Podsights Privacy Policy

Last Updated and Effective Date: July 1, 2022

In Defense of Growth Incorporated’s (d/b/a Podsights), an affiliate of Spotify (“Podsights,” “we,” or “us”) is committed to treating the personal data we process with respect and being transparent about how and why we gather, store, share and use your personal data.

1. About this Policy

This privacy policy (“Policy”) sets out the essential details relating to our collection, use, and disclosure of personal data you use the website, Podsight’s platform (the “Platform”), and any other products and services that link to this Policy (collectively, the "Services").

In this policy we describe our personal data processing activities for data subjects whose data we are controllers of, namely, individuals at brands and content publishers who use the Platform to use our analytics services.

From time to time, we may develop new or offer additional services. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

This policy is not…

  • the Podsights Terms of Service, which is a separate document. The Terms of Service outline the legal contract between you and Podsights for using the Podsights Platform.
  • About your use of other services offered by Podsights affiliates which have their own privacy policy, such as the Spotify service, Anchor, Megaphone, Soundtrap, and Spotify Live.

2. Your Personal Data Rights and Controls

Rights

As provided by applicable privacy laws, you may have certain rights as individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are detailed in the table below:


It's your right to...

Be informed

Be informed of the personal data we process about you and how we process it.

Access

Request access to the personal data we process about you.


Rectification

Request that we amend or update your personal data where it's inaccurate or incomplete.

Erasure

Request that we erase certain personal data about you.


For example, you can ask us to erase personal data:


  • that we no longer need for the purpose it was collected for

  • that we process based on the legal basis of consent, and you withdraw your consent

  • when you make a justified objection (see section ‘Object' below)


There are situations where we are unable to delete your data, for example when:


  • it's still necessary to process the data for the purpose we collected it for

  • Podsights's interest in using the data overrides your interest in having it deleted

  • Podsights has a legal obligation to keep the data, or

  • Podsights needs the data to establish, exercise or defend legal claims

Restriction

Request that we stop processing all or some of your personal data.


You can do this if:


  • your personal data is inaccurate

  • our processing is unlawful

  • we do not need your information for a specific purpose, or

  • you object to our processing and we are assessing your objection request. See section ‘Object' below


You can request that we stop this processing temporarily or permanently.

Object

Object to us processing your personal data.


You can do this if we are processing your personal data on the legal basis of legitimate interests

Data portability

Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party's service.


You can request us to transmit your data when we are processing your personal data on the legal basis of consent or performance of contract. However we will try to honour any request to the extent possible.

Not be subject to automated decision making

Request a manual review of a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.


We currently do not use automated decision-making.

Withdrawal of consent

Withdraw your consent to us collecting or using your personal data.


You can do this if we are processing your personal data on the legal basis of consent.

Right to lodge a complaint

Contact your local data protection authority about any questions or concerns.

You can request to access, remove or update the personal data that you have provided to us in your application by contacting us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). We may decline requests to exercise these rights where we are unable to authenticate you as the person to whom the data relates. We will not discriminate against you for exercising any of your rights.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Rights request metrics

Between January 1 and December 31, 2021, we have not received any verifiable requests exercising right to know, and received and honored 15 right to deletion requests.

No Sales

We do not sell personal data and have taken substantial steps to identify and remediate any data sharing arrangements that could constitute a "sale" under the CCPA following our acquisition by Spotify.

Questions about your rights

If you have any questions about your privacy, your rights or how to exercise them, please see the “How to contact us” section below for information on how to contact us.

3. Personal Data We Collect About You

As a Platform user, the following table below describes the categories of personal data we collect about you and how we collect it.

Categories of Personal Data

Description of Category

Account Data

Personal data that you provide us that we need to create and identify Platform user accounts, including name and email.

Usage Data

Personal data collected and processed about you when you’re accessing or using the Platform or other properties owned by us. Examples include: browsing history, interactions such as clicks, information about devices you use to access the Platform.

4. Purposes of Processing

We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 3) used for these purposes:

Purpose for processing your data

Legal basis that permits the purpose

Categories of personal data used for the purpose

To provide and personalize the Services.

  • Performance of a contract


  • Account Data

  • Usage Data

 

To understand, diagnose, troubleshoot, and fix issues with the Service.

  • Performance of a contract

  • Account Data

  • Usage Data

To evaluate and develop new features, technologies, and improvements to the Services and our affiliates’ products and services.

  • Legitimate interest

  • Usage Data


To comply with a legal obligation that we are subject to.  


This might be: 

  • an obligation under the law of the country / region you are in 

  • Swedish law (because of our parent company is headquartered in Sweden), or 

  • EU law that applies to us

  • Compliance with legal obligations


  • Account Data

To comply with a request from law enforcement.  


This will only apply when a competent law enforcement authority contacts us.  These include the police, the courts or prisons. 

  • Compliance with legal obligations

  • Legitimate interest

    

  • Account Data

  • Usage Data

To establish, exercise, or defend legal claims.

  • Legitimate interest 

  • Account Data

  • Usage Data

To conduct business planning, reporting, and forecasting.

  • Legitimate Interest

  • Usage Data

  • Pixel Data

5. Sharing of Information

With respect to personal data we are controllers of, we may share or disclose the  data under the following circumstances, or as otherwise described in this Policy:

  • Within the Spotify group of companies. We may share your personal data with Spotify companies to carry out our daily business operations and to enable us to maintain and provide the Services. We may share data with Spotify AB and Spotify USA Inc.
  • Service Providers. We may share your information with our agents and service providers that perform certain functions or services on our behalf, such as to host our Services, manage databases, or send communications for us. We have direct relationships with certain advertising, marketing and analytics services (including some of our measurement partners) who also are our service providers that help us collect and analyze personal data.
  • In connection with a transfer of assets. If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your personal data to one or more third parties as part of that transaction;
  • To comply with legal requirements. We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to a valid legal process, such as a search warrant, a court order, or a subpoena. We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
  • Other parties with your consent. We may share information about you with third parties when you consent to such sharing.

6. Cookies

We or our third party partners may store some information on your device or device hard drive as a "cookie" or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of these services and for the purpose of facilitating and enhancing your communication and interaction with the Website.

We use the following types of cookies on the Platform:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website or Platform.
  • Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it (such as Google Analytics).
  • Functionality cookies. These are used to recognize you when you return to our website (such as cookies dropped by Hubspot).
  • Advertising cookies. These cookies are used to deliver advertisements more relevant to you and your interests.

7. Opt-Outs.

Opting out of cookies. If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our service or some of its functionality may be affected.

Promotional Communications. If you are a subscriber to our email newsletter, you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

8. Data Security

We are committed to protecting the personal data in our systems. We implement appropriate technical and organizational measures to help protect the security of personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorized access and unnecessary retention of personal data in our systems.

If you have an account with us, you are responsible for maintaining the confidentiality of your account password and for any access to or use of your account using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security.

9. Data Retention and Deletion

We keep your personal data only as long as necessary to provide you with the Services and for our legitimate and essential business purposes, such as:

  • maintaining the performance of the Services
  • making data-driven business decisions about new features and offerings
  • complying with our legal obligations
  • resolving disputes

When determining the retention period, we take into account various criteria, such as the type of information, the nature and length of our relationship with you, the impact on such relationship if data is deleted, mandatory retention periods provided by law or statute of limitations.

10. International Transfers

Because of the global nature of our business, we share personal data internationally with Spotify group companies, subcontractors and partners when carrying out the activities described in this Policy. They may process your data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.

Whenever we transfer personal data internationally, we use tools to:

  • make sure the data transfer complies with applicable law;
  • help to give your data the same level of protection as it has in the EU and the laws which apply where you live.

11. Changes to this Policy

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.

12. Contact Us

Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing privacy@podsights.com or by writing to us at In Defense of Growth Incorporated’s (d/b/a Podsights) 150 Greenwich Street, Floor 62, New York, NY 10007, USA.