GDPR Article 15 Information

Your privacy and the security of your personal data is, and will always be, enormously important to us. Below you will find the information Spotify is required to provide about its processing of your data, under Article 15 of the GDPR.

Confirmation as to whether or not personal data about you is being processed

If you use the Spotify service, we process your personal data as outlined below and further detailed in our Privacy Policy.

Categories, purpose of the processing, relevant recipients and source of collection of personal data

Below you will find information regarding which categories of personal data we process about you, the related purposes of the processing, the recipients to whom the personal data may be disclosed and, where the personal data are not collected from you, information as to their source.

 Data you provide to us, typically when you register for a Spotify account.


Purpose of the processing
Recipients or categories of recipients* Recipients of pseudonymised personal data*** Source (if not collected from you directly)

To provide, personalize, and improve your experience with the Spotify Service and other services and products provided by Spotify, for example by providing customized, personalized, or localized content, recommendations, features, and advertising on or outside of the Spotify Service (including for third party products and services).

To understand how you access and use the Spotify Service to ensure technical functionality of the Spotify Service, develop new products and services, and analyze your use of the Spotify Service, including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Spotify Service.

To diagnose and fix issues with the Spotify Service.

To communicate with you (i) for service-related purposes; and (ii) either directly or through one of our partners, for: marketing, research, participation in contests, surveys and sweepstakes, promotional purposes, via emails, notifications, or other messages, consistent with any permissions you may have communicated to us (e.g. through your Account Settings page).

To prevent or detect fraud including fraudulent payments and fraudulent use of the Spotify Service.

Other Spotify Group companies in daily business operations.

Applications you choose to connect to your account or use to log into Spotify (Third Party Applications)

Users of the Support Community if you publicly post comments, questions or advice in the Support Community (Spotify Support Community)

Where you have given us permission, artists and record labels to send you news and promotional offers (Artists and Record Labels)

Service providers that operate the technical infrastructure we use to provide the Spotify Service to you (Service Providers and Others)

Your mobile network operator or other service provider if you have received the Spotify Service through them (Spotify Partners)

Legal authorities in those instances where we in good faith believe it is necessary for us to disclose information in order to comply with a legal obligation, or respond to valid legal process, such as a search warrant, a court order, or a subpoena (Law Enforcement and Data Protection Authorities)

Where needed in connection with a company acquisition or merger, with appropriate prior notice to you (Purchasers of our business)

Academic researchers for activities such as statistical analysis and academic study (Academic Researchers

Music industry partners to help them understand how the content they license to us is performing and to enable you to listen to streaming content via the Spotify Service (Spotify Partners)

Marketing partners to help us with promotional efforts and advertisers that allow us to offer a free service (Spotify Partners)

If you use a Third Party Service, such as Facebook, to create an account, we will receive personal data via that Third Party Service but only when you have consented to that Third Party Service sharing your personal data with us*

Referred to as Streaming History, Playlists, Library, Search Queries, and Follow in “download your data". This also includes technical log files about your interactions with Spotify services.

Purpose of the processing Recipients or categories of recipients* Recipients of pseudonymised personal data*** Source (if not collected from you directly)

To provide, personalize, and improve your experience with the Spotify Service and other services and products provided by Spotify, for example by providing customized, personalized, or localized content, recommendations, features, and advertising on or outside of the Spotify Service (including for third party products and services).


To understand how you access and use the Spotify Service to ensure technical functionality of the Spotify Service, develop new products and services, and analyze your use of the Spotify Service, including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Spotify Service.


To diagnose and fix issues with the Spotify Service.


To prevent or detect fraud including fraudulent payments and fraudulent use of the Spotify Service.

Other Spotify Group companies in daily business operations
 

Applications you choose to connect to your account or use to log into Spotify (Third Party Applications)
 

Users of the Support Community if you publicly post comments, questions or advice in the Support Community (Spotify Support Community)
 

Service providers that operate the technical infrastructure we use to provide the Spotify Service to you (Service Providers and Others)

Academic researchers for activities such as statistical analysis and academic study (Academic Researchers
 

Music industry partners to help them understand how the content they license to us is performing and to enable you to listen to streaming content via the Spotify Service (Spotify Partners)
 

Marketing partners to help us with promotional efforts and advertisers that allow us to offer a free service (Spotify Partners)

We may receive personal data via Third Party Applications and advertising you receive.

Data needed to process any payments you make and administer any subscriptions you have. 

Purpose of the processing Recipients or categories of recipients* Recipients of pseudonymised personal data*** Source (if not collected from you directly)

To process your payment. 


To prevent or detect fraud including fraudulent payments and fraudulent use of the Spotify Service.

Other Spotify Group companies in daily business operations
 

Service providers that operate the technical infrastructure we use to provide the Spotify Service to you (Service Providers and Others)
 

Your mobile network operator or other service provider if you have received the Spotify Service through them (Spotify Partners)
 

Legal authorities in those instances where we in good faith believe it is necessary for us to disclose information in order to comply with a legal obligation, or respond to valid legal process, such as a search warrant, a court order, or a subpoena (Law Enforcement and Data Protection Authorities)
 

Where needed in connection with a company acquisition or merger, with appropriate prior notice to you (Purchasers of our business)

N/A If you choose to pay by invoice, we may receive data from our payment processors to enable them to complete a credit check and for us to be able to send you invoices.

Data which allows Spotify and partners to send you marketing communications. 

Purpose of the processing Recipients or categories of recipients* Recipients of pseudonymised personal data*** Source (if not collected from you directly)

To provide, personalize, and improve your experience with the Spotify Service and other services and products provided by Spotify, for example by providing customized, personalized, or localized content, recommendations, features, and advertising on or outside of the Spotify Service (including for third party products and services).


To communicate with you, either directly or through one of our partners, for: marketing, research, participation in contests, surveys and sweepstakes, promotional purposes, via emails, notifications, or other messages, consistent with any permissions you may have communicated to us (e.g. through your Account Settings page)

Other Spotify Group companies in daily business operations
 

Applications you choose to connect to your account or use to log into Spotify (Third Party Applications)
 

Where you have given us permission, artists and record labels (Artists and Record Labels) to send you news and promotional offers

Service providers that operate the technical infrastructure we use to provide the Spotify Service to you (Service Providers and Others)

Academic researchers for activities such as statistical analysis and academic study (Academic Researchers

Music industry partners to help them understand how the content they license to us is performing and to enable you to listen to streaming content via the Spotify Service (Spotify Partners)
 

Marketing partners to help us with promotional efforts and advertisers that allow us to offer a free service (Spotify Partners)

We may receive personal data via Third Party Applications and advertising you receive. 

Data which enables you to participate in contests, sweepstakes and surveys.

Purpose of the processing Recipients or categories of recipients* Recipients of pseudonymised personal data*** Source (if not collected from you directly)

To communicate with you, either directly or through one of our partners, for: marketing, research, participation in contests, surveys and sweepstakes, promotional purposes, via emails, notifications, or other messages, consistent with any permissions you may have communicated to us (e.g. through your Account Settings page).

To understand how you access and use the Spotify Service to ensure technical functionality of the Spotify Service, develop new products and services, and analyze your use of the Spotify Service, including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Spotify Service.

Other Spotify Group companies in daily business operations

Applications you choose to connect to your account or use to log into Spotify (Third Party Applications)

Where you have given us permission, artists and record labels  (Artists and Record Labels), or other promotional partners, to send you news and promotional offers (Artists and Record Labels)

Service providers that operate the technical infrastructure we use to provide the Spotify Service to you (Service Providers and Others)

N/A We may receive personal data via Third Party Applications and advertising you receive depending on the promotion. 

Data from your mobile device enabling Spotify to provide additional features and functionality to enhance your Spotify experience (Voluntary Mobile Data). Spotify will not access your photos, precise mobile device location, voice data or contacts unless we first obtain your consent.

Purpose of the processing Recipients or categories of recipients* Recipients of pseudonymised personal data*** Source (if not collected from you directly)
To provide you with features, information, advertising, or other content which is based on your specific Voluntary Mobile Data

Other Spotify Group companies in daily business operations

Applications you choose to connect to your account or use to log into Spotify (Third Party Applications)

Service providers that operate the technical infrastructure we use to provide the Spotify Service to you (Service Providers and Others)

Your mobile network operator or other service provider if you have received the Spotify Service through them (Spotify Partners)

Academic researchers for activities such as statistical analysis and academic study (Academic Researchers

Music industry partners to help them understand how the content they license to us is performing and to enable you to listen to streaming content via the Spotify Service (Spotify Partners)

Marketing partners to help us with promotional efforts and advertisers that allow us to offer a free service (Spotify Partners)

N/A

 * Please note that certain personal data you share on the Spotify Service is publicly available to users and non-users, including your username, profile picture, who you follow and who follows you, your recently played artists, and your public playlists. Please see Section 7 of our Privacy Policy for further detail.

** These types of personal data  may be processed depending on your Spotify settings and device settings, and whether you actively participate in e.g. contests or surveys.

*** 'Pseudonymized format' means that we provide information in a way that cannot be attributed to specific Spotify users without the use of additional information that we do not provide to the other party.

International transfers

As described above, Spotify may share personal data globally with other companies in the Spotify Group, our service providers and partners, etc. When personal data is transferred from the European Economic Area (EEA), we ensure that the transfer is carried out in accordance with applicable data protection and privacy laws and that technical and organizational measures and, in particular, appropriate safeguards are in place, such as the Standard Contractual Clauses approved by the EU Commission. Please see Section 9 of our Privacy Policy for a list of countries to which such transfers may be carried out.

Criteria for the retention of personal data

We keep your personal data only as long as necessary to provide you with the Spotify Service and for legitimate and essential business purposes, such as maintaining the performance of the Spotify Service, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. Criteria used to determine the retention periods include:

  • Default retention periods are set to encourage data minimization.
    Our internal systems are set up to age out personal data in a short period of time by default (90 days), unless a longer period is affirmatively selected based on a legitimate business reason.
  • Do we need to retain data to ensure the service that customers expect? 
    Personal data is retained for an appropriate period to deliver a personalized service to our customers over time.  We typically keep streaming history for the life of an account, for example, to provide retrospective playlists that customers enjoy -- such as Your Summer Rewind and the end-of-year Wrapped campaign -- as well as personalized recommendations based on current listening habits.
  • Are customers able to update or delete the data themselves? 
    Where customers are able to see and update the personal data themselves, we keep the information for as long as the customer chooses.  For example, your Spotify email address and other profile information will be retained until you choose to change it yourself.
  • Is Spotify subject to a legal or contractual obligation to keep or delete the data? 
    Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation or data retained for the purposes of litigation. Conversely, if we are required by law to remove unlawful content, we will do so.

Your rights

According to the General Data Protection Regulation you are granted certain rights in relation to the processing of your personal data. As available and except as limited under applicable law, the rights afforded to you are:

  • Right to request access to the personal data that we process about you,
  • Right to rectification or completion of inaccurate or incomplete personal data about you, 
  • Right to erasure of personal data about you, 
  • Right to restriction of processing of personal data about you, 
  • Right to object to us processing your personal data on grounds relating to your particular situation (e.g. if the processing is based on our legitimate interest) and/or to object to your personal data being processed for direct marketing purposes, and
  • Right to data portability i.e. the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service. 

If you have concerns around our processing of your personal data in our service, we hope you will continue to work with us to resolve them. However, you also have a right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) or your local Data Protection Authority.

You can find out more about your rights described above and the controls we provide to all Spotify users with respect to these rights in the Your Rights section contained in the Privacy Center. If you have any questions about your privacy, your rights, or how to exercise them, please see Section 3 of our Privacy Policy or contact our Data Protection Officer using the Contact Us form on the Privacy Center.

Automated Decision Making

You have a right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect. However, Spotify does not carry out any of this type of automated decision making in the Spotify Service.  

Obtaining a copy of your personal data

If you have not already requested your personal data and are interested in receiving that information you can get a ZIP file with a copy of most of your personal data by using the automated Download your data function on the Privacy Settings section of your account page. The download will include information about your playlists, streaming history and searches, a list of items saved in your library, the number of followers you have, the number and names of the other users and artists you follow, and your payment and subscription data. For more detailed information about what is included in each file of your download, please see Understanding My Data.

If you have requested a copy of your personal data either via our Download your data functionality or through our support team, you should have received an email letting you know that the data is ready for download or will receive one shortly. 

If you would also like to receive the technical log information we collect to provide and troubleshoot the Spotify service, extended streaming history, or have a special data request, please contact our Customer Service or email us at privacy@spotify.com to clarify your request. 

Please visit our Privacy Center for additional information about personal data processing in the Spotify Service and how to manage your choices.  


 

Last updated: 17 September, 2019