Privacy Policy

General Data Protection Regulation (GDPR) Privacy Policy

1. INTRODUCTION

1.1 Acast, along with its direct and indirect subsidiaries, is committed to protecting your privacy and we always aim to achieve a high level of protection for your personal information. Through this policy we aim to explain when Acast collects and processes your personal data, how we go about doing this, what we do with your information and crucially, why. The information is directed to listeners, podcasters, customers and newsletter subscribers of Acast.

1.2 By using Acast as the host of your podcast (and any Acast tool associated with this) and/or by using the Acast App, website or by listening to Acast hosted podcasts via any 3rd party site you do so with the knowledge that your data will be collected and processed as described in this policy.

1.3 Acast AB (publ), company reg. no. 556946-8498, is the data controller responsible for the processing of your personal data according to this Privacy Policy. If you are listening from the United States of America, please read our ROW Privacy Policy.

2. YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)

Certain rights are granted to individuals in relation to their personal data under GDPR. As an individual you have the following rights:

2.1 Right of Access - You have the right, upon request, to be informed of the personal data we collect about you. A copy of which will be provided free of charge. However, we may charge a reasonable fee to comply with requests for further copies of the same information or when a request is manifestly unfounded or excessive, particularly if it is repetitive.

·       If you are a listener, you can submit an ‘access request’ through the Acast app by going to 'Settings' – 'User Privacy' – 'Request my user profile'. Otherwise, you can contact us at privacy@acast.com

2.2 Right to rectification - We have a responsibility to ensure that your personal data is accurate and so you may provide us with additional data if our data is incomplete or require rectification of the data if you have identified that it is incorrect.

·       To do this please contact us at privacy@acast.com

2.3 Right to erasure – you have the right to request that we delete your personal data.

·       To do this please contact us at privacy@acast.com or, if you are a signed-in user in the Acast App, by removing consent via the Acast App (please note that this will result in your account being deleted).

2.4 Right to restrict processing - You have the right to request that we restrict the processing of some or all of your personal data.

·       To do this please contact us at privacy@acast.com

2.5 Right to data portability – You have the right to request a copy of your personal data in an electronically retrievable form and the right to use that data in other services.

·       To do this please contact us at privacy@acast.com

2.6 Right to object to processing - You have a right to object to the processing of your personal data and an absolute right to object to processing your personal data for the purpose of direct marketing.

·       To do this please contact us at privacy@acast.com

2.7 Right to withdraw consent - When we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.

·       To amend your consent preferences, please go to 'Settings' – 'User Privacy' – 'Withdraw consent' in the Acast app or please contact us at privacy@acast.com (please note that a withdrawal of consent will result in your account being deleted)

2.8 Right to lodge a complaint with the Data Supervisory Authority - If you believe your personal data is not being processed in accordance with applicable legislation, please contact us directly at privacy@acast.com. You also have the right to lodge a complaint with the relevant data supervisory authority in your jurisdiction.

3. PERSONAL DATA WE PROCESS AND WHY – LISTENERS

To understand how our listeners interact with Acast and to provide you with a service, we collect some data that is personal to you. The data we collect and process will depend on Acast’s legal basis for collecting your data and how you interact with Acast. We also process different data depending on what sort of user you are.

3.1 Acast App Users - using the App with a ‘signed in’ user account.

a) Explanation - We process your data in order to understand you as a listener and to give you a customized experience when you access podcasts by logging in to the Acast App. With the information you provide, we create a unique profile which enables us to tailor your experience by providing recommendations to podcast content, information, advertising that is specific to your interests and where applicable, relevant marketing.

b) Legal basis – The processing of your personal data is based on your consent.

c) Categories - We process the following categories of personal data when you sign in to the Acast App to listen to podcasts:

·       IP address.

·       User Agent.

·       User ID.

·       Password.

·       Advertising ID.

·       Name.

·       Gender.

·       Age.

·       Contact details (e.g. email address).

·       Settings preference.

·       Payment details and history (if applicable).

·       Listening history.

·       The podcasts shows you subscribe to.

·       The podcast categories you have marked as being of interest to you.

d) Why- We process this data in order to:

·       Validate you as a listener.

·       Confirm your identity and age.

·       Identify the device you are using and to deliver content to your podcast player.

·       Give you access to your account with login and password information and enable you to update your profile.

·       Provide targeted advertising and general (direct) marketing based on the information you provide alongside geographic and demographic profiling.

·       Customize frequency and language of marketing messages.

·       Obtain an overview of your listening history and to make suggestions on podcasts you may like based on this.

·       To provide anonymised reports to our Podcasters and/or podcast representative/advertising partners/media house partners.

·       Test and develop new products and services by sharing your data with certain Third-Parties.

·       Prevent, discover or block misuse or fraudulent behaviour; and

·       Comply with any legal obligation Acast may have.

e) Retention Period - Your personal data is retained for as long as you are an active user in the Acast App. You are considered to be an inactive user if you have not accessed any podcasts for one (1) year. If your account is not accessed within one month thereafter your account will be deleted and your personal data shall be anonymised and retained for analysis and information purposes.

3.2 Acast App Users – using the App without creating an account.

a) Explanation - Acast processes certain information if you choose to listen to podcasts through the Acast app without creating a user account.

b) Legal Basis - The processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to continue to provide you with audio podcast content.

c) Categories - We process the following categories of personal data when you listen to podcasts on the Acast App (without creating a user account / without signing in):

·       IP address.

·       Advertising ID.

·       User Agent.

·       User ID.

·       Payment details and history (if applicable).

d) Why - We process this data in order to:

·       Validate you as a listener.

·       Identify the device you are using and to deliver content to your podcast player.

·       Ascertain that payment has been made if you have accessed Acast+ content (if applicable).

·       Test and develop new products and services by working and sharing your data with certain third-parties.

·      Provide anonymised listen reports to our podcasters and/or podcast representative /advertising partners /media house partners.

·       Compile statistics for analytical purposes and Third-Party use.

·       Work with our Third-Party advertisers to place adverts based on your location.

·       Prevent, discover or block misuse or fraudulent behaviour.

·       Comply with any legal obligation Acast may have.

e) Retention period – Your hashed IP address and all anonymised data collected about you will be retained for analysis and information purposes. In addition, Acast retains your clear text (identifiable) IP address for 30 days, after which time this is deleted.

3.3 Users accessing Acast hosted content via the Acast Embed player and through www.acast.com

a) Explanation – If you access Acast hosted podcasts through an Acast player on a Third-Party website or app or if you access Acast hosted podcasts on www.acast.com, Acast will collect certain information that is personal to you.

b) Legal Basis - The processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to continue to provide you with audio podcast content.

c) Categories – We process the following categories of personal data to provide you access to podcasts through use of these platforms:

·       IP address.

·       User Agent.

·       Session ID.

d) Why? We process this data in order to:

·       Validate you as a listener.

·       Identify the device you are using and to deliver content to your podcast player.

·       To provide anonymised listen reports to our podcasters and/or podcast representative /media house partners.

·       Test and develop new products and services by working and sharing your data with certain third-parties.

·       Compile statistics for analytical purposes and Third-Party use.

·       Work with our Third-Party advertisers to place adverts you based on your location.

·       Prevent, discover or block misuse or fraudulent behaviour.

·       Comply with any legal obligation Acast may have.

e) Retention Period – Your hashed IP address and all anonymised data collected about you will be retained for analysis and information purposes. In addition, Acast retains your clear text (identifiable) IP address for 30 days, after which time this is deleted.

3.4 Users accessing the Acast App via Third-Party user accounts

a) Explanation -If you log in to the Acast App through your Facebook or Google account, Acast may collect some personal information.

b) Legal basis - The processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to continue to provide you with audio podcast content.

c) Categories - We process the following categories of personal data to provide you access to our podcasts through use of these third-party platforms:

·       Facebook ID/Google Plus ID.

·       Profile picture.

·       Name or nick name.

·       Email address.

·       Gender.

·       Age.

d) Why? We process this data in order to:

·       Validate you as a listener.

·       Identify the device you are using and to deliver content to your podcast player.

·       Compile statistics for analytical purposes and third-party use.

·       To provide anonymised listen reports to our podcasters and/or podcast representative/ advertising partners/ media house partners.

·       Test and develop new products and services by working and sharing your data with certain third-parties.

·       Work with our third-party advertisers to place adverts you based on your location.

·       Prevent, discover or block misuse or fraudulent behaviour.

·       Comply with any legal obligation Acast may have.

e) Retention period - Your hashed IP address and all anonymised data collected about you will be retained for analysis and information purposes. In addition, Acast retains your clear text (identifiable) IP address for 30 days, after which time this is deleted.

3.5 Users listening via third-party distribution channels

a) Explanation - We process your data when you access Acast hosted podcasts through any third-party distribution channel in order to offer you more relevant podcast content, information and marketing choices and to serve advertisements.

b) Legal Basis – The processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to continue to provide you with audio podcast content.

c) Categories – We process some or all (depending on the third-party platform is being used) of the following categories of personal data when you access Acast hosted podcasts from a third-party platform:

·       IP address.

·       x-Session-Header-ID (Apple).

·       Browser ID.

·       Information stored on browser cookies.

·       User Agent.

·       User ID.

d) Why? We process this data in order to:

·       Validate you as a listener.

·       Identify the device you are using and to deliver content to your podcast player.

·       Compile statistics for analytical purposes and Third-Party use.

·       Provide anonymised listen reports to our podcasters and /or podcast representative /advertising partners /media house partners.

·       Test and develop new products and services by working and sharing your data with certain third-parties.

·       Work with our third-party advertisers to place adverts you based on your location.

·       Prevent, discover or block misuse or fraudulent behaviour.

·       Comply with any legal obligation Acast may have.

e) Retention Period - Your hashed IP address and all anonymised data collected about you will be retained for analysis and information purposes. In addition, Acast retains your clear text (identifiable) IP address for 30 days, after which time this is deleted.

3.6 Users accessing our user support

a) Explanation – We process your data when you access our user support help system in order to provide you with podcast related assistance.

b) Legal basis – The processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to continue to provide you with the support you may require.

c) Categories - We process the following categories of personal data when you access the Acast help centre:

·       Name.

·       Email address.

·       User ID.

·       Your communication with us, including necessary information regarding the matter at hand.

d) Why- We process this data in order to:

·       Confirm your identity as an Acast podcast user.

·       Communicate with you.

·       Answer your questions and find a solution to the issue.

·       To develop new services.

·       To compile statistics for analytical purposes.

·       To prevent, discover or block misuse or fraudulent behaviour.

·       To comply with any legal obligation Acast may have.

e) Retention period -Your personal data is retained for 90 days and is then deleted. However, we may retain the email and other communication between you and Acast for monitoring purposes.

4. PERSONAL DATA WE PROCESS AND WHY – PODCASTERS

4.1 To give Podcasters access to our hosting and distribution services

a) Explanation - Regardless whether you are a natural person or a representative of a podcaster who is a legal person, we process your data in order to provide you/the podcaster with our services in connection with podcasts owned or controlled by you (including but not limited to hosting and distribution services and / or sale of advertisements and sponsorships).

b) Legal Basis - The processing of your personal data is necessary for the performance of our contract with you in case you are a natural person. In case you are a representative of a legal person, the processing is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to fulfil the contract with the podcaster you represent.

c) Categories - We process the following categories of personal data when you (or in your capacity as a representative of the podcaster) enter into a podcast agreement with Acast:

·       Name.

·       Email address.

·       Telephone number.

·       Username and password.

·       Invoicing and payment details.

·       Purchase orders.

·       IP address.

·       Personal data contained in the podcasts.

d) Why? – We process this data in order to:

·      Give you/the podcaster access to Acast’s services for uploading, managing, distributing and monetising podcasts.

·      Give you/the podcaster access to Acast’s tool for sale and management of advertisements and sponsorships (if applicable).

·       Make payments to you/the podcaster in relation to advertisements and sponsorships sold (if applicable) and provide information related to such payments.

·      Give you/the podcaster access to anonymized statistics related to the podcasts, such as number of listens and demographic data.

·       Give you/the podcaster access to statistics related to the sale of advertisements inserted into the podcasts.

·       Communicate with you/the podcaster and provide support in the event of technical, financial or other issues.

·       Compile statistics for analytical purposes.

·       Prevent, discover or block misuse or fraudulent behaviour.

·       Comply with any legal obligation Acast may have.

e) Retention period - Your personal data is retained for the duration of the agreement and will be deleted upon termination.

4.2 Podcast Guests

a) Explanation - If you participate in a podcast which is made available to the public by Acast, Acast will process certain personal information.

b) Legal Basis - The Processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to successfully host the podcast show you are participating in.

c) Categories - We process the following categories of personal data when you participate in an Acast hosted podcast:

·       Name.

·       Any corresponding information you choose to give.

Please be aware that you personally determine what personal data you include in the podcast and should therefore always use care when deciding what (if any) personal data to disclose.

d) Why? We process this data in order to:

·       Enable Acast to host, distribute and make available to the public the podcast in which you participate.

e) Retention period - Your personal data is retained for as long as Acast hosts, distribute and make available to the public the podcast in which you participate.

4.3 For Podcasters to access user support

a) Explanation – We process your data when you access our user support help system in order to provide you with podcast related assistance.

b) Legal basis – The processing of your personal data is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to continue to provide you with the support you may require.

c) Categories - We process the following categories of personal data when you access the Acast help centre:

·       Name.

·       Email address.

·       User ID.

·       Your communication with us.

d) Why? We process this data in order to:

·       Confirm your identity as a Podcaster.

·       Communicate with you.

·       Answer your questions and find a solution to the issue.

·       To develop new services.

·       To compile statistics for analytical purposes.

·       To prevent, discover or block misuse or fraudulent behaviour.

·       To comply with any legal obligation Acast may have.

e) Retention period – Any information (in addition to the personal information required under contract) which is provided whilst Podcaster is accessing user support will be retained for 90 days and shall then be deleted. However, we may retain email and other communication between you and Acast for monitoring purposes.

5. PERSONAL DATA WE PROCESS AND WHY – CUSTOMERS

To sell ads and campaigns and administer the contractual relationship

a) Explanation - Regardless of whether you are a natural person or a representative of a customer who is a legal person, we process your data in order to offer you/the customer to purchase ads/campaigns and administer the contractual relationship with you/the customer to the extent an ad/campaign has been purchased.

b) Legal basis - The processing of your personal data is necessary for the performance of our contract with you in case you are a natural person. If you are a potential customer (i.e. a customer who has not yet purchased an ad/campaign), the processing is based on our legitimate interest. In case you are a representative of a legal person, the processing is based on our legitimate interest. We have performed a balancing test and have concluded that the processing of your data will have minimal impact to your privacy and the processing is necessary to fulfil the contract with the customer you represent.

c) Categories - We process the following categories of personal data when we offer you (or in your capacity as a representative of the customer) to purchase ads and campaigns or enter into a sales agreement with Acast:

·       Name.

·       Email address.

·       Telephone number.

·       Invoicing and payment details.

·       Purchase orders.

d) Why? We process this data in order to:

·      Provide you/the customer with offers, information and marketing (e.g. provide offers on future campaigns).

·      Manage/Administer current/ongoing customer relationship (to the extent an ad/campaign has been purchased).

·      Provide assistance and support in connection with follow-up questions/matters related to an ongoing or completed campaign.

·      Receive and administer invoicing and payments in relation to advertisements sold (if applicable) and provide information related to such payments.

·      Give you/the customer access to anonymized statistics related to the ads/campaigns.

·      Communicate with you/the podcaster and provide support in the event of technical, financial or other issues.

·      Compile statistics for analytical purposes.

·      Comply with any legal obligation Acast may have.

e) Retention period - Your personal data is retained for the duration of the agreement and will be kept for a reasonable period of time thereafter in order to provide new offers/information.

6. PERSONAL DATA WE PROCESS AND WHY - NEWSLETTER SUBSCRIBERS

Acast newsletter subscription

a) Explanation - We process personal information in order to you newsletters and other direct marketing information, information and offers about Acast, its subdomains and any relevant third-party.

b) Legal basis - The processing of your personal data is based on your consent.

c) Categories - We process the following categories of personal data when you sign up to receive Acast newsletters:

·       Name.

·       Email address.

d) Why? We process this data in order to:

·       Provide you with newsletters, information, offers and direct marketing concerning Acast, its subsidiaries and any relevant third-party.

·        Comply with any legal obligation Acast may have.

e) Retention Period - Your personal data is retained until you choose to unsubscribe by using the opt-out feature provided in the newsletter.

7. WHO DOES ACAST SHARE YOUR DATA WITH?

7.1 In order for Acast to provide a service to you, we share your personal data with certain third-parties. Such third-parties are only allowed to use your personal data in line with our instructions and may not use your personal data for their own purposes. They are also obliged to protect your personal data. For example, we share your personal data with the following companies:

·       Microsoft who provides hosting services through Azure.

·       Amazon who provides hosting services through AWS.

·       IBM who provides storing services through compose.io.

·       Hetzner who provides hosting services and logging services.

·       AdsWizz who provides a service for advertising.

·       ID5 for advertising profiling test purposes.

·       Zendesk who provides us with a support tool.

·       Intercom who provides us with a support tool.

·       Google who provides us with a mail server for support.

·       Mailchimp who provides us a service for sending newsletters.

·       Hubspot who provides us with a service to empower our blog.

·       Certain Media House partners.

7.2 We may also share your personal data with other companies in the Acast group (including our subsidiaries) and our partners within the marketing analysis field. Any personal data processed here will not be used for any purpose not outlined in this Privacy Policy.

7.3 We may be obliged to share your data with public authorities at their request in accordance with applicable legislation or a decision by a competent authority or if we have a legitimate interest in disclosing the data.

8. WHERE WE PROCESS YOUR PERSONAL DATA

8.1 Some of our suppliers may be located in a country outside the European Union or European Economic Area. When we share your data with such suppliers in order to provide our services to you we will always perform necessary security measures in order to make certain that the data we share is handled in accordance with applicable legislation.

8.2 Some of our suppliers are located in the USA or outside of the European Union. In order to protect your personal data we ensure that our suppliers have entered into a contract with Acast in which the EU Commission's standard contractual clauses (available at the EU Commission’s website) have been incorporated. Consequently, transfers of personal data to such suppliers are based on a decision by the European Commission that an adequate level of protection of the personal data is ensured in accordance with GDPR articles 45.1 and 46.

9. CHILDREN

Our Services are not directed at children under the age of 16 and we therefore do not knowingly collect personal data from children under 16 years. If you become aware that Acast has unknowingly collected personal information from a child under the age of 16, we will make reasonable efforts to delete this information from our database as soon as practically possible.

10. CHANGES TO THIS PRIVACY POLICY

We keep our Privacy Policy under regular review and we may sometimes need to make updates or changes to it. This Privacy Policy was last updated on 22nd March 2021

11. HOW TO CONTACT US

If you want to request information about our Privacy Policy or use your rights as expressed above, you can contact us at:

Acast AB (publ)

Company reg. no. 556946-8498

Kungsgatan 12

Stockholm 111 35

Sweden

Email: privacy@acast.com