Effective as of March 8, 2023
- About This Policy
- Your rights and your preferences: Giving you choice and control
- Personal data we collect about you
- Our purpose for using your personal data
- Sharing your personal data
- Data retention and deletion
- Transfer to other countries
- Keeping your personal data safe
- Changes to this Policy
- How to contact us
"Any reference in this Policy to “Anchor” or the “Anchor Service” is a reference to the hosted experience of Spotify for Podcasters"
1. About This Policy
This Policy describes how we process your data when you use Anchor, a service provided by Spotify.
It applies to your use of Anchor ("Anchor" or "Anchor Service") and any recordings, audio, transcript, or other material that is made available through Anchor. References to "Spotify", "we", "us", or "our" are to the legal entity indicated at Section 11 "How to contact us" of this Policy below.
From time to time, we may develop new or offer additional services. They'll also be subject to this Policy, unless stated otherwise when we introduce them.
This Policy is not...
- the Anchor Terms of Service. That's a separate document, outlining the legal contract between you and Spotify for using the Anchor Service. It also describes the rules of the Anchor Service and your user rights.
2. Your rights and your preferences: Giving you choice and control
Privacy laws, including the General Data Protection Regulation ("GDPR"), give rights to individuals over their personal data.
See your rights and their descriptions in this table.
|It's your right to...|
|Access||Be informed of the personal data we process about you and to request access to it|
|Rectification||Request that we amend or update your personal data where it’s inaccurate or incomplete|
|Erasure||Request that we delete certain of your personal data|
|Restriction||Request that we temporarily or permanently stop processing all or some of your personal data|
Object to us processing your personal data at any time, on grounds relating to your particular situation
Object to your personal data being processed for direct marketing purposes
|Data portability||Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service|
|Not be subject to automated decision-making||Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect|
If you would like to exercise any of these rights, you can contact us at email@example.com. If you would like to change your push notification preferences, you can use the notification settings on your mobile device. Email marketing messages also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send you).
You also have the right to contact the Swedish Authority for Privacy Protection or your local data protection authority about any questions or concerns.
If you are a resident of the state of California, after January 1,2020, please see our supplemental policy "Additional California Privacy Disclosures" which will discuss additional privacy rights you may have under applicable law regarding the processing of your personal data.
3. Personal data we collect about you
These tables set out the categories of personal data we collect and use.
|Collected when you sign up for the Anchor Service or when you update your account|
Personal data that we need to create your Anchor account and enables you to use the Anchor Service. The type of data collected depends on if you use third party services to sign in. This may include:
We receive some of this data from you, e.g. from the sign up form or account page. We also collect some of this data from your device e.g. country. For more information about how we collect country, see "Your general (non-precise) location".
You also have the option to provide us other information about yourself, such as:
|Collected through your use of the Anchor Service|
Personal data collected about you when you’re accessing and/or using the Anchor Service. There are a few types of information this includes, detailed in the following sections.
Information about how you use Anchor
Your technical data
Your general (non-precise) location
This may be understood from technical data (e.g. your IP address, language setting of your device, or payment currency).
|Additional data you may choose to give us|
|Payment and Purchase Data|
If you are a listener and choose to support a creator, we collect your name and email address. Our payment processor collects your payment information.
If you are a creator, monetizing your content on the Anchor Service, we will collect and process personal data for the purposes of providing you payouts and administrating your tax reports.
This may include:
Our payment partner also collects your bank account information.
|Contest, Surveys, and Sweepstakes Data||When you complete any forms, respond to a survey or questionnaire, or take part in a contest or sweepstakes, we collect the personal data you provide.|
|Collected from other ('third party') sources|
|Authentication partners||If you register for or log into the Anchor Service, using another service, we’ll receive your information from them to help create your account with us.|
|Third party applications and services you connect to your Anchor account|
If you connect your Anchor account to a third party application and/or service, we may collect certain information from them to make the integration possible.
We’ll ask for your permission before we collect your information from certain third parties.
|Technical service partners||We work with technical service partners that give us certain data, such as mapping IP addresses to non-precise location data (e.g. city, state).|
4. Our purpose for using your personal data
The table below sets out:
- our purpose of processing your personal data
- our legal justifications (each called a "legal basis") under data protection law, for each purpose
- categories of personal data which we use for each purpose (see more about these categories in Section 3 'Personal data we collect about you').
Here is a general explanation of each "legal basis" to help you understand the table:
- Performance of a Contract: When it’s necessary for Spotify (or a third party) to process your personal data to:
- or verify information before a new contract with you begins.
- Legitimate Interest: When Spotify (or a third party) has an interest in using your personal data in a certain way, which is necessary and justified considering any possible risks to you and other Anchor users. For example, using your Usage Data to improve the Anchor Service for all users. Contact us if you want to understand a specific justification.
- Consent: When Spotify asks you to actively indicate your agreement to its use of your personal data for a certain purpose(s).
- Compliance with Legal Obligations: When Spotify must process your personal data to comply with a law.
|Purpose for processing your data||Legal Basis||Categories of personal data used for the purpose|
To provide the Anchor Service in accordance with the contract with you.
For example, when we use your personal data to:
|Performance of a Contract|
To provide further parts of the Anchor Service.
For example, when we use your personal data to enable additional features.
Our legitimate interests here include:
|To diagnose, troubleshoot, and fix issues with the Anchor Service.||Performance of a Contract|
To evaluate and develop new features, technologies, and improvements to the Anchor Service.
For example, we analyse how our users react to a particular new feature and see whether we should make any changes.
Our legitimate interests here include developing and improving products and features for our users.
For marketing or advertising where the law requires us to collect your consent.
|For other marketing, promotion and advertising purposes where the law does not require consent.|
Our legitimate interests here include marketing and promoting the Anchor Service.
To comply with legal obligations that we are subject to.
This might be:
For example, when we use your date of birth when required for age verification purposes.
|Compliance with legal obligations|
|To comply with a request from law enforcement, courts, or other competent authorities.|
Compliance with legal obligations, and legitimate interest
Our legitimate interests here include assisting law enforcement authorities to prevent or detect serious crime.
|To fulfill contractual obligations with third parties.|
Our legitimate interests here include maintaining our relationships with other third parties so we can provide the Anchor Service.
|To take appropriate action with reports of intellectual property infringement and inappropriate content.|
Our legitimate interests here include protecting intellectual property and original content.
To establish, exercise, or defend legal claims.
For example, if we are involved in litigation and we need to provide information to our lawyers in relation to that legal case.
Our legitimate interests here include:
To conduct business planning, reporting, and forecasting.
For example, when we look at aggregated user data, like the number of new sign ups in a country, in order to plan new locations to launch our products and features in.
Our legitimate interests here include researching and planning so that we can keep running our business successfully.
|To process and administer payments.||Performance of a Contract, and consent|
To keep the Anchor Service secure and to detect and prevent fraud.
For example, when we analyse Usage Data to check for fraudulent use of the Spotify Service.
Our legitimate interests here include protecting the Anchor Service and our users against fraud and other illegal activity.
To conduct research, and surveys.
For example, when we contact our users to ask for your feedback.
Our legitimate interests here include to understand more about how users think about and use the Anchor Service.
6. Data retention and deletion
We keep your personal data only as long as necessary to provide you with the Anchor Service and for legitimate and essential business purposes, such as
- maintaining the performance of the Anchor Service
- making data-driven business decisions about new features and offering
- complying with our legal obligations
- resolving disputes.
If you close or request that we close your account, we’ll delete or anonymise your personal data so it no longer identifies you, unless we’re required to keep something or we still need to use it for a legally justifiable reason.
Here are some examples of situations where we’re legally allowed or required to keep some of your personal data:
- if there’s an unresolved issue relation to your account, such as an outstanding credit or unresolved claim or dispute
- for our legal, tax, audit and accounting obligations
- for our legitimate business interests such as fraud prevention or to maintain security
7. Transfer to other countries
When carrying out the activities described in this Policy, Spotify shares your personal data internationally with other Spotify group companies, subcontractors and partners. They may process your personal data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.
Whenever we transfer personal data internationally, we use tools to:
- make sure the data transfer complies with applicable law
- help to give your data the same level of protection as it has in the EU
We do this using a variety of protections, as appropriate for each data transfer. For example, we use:
- Standard Contractual Clauses (or an alternative legal tool) to require the third party to protect your data and to provide you with EU-level rights and protections
- technical protections, such as encryption and pseudonymisation
- policies and processes to challenge disproportionate or unlawful government authority requests
You can exercise your rights under the Standard Contractual Clauses by contacting us or the third party who processes your personal data.
8. Keeping your personal data safe
We are committed to protecting our users’ personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data. However, be aware that no system is ever completely secure.
We have implemented various safeguards including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
To protect your user account, we encourage you to:
- use a strong password that is unique to your Anchor account
- never share your password with anyone
- limit access to your computer or browser
- log out once you have finished using the Anchor Service on a shared device
The Anchor Service has a minimum “Age Limit” in each country. The Anchor Service is not directed to children whose age:
- is under the age of 13 years
- or, makes it illegal to process their personal data
- or, requires parental consent to process their personal data
We do not knowingly collect personal data from children under the applicable Age Limit. If you’re under the Age Limit, please do not use the Anchor Service, and do not provide any personal data to us.
If you’re a parent of a child under the Age Limit and become aware that your child has provided personal data to Spotify via the Anchor Service, please contact us.
If we learn that we’ve collected the personal data of a child under the applicable Age Limit, we’ll take reasonable steps to delete the personal data. This may require us to delete the Anchor account for that child.
10. Changes to this Policy
We may occasionally make changes to this Policy.
When we make material changes to this Policy, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Anchor Service or send you an email or device notification.
11. How to contact us
For any questions or concerns about this Policy, please contact our Data Protection Officer by emailing firstname.lastname@example.org or by writing to your relevant data controller at the address below.
Data controller if you reside in the US:
Data controller if you reside in any other country than the US: