Privacy Policy
Last Updated and Effective as of: January 1, 2023
  1. About this Policy
  2. Your Personal Data Rights and Controls
  3. Personal Data We Collect About You
  4. Purposes of Processing
  5. Sharing of Information
  6. Cookies
  7. Opt-Outs.
  8. Data Security
  9. Data Retention and Deletion
  10. International Transfers
  11. Changes to this Policy
  12. Contact Us

Chartable Holding, LLC, an affiliate of Spotify (“Chartable,” “we,” or “us”) is committed to treating the personal data we process with respect and sensitivity. We want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data. This Privacy Policy (“Policy”) aims to explain what we mean in further detail below.

1. About this Policy

This Policy sets out the essential details relating to our collection, use, and disclosure of personal data you use the website, Chartable’s platform (the “Platform”), and any other products and services that link to this Policy (collectively, the "Services").

In this policy we describe our personal data processing activities for the following types of data subjects:

From time to time, we may develop new or offer additional services. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

This policy is not…

2. Your Personal Data Rights and Controls

Rights

As provided by applicable privacy laws, you may have certain rights as individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are detailed in the table below:

It’s your right to...
Be informed Be informed of the personal data we process about you and how we process it.
Access Request access to the personal data we process about you.
Rectification Request that we amend or update your personal data where it’s inaccurate or incomplete.
Erasure Request that we erase certain personal data about you.

For example, you can ask us to erase personal data:

  • that we no longer need for the purpose it was collected for
  • that we process based on the legal basis of consent, and you withdraw your consent
  • when you make a justified objection (see section ‘Object’ below)

  • There are situations where we are unable to delete your data, for example when:

  • it’s still necessary to process the data for the purpose we collected it for
  • Chartable’s interest in using the data overrides your interest in having it deleted
  • Chartable has a legal obligation to keep the data, or
  • Chartable needs the data to establish, exercise or defend legal claims
  • Restriction Request that we stop processing all or some of your personal data.

    You can do this if:

  • your personal data is inaccurate
  • our processing is unlawful
  • we do not need your information for a specific purpose, or
  • you object to our processing and we are assessing your objection request. See section ‘Object’ below

  • You can request that we stop this processing temporarily or permanently.
    Object Object to us processing your personal data.

    You can do this if Spotify is processing your personal data on the legal basis of legitimate interests
    Data portability Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service.

    You can request us to transmit your data when we are processing your personal data on the legal basis of consent or performance of contract. However Spotify will try to honour any request to the extent possible.
    Not be subject to automated decision making Request a manual review of a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

    We currently do not use automated decision-making.
    Withdrawal of consent Withdraw your consent to us collecting or using your personal data.

    You can do this if Spotify is processing your personal data on the legal basis of consent.
    Right to lodge a complaint Contact your local data protection authority about any questions or concerns.

    You can request to access, remove or update the personal data that you have provided to us in your application by contacting us.

    We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). We may decline requests to exercise these rights where we are unable to authenticate you as the person to whom the data relates. We will not discriminate against you for exercising any of your rights.

    You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

    If your request is denied you may have the right to appeal the denial in accordance with the instructions provided to you when the denial was made.

    Rights request metrics

    Between January 1 and December 31, 2021, we have received and honored 2 verifiable requests for access and received and honored 6 deletion requests that we are the controllers of.

    No Sales or Sensitive Data

    We do not sell personal data and have taken substantial steps to identify and remediate any data sharing arrangements that could constitute us "selling" to third parties under the CCPA following our acquisition by Spotify.

    We also do not process any data that is sensitive or special category data as defined by applicable law.

    Questions

    If you have any questions about your privacy, your rights or how to exercise them, please see the “How to contact us” section below for information on how to contact us. If you have concerns around our processing of your personal data, we hope you will continue to work with us to resolve them. You can also contact and have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) or your local data protection authority.

    3. Personal Data We Collect About You

    If you are a Platform User, the following table below describe the categories of personal data we collect about you and how we collect it.

    Categories of Personal Data Categories under CCPA Description of Category
    Account Data Identifiers Personal data that you provide us that we need to create and identify Platform User accounts, including name and email.
    Usage Data Internet or other electronic network activity information Personal data collected and processed about you when you’re accessing or using the Platform. Examples include: browsing history, interactions such as clicks, information about devices you use to access the Platform.

    If you are a Website Visitor, the following table below describes the categories of personal data we collect about you and how we collect it.

    Categories of Personal Data Categories under CCPA Description of Category
    Website Data Internet or other electronic network activity information Personal data that we collect when you visit a website of ours. This may include:
  • Your browser type and operating system
  • Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area
  • Other unique identifiers, including mobile device identification numbers
  • Sites you visited before and after visiting the Services
  • Pages you view and links you click on within the Services
  • Information collected through cookies, web beacons, and other technologies
  • Standard Server Log Information
  • If you are a Listener, the following table below describes the categories of personal data we collect about you and how we collect it.

    Categories of Personal Data Categories under CCPA Description of Category
    Log Data Internet or other electronic network activity information Personal data received directly from hosting platforms (including Megaphone) or audio streaming services (including Spotify). This may include: IP address, user agent, which podcast was played and when.
    Inference Data Inferences We obtain from third party data partners (like Liveramp and Nielsen) inferences drawn about your interests and preferences based on your online and offline activities. If you do not wish for Liveramp and/or Nielsen to provide us with your personal data, please see the section “Opt-Outs” below.

    4. Purposes of Processing

    We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 3) used for these purposes:

    Purpose for processing your data Legal basis that permits the purpose Categories of personal data used for the purpose
    To provide and personalize the Services.
  • Performance of a contract
  • Account Data
  • Usage Data
  • To understand, diagnose, troubleshoot, and fix issues with the Service.
  • Performance of a contract
  • Account Data
  • Usage Data
  • To evaluate and develop new features, technologies, and improvements to the Services and our affiliates’ products and services.
  • Legitimate Interest
  • Usage Data
  • Website Data
  • Log Data
  • Inference Data
  • To comply with a legal obligation that we are subject to.

    This might be:
  • an obligation under the law of the country / region you are in
  • Swedish law (because of our headquarters in Sweden), or
  • EU law that applies to us
  • Compliance with legal obligations
  • Account Data
  • Usage Data
  • Website Data
  • Log Data
  • Inference Data
  • To comply with a request from law enforcement.

    This will only apply when a competent law enforcement authority contacts us. These include the police, the courts or prisons.
  • Compliance with legal obligations
  • Legitimate Interest
  • Account Data
  • Usage Data
  • Website Data
  • Log Data
  • Inference Data
  • To establish, exercise, or defend legal claims.
  • Legitimate Interest
  • Account Data
  • Usage Data
  • Website Data
  • Log Data
  • Inference Data
  • To conduct business planning, reporting, and forecasting.
  • Legitimate Interest
  • Usage Data
  • Log Data
  • 5. Sharing of Information

    With respect to personal data we are controllers of, we may share or disclose the data under the following circumstances, or as otherwise described in this Policy:

    6. Cookies

    We or our third party partners may store some information on your device or device hard drive as a "cookie" or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of these services and for the purpose of facilitating and enhancing your communication and interaction with the Website.

    We use the following types of cookies on the Platform:

    7. Opt-Outs.

    Opting out of cookies. If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our service or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve personal data from your device without your knowledge.

    Opting out of third party data providers. We use data we receive from Nielsen and Liveramp to help us segment podcast listeners. If you want Nielsen to stop providing us with your information, please use Nielsen’s opt-out function. If you want Liveramp to stop providing us with your information, please use Liveramp’s opt-out functions.

    Promotional Communications. If you are a subscriber to our email newsletter, you may opt out of receiving promotional communications from us by following the instructions in those messages or by contacting us at any time. If you opt out from promotional communications, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

    8. Data Security

    We are committed to protecting the personal data in our systems. We implement appropriate technical and organizational measures to help protect the security of personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorized access and unnecessary retention of personal data in our systems.

    If you are a Platform User and have an account with us, you are responsible for maintaining the confidentiality of your account password and for any access to or use of your account using your password, whether or not authorized by you. Please notify us immediately of any unauthorized use of your password or account or any other breach of security.

    9. Data Retention and Deletion

    We keep your personal data only as long as necessary to provide you with the Spotify Service and for Spotify’s legitimate and essential business purposes, such as:

    When determining the retention period, we take into account various criteria, such as the type of information, the nature and length of our relationship with you, the impact on such relationship if data is deleted, mandatory retention periods provided by law or statute of limitations.

    10. International Transfers

    Because of the global nature of our business, we share personal data internationally with Spotify group companies, subcontractors and partners when carrying out the activities described in this Policy. They may process your data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.

    Whenever we transfer personal data internationally, we use tools to:

    11. Changes to this Policy

    We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in case of material changes, we will provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.

    12. Contact Us

    Thank you for reading our Policy. If you have any questions about this Policy, please contact our Data Protection Officer by emailing [email protected] or by writing to us at Chartable Holding, LLC, 150 Greenwich Street, Floor 62, New York, NY 10007, USA.