Spotify Privacy Policy

Effective as of 25 May 2018

1 Introduction
2 About this Policy
3 Your rights and your preferences: Giving you choice and control
4 How do we collect your personal data?
5 What personal data do we collect from you?
6 What do we use your personal data for?
7 Sharing your personal data
8 Data retention and deletion
9 Transfer to other countries
10 Links
11 Keeping your data safe
12 Children
13 Changes to this Privacy Policy
14 How to contact us

1. Introduction

Thanks for choosing Spotify!

At Spotify, we want to give you the best possible experience to ensure that you enjoy our service today, tomorrow, and in the future. To do this we need to understand your listening habits so we can deliver an exceptional and personalized service specifically for you. That said, your privacy and the security of your personal data is, and will always be, enormously important to us. So, we want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data.

That is our objective, and this Privacy Policy (“Policy”) will explain exactly what we mean in further detail below.

2. About this Policy

This Policy sets out the essential details relating to your personal data relationship with Spotify AB. The Policy applies to all Spotify services and any associated services (referred to as the ‘Spotify Service’). The terms governing your use of the Spotify Service are defined in our Terms and Conditions of Use (the “Terms and Conditions of Use”).

From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data we will provide you with more information and additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

The aim of this Policy is to:

  1. Ensure that you understand what personal data we collect about you, the reasons why we collect and use it, and who we share it with;
  2. Explain the way we use the personal data that you share with us in order to give you a great experience when you are using the Spotify Service; and
  3. Explain your rights and choices in relation to the personal data we collect and process about you and how we will protect your privacy.

We hope this helps you to understand our privacy commitments to you. For further clarification of the terms used in this Policy please visit our Privacy Center on spotify.com. For information on how to contact us if you ever have any questions or concerns, then please see the ‘How to Contact Us’ section 14 below. Alternatively, if you do not agree with the content of this Policy, then please remember it is your choice whether you want to use the Spotify Service.

3. Your rights and your preferences: Giving you choice and control

You may be aware that a new European Union law, called the General Data Protection Regulation or "GDPR" gives certain rights to individuals in relation to their personal data. Accordingly, we have implemented additional transparency and access controls in our Privacy Center and Privacy Settings to help users take advantage of those rights. As available and except as limited under applicable law, the rights afforded to individuals are:

  • Right of Access - the right to be informed of and request access to the personal data we process about you;
  • Right to Rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
  • Right to Erasure - the right to request that we delete your personal data;
  • Right to Restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data;
  • Right to Object -
    • the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
    • the right to object to your personal data being processed for direct marketing purposes;
  • Right to Data Portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
  • Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

In order to enable you to exercise these rights with ease and to record your preferences in relation to how Spotify uses your personal data, we provide you with access to the following settings via your Account Settings page:

  • Privacy Settings - allows you to control some of the categories of personal data we process about you, enables you to access your personal data via a ‘Download my Data’ button, and includes a link to the Privacy Center on spotify.com where you can find out more information about how Spotify uses your personal data and what your rights are; and,
  • Notification Settings - allows you to choose which communications you receive from Spotify, manage your publicly available personal data, and set your sharing preferences.

The Privacy Center puts you in control of how Spotify processes your personal data. It provides you with information about what happens if you adjust your settings on your Account Settings page and how to opt out of receiving certain messages from Spotify. If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection (“opt-out”) at no cost. The electronic marketing messages you receive from Spotify (e.g. those sent via email) also will also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you).

You can find out more about the GDPR rights described above and the controls we provide to all Spotify users with respect to these rights in the ‘Your Rights’ section contained in the Privacy Center. If you have any questions about your privacy, your rights, or how to exercise them, please contact our Data Protection Officer using the ‘Contact Us’ form on the Privacy Center. We will respond to your request within a reasonable period of time upon verification of your identity. If you are unhappy with the way we are using your personal data you can also contact and are free to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or your local Data Protection Authority.

4. How do we collect your personal data?

We collect your personal data in the following ways:

  1. When you sign up for the Spotify Service - when you sign up to the Spotify Service, we collect certain personal data so you can use the Spotify Service such as your email address, birth date, gender, and country.
  2. Through your use of the Spotify Service - when you use the Spotify Service, we collect personal data about your use of the Spotify Service, such as what songs you have played and what playlists you have created.
  3. Personal data collected that enables us to provide you with additional features/functionality - from time to time, you also may also provide us with additional personal data or give us your permission to collect additional personal data e.g. to provide you with more features or functionality. As described further below (see Voluntary Music Data), we will not collect photos, precise mobile device location, voice data, or contacts from your device without your prior consent. You always will have the option to change your mind and withdraw your consent at any time.
  4. From third parties - we will receive personal data about you and your activity from third parties, including advertisers and partners we work with in order to provide you with the Spotify Service (please see ‘Sharing your personal data’ Section 7 below). We will use this personal data either where you have provided your consent to the third party or to Spotify to that data sharing taking place or where Spotify has a legitimate interest to use the personal data in order to provide you with the Spotify Service.

We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving the Spotify Service, and developing new features and functionality within the Spotify Service.

5.What personal data do we collect from you?

We have set out in the tables below the categories of personal data we collect and use about you:

Personal data collected when you sign up for the Spotify Service

Categories of personal data Description of category
Account Registration Data This is the personal data that is provided by you or collected by us to enable you to sign up for and use the Spotify Service. This includes your email address, birth date, gender, postal code, and country.

Some of the personal data we will ask you to provide is required in order to create your account. You also have the option to provide us with some additional personal data in order to make your account more personalized.

The exact personal data we will collect depends on the type of Spotify Service plan you sign up for and whether or not you use a Third Party Service (as defined in the Terms and Conditions of Use, such as Facebook) to sign up and use the Spotify Service. If you use a Third Party Service to create an account, we will receive personal data via that Third Party Service but only when you have consented to that Third Party Service sharing your personal data with us.

Personal data collected through your use of the Spotify Service

Categories of personal data Description of category
Spotify Service Usage Data This is the personal data that is collected about you when you are using the Spotify Service - this may include:
  • Information about your type of Spotify Service plan.
  • Information about your interactions with the Spotify Service which includes the date and time of any requests you make, songs you have listened to, playlists you create, video content you’ve watched, and your interactions with other Spotify users. This also may also include details of your use of Third Party Applications and advertising you receive.
  • User Content (as defined in the Terms and Conditions of Use) you post to Spotify including messages you send and/or receive via Spotify and your interactions with the Spotify Customer Service team.
  • Technical Data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Spotify Service, unique device IDs, device attributes, network connection type (e.g. WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and Spotify application version. Further details about the technical data that is processed by us can be found in our Cookies Policy.
  • Motion-generated or orientation-generated mobile sensor data (e.g. accelerometer or gyroscope) required for the purposes of providing specific features of the Spotify Service to you.

Personal data collected with your permission that enables us to provide you with additional features/functionality

Categories of personal data Description of category
Voluntary Mobile Data In addition to the mobile data we collect to provide you with the Spotify Service (outlined above), you also have the option to give us your consent to collect additional personal data from your mobile device to provide you with features/functionality that will enhance your Spotify Service experience.

We will not access any of the personal data listed below without first obtaining your consent:
  • Your photos - If you give us permission to access your photos or camera, we will only access images that you specifically choose to share with us and metadata related to those images, such as the type of file and the size of the image. We will never scan or import your photo library or camera roll;
  • Your precise mobile device location - If you give us permission to access your precise location, this enables us to access your GPS or Bluetooth to provide location-aware functionality in the Spotify Service. Please note that this does not include your IP address. We use your IP address to determine non-precise location, for example, what country you are in to comply with our licensing agreements;
  • Your voice data - If you give us permission, this enables us to access the voice commands captured via your device microphone, to enable you to interact with the Spotify Service with your voice. Please note you will always have the ability to turn off the microphone feature; and,
  • Your contacts - If you give us permission to access your contacts, this enables us to access individual contacts stored on your device to help you find friends who use Spotify.
Payment Data We may collect such personal data if you sign up for a Trial or purchase any of our Paid Subscriptions (as defined in the Terms and Conditions of Use) or make other purchases through the Spotify Service. The exact personal data collected will vary depending on the payment method (e.g. direct via your mobile phone carrier or by invoice) but will include information such as:
  • Name;
  • Date of birth;
  • Credit or debit card type, expiration date, and certain digits of your card number;
  • Postal code;
  • Mobile phone number; and
  • Details of your transaction history.
If you choose to pay by invoice, we will provide your personal data to our payment processors to enable them to complete a credit check and to send you invoices.
Contests, Surveys and Sweepstakes Data This personal data is used to allow you to sign up and participate in these types of promotions. The exact personal data collected will vary depending on the promotion.
Marketing Data This personal data is used to enable Spotify and our partners / service providers to send you marketing communications either:
  • Via email;
  • Whilst using the Spotify Service; and/or
  • Direct from the third party.

You can find out more about the personal data collected and the controls you have in relation to the marketing communications you receive via the Privacy Center on www.spotify.com.

6. What do we use your personal data for?

When you use or interact with the Spotify Service, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 5 ‘What personal data do we collect from you?’) used for these purposes:

Description of why Spotify processes your personal data (‘processing purpose’) Legal Basis for the processing purpose Categories of personal data used by Spotify for the processing purpose
To provide, personalize, and improve your experience with the Spotify Service and other services and products provided by Spotify, for example by providing customized, personalized, or localized content, recommendations, features, and advertising on or outside of the Spotify Service (including for third party products and services).
  • Performance of a Contract
  • Legitimate Interest
  • Account Registration Data
  • Service Usage Data
To understand how you access and use the Spotify Service to ensure technical functionality of the Spotify Service, develop new products and services, and analyze your use of the Spotify Service, including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Spotify Service.
  • Performance of a Contract
  • Legitimate Interest
  • Account Registration Data
  • Service Usage Data
To communicate with you for Spotify Service-related purposes.
  • Performance of a Contract
  • Legitimate Interest
  • Account Registration Data
  • Service Usage Data
To process your payment to prevent or detect fraud including fraudulent payments and fraudulent use of the Spotify Service.
  • Performance of a Contract
  • Compliance with legal obligations
  • Legitimate Interest
  • Payment Data
To communicate with you, either directly or through one of our partners, for:
  • marketing,
  • research,
  • participation in contests, surveys and sweepstakes,
  • promotional purposes,
via emails, notifications, or other messages, consistent with any permissions you may have communicated to us (e.g., through your Account Settings page).
  • Consent
  • Legitimate Interest
  • Contests, Surveys and Sweepstakes Data
  • Marketing Data
To provide you with features, information, advertising, or other content which is based on your specific location.
  • Consent
  • Voluntary Mobile Data

If you require further information about the balancing test that Spotify has undertaken to justify its reliance on the legitimate interest legal basis under the GDPR, please see Section 14 ‘How to contact us’ for further details on how to contact us.

7. Sharing your personal data

We have set out the categories of recipients of the personal data collected or generated through your use of the Spotify Service.

Publicly available information

The following personal data will always be publicly available on the Spotify Service: your name and/or username, profile picture, who you follow and who follows you on the Spotify Service, your recently played artists, and your public playlists.

Personal data you may choose to share

The following personal data will only be shared with the categories of recipients outlined in the table below if:

  • you choose to make use of a specific Spotify Service feature where sharing of particular personal data is required for the proper use of the Spotify Service feature; or

  • you grant us your permission to share the personal data, e.g. by selecting the appropriate setting in the Spotify Service.

Categories of Recipients Reason for sharing
Third Party Applications you connect to your Spotify Account If you connect your Spotify account to a Third Party Application, such as, for example, social media, audio, television, or automotive platforms, Spotify may share your Service Usage Data so you can connect to your Spotify account.
Third Party Applications you use to log into Spotify If you log into a Third Party Application using your Spotify account credentials, then that Third Party Application may have access to certain Service Usage Data such as your playlists, saved content and activity.

You will receive a notification before connecting to the Third Party Application to let you know what personal data will be shared / accessible to that Third Party Application.
Support Community When you register for a Spotify Support Account on the Spotify Support Community, we will ask you to create a specific Spotify Support Community username. This will be publicly displayed to anyone who accesses the Spotify Support Community along with any questions or comments you post.
Your Spotify Followers There also may be times when you want us to share certain Service Usage Data, specifically information about your use of Spotify, with other Spotify users known as ‘Your Spotify Followers’.

For example, when you make playlists, you might want those playlists to be visible to others on the Spotify Service, but you can also make your playlists private at any time.
Artists and Record Labels You can ask us to share personal data (like your email address) with artists or record labels, or other partners who may want to directly send you news or promotional offers, but you can also revoke that consent at any time.

Learn more about how to manage notifications, your publicly available information, and what you share with others in the ‘Your rights and your preferences: Giving you choice and control’ Section 3 of this Policy and on the Privacy Center.

Information we may share

Categories of Recipients Reason for sharing
Service Providers and Others We use technical service providers which may operate the technical infrastructure that we need to provide the Spotify Service, in particular providers which host, store, manage, and maintain the Spotify application, its content and the data we process.
We use technical service providers to help us communicate with you, as described in Section 6 of this Policy.
We use marketing and advertising partners to show you more tailored content, or to help us understand your use of the Spotify Service, to provide you with a better service. We also may also share personal data with certain marketing and advertising partners to send you promotional communications about Spotify.
Spotify Partners If you access the Spotify Service through an offer that you received or purchased from a third party such as your mobile network operator, we share personal data with that third party about your use of the Spotify Service, such as whether and to what extent you have used the offer, activated a Spotify account, or actively used the Spotify Service.
Depending on how you sign up for the Spotify Service (e.g. through a third party service or a mobile provider), we share your Spotify username or other Account Registration Data as necessary to enable your account.
We also may also share your personal data in a pseudonymised format with our music industry partners to help them understand how the content they license to us is performing and to enable you to listen to streaming content via the Spotify Service.
We also share your personal data in a pseudonymised format with marketing partners who help us with promotional efforts, and with advertisers that allow us to offer a free service.
Academic Researchers We will share your personal data for activities such as statistical analysis and academic study, but only in a pseudonymised format.
Other Spotify Group Companies We will share your personal data with other Spotify Group companies to carry out our daily business operations and to enable us to maintain and provide the Spotify Service to you.
Law Enforcement and Data Protection Authorities We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process, such as a search warrant, a court order, or a subpoena.

We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
Purchasers of our business We will share your personal data in those cases where we sell or negotiate to sell our business to a buyer or prospective buyer. In this situation, Spotify will continue to ensure the confidentiality of your personal data and give you notice before your personal data is transferred to the buyer or becomes subject to a different Privacy Policy.

8. Data retention and deletion

We keep your personal data only as long as necessary to provide you with the Spotify Service and for legitimate and essential business purposes, such as maintaining the performance of the Spotify Service, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal data for as long as you are a user of the Spotify Service. For example, we keep your playlists, song library, and account information.

If you request, we will delete or anonymise your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data, including situations such as the following:

  • If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved;
  • Where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or,
  • Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.

9. Transfer to other countries

Spotify shares your personal data globally with other companies in the Spotify Group in order to carry out the activities specified in this Policy. This includes to Spotify Group companies in the following countries: Australia, Austria, Belgium, Brazil, Canada, Denmark, Finland, France, Germany, Hong Kong, Italy, Japan, Luxembourg, Mexico, The Netherlands, Poland, Singapore, Spain, Sweden, Switzerland, Taiwan, Turkey, United Kingdom and the United States of America. Spotify may also subcontract processing to, or share your personal data with, third parties located in countries other than your home country. Your personal data, therefore, may therefore be subject to privacy laws that are different from those in your country of residence.

Personal data collected within the European Union and Switzerland may, for example, be transferred to and processed by third parties located in a country outside of the European Union and Switzerland. In such instances Spotify shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.

For further details of the security measures we use to protect your personal data, please see the ‘Keeping your personal data safe’ section 11 of this Policy.

10. Links

We may display advertisements from third parties and other content that links to third-party websites. We cannot control or be held responsible for third parties’ privacy practices and content. If you click on a third-party advertisement or link, please understand that you are leaving the Spotify Service and any personal data you provide will not be covered by this Policy. Please read their privacy policies to find out how they collect and process your personal data.

11. Keeping your personal data safe

We are committed to protecting our users’ personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.

Your password protects your user account, so we encourage you to use a unique and strong password, limit access to your computer and browser, and log out after having used the Spotify Service.

12. Children

The Spotify Service is not directed to children under the age of 13 years. However, in some countries, stricter age limits may apply under local law. Please see our Terms and Conditions of Use for further details.

We do not knowingly collect personal data from children under 13 years or under the applicable age limit (the “Age Limit”). If you are under the Age Limit, please do not use the Spotify Service, and do not provide any personal data to us.

If you are a parent of a child under the Age Limit and become aware that your child has provided personal data to Spotify, please contact us using the ‘Contact Us’ form on the Privacy Center, and you may request exercise of your applicable rights detailed in the ‘Your rights and your preferences: Giving you choice and control’ Section 3 of this Policy.

If we learn that we have collected the personal data of a child under the age of 13 years, we will take reasonable steps to delete the personal data. This may require us to delete the Spotify account for that child.

13. Changes to this Privacy Policy

We may occasionally make changes to this Policy.

When we make material changes to this Policy, we’ll provide you with prominent notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the Spotify Service or by sending you an email. We may notify you in advance.

Please, therefore, make sure you read any such notice carefully.

If you want to find out more about this Policy and how Spotify uses your personal data, please visit the Privacy Center on www.spotify.com to find out more.

14. How to contact us

Thank you for reading our Privacy Policy. If you have any questions about this Policy, please contact our Data Protection Officer by using the ‘Contact Us’ form on the Privacy Center or by writing to us at the following address:

Spotify AB
Regeringsgatan 19
Stockholm
111 53
Sweden

Spotify AB is the data controller for the purposes of the personal data processed under this Policy.

We hope you enjoy Spotify!
© Spotify AB.