TIDAL PRIVACY POLICY

Effective as of 25 May 2018.

BY VISITING, ACCESSING, OR USING THE SERVICES, YOU ACCEPT THE PRACTICES IN THIS PRIVACY POLICY. PLEASE READ THIS POLICY AND TIDAL’S TERMS AND CONDITIONS OF USE CAREFULLY.

  1. INTRODUCTION
  2. WHO WE ARE
  3. CHILDREN AND PRIVACY
  4. COLLECTION AND USE OF PERSONAL DATA
  5. SHARING INFORMATION WITH THIRD PARTIES
  6. SAFEGUARDING OF PERSONAL DATA
  7. RETENTION
  8. YOUR RIGHTS
  9. COMMUNICATIONS
  10. MARKETING AND ADVERTISING
  11. COOKIES AND SIMILAR TECHNOLOGIES
  12. INTEGRATION WITH THIRD PARTY SERVICES
  13. INTEGRATION WITH THIRD PARTY WEBSITES
  14. DETECTION OF MISUSE OF THE SERVICES
  15. ACCESS, RECTIFICATION AND DELETION
  16. AMENDMENTS TO THE PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy together with the Terms and Conditions of Use sets out how Aspiro AB and its affiliates (“TIDAL”, “us”, “we” or “our”) process any personal data that we collect about you, or which you provide to us, when you access and use the TIDAL music streaming service, mobile and device applications or associated websites (“Services”). Our policy is to process your personal data at all times in accordance with applicable data protection laws and regulations.

By “personal data”, we mean any information which enables us to identify a person either directly or indirectly. By “affiliates”, we mean any member of our group including our subsidiaries, our holding company and its subsidiaries.

2. WHO WE ARE

The data controller of your personal data is Aspiro AB, a Swedish company whose registered address is 540 W 26th Street, 8th Floor, New York, NY 10001. If you have questions, comments or requests about this Privacy Policy please feel free to contact us by sending an email to support@tidal.com. You may also contact our Data Protection Officer at dpo@tidal.com.

3. CHILDREN AND PRIVACY

We do not knowingly collect or solicit information from children under age 13 or knowingly allow such persons to register for the Services. If you are under age 13, you are not permitted to use the Services. If you are 13 - 17 years of age, you may visit, browse and use the information on the websites but you may not register an account or submit any personal data. If you are 13 - 17 years old, by browsing the website, using or accessing the Services you confirm that you have the permission of a parent or guardian to do so. If you are a parent or guardian and believe that we may have inadvertently collected personal data from your child without your consent, please notify us immediately by sending an email to support@tidal.com and we will delete such personal data promptly.

4. COLLECTION AND USE OF PERSONAL DATA

We will process your personal data for the purpose of providing the Services to you and/or for the legitimate purpose of direct marketing purposes. Specifically, we collect the following types of personal data relating to you for the following purposes:

(a) Information you provide to us directly. When you register as a user for the Services and/or use the Services you provide us with certain information that we store. This may include: username and password information provided for the Services; your name, contact and any other user profile information that you may supply, such as your address, phone number, email address and age; payment information provided to use the Services; User Content (for example, photos, comments, and other materials) that you upload or otherwise post on the Services; metadata associated with such User Content (as defined in Section 9 of Tidal’s Terms and Conditions of Use), which may include content creation date, formatting information; location information about where the User Content was recorded (geotags); and communications between us and you. We process such information for the purposes of providing the Services to you including account management and to calculate settlement towards the content owners.

(b) Usage information. When you use the Services, we collect and process information generated by your use of the Services, such as favourites, playlists created, tracks played and downloaded, activity in the TIDAL applications, offlined tracks, time of log-in, what version of the TIDAL client you use and similar. If you access the Services via a handheld device, we also store a number that uniquely identifies the device. We use this information (i) to tailor and/or personalise the Services to you; (ii) for service improvement purposes; and (iii) for marketing and advertising purposes (as further described in Section 10 below). We may also use internal or third party analytics tools, for our own analytics purposes, to help us measure traffic and usage trends for the Services. These tools collect information sent by your device or the Services that assists us in improving the Services. We collect and combine this information with analytics information from other visitors and users so that it cannot reasonably be used to identify any particular individual.

(c) Log file information. This information may be automatically reported by your browser or device each time you make a request to visit, access or use the Services. When you visit, access or use the Services, our servers may automatically record certain log file information, including the time of log-in, what version of the TIDAL client you may be using, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Services, domain names, landing pages, pages viewed, and other such information. We may also log the Device ID or other unique information for devices used to access the Services. We may also collect similar information from emails we send to you, which helps us track which emails are opened and which links are clicked by recipients. This information is used to (i) analyse the usage of the Services; (ii) enable more accurate reporting; (iii) improve the Services; and (iv) calculate settlement with the content owners.

(d) Survey information. If you reply to surveys that we have provided, the information you provide will be made anonymous and aggregated with the responses of other users, unless otherwise specified and used for improvement of the Services.

In addition to the specific uses of information we describe in this Privacy Policy, we may use your personal data to: (i) process payments for use of the Services; (ii) help you efficiently access your information and features of the Services; (iii) remember information so you will not have to re-enter it during your visit or the next time you use the Services; (iv) provide, improve, test and monitor the effectiveness of our Services; (v) develop and test new products and features; (vi) monitor metrics such as total number of visitors, traffic and demographic patterns; (vii) diagnose or fix technology problems; and (viii) detect, investigate and take all steps necessary to address misuse of the Services.

(e) Information collected from third parties. We may receive information about you from third parties who may have collected and transferred your personal data to us in accordance with their own privacy policies and/or terms of use. Examples of such third parties include social media networks such as Facebook, business partners, advertising networks, analytics providers or any telecommunications providers through which you may access the Services (for example through a bundled package). Where we receive such information from such third parties, we may combine it with the other personal data that we have collected about you as set out above and use such information either alone or in combination with the other personal data we hold for the purposes outlined in this Privacy Policy.

If we intend to process your personal data for any purpose other than the purposes set out above, we shall notify you of the purpose for such processing and shall provide any other relevant information, either by updating this Privacy Policy or (in the case of material change) notifying you by email/push notification.

5. SHARING INFORMATION WITH THIRD PARTIES

We may share your personal data with those of our affiliates on whom we rely to provide the Services, for the purposes outlined in this Privacy Policy (see Sections 4(a) to (e) above for more details).

We may also share your personal data with third parties other than our affiliates in the following situations:

(a) when you have given us consent to share such personal data. This can, for instance, be in relation to Facebook or other third parties. Unless you have otherwise expressly consented, we do not share such personal data with third parties (e.g. advertisers) for marketing purposes, although we may provide such third parties with aggregated, anonymised data collected about you and other users of the Services.

(b) when necessary for billing purposes. We share information with the billing provider to facilitate billing. Your billing and payment information is stored by the billing provider and not by TIDAL and the billing provider processes such information in accordance with its own Privacy Policy.

(c) when we engage third parties to perform services on our behalf in relation to the Services. In such cases we will remain responsible for your personal data and ensure that all handling of such data will be in accordance with this Privacy Policy and applicable laws.

(d) if we are required to do so (i) by applicable legislation, or to comply with any legal obligation; (ii) in order to enforce or apply this Privacy Policy or our Terms and Conditions of Use; or (iii) to protect the rights, property or safety of TIDAL, our customers or others. This includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction. You expressly consent to our collecting and sharing such information for fraud protection and credit risk reduction.

(e) if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

(f) if we or substantially all of our assets are acquired by or sold to a third party, in which case personal data held by us about our users will be one of the transferred assets.

(g) with third party rights holders, whose content is licensed to us. The data that TIDAL shares with the rights holders is in a de-identified format that does not identify you directly, unless you opt into the sharing of your personal data.

(h) if you contest or dispute any of our charges, we may share your personal data with your credit card company or financial institution in order to help you try to resolve such dispute.

(i) where you have expressly consented, we may share certain information such as cookie data and streaming data (e.g., the number of plays of a particular song or playlist by all users) with third party advertising partners in order to (a) allow third party ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you; and (b) deliver targeted emails and other communications to you concerning such advertisers, their products or services and/or TIDAL events sponsored or hosted by such advertisers.

We may remove parts of data that can identify you and share anonymised data with other parties. We may also combine your information with other information in a way that it is no longer enables you to be identified and share that aggregated, anonymised information with third parties, which may include demographic data such as how many users constitute a particular age group, general locations of where groups of users reside for purposes of, e.g., determining who may be interested in attending a TIDAL event and similar anonymised data.

Some of our affiliates and/or third parties may be located outside the European Economic Area in countries whose laws may not provide adequate protection for your personal data. Prior to your personal data being shared with such affiliates or third parties (as applicable), we will take contractual or other steps reasonably necessary to ensure that your personal data is treated securely by such affiliates or third parties in accordance with this Privacy Policy.

Except as otherwise described in this Privacy Policy, we will never sell your personal data to third parties or allow third parties to have access to your personal data for their own purposes.

6. SAFEGUARDING OF PERSONAL DATA

We use appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. Your personal data is stored in a secure manner on protected equipment. Only a limited number of personnel have access to this equipment and only persons with a legitimate reason have access to your personal data. Unfortunately, the transmission of your personal data via the internet is not completely secure. While we will endeavour (through the use of appropriate security measures) to protect your personal data, we cannot guarantee the security of such data when it is transmitted to us via the internet: you accept that any such transmission of your personal data is at your own risk.

7. RETENTION

We will retain your personal data only for the period necessary to fulfil the purposes for which such data was collected or for so long as we are required by law to do so. When it is no longer necessary for us to retain such data, it will be deleted or made anonymous in a safe and permanent manner or access to it will be blocked to the extent that statutory data retention requirements apply.

8. YOUR RIGHTS

You have a number of rights in relation to how we process your personal data. These include the right to:

  • be informed about any personal data held about you by us;
  • request access to your personal data;
  • request us to have any inaccurate personal data amended or erased;
  • request us to restrict processing of the personal data on certain grounds;
  • receive a copy of your personal data in a machine-readable format and have it sent to another company;
  • object to the processing of your personal data on certain grounds; and
  • file a complaint with the relevant supervisory authority if you think we have violated data protection laws.

If you have any concerns or complaints about how we handle your personal data, or to exercise the above rights, please contact our Data Protection Officer at dpo@tidalcom. Alternatively, you may contact the Swedish Data Protection Authority (Datainspektionen) ( https://www.datainspektionen.se/in-english/contact-us/) or the Information Commissioner’s Office ( https://ico.org.uk/concerns/).

9. COMMUNICATIONS

If you have provided us with your email address or your phone number, we will use this information to communicate with you in matters relevant to the Services, consistent with your preferences, this Privacy Policy and applicable law. Such information includes receipts for payment, information about changes in the Services, changes in the end user agreement and this Privacy Policy. You may not be able to opt out of certain important email communications (e.g., account verification, payment receipts, technical and security notices).

10. MARKETING AND ADVERTISING

We may provide you with details of our products, services and events, which we consider may be of interest to you, including details of forthcoming streaming content, artist information and/or copies of our newsletter. We may also deliver promotional offers and communications on behalf of third party advertisers concerning their products or services and/or events sponsored or hosted by such advertisers, where you have opted in to receiving such information from us. We do not sell or give your email address to other companies for their own marketing purposes. In your account settings, you can elect to opt-out of some or all of these types of communications. You may unsubscribe from such email communications at any time by clicking on the “unsubscribe link” provided in such communications.

11. COOKIES AND SIMILAR TECHNOLOGIES

A cookie is a small file that is placed on your device that allows TIDAL and our partners to recognize your device when you return to the web page. We use cookies to offer log-in functionality, to remember user preferences and to understand how our web pages are used.

We use both temporary (“session”) and persistent cookies. We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. including, for example, cookies that enable you to log into secure areas of our website.

Analytical/performance cookies. These allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. Where you have expressly consented, we may also share this information with third parties for this purpose, as detailed above in Section 5(i).

You may delete cookies in your browser anytime and you can also block cookies from being placed by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

In addition to our own, cookies are also placed by Google Analytics as described below.

12. INTEGRATION WITH THIRD PARTY SERVICES

Google Analytics: We use Google Analytics from Google on our web pages to create anonymous usage statistics. If you have concerns relating to the usage of Google Analytics be informed that it is possible to block Google Analytics by installing a plug-in to your browser. A plug-in for the most common browsers can be found here: http://tools.google.com/dlpage/gaoptout. Please refer to Google’s privacy policy to understand how Google processes your personal data.

Facebook: If you enable the function “Connect to Facebook” in the settings of your TIDAL client we will share your favourites with Facebook enabling your Facebook friends to see your favourites and enabling you to see your Facebook friends’ favourites. Further if you use the function “share” you can post to your Facebook account directly from the TIDAL client. Please refer to Facebook’s privacy policy to understand how Facebook processes your data.

Twitter: If you use the function “share” you can post to your Twitter account directly from the TIDAL client. Such posting might involve sharing personal data. Please refer to Twitter’s privacy policy to understand how Twitter processes your data.

13. INTEGRATION WITH THIRD PARTY WEBSITES

We may link to third party websites. TIDAL cannot control or be held liable for third parties’ privacy policies and content. Please refer to the third party site’s privacy policy to understand how such third party processes your personal data.

We are not responsible for the practices employed by any websites or services linked to or from the Services—such as, but not limited to, Facebook and Twitter—including the information or content contained within them. When you use a link to go from our Services to another website or service, our Privacy Policy does not apply to those third party websites or services. Your browsing and interaction on any third party website or service, including those that have a link on our Services, are subject to that third party’s own rules and policies. In addition, you understand and agree that we are not responsible and do not have control over any third parties that you authorize to access your personal data (including User Content).

14. DETECTION OF MISUSE OF THE SERVICES

If we suspect misuse of the Services, we may combine the personal data we have collected in accordance with this Privacy Policy with other information in order to investigate the extent of the misuse and who is responsible.

15. ACCESS, RECTIFICATION AND DELETION

If you have questions regarding your personal data stored with us, including a request for access rectification or deletion, or you object to certain uses, please feel free to contact us e.g. by sending an email to dpo@tidal.com or support@tidal.com.

16. AMENDMENTS TO THE PRIVACY POLICY

The Services are subject to constant improvement and future changes may influence what personal data we store and how we process it. This Privacy Policy may be updated to reflect such changes, changes in legal framework or improvements in how we handle personal data. Please check back frequently for any updates to the Privacy Policy. When we make material changes to the Privacy Policy, we will provide you with notice as appropriate under the circumstances, for example, by sending you an email.