, please be aware that the recipients of your private playlists can further share those playlists with others.
Artists and record labels	You may choose to share personal data (for example, your email address) with artists, record labels, or other partners who may want to directly send you news or promotional offers. You will always have the option to change your mind and withdraw your consent at any time.

Learn more about how to manage notifications, your publicly available information, and what you share with others in Section 3 'Your rights and your preferences: Giving you choice and control'of this Policy and on the Privacy Center.

Information we may share

Categories of Recipients	Reason for sharing
Service providers	We work with service providers that work on our behalf which may need access to certain personal data in order to provide their services to us. These companies include those we've hired to provide customer service support, operate the technical infrastructure that we need to provide the Spotify Service, assist in protecting and securing our systems and services, and help market Spotify’s own products and services as well as partner products, services, events, and co-branded promotions in which Spotify is involved.
Payment processors	We will share your personal data with our payment processors as necessary to enable them to process your payments, and for anti-fraud purposes.
Advertising partners	We work with advertising partners to enable us to customize the advertising content you may receive on the Spotify Service. These partners help us deliver more relevant ads and promotional messages to you, which may include interest based advertising (also known as online behavioral advertising), contextual advertising, and generic advertising on the Spotify Service. We and our advertising partners may process certain personal data to help Spotify understand your interests or preferences so that we can deliver advertisements that are more relevant to you.
Spotify partners	Depending on how you sign up for the Spotify Service (e.g. through a third party service or a mobile provider), we share your Spotify username or other User Data as necessary to enable your account. We may also share personal data with that third party about your use of the Spotify Service, such as whether and to what extent you have used the offer, activated a Spotify account, or actively used the Spotify Service. We also may share your personal data in a pseudonymised format with our music industry partners to help them understand how the content they license to us is performing and to enable you to listen to streaming content via the Spotify Service.
Academic researchers	We will share your personal data for activities such as statistical analysis and academic study but only in a pseudonymised format.
Other Spotify group companies	We will share your personal data with other Spotify group companies to carry out our daily business operations and to enable us to maintain and provide the Spotify Service to you.
Law enforcement and data protection authorities	We share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process, such as a search warrant, a court order, or a subpoena. We also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
Purchasers of our business	We will share your personal data in those cases where we sell or negotiate to sell our business to a buyer or prospective buyer. In this situation, Spotify will continue to ensure the confidentiality of your personal data and give you notice before your personal data is transferred to the buyer or becomes subject to a different privacy policy.

7. Data retention and deletion

We keep your personal data only as long as necessary to provide you with the Spotify Service and for legitimate and essential business purposes, such as maintaining the performance of the Spotify Service, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal data for as long as you are a user of the Spotify Service. For example, we keep your playlists, song library, and account information.

If you request, we will delete or anonymise your personal data so that it no longer identifies you, unless we are legally allowed or required to maintain certain personal data, including situations such as the following:

If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved;
Where we need to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or,
Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.

8. Transfer to other countries

Spotify shares your personal data globally with Spotify group companies in order to carry out the activities specified in this Policy. Spotify may also subcontract processing to, or share your personal data with, third parties located in countries other than your country. In order to provide the Spotify Service, your personal data, therefore, may be transferred to a third country and subject to privacy laws that are different from those in your country.

Personal data collected within the European Union and Switzerland may, for example, be transferred to and processed by third parties located in a country outside of the European Union and Switzerland. In such instances Spotify shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.

For further details of the security measures we use to protect your personal data, please see Section 10 'Keeping your personal data safe' of this Policy.

9. Links

We may display advertisements from third parties and other content that links to third-party websites. We cannot control or be held responsible for third parties' privacy practices and content. If you click on a third-party advertisement or link, please understand that you are leaving the Spotify Service and any personal data you provide will not be covered by this Policy. Please read their privacy policies to find out how they collect and process your personal data.

10. Keeping your personal data safe

We are committed to protecting our users' personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.

Your password protects your user account, so we encourage you to use a strong password that is unique to your Spotify account, never share your password with anyone, limit access to your computer and browser, and log out after having used the Spotify Service.

11. Children

With the exception of Spotify Kids, a separate Spotify application available in certain markets, the Spotify Service is not directed to children under the age of 13 years. The Spotify Service is also not offered to children whose age makes it illegal to process their personal data or requires parental consent for the processing of their personal data under the GDPR or other local law.

We do not knowingly collect personal data from children under 13 years or under the applicable age limit (the "Age Limit"). If you are under the Age Limit, please do not use the Spotify Service, and do not provide any personal data to us.

If you are a parent of a child under the Age Limit and become aware that your child has provided personal data to Spotify, please contact us using the 'Contact Us' form on the Privacy Center, and you may request exercise of your applicable rights detailed in Section 3 'Your rights and your preferences: Giving you choice and control' of this Policy.

If we learn that we have collected the personal data of a child under the age of 13 years, we will take reasonable steps to delete the personal data. This may require us to delete the Spotify account for that child.

12. Changes to this Policy

We may occasionally make changes to this Policy.

When we make material changes to this Policy, we'll provide you with prominent notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the Spotify Service or by sending you an email and/or a device notification. We may notify you in advance.

Please, therefore, make sure you read any such notice carefully.

If you want to find out more about this Policy and how Spotify uses your personal data, please visit the Privacy Center on spotify.com to find out more.

13. How to contact us

Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by using the 'Contact Us' form on the Privacy Center, emailing privacy@spotify.com, or by writing to us at the following address:

Spotify AB

Regeringsgatan 19

111 53 Stockholm

Sweden

Spotify AB is the data controller for the purposes of the personal data processed under this Policy.

We hope you enjoy Spotify!