General Data Protection Regulation (GDPR) Privacy Policy

Effective as of: 23 October, 2024

1. INTRODUCTION

In this Privacy Policy ("Policy") we aim to explain what type of personal data Acast collects and processes, how we collect your personal data and crucially, why we collect it.

This Policy applies to:

  • Listeners of Acast-hosted podcasts, including listeners of Acast Premium Content such as Acast+ and Acast+ Access (“Listener”).
  • Podcasters (either a representative of a Podcaster or a self-employed individual) who use our podcast hosting, distribution and monetization products and services, including any user registered under the Podcaster account (“Podcaster”).
  • Advertisers (either a representative of an Advertiser or a self-employed individual) who use our advertising products and services, including agencies representing an advertiser (“Advertiser”).
  • Listeners, Podcasters or Advertisers that use our customer support tool (“Customer Support User”).
  • Podcasters or Advertisers that subscribe to our newsletters (“Newsletter Subscriber”).

This Policy applies to Listeners and Advertisers located in the EEA, Switzerland or the UK and to Podcasters located anywhere in the world (together, “you” or “your”). If you are a Listener or an Advertiser located outside the EEA, Switzerland or the UK please read our Rest of World Privacy Policy.

By listening to Acast-hosted podcasts on our website or through any third party platform, by subscribing to Acast+ / Acast+ Access Content, by using Acast as the host of your podcast (and any Acast tool associated with this) or by purchasing advertising products and services from Acast (together, the "Acast Services"), you do so with the knowledge that your data will be collected and processed as described in this Policy.

From time to time, we may develop new or offer additional services. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.

Acast AB (publ), company reg. no. 556946-8498 with a registered office in Kungsgatan 28, 111 35 Stockholm, Sweden or another Acast group company, if specifically indicated in this Policy, (“Acast”, “us”, “we” or “our”) is the data controller responsible for the processing of your personal data according to this Policy.

It is important for you to understand that by using the Acast Services, you accept the practices described in this Policy. Consequently, if you do not agree to the terms of this Policy, we ask you to not use the Acast Services.

We reserve the right to modify or amend the terms of this Policy at any time. When we make material changes to this Policy, we’ll notify you via email or a message within the Acast Services. Any changes to this Policy will become effective as of the date that appears at the very beginning of this document in the section “Effective as of”. Your continued use of the Acast Services following the posting of changes will be deemed an acceptance of those changes.

2. YOUR PERSONAL DATA RIGHTS

As an individual subject to privacy laws applicable in the EEA, Switzerland or the UK, including the General Data Protection Regulation 2016/69 (“GDPR”), you have several rights over your personal data. If you want to exercise any of the rights mentioned below, please contact us at privacy@acast.com.

2.1 Right of access - You have the right to request access to the personal data we collect about you, a copy of which will be provided free of charge. However, we may charge a reasonable fee to comply with requests for further copies of the same information or when a request is manifestly unfounded or excessive, particularly if it is repetitive.

2.2 Right to rectification - You have the right to request that we amend or update your personal data where you have identified that it is inaccurate or incomplete.

2.3 Right to erasure - In some cases, you have the right to request that we delete your personal data. For example, you can request us to delete personal data that we (i) no longer need for the purpose it was collected for, or (ii) process based on your consent and you withdraw your consent. There are situations where Acast is unable to delete your data, for example when the data is still necessary to process for the purpose for which it was collected, Acast’s interest to continue to process the data overrides your interest in having it deleted, or because we have a legal obligation to keep the data. 

  • If you are an Acast+ Listener, a Podcaster or an Advertiser using the Acast Self-Serve Platform, you can request deletion of your account and any personal data associated with it by emailing us at support@acast.com.

2.4 Right to restrict processing - If you believe that your personal data is inaccurate, that our processing is unlawful, that we no longer need your information for a specific purpose, or if you object to the processing of your personal data pursuant to Section 2.6 below, you have the right to request that we temporarily or permanently restrict the processing of some or all of your personal data.

2.5 Right to data portability - When we are processing your personal data on the legal basis of consent or performance of contract, you have the right to request a copy of your personal data in an electronically retrievable form and the right to use that data in other services.

2.6 Right to object to processing - When we are processing your personal data on the legal basis of legitimate interest, you have a right to object to the processing of your personal data on grounds relating to your particular situation. You also have the right to object to the processing of your personal data when we are using it for direct marketing purposes.

2.7 Right to withdraw consent - When we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.

  • If you have signed up for our newsletters, you can withdraw your consent by using the opt-out feature provided in the email. Otherwise, please contact us at privacy@acast.com.

2.8 Right to lodge a complaint with the Data Supervisory Authority - If you have any concerns or complaints about Acast’s processing of your personal data, you may lodge a complaint with the Swedish Authority for Privacy Protection or the relevant data supervisory authority in your jurisdiction. You can reach out to the Swedish Authority for Privacy Protection here.

3. PERSONAL DATA WE PROCESS AND WHY

3.1 LISTENERS

If you are a Listener located in the EEA, Switzerland or the UK, we collect your personal data to provide you with a podcast listening experience, including providing you with Acast+ / Acast+ Access Content, and more generally to improve the Acast Services. Below we outline the categories of personal data we collect and process about you, the reasons why we process your personal data and the legal basis associated with the processing of your personal data.

General

  • Explanation - We process your data when you access podcasts on the Acast website or when you listen to podcasts hosted by Acast on (i) an Acast Embed Player placed on a third-party website/app or (ii) a third-party distribution channel, such as Spotify or Apple Podcasts.

  • Legal basis - The processing of your personal data is based on our legitimate interest. When balancing interests, we have concluded that the processing will have minimal impact to your privacy and that it is necessary to provide you a podcast listening experience. You can contact us at privacy@acast.com if you want to know more about which legitimate interests are being pursued and how we made that determination. In some cases, the processing of your personal data is necessary to comply with a legal obligation to which Acast is subject.

  • Categories of personal data - We process the following categories of personal data when you listen to Acast’s podcasts:
    - IP address.
    - User Agent.

  • Why? - We process this data in order to:
    - Make the Acast Services available to you.
    - Validate you as a listener.
    - Identify the device you are using and deliver content to your podcast player.
    - Deliver advertisements based on your general (non-precise) location.
    - Customize frequency and language of ads.
    - Provide aggregated (anonymized) listening reports to Podcasters, Advertisers and other partners of Acast.
    - Analyze and measure the effectiveness of podcast advertising campaigns.
    -  Provide pseudonymized data about your listening activity to Podcasters using Acast+ Access services. Pseudonymized data means that your data is identified by a code rather than your name or other directly identifying information.
    - Compile anonymized statistics for insights, analytics, marketing, advertising and other purposes.
    - Evaluate, test and develop new Acast features, technologies, products and/or services.
    - Conduct surveys and research.
    - Understand, diagnose, troubleshoot and fix issues with the Acast Services. 
    - Help maintain the safety, security, and integrity of Acast's Services and prevent, detect or block fraudulent behavior.
    - Comply with a legal obligation Acast may have.
    - Respond to law enforcement requests as requires by applicable law, court order, or governmental regulations.
    - As otherwise specifically described to you when collecting your personal data.

  • Retention period - Your personal data is retained for 30 days after collection.

Acast+ Listeners (in addition to General)

  • Explanation - If you are listening to Acast+ Content, we collect and process your personal data in order to manage your Acast+ membership and understand how you interact with the Acast+ services.

  • Legal basis - The processing of your personal data is based on our legitimate interest. When balancing interests, we have concluded that the processing will have minimal impact to your privacy and that it is necessary to provide you with Acast+ content. You can contact us at privacy@acast.com if you want to know more about which legitimate interests are being pursued and how we made that determination. In some cases, the processing of your personal data is based on your consent.

  • Categories of personal data - In addition to the information processed under General, we process the following categories of personal data when you subscribe to Acast+ Content:
    - First and last name.
    - E-mail address.
    - Country
    - Our payment processor collects your credit card information when you purchase an Acast+ membership. Acast is restricted from accessing your primary account number and your CVC. We may, however, access cardholder name, last 4 digits and expiry month and year of your credit card for detecting, monitoring and preventing fraud or unauthorised payment transactions.

  • Why? - In addition to the processing purposes listed under General, we process the data in order to:
    - Manage your Acast+ membership.
    - Ascertain that you have made required payments before accessing Acast+ Content.
    - Provide you with support and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
    - Allow Podcasters to communicate with you in connection with your Acast+ membership and send you email marketing messages (with your consent).

  • Retention period - Your personal data is retained until you request deletion of your Acast+ account and any personal data associated with it. You can request deletion of your Acast+ account and any associated personal data by emailing us at support@acast.com. If you have consented to receiving marketing communications directly from the podcaster, you can withdraw your consent at any time by using the opt-out feature provided in the email. Please note that the podcaster, not Acast, is solely responsible for honouring your opt-out request.

3.2 PODCASTERS

If you are a Podcaster, we collect personal data pertaining to you to offer our podcaster-facing products and services.

  • Explanation - We process your data in order to provide you access to our podcast hosting, distribution and monetization services.

  • Legal basis - Generally, the processing of your personal data is necessary for the performance of our contract with the Podcaster. In some cases, the processing of your personal data is based on our legitimate interest. When balancing interests, we have concluded that the processing of your data will have minimal impact to your privacy and that it is necessary to provide you with Acast’s podcast hosting, distribution and monetization products and/or services. You can contact us at privacy@acast.com if you want to know more about which legitimate interests are being pursued and how we made that determination. We may also process your personal data when necessary to comply with a legal obligation to which Acast is subject.

  • Categories of personal data - We process the following categories of personal data when the Podcasters enters into an agreement with Acast:
    - Podcaster account data such as first and last name, email address, telephone number, username, password and IP address.
    - Our payment processor collects your credit card information when you sign-up to use our podcaster-facing products and services. Acast is restricted from accessing your primary account number and your CVC. We may, however, access cardholder name, last 4 digits and expiry month and year of your credit card for detecting, monitoring and preventing fraud or unauthorised payment transactions.
    - Invoicing and payment details.
    - Survey and research data.

  • Why? - We process this data in order to:
    - Give you access to Acast’s services for uploading, managing, distributing and monetising podcasts.
    - Give you access to your Acast account.
    - Give you access to Acast’s tool for sale and management of ads and sponsorships (if applicable).
    - Make payments to the Podcaster in relation to ads and sponsorships sold (if applicable) and provide information related to such payments.
    - Give you access to anonymized statistics related to the podcasts, such as number of listens, demographic data and the sale of ads inserted into podcasts.
    - Create custom audiences to exclude you from our target audience across multiple platforms, such as Facebook and Google.
    - Communicate with you.
    - Provide support in the event of technical, financial or other issues.
    - Compile anonymized statistics for insights, analytics, marketing, promotion, advertising and other purposes.
    - Evaluate, test and develop new Acast features, technologies, products and/or services.
    - Conduct surveys and research.
    - Understand, diagnose, troubleshoot and fix issues with the Acast Services.
    - Help maintain the safety, security, and integrity of Acast’s Services, and prevent, detect or block fraudulent behavior.
    - Comply with a legal obligation Acast may have.
    - Respond to law enforcement requests as required by applicable law, court order, or governmental regulations.
    - Comply with a legal obligation Acast may have.
    - As otherwise specifically described to you when collecting your personal data.

  • Retention period - Your personal data is retained until you request deletion of your Podcaster account and any personal data associated with it. You can request deletion of your Podcaster account and any associated personal data by emailing us as support@acast.com. Thereafter, we may retain invoicing and payment records to comply with any legal, accounting or reporting obligation Acast may have.

3.3 ADVERTISERS

If you are an Advertiser located in the EEA, Switzerland or the UK, we collect personal information pertaining to you to offer our advertiser-facing products and services. The Acast Group company that enters into the agreement with the Advertiser is the data controller responsible for the processing of personal information as described in this Section.

General

  • Explanation - We process your data in order to offer our advertiser-facing products and services.

  • Legal basis - Generally, the processing of your personal data is necessary for the performance of our contract with the Advertiser. In some cases, the processing of your personal data is based on our legitimate interest. When balancing interests, we have concluded that the processing of your data will have minimal impact to your privacy and that it is necessary to provide the Advertiser with Acast’s ads/sponsorship products and/or services. You can contact us at privacy@acast.com if you want to know more about which legitimate interests are being pursued and how we made that determination. We may also process your personal data when necessary to comply with a legal obligation to which Acast is subject.

  • Categories of personal data - We process the following categories of personal data when the Advertiser enters into an agreement with Acast:
    - First and last name.
    - Email address.
    - Telephone number.
    - If you are using the Acast Self-Serve Platform (“Advertiser Platform”) our payment processor collects your credit card information when you purchase our advertiser-facing products and services with your credit card. Acast is restricted from accessing your primary account number and your CVC. We may, however, access cardholder name, last 4 digits and expiry month and year of your credit card for detecting, monitoring and preventing fraud or unauthorised payment transactions.
    - Invoicing and payment details.
    - IP address.
    - Survey and research data.

  • Why? - We process this data in order to:
    - Provide you with advertising products and/or services.
    - Manage our ongoing customer relationship (to the extent an ad/sponsorship campaign has been purchased).
    - Provide assistance and support in connection with matters related to an ongoing or completed campaign.
    - Receive and administer invoicing and payments in relation to advertisements sold (if applicable) and provide information related to such payments.
    - Give you access to anonymized statistics related to the performance of an ad/sponsorship campaign.
    - Communicate with you.
    - Provide you with support and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
    - Compile anonymized statistics for insights, analytics, marketing, promotion, advertising and other purposes.
    - Evaluate, test and develop new Acast features, technologies, products and/or services.
    - Conduct surveys and research.
    - Understand, diagnose, troubleshoot and fix issues with the Acast service.
    - Help maintain the safety, security and integrity of Acast's Services, and prevent, detect or block fraudulent behavior.
    - Comply with a legal obligation Acast may have.
    - Respond to law enforcement requests as required by applicable law, court order, or governmental regulations.
    - As otherwise specifically described to you when collecting your personal data.

  • Retention period - Your personal data is retained for as long as you use our advertising products and services, or if you are a Self-Serve Advertiser until you request deletion of your Self-Serve account and any personal data associated with it. You can request deletion of your Self-Serve account and any associated personal data by emailing us at support@acast.com. Thereafter, we may retain invoicing and payment records to comply with any legal, accounting or reporting obligation Acast may have.

Leads

  • Explanation - We process your data in order to evaluate business opportunities with you to purchase ad/sponsorship campaigns and enter into a contractual relationship with Acast.

  • Legal basis - The processing of your personal data is based on our legitimate interest. When balancing interests, we have concluded that the processing of your data will have minimal impact to your privacy and that it is necessary to evaluate possible business opportunities between you and Acast. You can contact us at privacy@acast.com if you want to know more about which legitimate interests are being pursued and how we made that determination. In some cases, the processing of your personal data is necessary to comply with a legal obligation to which Acast is subject.

  • Categories of personal data - We process the following categories of personal data when you engage in business discussions with Acast:
    - Name.
    - Email address.
    - Telephone number.

  • Why? - We process this data in order to:
    - Evaluate possible business opportunities with you to purchase ad/sponsorship campaigns and enter into a contractual relationship with Acast.
    - Communicate with you and provide assistance in connection with a future campaign.
    - Evaluate, test and develop new Acast features, technologies, products and/or services.
    - Comply with a legal obligation Acast may have.
    - Respond to law enforcement requests as required by applicable law, court order, or governmental regulations.

  • Retention period - Your personal data is retained for as long as we are evaluating possible business opportunities with you and will be kept for a reasonable period thereafter in order to provide new Acast offers/information that might be of interest to you.

3.4 CUSTOMER SUPPORT USERS

  • Explanation - If you are a Listener, a Podcaster or an Advertiser, we process your data when you access our user support system on the Acast website or email our support team in order to provide you with podcast-related assistance.
  • Legal basis -  The processing of your personal data is based on our legitimate interest. When balancing interests, we have concluded that the processing will have minimal impact to your privacy and that it is necessary to provide you with the support you may require. You can contact us at privacy@acast.com if you want to know more about which legitimate interests are being pursued and how we made that determination. In some cases, the processing of your personal data is necessary to comply with a legal obligation to which Acast is subject.
  • Categories of personal data - We process the following categories of personal data when you access or e-mail Acast support:
    - First and last name.
    - Email address.
    - Your communication with us, including necessary information regarding your support enquiry.
  • Why? -  We process this data in order to:
    - Confirm your identity as an Acast Listener, Podcaster or Advertiser.
    - Communicate with you.
    - Answer your questions and find a solution to the issue.
    - Understand, diagnose, troubleshoot and fix issues with the Acast service.
    - Help maintain the safety, security, and integrity of Acast’s Services, and prevent, detect or block fraudulent behavior.
    -  Comply with a legal obligation Acast may have.
    - Respond to law enforcement requests as required by applicable law, court order, or governmental regulations.
  • Retention period - Your personal data is retained until you request deletion of your Acast+ Listener, Podcaster or Advertiser account and any personal data associated with it. You can request deletion of your account and associated personal data by emailing us at support@acast.com.

3.5 NEWSLETTER SUBSCRIBERS

  • Explanation - If you are a Podcaster or an Advertiser, we process your data when you subscribe to Acast’s newsletters in order to send you relevant information regarding events, news and offerings that might be of interest to you.
  • Legal basis - The processing of your personal data is based on your consent. In some cases, the processing of your personal data is necessary to comply with a legal obligation to which Acast is subject.
  • Categories of personal data - We process the following categories of personal data when you sign-up to Acast’s newsletters:
    - First and last name.
    - E-mail address.
  • Why? - We process this data in order to:
    - Send you relevant information regarding events, news and offerings that we think you might be interested in.
    - Help maintain the safety, security, and integrity of Acast’s Services, and prevent, detect or block fraudulent behavior.
    - Comply with a legal obligation Acast may have.
    - Respond to law enforcement requests as required by applicable law, court order, or governmental regulations.
  • Retention period – Your personal data is retained until you choose to unsubscribe from our newsletter by using the opt-out feature provided in the newsletter.

4. SHARING YOUR PERSONAL DATA

4.1 In order to provide you with the Acast Services, we may share or disclose your personal data with our third-party service providers that perform certain services on our behalf and act as Acast’s processors. These service providers are only allowed to use your personal data in accordance with our instructions and pursuant to a written contract. We share your personal data with the following categories of service providers:

  • Advertising partners such as ad servers, SSPs, DSPs, DMPs, ad targeting and ad measurement partners. Our advertising partners include AdsWizz, ArtsAI, Lucid, Magellan AI, Podscribe, SoundCast, Veritonic and other third-parties who provide services to store, deliver, manage, track and target ads as well as analyze and measure the effectiveness of podcast ads.
  • Hosting cloud infrastructures that host the Acast Services. Our hosting cloud infrastructure is AWS.
  • Invoicing and payment processors who provide services to create, facilitate or process invoices, payments and/or purchase orders. These include Netsuite, Tipalti and Stripe.
  • IT service management tools who provide services for user authentication, spam detection, log monitoring or database management. These include Auth0, Akismet, Datadog, Google reCAPTCHA, Spur.us and Twilio.  
  • Communication tools who provide services to communicate for podcast-related assistance or send you email marketing messages. These include Google Workspace, Intercom, Mailchimp and Mailgun. 
  • Customer relationship manager systems such as Salesforce.

4.2 If you are a Listener of Acast+ Access Content, we may share pseudonymised data about your listening activity to Podcasters providing the Acast+ Access Content to you. Pseudonymised data means that your data is identified by a code rather than your name or other directly identifying information.

4.3 We may also share your personal data with other companies in the Acast group (including our subsidiaries) in order to carry out our daily business operations and provide you with the Acast Services described in this Policy.

4.4 We will share your personal data with a third-party if we are required to do so by law or if we in good faith believe that such action is necessary to comply with a legal obligation under applicable law or a valid legal process.

5. INTERNATIONAL DATA TRANSFERS

5.1 Certain service providers who process your personal data on our behalf may be located in a country outside of the EEA, Switzerland or the UK. Where such data transfer occurs, we will make sure that an appropriate data transfer mechanism is put in place to protect your personal data. This includes entering into a contract with the service provider in which the EU Commission's standard contractual clauses (available at the EU Commission’s website) have been incorporated, or in the absence of the standard contractual clauses ensuring that the transfer is subject to an EU adequacy decision, such as the EU-US Data Privacy Framework.

5.2 For transfers of your personal data to other Acast group companies based outside of the EEA, Switzerland or the UK we will rely on the data transfer agreement entered between all Acast group companies in which the EU Commission’s standard contractual clauses (available at the EU Commission’s website) have been incorporated.  

6. SECURITY

We have implemented appropriate technical and organizational measures to protect the security of your personal information. These measures include routines for pseudonymization and deletion of the data, vulnerability management, and policies for access control and security monitoring. For more information regarding how we guard your personal information against unauthorized access, please visit security.acast.com.

7. CHILDREN

We may host, distribute and monetize podcasts directed towards children. If a child is listening to children’s podcasts it is likely that the child is the data subject whose personal data is processed. We have taken additional security measures to reduce the processing of children’s personal data for advertising purposes. If you are a parent of a child who is listening to children’s podcasts hosted on Acast, or if you are a child who is listening to children’s podcasts and would like to know more about what personal data is processed, how and why please read our Children’s Privacy Notice available here or contact us at privacy@acast.com. The Children’s Privacy Notice is directed to Listeners of children’s podcasts hosted on Acast that qualify as a child under the law applicable to the child.

8. INFORMATION ABOUT COOKIES

When you use the Acast Services or visit our website, we and our third party partners may use cookies or other similar technologies to understand how you interact with our Services/website and provide you with a personalized user experience.

For more information about cookies, including which cookies we use and how to opt-out or manage your cookie settings, please visit our Cookie Policy.

9. HOW TO CONTACT US

If you have any questions or concerns about this Policy please send us an e-mail at privacy@acast.com or reach out to Acast's Data Protection Officer at dpo@acast.com. You may also write to us at the address below.

Acast AB (publ)
Company reg. no. 556946-8498
Kungsgatan 28
Stockholm 111 35
Sweden