Privacy and cookie policy
1. Purpose
This section sets out DEEZER’s commitments with regard to protecting the privacy and personal data of its members, subscribers or visitors (hereinafter referred to collectively as the “Users”) collected and processed during the use of the Site and the Application under the conditions set out in the Terms of Use and Sale for the Services (hereinafter the “Data”).
DEEZER undertakes to comply with the applicable legislation relating to the protection of privacy, particularly Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to collectively as the “Applicable Regulation”).
The User acknowledges that, by using the Site and/or the Application and/or by using one of the free or paid services made available by DEEZER (hereinafter the “Services”), his/her Data are collected and processed according to the terms and conditions set out hereinafter.
This policy (the “Policy”) forms an integral part of the Terms of Use and Sale for DEEZER’s Services and may be modified at any time, in particular to ensure compliance with any legislative, regulatory, case law, editorial or technical changes.
The User must therefore refer to the latest version of the Policy before any use of the Services.
2. Identity of the Data controller
The Data controller is DEEZER SA, a limited company with share capital of 248,950.19 euros, listed on the Paris Trade and Companies Register under number 511 716 573, the registered office of which is located at 12 rue d'Athènes 75009 Paris – FRANCE.
The Data are in particular stored by the host of the Site identified in the Legal Notice.
3. Data collected
DEEZER may collect Data relating to the Users in order to provide its Services.
3.1. Data provided directly by the User
During his/her registration and use of the Services, the User provides various Data directly to DEEZER. These Data include in particular:
- The Data necessary for the creation of the User account such as a username, email address, age, gender, login details via third-party services (Facebook, Google+) and a password allowing the User to be identified.
The User is informed on the Data collection forms whether the collection of said Data is mandatory or optional. If a mandatory field is not completed, DEEZER will not be able to process the registration or provide the Services.
- The User account personalisation Data such as first name, surname, postal address, telephone number, date of birth, profile picture, musical preferences, favourite content (artists, albums, tracks, radio stations, podcasts, liked tracks, disliked tracks).
- The Data from the User account Settings such as the “Privacy settings” and “Alerts & sharing”.
3.2. Data collected automatically by DEEZER
During the use of the Services, DEEZER collects Data relating to the connection, browsing, interaction with the advertisements displayed, or the use of the Services.
A. Data relating to interaction with the Services
These Data include in particular:
- Favourite content (artists, albums, tracks, radio stations, podcasts), listening history, playlists created or followed (public or private);
- Data about interaction with other users of the Services such as comments on an artist or album page, the users whose activity the User has decided to follow, or the users who decide to follow the User’s activity (subject to the User’s privacy settings).
B. Data that DEEZER collects in relation to the commercial relationship
For the entire duration of the commercial relationship, DEEZER collects various Data for the management of the commercial relationship and for invoicing.
- Invoicing and transaction Data
If the User has subscribed to one of the paid Services, DEEZER collects the Data necessary for the purposes of invoicing, managing transactions and accounting. These Data vary depending on the payment method and the company responsible for collecting payment (for example, if payment is made through a telecommunications operator). They include in particular information relating to the type of subscription(s) and the payment method, and details of the transaction carried out.
DEEZER does not have access to credit card details, which are hosted by the payment service provider that handles the User’s account.
- Customer Service interaction Data
In the event of interaction with Customer Service, it may collect certain Data in order to process the User’s request.
These include in particular the Data allowing Customer Service to identify the User (DEEZER username, surname, first name), the date, time and reason for the User’s request, the content of exchanges with Customer Service and the additional Data necessary for handling the request, as the case may be.
C. Connection and navigation Data
Data relating to any device used to access the Services and the manner in which the User interacts with the Services and the advertisements displayed thereon. These Data include in particular:
- Data collected automatically
- the ID or unique device identifiers (including mobile devices) used to access the Services; the characteristics of the devices and software (type and version of the operating system, or the language used on the device) used to connect to the Services.
- the Data relating to connection to the Services, including:
- the type of connection to the Services (3G, 4G, LTE, WiFi, offline),
- the Internet service provider,
- statistics about the pages of the Services displayed,
- the IP address (indicating the country and city of connection).
- the level of activity or inactivity on the Services.
- Data collected via cookies and other trackers (for more information, see Article 13, “Cookies and other trackers”).
These Data particularly include the following:
D. Data collected from other sources
- Via telecommunications operators: some Users access the Services through offers provided by mobile network operators. In this situation, the operator shares certain Data with DEEZER (for example the email address or username used) in order to allow these Users to access the Service for which they are eligible depending on their subscription type.
- Via sales and marketing partners: DEEZER allows its Users to access the Services on several types of audio device (speakers, car radios, etc.) through partnerships with the manufacturers of these devices. In this situation, these partners may in particular share with DEEZER Data relating to the User’s listening activities on these devices. Other types of partnership allow DEEZER and its advertising partners to conduct joint marketing activities in particular.
- Via sub-contractors: sub-contractors also collect Data relating to the Users on behalf of DEEZER that target their interests and online activities in order to offer them personalised adverts in particular.
E. Data relating to the User’s participation in marketing operations
If the User takes part in a competition or event organised by DEEZER, the Data used to register and participate in said competition or event are collected.
4. “Public” or “private” profiles
Certain Data from the User profile may be visible on the Site and Application.
Each User can manage the level of privacy of his/her account.
The User may therefore choose to make his/her account “private” in the Account settings. In this case, only his/her username will remain “public”.
The User may also choose to make his/her playlists “private” at the time of creation, or after they have been created, by clicking on the “Edit” button.
By default, the User is informed that his/her profile is “public”, which means that certain Data can be seen by all users or visitors to the Site and Application. This is the case for the following information in particular: username, profile picture, the users followed by the User (username and photo), the users who follow the User (photo and username), playlists, albums and podcasts, and favourite tracks and artists.
5. Purpose of processing
DEEZER gathers, collects and stores the Data as set out above for the following purposes:
- Supplying the Services and ensuring that they function properly;
- Improving or optimising the Services or offering new features;
- Personalising the Services according to the User’s preferences, location, tastes and interests (declared or deduced), resulting from his/her use of the Services, the information provided, his/her interactions with the Services and his/her browsing of the Services;
- Informing the User of DEEZER’s offers and news;
- Informing the User of DEEZER partners’ offers and news;
- Handling the User relationship via Customer Service;
- Handling invoicing and payment operations;
- Personalising the advertisements displayed on the Services and on third-party services;
- Measuring the audience of the Services;
- Organising competitions and promotional operations;
- Making available sharing tools for social networks where the User has agreed to the sharing of such information;
- Carrying out customer satisfaction surveys;
- Carrying out statistical, selection and segmentation analysis of Users to improve the Services;
- Allowing the User to exercise their rights as described in Article 10 of this Policy;
- Combating fraud and non-payment;
- Ensuring the security of the Site, the Application and the Services.
6. Recipients of the Data
The Data collected or processed during the use of the Services by the User are sent to DEEZER entities, to the approved, authorised persons within DEEZER who, due to their role, need to have access to such Data for the purposes of processing described above, as well as:
- DEEZER’s service providers, in order to ensure the satisfactory supply of the Services. For example, DEEZER relies on service providers to verify the student status of visitors who subscribe to Deezer Student, or to supply payment methods.
- The technical sub-contractors chosen by DEEZER, who may, on behalf of and on instructions from DEEZER, host and store the User’s Data on their servers and ensure the security of DEEZER’s technical infrastructure.
- DEEZER’s partners: certain partners, such as telecommunications operators, the manufacturers of audio devices or marketing partners, may process Data in order to supply the Services and implement joint communication plans. In the same way, DEEZER communicates Data to social networks in order to promote the Services.
- Social networks, if the User has expressly consented to the linking of his/her User account with his/her social network accounts at the time of registration on the Site or Application, or by changing his/her User account settings to this effect in the “Alerts & sharing” section (to access this section, click here).
- Third-party applications accessible from the Site or Application, if the User has given his/her express prior consent during the use of each application.
- Administrative or judicial authorities: DEEZER may communicate information relating to its Users, including Data, to the administrative or judicial authorities, particularly if said Data is requisitioned.
7. Cross-border Data transfers outside the European Union
During the processing of the Data, DEEZER may transfer them to its servers located in the United States of America.
The User is informed that the Data may be transferred within the DEEZER group to a country other than his/her country of residence and in particular outside the European Union. The Data are transferred in accordance with the Applicable Regulation.
The User is also informed that the Data may be transferred to service providers, sub-contractors and partners located outside the European Union. Prior to the transfer, and in accordance with the Applicable Regulation, DEEZER shall take the measures required to obtain the necessary guarantees for the security of such transfers to countries that do not provide an adequate level of protection, such as contractual clauses.
For more information on cross-border data transfers, the User may contact the Data Protection Officer at the following address: privacy@deezer.com.
8. Data security
In accordance with the Applicable Regulation, DEEZER will take all necessary measures to process the Data securely and confidentially.
In particular, DEEZER will implement the technical and organisational measures that will guarantee the security and confidentiality of the Data collected and processed, and in particular prevent them from being distorted, damaged or disclosed to unauthorised third parties, by ensuring a level of security that is appropriate to the risks linked to the processing and the nature of the Data, taking into consideration the technicality and cost of such implementation.
DEEZER cannot however guarantee the confidentiality of Data made public by the User.
The Services may include links to third-party websites or external sources. The User acknowledges that the Policy only applies to the use of the Services, and does not in any way cover the Data collected and/or processed by the third-party websites or external sources to which the Services might link. Consequently, DEEZER cannot be held liable for the personal data collection and processing practices of such websites or external sources, which are governed, as the case may be, by data protection policies specific to each of these websites or external sources.
9. Data storage period
DEEZER undertakes not to keep the User’s Data for longer than strictly necessary for the purposes envisaged, in accordance with the Applicable Regulation.
DEEZER undertakes to store, anonymise and delete the Data as soon as the purpose envisaged or storage period expires.
The maximum storage periods apply unless a request for erasure or termination of processing is made before the expiry of these periods (in accordance with the rights described in Article 10 below). However, at the end of these periods, the Data may be subject to temporary storage in order to satisfy our legal, accounting and tax obligations.
| CATEGORY OF DATA CONCERNED | PURPOSE | STORAGE PERIOD | LEGAL BASIS |
|---|---|---|---|
|
*Data necessary to create an account *User account personalisation Data *User account settings Data *Data relating to interaction with the Services *Commercial relationship management Data *Data collected from other sources *Connection and navigation Data |
*To provide, improve and personalise the Services | *For the duration of the commercial relationship with the User and for 3 years after it ends |
As the case may be: *Performance of the contract *Legitimate interests |
|
*Data necessary to create an account *User account settings Data *User account personalisation Data |
*To inform the User of offers and news about Deezer Services and its partners *Customer satisfaction surveys |
*For the duration of the commercial relationship and for 3 years after it ends |
As the case may be: *Legitimate interests *Consent |
|
*Data necessary to create an account *Invoicing and transaction Data *Data processed by Customer Service |
*To manage the User relationship |
*5 years from the closing of the claim |
*Performance of the contract |
|
*Data necessary to create an account *Invoicing and transaction Data |
*To handle invoicing and payment operations *To prevent fraud and non-payment |
*Up to 10 years from the end of the commercial relationship |
As the case may be: *Performance of the contract *Compliance with a legal obligation *Legitimate interests |
|
*Connection and navigation Data *Data necessary to create an account *Data collected from other sources |
*Statistics and analysis *Personalisation of adverts |
*The duration of the commercial relationship, with a maximum of 13 months for trackers |
As the case may be: *Legitimate interests *Consent |
10. Rights to the Data
Articles 14 to 22 of Regulation (EU) 2016/679 of 27 April 2016 grant Users the following rights:
- The right to access the Data,
- The right to rectification of the Data,
- The right to object to the collection and processing of the Data,
- The right to erasure of the Data,
- The right to restrict the collection and processing of the Data,
- The right to Data portability.
The User may exercise his/her rights by sending a request by email to privacy@deezer.com or by post to the following address: DEEZER S.A – Legal Department – 12 rue d'Athènes 75009 Paris – FRANCE.
The User is informed that exercising certain rights, in particular the right to object and the right to erasure, may restrict or prevent access to and/or use of the Services.
DEEZER reserves the right to verify the User’s identity.
11. Minors
Users who have a Deezer Family master profile, who have parental authority or parental authorisation for minors under 16 years of age, are entitled to open profiles within their Deezer Family account on the conditions described in Article 20 of the Terms of Use and Sale for the Deezer Premium Service. In so doing, they authorise the potential collection and processing of Data concerning the minors on whose behalf they are acting.
12. Contact details and Claims
Contact details
For all claims regarding the processing of his/her Data, the User may send a request to DEEZER’s Data Protection Officer by email to dpo@deezer.com or by post to the following address: 12 rue d'Athènes 75009 Paris – FRANCE.
The Data Protection Officer ensures the enforcement of the Applicable Regulation and the Policy.
Claims
In the absence of a reply or if the User is not satisfied with the reply given, he/she may lodge a complaint with the relevant data protection authority in the member state of the European Union in which he/she has his/her habitual residence.
| COUNTRY | DATA PROTECTION AUTHORITY | WEBSITE |
|---|---|---|
| Austria | Österreichische Datenschutzbehörde | http://www.dsb.gv.at/ |
| Belgium | Commission de la protection de la vie privée | http://www.privacycommission.be/ |
| Bulgaria | Commission for Personal Data Protection | http://www.cpdp.bg/ |
| Croatia | Croatian Personal Data Protection Agency | http://www.azop.hr/ |
| Cyprus | Commissioner for Personal Data Protection | http://www.dataprotection.gov.cy/ |
| Czech Republic | The Office for Personal Data Protection | http://www.uoou.cz/ |
| Denmark | Datatilsynet | http://www.datatilsynet.dk/ |
| Estonia | Estonian Data Protection Inspectorate | http://www.aki.ee/en |
| Finland | Office of the Data Protection Ombudsman | http://www.tietosuoja.fi/en/ |
| France | Commission Nationale de l’Informatique et des Libertés | http://www.cnil.fr/ |
| Germany | Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit | http://www.bfdi.bund.de/ |
| Greece | Hellenic Data Protection Authority | http://www.dpa.gr/ |
| Hungary | Data Protection Commissioner of Hungary | http://www.naih.hu/ |
| Ireland | Data Protection Commissioner | http://www.dataprotection.ie/ |
| Italy | Garante per la protezione dei dati personali | http://www.garanteprivacy.it/ |
| Latvia | Data State Inspectorate | http://www.dvi.gov.lv/ |
| Lithuania | State Data Protection | http://www.ada.lt/ |
| Luxembourg | Commission Nationale pour la Protection des Données | http://www.cnpd.lu/ |
| Malta | Office of the Data Protection Commissioner | http://www.dataprotection.gov.mt/ |
| Netherlands | Autoriteit Persoonsgegevens | https://autoriteitpersoonsgegevens.nl/nl |
| Poland | The Bureau of the Inspector General for the Protection of Personal Data – GIODO | http://www.giodo.gov.pl/ |
| Portugal | Comissão Nacional de Protecção de Dados – CNPD | http://www.dataprotection.ro/ |
| Romania | The National Supervisory Authority for Personal Data Processing | http://www.dataprotection.ro/ |
| Slovakia | Office for Personal Data Protection of the Slovak Republic | http://www.dataprotection.gov.sk/ |
| Slovenia | Information Commissioner | https://www.ip-rs.si/ |
| Spain | Agencia de Proteccion de Datos | https://www.agpd.es/ |
| Sweden | Datainspektionen | http://www.datainspektionen.se/ |
| United Kingdom | The Information Commissioner’s Office | https://ico.org.uk |
13. Cookies and other trackers
13.1 What is a tracker?
A tracker is a cookie, beacon, tag, invisible pixel or any other system capable of storing and/or collecting information relating to navigation on the User’s terminal (computer, tablet, etc.) and/or their activity and the advertisements displayed on the Services, subject to their prior consent and except where the User has objected.
13.2 Purposes of the trackers used on the Services
Trackers allow the Services to recognise the User, guide navigation through a particular page and offer the User additional services, such as improving the browsing experience, ensuring the security of his/her connection or personalising page content based on his/her interests.
Trackers allow the storage of information relating to the registration or access to Services, the implementation of security measures or even the adaptation of the presentation of the Services to meet the display preferences of the terminal (language, operating system, etc.). They also allow access to the personal account.
Trackers allow the creation of statistics, logs of visits to and use of the various parts that make up the Services (pages and content visited, path taken), as well as the creation of surveys to improve the content offered on the Services.
Advertising trackers allow the analysis of the use of the Services and the advertisements displayed in order to display advertisements that are appropriate to the User’s interests on the Services or on partner sites. These trackers allow more particularly (i) the identification and counting of the advertisements displayed, (ii) the counting of the number of Users who click on each advertisement and (iii), as the case may be, the tracking of the subsequent actions carried out by those Users on the pages to which the advertisements lead.
DEEZER may also give its partners access to the Data collected through trackers so that they can carry out consumer behaviour studies.
DEEZER authorises certain commercial partners to insert advertising trackers into the Services and/or into the advertisements displayed. The insertion and use of trackers are subject to the privacy policies of these third parties. For example, trackers are inserted by the company Smart Adserver, subject to the User’s agreement, in order to optimise the display of advertisements. The use of these trackers is subject to the privacy policies of Smart Adserver, which can be consulted here. DEEZER includes social network applications in its Services, which allow the User to share content from the Site or the Application with other people or to make these other people aware of what they are listening to or their opinion regarding content from the Services. This is particularly the case with the “Share” and “Like” buttons on social networks such as Facebook, Twitter, etc.
The social network that supplies such an interactive button is likely to identify the User through this button, even if the User has not used this button during his/her use of the Services.
DEEZER invites the User to consult the privacy policies of these social networks to find out the purposes, in particular advertising purposes, for which the navigation information collected through these interactive buttons might be used. These privacy policies must in particular allow the User to exercise their choice on these social networks, in particular by changing the settings of his/her user account on each of these networks.
13.3 Types of Data collected by trackers
The information stored by cookies and other trackers, for a limited period (see Article 9 above), relates in particular to the pages visited, the advertisements on which the User has clicked, the type of browser used and the information entered on a site, in order to avoid having to enter it again.
13.4 User’s acceptance or rejection of trackers
The User may at any time express and modify his/her wishes regarding trackers.
The User may configure his/her browser to accept or reject trackers from DEEZER or third parties, on a case-by-case basis, or on a permanent basis.
The setting chosen might modify and/or restrict access to and use of the Services.
DEEZER does not accept any liability for the consequences of impaired operation of the Services resulting from DEEZER’s inability to save or consult the trackers necessary for the operation of the Site and/or the Application that are rejected or deleted by the User.
In order to make a decision regarding his/her browser, the User may consult the following pages:
- Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari™: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Opera™: http://help.opera.com/Windows/10.20/en/cookies.html
The User may also configure the settings on his/her browser so that it sends a code to websites indicating that he/she does not wish to be tracked (the “Do Not Track” option). For:
- Internet Explorer™: https://support.microsoft.com/en-us/help/17288/windows-internet-explorer-11-use-do-not-track
- Safari™: https://support.apple.com/en-gb/guide/safari/prevent-tracking-sfri40732/mac
- Chrome™: https://support.google.com/chrome/answer/114836?
- Firefox™: https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
- Opera™: http://help.opera.com/Windows/12.10/en/notrack.html
DEEZER provides the User with a tool for controlling tracker settings during the use of the Services: Privacy settings.
If the User wishes to obtain further information on cookies and other trackers, his/her rights and how to block them, he/she may consult the http://www.youronlinechoices.eu/ website.