California Notice at Collection

Last Updated: 15 August 2024

This Notice at Collection ('Notice') is required by the California Consumer Privacy Act (CCPA) and should be read together with our Privacy Policy.

Contents

Categories of personal data collected

The CCPA requires that we use certain category names to describe the data types we process and describe in our Privacy Policy. The table below shows the categories of personal data we collect using the CCPA’s required category names as well as the corresponding data type described in our Privacy Policy. Please refer to Section 3 of our Privacy Policy for additional details on what data type is collected and the manner in which they are collected.

Categories names under CCPA
Data type described in our Privacy Policy
Identifiers (such as your profile name, email address, device identifier or IP address)
User Data
Usage Data
Survey and Research Data
Characteristics of protected classifications under California or federal law (i.e., your age and gender)
User Data
Internet or other electronic network activity information (such as information from cookies and your interactions with the Spotify Service)
Usage Data
Geolocation data (i.e., the street address you provide to us in your account settings and/or your non-precise location as derived from your IP address)
Usage Data
Street Address Data
Commercial information (i.e., your payment and purchase information)
Payment and Purchase Data
Inferences (meaning your interest and preferences based on your usage of the Spotify Service and data obtained from our advertising partners)
Usage Data
Other information you share
Survey and Research Data
Please note that Spotify avoids processing sensitive personal data in the Spotify Service.

Purpose for which personal data is collected and used

We use the personal data we collect from you:
  • To provide the Spotify Service;
  • To diagnose, troubleshoot, and fix issues with the Spotify Service;
  • To evaluate and develop new features, technologies, and improvements to the Spotify Service;
  • For marketing or advertising;
  • To comply with a legal obligation that we are subject to;
  • To comply with a request from law enforcement, courts, or other competent authorities.
  • To fulfill contractual obligations with third parties;
  • To take appropriate action with reports of intellectual property infringement and inappropriate content;
  • To establish, exercise, or defend legal claims;
  • To conduct business planning, reporting, and forecasting;
  • To process your payment;
  • To keep the Spotify Service secure and to detect and prevent fraud;
  • To conduct research and surveys;
Please see Section 4 of our Privacy Policy for a breakdown of the purpose for which each data type is used.

Personal data that we 'share' for tailored advertising

The CCPA defines “share” to mean disclosing a consumer’s personal data for cross-context behavioral advertising, also known as tailored advertising. Tailored advertising is when we use information about your use of the Spotify Service and other websites and mobile apps to tailor ads to be more relevant to you.

The below categories of personal data are “shared” with advertising and marketing partners:
  • Identifiers (such as your name, profile name, email address, device identifier or IP address)
  • Commercial information (such as your payment currency)
  • Internet and electronic network activity information (such as information from cookies and your interactions with Spotify)
  • Characteristics of protected classifications under California or U.S. law (i.e., your age and gender)
  • Geolocation data (i.e.,your non-precise location as derived from your IP address).
You have the right to opt out of having your personal data 'shared' for tailored advertising. How to control tailored advertising:
  • You can control tailored advertising in your account Privacy Settings under ‘Tailored Ads’.
  • If you do not have an account or are not logged in, you can also opt-out by clicking the 'Your Privacy Choices' link at the footer of our website.
  • You can also control tailored advertising for some podcasts using the link in the episode’s show description. This applies where the content provider inserts advertising into the podcast to fund it. The hosting provider, which might not be Spotify, manages these controls for the podcast.
  • You can also visit our services via a browser with a recognized opt-out preference signal enabled, such as the Global Privacy Control (GPC). If you use a preference signal you may need to renew your preferences if you visit the Spotify Service with another device or browser, or if you clear your cookies.
Note that we do serve tailored advertising to consumers under the age of 18 (and therefore do not ‘share’ their personal data) without their consent.

Data retention

We retain personal information only as long as necessary to provide you with the Spotify Service and for Spotify’s legitimate and essential business purposes. Please see Section 6 of our Privacy Policy, which describes categories of our retention periods and the criteria we use to determine them.

Changes to this notice

We may occasionally make changes to this Notice.
When we make material changes to this Notice, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Spotify Service or send you an email or device notification.

How to contact us

For any questions or concerns about this Notice, contact our Data Protection Officer any one of these ways:
  • email privacy@spotify.com
  • write to us at: Spotify USA Inc., 150 Greenwich Street, Floor 62, New York, NY 10007, USA
Spotify USA Inc. is the data controller of personal data processed under this Notice.

© Spotify USA Inc.