California Notice at Collection
Last Updated: 15 August 2024
This Notice at Collection ('Notice') is required by the California Consumer Privacy Act (CCPA) and should be read together with our Privacy Policy.
Contents
- Categories of personal data collected
- Purpose for which the categories are collected and used
- Personal data that we 'share' for tailored advertising
- Data Retention
- Changes to this Notice
- Contact us
Categories of personal data collected
The CCPA requires that we use certain category names to describe the data types we process and describe in our Privacy Policy. The table below shows the categories of personal data we collect using the CCPA’s required category names as well as the corresponding data type described in our Privacy Policy. Please refer to Section 3 of our Privacy Policy for additional details on what data type is collected and the manner in which they are collected.
|
Categories names under CCPA
|
Data type described in our Privacy Policy
|
|---|---|
|
Identifiers (such as your profile name, email address, device identifier or IP address)
|
User Data
Usage Data
Survey and Research Data
|
|
Characteristics of protected classifications under California or federal law (i.e., your age and gender)
|
User Data
|
|
Internet or other electronic network activity information (such as information from cookies and your interactions with the Spotify Service)
|
Usage Data
|
|
Geolocation data (i.e., the street address you provide to us in your account settings and/or your non-precise location as derived from your IP address)
|
Usage Data
Street Address Data
|
|
Commercial information (i.e., your payment and purchase information)
|
Payment and Purchase Data
|
|
Inferences (meaning your interest and preferences based on your usage of the Spotify Service and data obtained from our advertising partners)
|
Usage Data
|
|
Other information you share
|
Survey and Research Data
|
Please note that Spotify avoids processing sensitive personal data in the Spotify Service.
Purpose for which personal data is collected and used
We use the personal data we collect from you:
- To provide the Spotify Service;
- To diagnose, troubleshoot, and fix issues with the Spotify Service;
- To evaluate and develop new features, technologies, and improvements to the Spotify Service;
- For marketing or advertising;
- To comply with a legal obligation that we are subject to;
- To comply with a request from law enforcement, courts, or other competent authorities.
- To fulfill contractual obligations with third parties;
- To take appropriate action with reports of intellectual property infringement and inappropriate content;
- To establish, exercise, or defend legal claims;
- To conduct business planning, reporting, and forecasting;
- To process your payment;
- To keep the Spotify Service secure and to detect and prevent fraud;
- To conduct research and surveys;
Please see Section 4 of our Privacy Policy for a breakdown of the purpose for which each data type is used.
Personal data that we 'share' for tailored advertising
The CCPA defines “share” to mean disclosing a consumer’s personal data for cross-context behavioral advertising, also known as tailored advertising. Tailored advertising is when we use information about your use of the Spotify Service and other websites and mobile apps to tailor ads to be more relevant to you.
The below categories of personal data are “shared” with advertising and marketing partners:
- Identifiers (such as your name, profile name, email address, device identifier or IP address)
- Commercial information (such as your payment currency)
- Internet and electronic network activity information (such as information from cookies and your interactions with Spotify)
- Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)
- Geolocation data (i.e.,your non-precise location as derived from your IP address).
You have the right to opt out of having your personal data 'shared' for tailored advertising. How to control tailored advertising:
- You can control tailored advertising in your account Privacy Settings under ‘Tailored Ads’.
- If you do not have an account or are not logged in, you can also opt-out by clicking the 'Your Privacy Choices' link at the footer of our website.
- You can also control tailored advertising for some podcasts using the link in the episode’s show description. This applies where the content provider inserts advertising into the podcast to fund it. The hosting provider, which might not be Spotify, manages these controls for the podcast.
- You can also visit our services via a browser with a recognized opt-out preference signal enabled, such as the Global Privacy Control (GPC). If you use a preference signal you may need to renew your preferences if you visit the Spotify Service with another device or browser, or if you clear your cookies.
Note that we do serve tailored advertising to consumers under the age of 18 (and therefore do not ‘share’ their personal data) without their consent.
Data retention
We retain personal information only as long as necessary to provide you with the Spotify Service and for Spotify’s legitimate and essential business purposes. Please see Section 6 of our Privacy Policy, which describes categories of our retention periods and the criteria we use to determine them.
Changes to this notice
We may occasionally make changes to this Notice.
When we make material changes to this Notice, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Spotify Service or send you an email or device notification.
How to contact us
For any questions or concerns about this Notice, contact our Data Protection Officer any one of these ways:
- email privacy@spotify.com
- write to us at: Spotify USA Inc., 150 Greenwich Street, Floor 62, New York, NY 10007, USA
Spotify USA Inc. is the data controller of personal data processed under this Notice.
© Spotify USA Inc.