Privacy Policy

Introduction

At Acast we care about your privacy and we always aim to achieve a high level of protection for your privacy. This privacy policy tells you what to expect when Acast collects and processes your personal data. It applies to information we collect and process about:

• People who access our podcasts through an embedded player on a web browser
• People who access our podcasts through our app either when logged in or not
• People who access our podcasts through a third party media player on a web browser or a third party app

Acast AB (publ), corp. reg. no. 556946-8498, is the controller responsible for the processing of your personal data according to this privacy policy.

The personal data we process and why

In this section, you can read about when and why we process your personal data, the categories of personal data concerned, our legal basis for processing and the time period during which the data is stored. As outlined below, what personal data we process about you depends on how you access our podcasts and for what purpose we need to process your data. Our legal basis for the processing also varies depending on why we need to process your data.

1. To give you access to our podcasts

   Applicability

   We process your data for this purpose when you access our podcasts through:

   • An embedded player in a web browser
   • Our app (irrespective of if you are logged in or not)
   • A third party media player in a web browser or a third party app

   Categories of personal data processed

   We process the following categories of personal data in order to give you access to our podcasts:

   • IP address
   • User Agent
   • User ID

   Purpose of processing

   Your personal data is processed in order to:

   • Identify the receiving device of the podcast and to be able to deliver content to your podcast player
   • Ascertain that payment has been made when you access Acast+ content

   Legal basis

   The processing is necessary for the performance of our contract with you regarding your access to our podcasts.

   Retention period

   Your IP address will be retained in encrypted form for 1 year following your latest access to a podcast and thereafter anonymized. All other personal data is retained for 30 days following your latest access to a podcast and thereafter deleted.

2. To manage your user account

   Applicability

   We process your data for this purpose when you access our podcasts through our app when you are logged in.

   Categories of personal data processed

   We process the following categories of personal data in order to manage your user account:

   • Name
   • Contact details (e.g. email address)
   • User name and password
   • Settings
   • Payment history

   Purpose of processing

   Your personal data is processed in order to:

   • Give you log in access to your account
   • Change log in method or password
   • Ensure your identity and age
   • so that you will be able to update your profile

   Legal basis

   The processing is necessary for the performance of our contract with you regarding your access to our podcasts.

   Retention period

   Your personal data is retained for one year following your latest access to a podcast.

3. For direct marketing to our newsletter subscribers

   Applicability

   We process your data for this purpose when you sign up for newsletters at Acast.com and its subdomains.

   Categories of personal data processed

   We process the following categories of personal data in order to send you offers through our newsletters:

   • Name
   • Email address

   Purpose of processing

   Your personal data is processed in order to send offers regarding Acast’s content, such as discounted podcasts and news about Acast.

   Legal basis

   The processing is based on your consent.

   Retention period

   Your personal data is retained until you choose to unsubscribe from our newsletter by using the opportunity to opt-out.

4. To give you a customized experience

   Applicability

   We process your data for this purpose when you access our podcasts through our app when you are logged in.

   Categories of personal data processed

   We process the following categories of personal data in order to give you a customized experience of the podcast content, information and marketing that Acast provides:

   • IP address
   • User Agent
   • Advertising ID
   • Gender
   • Age
   • Record of listening
   • The podcasts shows you subscribe to
   • The podcast categories you have marked as being of your interest

   Purpose of processing

   Your personal data is processed in order to give you:

   • Targeted marketing based on geographic and demographics profiling
   • Customized frequency of exposure to marketing messages
   • Customized language for marketing messages in relation to your geographic location
   • An overview of your record of listening
   • A possibility to manage your choice of interests for podcasts
   • A possibility to save podcast subscriptions
   • Suggestions on podcasts you may like

   Our use of profiling

   We use profiling in order to give you a customized experience of the podcast content, information and marketing that Acast provides. Based on the personal data processed for the purpose of providing a customized experience you may be placed into a user group. We perform analyses regarding the typical interests of your user group in order to provide relevant podcast content, information and marketing for you.

   Legal basis

   The processing is based on your consent.

   Retention period

   Your personal data is retained for as long as you are an active user accessing our podcasts.

   You are considered to be an inactive user if you have not accessed any podcasts for one year. If your account is not accessed within one month thereafter your account, including your personal data, will be deleted.

5. For audio marketing to our unauthorized users

   Applicability

   We process your data for this purpose when you access our podcasts through all distribution channels except through our app when you are logged in.

   Categories of personal data processed

   We process the following categories of personal data in order to provide marketing content to you:

   • IP address
   • User Agent
   • User ID

   Purpose of processing

   Your personal data is processed in order to give you relevant content information and marketing.

   Our use of profiling

   We use profiling in order to give you more relevant podcast content, information and marketing. Based on the personal data processed for the purpose of providing audio marketing you may be placed into a geographic group. We perform analyses regarding the typical interests of your geographic group in order to provide relevant podcast content, information and marketing for you.

   Legal basis

   The processing is necessary for our legitimate interest of providing free podcasts to our users funded by audio marketing to them. We have performed a balancing test and have concluded that we have a legitimate interest of providing audio marketing to you, which is not overridden by your interests of protecting your data being processed for the purposes of providing such audio marketing.

   Retention period

   Your personal data is retained for 30 days following your latest access to a podcast. Your IP address will be retained encrypted during 1 year and thereafter anonymized.

6. For user support

   Applicability

   We process your data for this purpose when you access our podcasts through all distribution channels.

   Categories of personal data processed

   We process the following categories of personal data in order to provide you with support:

   • Name
   • Email address
   • User ID
   • Your communication with us, including necessary information regarding the matter at hand

   Purpose of processing

   Your personal data is processed in order to:

   • Confirm your identity as an Acast podcast user
   • Communicate with you
   • Answer your questions and solve any problems the matter concerns

   Legal basis

   The processing is necessary for our legitimate interest of providing customer support to you. We have performed a balancing test and have concluded that we have a legitimate interest of providing customer support to you, at your request, which is not overridden by your interests of protecting your data being processed for the purposes of providing such customer support.

   Retention period

   Your personal data is retained for 5 years following the closing of the user support matter or earlier if requested by you.

7. Analytics and Advertising Tracking Technologies- UNITED STATES OF AMERICA ONLY

   If you are using Acast services from the United States of America, Acast also work with additional attribution and retargeting third parties to improve our listeners user experience and to report more accurately to our advertising partners. In certain cases the below listed third parties  may use cross-app and multi-site data (for example, where your data is drawn from more than one platform to enable us to provide a more individual and tailored experience).

   Our US attribution and retargeting third party partners are as follows:

   o Claritas- who provide a service for attribution

   o Podsights – who provide a service for attribution & a retargeting service

   o Tapad- who provide a service for attribution & a retargeting service

   o Lucid – who provide a retargeting service

   o Chartable – who provide a service for attribution

   The information we share with these third parties is as follows:

   • IP address
   • Advertising ID
   • User ID
   • User Agent

   If you wish to ‘opt-out’ of this type of advertising you can visit:

   For Claritas – https://trkn.us/opt-out/ 

   For Podsights –  https://podsights.com/optout

   For Tapad – https://www.tapad.com/privacy-policy

   For Adswizz – https://www.adswizz.com/our-privacy-policy/#doNotTrack

   For Chartable – help@chartable.com.

   Should you choose to opt-out of third party advertising, Acast cannot be held responsible for the effectiveness or completeness of any third party ‘opt-out’ provisions.

   Acast also adheres to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising (“DAA Principles”), and we require the advertisers and service providers that perform advertising-related services for us to hold themselves accountable to the same standard. For more information please visit  https://digitaladvertisingalliance.org, https://www.networkadvertising.org, https://thedma.org)

8. For information security purposes

   Applicability

   We may process your data for this purpose when you access our podcasts through all distribution channels.

   Categories of personal data processed

   We may process all collected categories of personal data in order to protect the security of our services, to prevent or to discover use of our services that is unlawful or that constitute a breach of our terms (www.acast.com/terms).

   Purpose of processing

   Your personal data is processed in order to prevent, discover or block misuse or fraudulent behavior.

   Legal basis

   The processing is necessary for our legitimate interest of providing secure services to you based on lawful and fair conduct between the parties. We have performed a balancing test and have concluded that we have a legitimate interest of providing secure services to you which is not overridden by your interests of protecting your data that is processed.

   Retention period

   Your personal data is not stored specifically for information security purposes and will therefore be deleted when it is not necessary for other purposes unless there is a legal obligation to retain your personal data.

9. To comply with our legal obligations

   Applicability

   We may process your data for this purpose when you access our podcasts through all distribution channels.

   Categories of personal data processed

   We may process all relevant collected categories of personal data that is necessary in order to comply with our legal obligations.

   Purpose of processing

   Your personal data is processed in order for us to comply with our legal obligations, e.g. in relation to bookkeeping.

   Legal basis

   The processing is necessary for compliance with a legal obligation to which the Acast is subject.

   Retention period

   Your personal data is retained for a period stipulated in the legislation or decision from the competent authority in question or as long as necessary in order to comply with our legal obligations.

How we collect your personal data

From you

We collect the personal data that you provide to us, e.g. when you choose to sign up in the Acast app, contact us, download a podcast through an app or the internet. If you log in with a user name and password through Acast’s app we collect name, email address, year of birth, gender and your interests for different categories of podcasts.

Through our website you can choose to register for Acast’s newsletter. If you choose to do so we will collect your name and email address.

Regardless of the way you log in to our services, Acast will collect certain information from your technical equipment such as your IP address, User Agent, language, country settings and Advertising ID.

If you use our service without logging in, we only collect your public IP address and the User Agent from your technical equipment.

From Third parties

If you log in to our services through your Facebook or Google Account, Acast will collect information from your public profile, such as your Facebook ID/Google Plus ID, profile picture, name or nick name, email address, gender, age and interests for different podcast subjects.

Who we share your data with

To fulfil the purposes for our processing of your personal data we share your personal data with companies that provide services to Acast. These companies are only allowed to use your personal information in line with our instructions and may not use your personal data for their own purposes. They are also obliged to protect your personal data. We share your personal data with the following companies:

• Microsoft who provides hosting services through Azure
• Amazon who provides hosting services through AWS
• IBM who provides storing services through compose.io
• Hetzner who provides hosting services and logging services
• AdsWizz who provides a service for advertising, i.e. our database for serving ads
• Zendesk who provides us with a support tool
• Google who provides us with a mail server for support
• Mailchimp who provides us a service for sending newsletters
• Hubspot who provides us with a service to empower our blog

We may also share your personal data with other companies in the Acast group and our partners within the marketing analysis field. The personal data will in such cases not be used for purposes that are incompatible with the purposes for which it was originally collected.

We may be obliged to share your data with public authorities at their request in accordance with applicable legislation or a decision by a competent authority.

Where we process your personal data

Some of our suppliers may be located in a country outside the European Union or European Economic Area. When we share your data with such suppliers in order to provide our services to you we will always perform necessary security measures in order to make certain that the data we share is handled in accordance with applicable legislation.

Some of our suppliers are located in the USA and in order to protect your personal data we ensure that our suppliers in the USA are certified under the Privacy Shield. Consequently, transfers of personal data to such suppliers are based on a decision by the European Commission that an adequate level of protection of the personal data is ensured in accordance with GDPR article 45.1

Your rights

Right to be informed

You have the right to be informed about the collection and use of your personal data including, in essence, our purposes for processing your personal data, our lawful basis for the processing, our retention periods for that personal data, who it will be shared with and your rights. We aim to provide you with such information through this Privacy Policy.

Right of access

You have the right to obtain confirmation that your data is being processed, access to your personal data and other supplementary information (this information largely corresponds to the information in this Privacy Policy). A copy of your personal data will be provided free of charge. However, we may charge a ‘reasonable fee’ to comply with requests for further copies of the same information or when a request is manifestly unfounded or excessive, particularly if it is repetitive.

You can submit an access request regarding your personal data in our mobile app user settings. If we receive an access request we may contact you for further information regarding your request and to establish your identity. . We will answer your access requests without delay within one month.

Right to rectification

We have a responsibility to ensure that your personal data is accurate. However, you may provide us with additional data if our data is incomplete or require rectification if you have identified that your personal data is incorrect. When your data is being corrected we will inform any recipients we have disclosed the data to, about the rectification, unless this proves impossible or involves disproportionate effort. We will also, at your request, inform you about which recipients have been informed of the rectification.

Right to erasure

You have the right to have your personal data erased if:

• the personal data is no longer is necessary for the purpose which we originally collected or processed it for
• we are relying on consent as our lawful basis for processing the data, and you withdraw your consent
• we are relying on legitimate interests as our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue the processing
• we are processing the personal data for direct marketing purposes and you object to that processing
• we have processed the personal data unlawfully
• we have to do it to comply with a legal obligation

If your data is erased, we will inform any recipients of your data that this erasure has been undertaken unless this proves impossible or involves disproportionate effort.

Right to restrict processing

You have the right to request that we restrict the processing of your personal data in the following circumstances:

• you contest the accuracy of your personal data during a period when we are verifying the accuracy of the data;
• the data has been unlawfully processed and you oppose erasure and request restriction instead;
• we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim; or
• you have objected to us processing your data, and we are considering whether our legitimate grounds override your grounds.

If we have restricted the processing of your personal data temporarily, we will inform any recipients of your personal data of such restriction unless this proves impossible or involves disproportionate effort.

Right to data portability

You may under certain circumstances have a right to data portability. This means the right to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another. The right to data portability only applies:

• to personal data you have provided to us as controller;
• where the processing is based on your consent or for the performance of a contract; and
• when the processing is carried out by automated means.

Right to object to processing based on legitimate interests

You have a right to object to the processing of your personal data based on our legitimate interests. If you choose to object, please specify which processing the objection refers to. We are obliged to stop processing your personal data based on our legitimate interests unless:

• we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or
• the processing is for the establishment, exercise or defence of legal claims.

Right to object to processing for direct marketing purposes

You have a right to object to our processing of your personal data for direct marketing purposes at any time by unsubscribing from future messages. This is done by clicking on a link named “unsubscribe” in the email you have received from us. Your personal data will thereafter no longer be processed for direct marketing purposes.

Right to withdraw consent

When we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall however not affect the lawfulness of processing based on your consent before its withdrawal. You can withdraw your consent through changing your user settings in the Acast mobile app.

Right to lodge a complaint with the Data Supervisory Authority

If you believe your personal data is not processed in accordance with applicable legislation, please contact us, see contact information below. You can also lodge a complaint with the Data Supervisory Authority (Datainspektionen).

Changes to this Privacy Policy

We keep our privacy policy under regular review and we may sometimes need to make updates or changes to it. This privacy policy was last updated on 2018-04-20.

How to contact us

If you want to request information about our privacy policy or use your rights as expressed above, you can contact us at:

Acast AB (publ)
Org.nr. 556946-8498
Kungsgatan 12
Stockholm 111 35
Sweden

Email: privacy@acast.com