Spotify Ad Analytics Privacy Policy
Last Updated and Effective Date: June 13, 2023
Spotify Ad Analytics is a service offered by Spotify ("we," or "us"). We are committed to treating the personal data we process with respect and sensitivity. We want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data. This Privacy Policy ("Policy") aims to explain what we mean in further detail below.
1. About this Policy
This Policy sets out the essential details relating to our collection, use, and disclosure of personal data as you use the Spotify Ad Analytics platform (the "Platform"), and any other products and services that link to this Policy (collectively, the "Services").
In this policy we describe our personal data processing activities for the following types of data subjects:
- Individuals at brands and content publishers who use the Platform to use our analytics services ("Platform Users").
- Consumers who visit a brands' website where the brand has deployed the Spotify Ad Analytics Pixel ("Brand Consumers").
From time to time, we may develop new or offer additional services. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.
This policy is not...
- the Spotify Ad Analytics Terms of Service, which is a separate document. The Terms of Service outline the legal contract between you and Spotify for using the Spotify Ad Analytics Platform.
- About your use of other services offered by Spotify Ad Analytics affiliates which have their own privacy policy, such as the Spotify service, Spotify for Podcasters, and Megaphone.
2. Your Personal Data Rights and Controls
Rights
As provided by applicable privacy laws, you may have certain rights as individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are detailed in the table below:
| It's your right to... | |
|---|---|
| Be informed | Be informed of the personal data we process about you and how we process it. |
| Access | Request access to the personal data we process about you. |
| Rectification | Request that we amend or update your personal data where it’s inaccurate or incomplete. |
| Erasure | Request that we erase certain personal data about you. For example, you can ask us to erase personal data:
There are situations where we are unable to delete your data, for example when:
|
| Restriction | Request that we stop processing all or some of your personal data. You can do this if:
You can request that we stop this processing temporarily or permanently. |
| Object | Object to us processing your personal data. You can do this if Spotify is processing your personal data on the legal basis of legitimate interests |
| Data portability | Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service. You can request us to transmit your data when we are processing your personal data on the legal basis of consent or performance of contract. However Spotify will try to honour any request to the extent possible. |
| Not be subject to automated decision making | Request a manual review of a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect. We currently do not use automated decision-making. |
| Withdrawal of consent | Withdraw your consent to us collecting or using your personal data. You can do this if Spotify is processing your personal data on the legal basis of consent. |
| Right to lodge a complaint | Contact your local data protection authority about any questions or concerns. |
You can request to access, remove or update the personal data that you have provided to us in your application by contacting us at privacy-adanalytics@spotify.com, or the address below.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). We may decline requests to exercise these rights where we are unable to authenticate you as the person to whom the data relates. We will not discriminate against you for exercising any of your rights.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
If your request is denied you may have the right to appeal the denial in accordance with the instructions provided to you when the denial was made.
No Sales or Sensitive Data
We do not sell personal data and have taken substantial steps to identify and remediate any data sharing arrangements that could constitute us "selling" to third parties under the CCPA following our acquisition by Spotify.
We also do not process any data that is sensitive or special category data as defined by applicable law.
Questions
If you have any questions about your privacy, your rights or how to exercise them, please see the "How to contact us" section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. You can also contact and have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) or your local Data Protection Authority.
3. Personal Data We Collect About You
If you are a Platform User, the following tables below describe the categories of personal data we collect about you and how we collect it.
| Categories of Personal Data | Categories under CCPA | Description of Category |
|---|---|---|
| Account Data | Identifiers | Personal data that you provide us that we need to create and identify Platform User accounts, including name and email. |
| Usage Data | Internet or other electronic network activity information | Personal data collected and processed about you when you’re accessing or using the Platform. Examples include: browsing history, interactions such as clicks, information about devices you use to access the Platform. |
If you are a Brand Consumer, the following tables below describe the categories of personal data we collect about you and how we collect it.
| Categories of Personal Data | Categories under CCPA | Description of Category |
|---|---|---|
| Pixel Data | Internet or other electronic network activity information | Personal data that we collect when Brand Consumers visit a brand’s website that has an active Spotify Ad Analytics pixel. Personal data can also be collected when a Brand Consumer uses a brand’s mobile app. Such data is collected via the brand’s third party mobile attribution partner. |
| Audience Insights Data | Inferences | We receive data from third party data enrichment partners only to provide aggregated audience insights in our platform. |
4. Purposes of Processing
We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 3) used for these purposes:
| Purpose for processing your data | Legal basis that permits the purpose | Categories of personal data used for the purpose |
|---|---|---|
| Purpose for processing your data | Legal basis that permits the purpose | Categories of personal data used for the purpose |
| To provide and personalize the Services. |
|
|
| To understand, diagnose, troubleshoot, and fix issues with the Service. |
|
|
| To evaluate and develop new features, technologies, and improvements to the Services and our affiliates’ products and services. |
|
|
| To comply with a legal obligation that we are subject to. This might be:
|
|
|
| To comply with a request from law enforcement. This will only apply when a competent law enforcement authority contacts us. These include the police, the courts or prisons. |
|
|
| To establish, exercise, or defend legal claims. |
|
|
| To conduct business planning, reporting, and forecasting. |
|
|
5. Sharing of Information
With respect to personal data we are controllers of, we may share or disclose the data under the following circumstances, or as otherwise described in this Policy:
- Within the Spotify group of companies. We may share your personal data with Spotify affiliates to carry out our daily business operations and to enable us to maintain and provide the Services and our affiliates' products and services.
- Service Providers. We may share your information with our agents and service providers that perform certain functions or services on our behalf, such as to host our Services, manage databases, or send communications for us. We have direct relationships with certain advertising, marketing and analytics services (including some of our measurement partners) who also are our service providers that help us collect and analyze personal data.
- In connection with a transfer of assets. If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your personal data to one or more third parties as part of that transaction;
- To comply with legal requirements. We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to a valid legal process, such as a search warrant, a court order, or a subpoena. We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party's legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
- Other parties with your consent. We may share information about you with third parties when you consent to such sharing.
6. Opt-Outs.
Promotional Communications. If you are a subscriber to our email newsletter, you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
7. Data Security
We are committed to protecting the personal data in our systems. We implement appropriate technical and organizational measures to help protect the security of personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorized access and unnecessary retention of personal data in our systems.
If you are a Platform User and have an account with us, you are responsible for maintaining the confidentiality of your account password and for any access to or use of your account using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security.
8. Data Retention and Deletion
We keep your personal data only as long as necessary to provide you with the Spotify Service and for Spotify's legitimate and essential business purposes, such as:
- maintaining the performance of the Spotify Service
- making data-driven business decisions about new features and offerings
- complying with our legal obligations
- resolving disputes
When determining the retention period, we take into account various criteria, such as the type of information, the nature and length of our relationship with you, the impact on such relationship if data is deleted, mandatory retention periods provided by law or statute of limitations.
9. International Transfers
Because of the global nature of our business, we share personal data internationally with Spotify group companies, subcontractors and partners when carrying out the activities described in this Policy. They may process your data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.
Whenever we transfer personal data internationally, we use tools to:
- make sure the data transfer complies with applicable law
- help to give your data the same level of protection as it has in the EU and the laws which apply where you live
10. Changes to this Policy
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
11. Contact Us
Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing privacy-adanalytics@spotify.com or by writing to your relevant data controller at the address below.
If you reside within the U.S., the Spotify data controller can be reached at:
Spotify USA Inc.
150 Greenwich St.
New York, NY 10007
USA
If you reside outside the U.S., the Spotify data controller can be reached at:
Spotify AB
Regeringsgatan 19
111 53 Stockholm
Sweden