Podsights Privacy Policy

Last Updated and Effective Date: January 26, 2023

In Defense of Growth LLC's (d/b/a Podsights) is an affiliate of Spotify (“Podsights,” “we,” or “us”). We are committed to treating the personal data we process with respect and sensitivity. We want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data. This Privacy Policy (“Policy”) aims to explain what we mean in further detail below.

1. About this Policy

This Policy sets out the essential details relating to our collection, use, and disclosure of personal data you use the website, Podsight’s platform (the “Platform”), and any other products and services that link to this Policy (collectively, the "Services").

In this policy we describe our personal data processing activities for the following types of data subjects:

  • Individuals at brands and content publishers who use the Platform to use our analytics services (“Platform Users”).

From time to time, we may develop new or offer additional services. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

This policy is not…

  • the Podsights Terms of Service, which is a separate document. The Terms of Service outline the legal contract between you and Podsights for using the Podsights Platform.
  • About your use of other services offered by Podsights affiliates which have their own privacy policy, such as the Spotify service, Anchor, Megaphone, Soundtrap, and Spotify Live.

2. Your Personal Data Rights and Controls

Rights

As provided by applicable privacy laws, you may have certain rights as individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are detailed in the table below:


It's your right to...

Be informed

Be informed of the personal data we process about you and how we process it.

Access

Request access to the personal data we process about you.


Rectification

Request that we amend or update your personal data where it's inaccurate or incomplete.

Erasure

Request that we erase certain personal data about you.


For example, you can ask us to erase personal data:


  • that we no longer need for the purpose it was collected for

  • that we process based on the legal basis of consent, and you withdraw your consent

  • when you make a justified objection (see section ‘Object' below)


There are situations where we are unable to delete your data, for example when:


  • it's still necessary to process the data for the purpose we collected it for

  • Podsights's interest in using the data overrides your interest in having it deleted

  • Podsights has a legal obligation to keep the data, or

  • Podsights needs the data to establish, exercise or defend legal claims

Restriction

Request that we stop processing all or some of your personal data.


You can do this if:


  • your personal data is inaccurate

  • our processing is unlawful

  • we do not need your information for a specific purpose, or

  • you object to our processing and we are assessing your objection request. See section ‘Object' below


You can request that we stop this processing temporarily or permanently.

Object

Object to us processing your personal data.


You can do this if we are processing your personal data on the legal basis of legitimate interests

Data portability

Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party's service.


You can request us to transmit your data when we are processing your personal data on the legal basis of consent or performance of contract. However we will try to honour any request to the extent possible.

Not be subject to automated decision making

Request a manual review of a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.


We currently do not use automated decision-making.

Withdrawal of consent

Withdraw your consent to us collecting or using your personal data.


You can do this if we are processing your personal data on the legal basis of consent.

Right to lodge a complaint

Contact your local data protection authority about any questions or concerns.

You can request to access, remove or update the personal data that you have provided to us in your application by contacting us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). We may decline requests to exercise these rights where we are unable to authenticate you as the person to whom the data relates. We will not discriminate against you for exercising any of your rights.

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

If your request is denied you may have the right to appeal the denial in accordance with the instructions provided to you when the denial was made.

Rights request metrics

Between January 1 and December 31, 2021, we have not received any verifiable requests for access and received and honored 15 deletion requests that we are the controllers of.

No Sales or Sensitive Data

We do not sell personal data and have taken substantial steps to identify and remediate any data sharing arrangements that could constitute us "selling" to third parties under the CCPA following our acquisition by Spotify.

We also do not process any data that is sensitive or special category data as defined by applicable law.

Questions

If you have any questions about your privacy, your rights or how to exercise them, please see the “How to contact us” section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. You can also contact and have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) or your local Data Protection Authority.

3. Personal Data We Collect About You

If you are a Platform User, the following tables below describe the categories of personal data we collect about you and how we collect it.

Categories of Personal Data

Categories of Personal Data Categories under CCPA

Description of Category

Account Data

Identifiers

Personal data that you provide us that we need to create and identify Platform User accounts, including name and email.

Usage Data

Internet or other electronic network activity information

Personal data collected and processed about you when you’re accessing or using the Platform. Examples include: browsing history, interactions such as clicks, information about devices you use to access the Platform.

Data received from third parties:

Categories of Personal Data

Categories of Personal Data Categories under CCPA

Description of Category

Audience Insights Data

Inferences

We receive data from third party data enrichment partners only to provide aggregated audience insights in our platform.

4. Purposes of Processing

We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 3) used for these purposes:

Purpose for processing your data

Legal basis that permits the purpose

Categories of personal data used for the purpose

To provide and personalize the Services.

  • Performance of a contract


  • Account Data

  • Usage Data

 

To understand, diagnose, troubleshoot, and fix issues with the Service.

  • Performance of a contract

  • Account Data

  • Usage Data

To evaluate and develop new features, technologies, and improvements to the Services and our affiliates’ products and services.

  • Legitimate interest

  • Usage Data


To comply with a legal obligation that we are subject to.  


This might be: 

  • an obligation under the law of the country / region you are in 

  • Swedish law (because of our parent company is headquartered in Sweden), or 

  • EU law that applies to us

  • Compliance with legal obligations


  • Account Data

  • Usage Data

To comply with a request from law enforcement.  


This will only apply when a competent law enforcement authority contacts us.  These include the police, the courts or prisons. 

  • Compliance with legal obligations

  • Legitimate interest

    

  • Account Data

  • Usage Data

To establish, exercise, or defend legal claims.

  • Legitimate interest 

  • Account Data

  • Usage Data

To conduct business planning, reporting, and forecasting.

  • Legitimate Interest

  • Usage Data

5. Sharing of Information

With respect to personal data we are controllers of, we may share or disclose the  data under the following circumstances, or as otherwise described in this Policy:

  • Within the Spotify group of companies. We may share your personal data with Spotify affiliates to carry out our daily business operations and to enable us to maintain and provide the Services and our affiliates’ products and services.
  • Service Providers. We may share your information with our agents and service providers that perform certain functions or services on our behalf, such as to host our Services, manage databases, or send communications for us. We have direct relationships with certain advertising, marketing and analytics services (including some of our measurement partners) who also are our service providers that help us collect and analyze personal data.
  • In connection with a transfer of assets. If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your personal data to one or more third parties as part of that transaction;
  • To comply with legal requirements. We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to a valid legal process, such as a search warrant, a court order, or a subpoena. We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
  • Other parties with your consent. We may share information about you with third parties when you consent to such sharing.

6. Cookies

We or our third party partners may store some information on your device or device hard drive as a "cookie" or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of these services and for the purpose of facilitating and enhancing your communication and interaction with the Website.

We use the following types of cookies on the Platform:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website or Platform.
  • Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it (such as Google Analytics).
  • Functionality cookies. These are used to recognize you when you return to our website (such as cookies dropped by Hubspot).
  • Advertising cookies. These cookies are used to deliver advertisements more relevant to you and your interests.

7. Opt-Outs.

Opting out of cookies. If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our service or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve personal data from your device without your knowledge.

Promotional Communications. If you are a subscriber to our email newsletter, you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

8. Data Security

We are committed to protecting the personal data in our systems. We implement appropriate technical and organizational measures to help protect the security of personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorized access and unnecessary retention of personal data in our systems.

If you are a Platform User and have an account with us, you are responsible for maintaining the confidentiality of your account password and for any access to or use of your account using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security.

9. Data Retention and Deletion

We keep your personal data only as long as necessary to provide you with the Spotify Service and for Spotify’s legitimate and essential business purposes, such as:

  • maintaining the performance of the Services
  • making data-driven business decisions about new features and offerings
  • complying with our legal obligations
  • resolving disputes

When determining the retention period, we take into account various criteria, such as the type of information, the nature and length of our relationship with you, the impact on such relationship if data is deleted, mandatory retention periods provided by law or statute of limitations.

10. International Transfers

Because of the global nature of our business, we share personal data internationally with Spotify group companies, subcontractors and partners when carrying out the activities described in this Policy. They may process your data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.

Whenever we transfer personal data internationally, we use tools to:

  • make sure the data transfer complies with applicable law.
  • help to give your data the same level of protection as it has in the EU and the laws which apply where you live.

11. Changes to this Policy

We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.

12. Contact Us

Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing privacy@podsights.com or by writing to us at In Defense of Growth LLC's (d/b/a Podsights) 150 Greenwich Street, Floor 62, New York, NY 10007, USA.