Effective as of November 02, 2022 (‘Effective Date’)

Publication Date: November 02, 2022

This Privacy Notice describes how TIDAL, its affiliated and associated entities, as further detailed below (collectively, ‘TIDAL’, ‘we’ and ‘us’) collects, uses, discloses, transfers, stores, retains or otherwise processes your personal data.

This Privacy Notice applies when:

The Privacy Notice collectively refers to the above as processing of your data in the context of provision of our ‘Services’. Our policy is to always process your personal data in accordance with applicable data protection laws and regulations.

This Privacy Notice is separate from TIDAL’s Terms and Conditions of Use (‘Terms’), which govern your use of and access to the TIDAL Services.

Our Privacy Notice explains:

1. Who We Are

For the purposes of this Privacy Notice, the ‘controller’ of your personal data is TIDAL Music AS, a Norwegian legal entity with a registered address of TIDAL Music AS, Lakkegata 53, 0187 Oslo, Norway and correspondence address of TIDAL Music AS, Lakkegata 53, 0187, Oslo, Norway.

As the controller TIDAL Music AS decides why and how your personal data are handled by TIDAL when you use our Services. TIDAL Music AS is responsible for handling your data in line with the applicable data protection rules.

If you have any questions, comments or requests regarding this Privacy Notice, please reach out to us by contacting us at [email protected] or to the above correspondence address. If you want to exercise your privacy rights, see further contact options in section 7.2 of this Privacy Notice.

We have also appointed a data protection officer whom you can contact at [email protected].

2. Personal Data We Collect About You

When we refer to ‘personal data’ in this Privacy Notice, we mean information that makes it possible for us to identify you either directly or indirectly. In some countries it is more common to use terms such as ‘personal information’, ‘personally identifiable information’ or ‘PII’. For the purposes of this Privacy Notice, these terms will be collectively referred to as ‘personal data’.

We may collect your personal data directly from you, from your device or automatically through your use of our Services. We may also receive your personal data from third parties, as outlined below.

This table provides more information about different categories and examples of personal data that we process about you.

We may draw inferences from any of the information above, including about your preferences. We do not deliberately collect sensitive personal data, and would not use any such information except for the purposes for which it is collected and as authorised by law.

We may also receive information about you from third parties that may have collected and transferred your personal data to us in accordance with their own privacy policies and/or terms of use. When we receive such information from third parties, we may combine it with the other personal data that we have collected about you as set out above and use such information either alone or in combination with the other personal data we hold for the purposes outlined in section 3. of this Privacy Notice.

3. How We Use Your Personal Data

When we process your personal data, we do so because we have specific and defined reasons (‘purposes’) to do so. In this section we provide more information regarding what these purposes are and which categories of personal data we process with respect to each of the processing purposes.

We also must have a legal justification (‘legal basis’) to process your personal data. We may process your personal data when:

We have your consent: when you have given us your free, informed, unambiguous consent to process your personal data for a specific purpose. You are free to withdraw your consent at any time (see sections 7.1. and 7.2).

It is necessary for the performance of a contract between you and TIDAL: we rely on this legal basis when you request our Services and we need to process your personal data to deliver these Services in line with our Terms. We may also rely on this legal basis to process your personal data where it is necessary to take certain precontractual steps, such as to verify your eligibility for our Services.

It is necessary for compliance with a legal obligation: we may be subject to different legal or regulatory obligations in jurisdictions where we operate, which require that we process certain personal data for specific purposes.

It is necessary for the legitimate interests of TIDAL or a third party: we or a third party may have legitimate interests to process your personal data for various purposes that benefit TIDAL or third parties, such as other TIDAL users. Prior to relying on this legal basis, we balance the envisaged benefits of processing for TIDAL or third parties against your interests, rights and freedoms to determine if we can rely on this legal basis.

The table below sets out:

We may collect, use, share or otherwise process personal data about you for the following purposes:

If we intend to process your personal data for any purpose other than the purposes set out above, we will notify you of the purpose for such processing and will provide any other relevant information, either by updating this Privacy Notice or, in the case of material change, by notifying you by email or push notification.

4. Recipients With Which We Share Your Personal Data

We share your data with third parties if you give us your permission, if it is necessary for the performance of the contract we have with you or if we have a legitimate interest for such sharing. See the overview of different third-party recipients with which we may share your data.

We may de-identify your data, and combine and aggregate your de-identified information with other information in a way that it no longer enables your identification and share that de-identified, aggregated information with other third parties not mentioned above – for example, with artists or content rights holders whose content we licence. Such de-identified and aggregated statistics may include demographic data, such as how many users constitute a particular age group, general locations of where groups of users reside and similar data.

We use various usage analytics and insight tools offered by the operators of social media networks, through which we can view general, anonymised statistics about our fan pages, such as interactions and reach of our posts and demographic information about our fan page visitors (e.g. age, gender, region). We can optimise the content we offer on our fan pages on that basis.

Whenever you interact with our fan pages, operators of the social networks use cookies and similar technologies to track the usage behaviour of fan page visits. This information is collected regardless of whether you are a logged in user of the particular social network or not. On that basis, we receive various insights from the operators of social networks.

We do not have access to the personal data which the operators of social networks use to create such insights. The selection and processing of your data for insights is performed exclusively by the operators of social networks. However, in some cases, when using these usage analysis and insight tools, we are jointly responsible (‘joint controllers’) with the operators of the social networks for processing your data to the extent indicated below.

Note that when you visit our fan pages, the operators of social media process your data also for their own purposes, which are not covered in this Privacy Notice. We have no influence over the data processing operations of third parties. In this regard, we refer you to the privacy policy of the respective social network.

6. Information You Choose to Make Public

6.1. TIDAL Profiles

The following information will be always public on our Services as part of your TIDAL Profile:

The extent of your information visible to others on our Services will depend on the information you choose to share about yourself. You can change or delete some of the information you provided about yourself.

If you use your Facebook account to authenticate to our Services, we will receive your first and last name and profile picture from Facebook, and this information will be mirrored automatically in your TIDAL Profile as your profile name and profile picture. You can also edit or delete this information.

6.2. Public and Private Playlists

You can create public playlists on our Services. Your public playlists will appear in your TIDAL Profile, will be searchable on our Services and other TIDAL users can add them to their collection. You can change the privacy of your playlists at any time. If you change your public playlist to a private setting, it will no longer be searchable on our Services nor appear in your TIDAL Profile.

Note that if other TIDAL users add your public playlist to their collections, subsequent changing of the playlist to private setting will not automatically remove the playlist from other users’ collections. At present, you can only delete your playlist so that it is removed from everyone’s music collections. Accordingly, if you shared your public or private playlist through a shareable URL link with other TIDAL users (see below) and they added such a playlist to their collections, at present you can only remove the playlist from their collections by deleting it.

If you add a playlist created by another TIDAL user to your collection, the playlist creator will be able to see your TIDAL profile name among the playlist fans.

6.3. DJ

If you have a HiFi Plus subscription, you can share your listening session with other TIDAL users, such as your followers, who have a paid subscription. When you start a DJ session, anyone with a paid subscription who has access to your DJ session URL (see below) will be able to listen to your DJ session. The listeners will be able to see the content you are playing, the name of your DJ session, and your TIDAL Profile name, and they will be able to visit your TIDAL user profile.

6.4. Sharing of Tidal Profiles, Playlists and Listening Sessions

You and other TIDAL users will be able to share your TIDAL Profile, public playlists and listening sessions on third-party social networks or messaging platforms with a shareable URL link or by clicking on social media logos for selected social networks in TIDAL clients. You can also share your private playlists with your selected audience with a shareable URL link. The third parties with the access to this URL, such as users of the third-party social media networks or recipients of the message will be able to see the shared information. They will be able to preview your TIDAL Profile, your public or private playlists. The third-party platforms may also store a copy of this information to support the features of their own services.

7. Your Privacy Rights

7.1. Which Rights You Have

You have a number of rights when we process your personal data, as provided by applicable privacy laws. These include:

Right to be informed about how we process your personal data
You have the right to know how we process your personal data. We provide such information through this Privacy Notice, through information on our Services and by answering your inquiries when you contact us. (See ‘Right of access to your personal data’).
Right of access to your personal data
You can ask whether we process your personal data, and if we do, you can ask for a copy of your personal data and for information on certain other aspects of the processing, such as purposes of the processing; categories of the personal data processed; recipients or categories of recipients of the data; source of the data where we have not received your data directly from you; information about the existence of automated decision-making or profiling; and information about other privacy rights you have in relation to your personal data.
Right to rectification of inaccurate or incomplete personal data
You have the right to have your incorrect or incomplete data corrected. You may correct some categories of your personal data yourself in your TIDAL account.
Right to deletion (erasure) of your personal data

You have the right to ask us to delete your personal data under certain circumstances, for example when:

  • Your personal data are no longer necessary in relation to the purposes for which we have collected them
  • You withdraw your consent to processing of your personal data (see ‘Right to withdraw consent’) and there is no other legal ground for the processing
  • You object to the processing (see ‘Right to object’) and there are no overriding legitimate grounds for the processing or when you object to processing of your data for direct marketing purposes
  • Your personal data were unlawfully processed by us
  • The erasure is mandated under a law to which we are subject
  • We have collected the personal data of a child (see section 11.)

Please note that you may also delete certain personal data by yourself in your TIDAL account. You may also delete your folders, playlists, playlists descriptions, remove tracks from your playlists or remove added artists and other content from your library.

Under some circumstances we are legally not required to comply with a deletion request. For more information in this regard see section 9.

Right to restriction of processing of your personal data

Under certain circumstances you may request that we stop processing some or all of your personal data temporarily. You may request the restriction of processing if:

  • You have contested the accuracy of your personal data (see ‘Right to rectification of inaccurate or incomplete personal data’) for the period of verification of the accuracy of your personal data
  • When we unlawfully processed your personal data and instead of erasure of such data you request restriction of their use
  • When we no longer need your personal data in relation to the purposes for which they were collected but you require such data for the establishment, exercise or defence of legal claims
  • When you have objected to the processing (see ‘Right to object’), pending the verification on our end whether our legitimate grounds override your interests.
Right to data portability
You have the right to receive a copy of your personal data in a machine-readable (electronic) format and to have it sent to another service provider, if our legal basis for processing your personal data is your consent or performance of contract.
Right to object

You have the right to object to the processing of your personal data on certain grounds.

  • When we process your personal data for TIDAL’s or third party’s legitimate interests: See the overview in section 3., which specifies for which purposes we rely on legitimate interests as our legal basis to process your data. When we receive your request on this ground, we will no longer process your personal data for such purposes, unless we demonstrate that we have compelling legitimate grounds to continue processing your personal data for these purposes, which override your interests, rights and freedoms or where we need to process such data for the establishment, exercise or defence of legal claims.
  • When we process your data for direct marketing purposes: You can also object at any time that we process your personal data for direct marketing purposes. If you object, we will no longer process your data for such purposes.

    You may change your preferences and opt out from receiving some or all of these types of direct marketing communications in your TIDAL account settings, or you may contact us through the contact points provided in section 7.2. You may also unsubscribe from our marketing emails by clicking on the unsubscribe link provided in such emails.

See also ‘Right to erasure (deletion) of your personal data’ and ‘Right to restriction of processing of your personal data’ above that are related to the Right to object.

Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing (i.e., decisions made by machines without human involvement), including profiling, which would produce legal effects or similarly affect you significantly. Our processing of your data does not involve this type of automated decision-making.
Right to withdraw consent

Where we rely on your consent to process your personal data for a particular purpose, you may withdraw your consent at any time. See the overview in section 3., which specifies for which purposes we rely on your consent as our legal basis. If you withdraw your consent, we will stop processing your personal data for the specific purpose(s). This does not affect the lawfulness of processing of your data before you have revoked the consent.

See also ‘Right to deletion (erasure) of your personal data’ that is related to the Right to withdraw consent.

Right to lodge a complaint
If you reside in selected jurisdictions, you are entitled, in line with the local data protection law, to contact your local authorities regarding any question, concern or complaint you have relating to our processing of your personal data. Please refer to section 8. below to verify whether you have this right in your jurisdiction and how to exercise it.
Right of non-discrimination
You have the right to not be discriminated against if you exercise any of your privacy rights outlined above. We will not discriminate against you or deny, charge different prices for, or provide a different quality of our Services if you choose to exercise these rights, although some of the functionality and features available on the Services may change or no longer be available to you.

7.2. How to Exercise Your Rights

You can request to exercise any of the above rights:

Please note that when you make a request to exercise your rights, we may require that you provide information and follow procedures so that we can verify your identity. Where possible, we will attempt to match the information that you provide in your request to information we already have on file to verify your identity. If we are able to verify your request, we will process it.

We will assess any request to exercise these rights on a case-by-case basis. We will respond to your request within the periods required by applicable data protection law. However, we may not always be able to comply fully with your request. We will notify you in that event.

8. Additional Disclosures for Individuals Residing in Select Jurisdictions

8.1. Brazil

This section is relevant if you reside in Brazil. TIDAL complies with the Brazilian General Data Protection Law (Law No. 13,709/2018) (the ‘LGPD’). This Privacy Notice includes all the necessary disclosures in line with the LGPD.

You have privacy rights under the LGPD, which are outlined in section 7.1 of this Privacy Notice. You may contact us in line with section 7.2 to exercise any of these rights.

You also have the right to information regarding the shared use of personal data, which means that you have the right to receive complete information about data sharing or data transfers between TIDAL and third parties. You can find the overview of the shared use of your personal data in section 4. of this Privacy Notice.

If you are not satisfied with how we handled your request to exercise your rights or you have any other questions or concerns about your rights or this Privacy Notice, please contact our data protection officer at [email protected].

You also have the right to complain to your national data protection authority Autoridade Nacional de Proteção de Dados.

We may share your personal data with third parties outside of Brazil, as provided in section 4. This may include transfers of your personal data to the United States, to the European Economic Area countries and to the United Kingdom.

8.2. Canada

This section is relevant if you reside in Canada. TIDAL complies with the Canadian Personal Information Protection and Electronic Documents Act (‘PIPEDA’). This Privacy Notice includes all the necessary disclosures in line with the PIPEDA.

If you are dissatisfied with how we handled your privacy request, you have right to make a written submission to the Privacy Commissioner in your jurisdiction or to the Office of the Privacy Commissioner of Canada at the address below:

Office of the Privacy Commissioner of Canada
30 Victoria Street Gatineau
Quebec K1A 1H3
https://www.priv.gc.ca/en

8.3. The European Economic Area and the United Kingdom

This section is relevant if you reside in any of the European Economic Area countries (the ‘EEA’) (i.e., Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden) or in the United Kingdom (the ‘UK’) and includes disclosures in line with the General Data Protection Regulation (Regulation (EU) 2016/679 and its UK equivalent, UK Data Protection Act 2018) (the ‘GDPR’).

8.3.1. Your Privacy Rights

The GDPR gives you rights as described in section 7.1, which you can exercise in line with section 7.2.

If you are not satisfied with how we handled your request to exercise any of your rights or you have any other questions or concerns about your rights or this Privacy Notice, please contact our data protection officer at TIDAL Music AS Data Protection Officer, Lakkegata 53, 0187, Oslo, Norway or at [email protected].

You also have the right to lodge a complaint with the relevant data protection authority. You may contact the Norwegian data protection authority (Datatilsynet), which is the competent data protection authority for TIDAL, or your local data protection authority about any questions or concerns you might have. You can find the overview of data protection authorities in different EEA countries here. The data protection authority for the UK is the Information Commissioner’s Office, which you may contact here.

8.3.2. International transfers of personal data

As described in section 4. of this Privacy Notice, we share your data both internally with our affiliates and group companies, as well externally with our processors and other third parties. Some of these recipients are located in countries outside of the EEA and the UK, including in the United States and other countries, whose laws may not provide an equivalent level of protection for your personal data as is the level of protection guaranteed in the EEA and the UK.

These transfers are necessary and essential for us to provide our Services to you. Prior to your personal data being shared with third parties, we will take contractual or other steps reasonably necessary to ensure that your personal data is treated securely by such third parties.

To transfer your data, we rely on adequacy decisions issued by the European Commission as well as EU Standard Contractual Clauses that have been adopted by the European Commission and the UK International Data Transfer Addendum. For more information, including how to obtain a copy of these documents please contact us through our contact points provided in section 7.2. You can also access the Standard Contractual Clauses approved by the European Commission here.

8.4. United States

This section supplements the TIDAL Privacy Notice and is applicable to residents of U.S. states that have adopted comprehensive privacy legislation. As of the Effective Date of this Privacy Notice, these states are California, Colorado, Connecticut, Utah and Virginia (“selected U.S. states”).

8.4.1. Personal data we collect about you and purposes for which we use personal data

In the past 12 months, we have collected the categories of your personal data as described in section 2. of this Privacy Notice and used it for the purposes described in section 3. of this Privacy Notice.

8.4.2. Sources of personal data

We may have obtained your personal data from a variety of sources, including directly from you, your device, from your use of our Services and from third parties, as described in section 2. of this Privacy Notice.

8.4.3. Disclosures of personal data to third parties

Please refer to section 4. of this Privacy Notice for the categories of third parties to which we may have disclosed personal data.

8.4.4. Sale of your personal data and interest-based advertising

In the past 12 months, TIDAL has not disclosed personal information in a manner that it considers a sale within the meaning of applicable state laws.

While we do not sell your personal data, TIDAL and third parties that provide advertising or other functionality on our behalf may use cookies and similar technologies to help us advertise our Services to you as informed by your interests. See the TIDAL Cookie Policy to learn more about interest-based advertising. You have the right to opt out of this sharing, as described below.

8.4.5. Your Privacy Rights

Please refer to section 7.1 of this Privacy Notice to understand which privacy rights you may have. If you are a resident of a selected U.S. state and would like to exercise your rights as described above, please refer to the contact information provided in section 7.2.

To help protect your privacy and maintain security, we may take steps described in section 7.2 to verify your identity before granting you access to your personal information or honouring your other requests.

You may designate an authorised agent to make a request on your behalf as permitted under law. Before we process that request, we may require that you provide the authorised agent with written permission to do so – for example, a power of attorney.

Right to opt out of sharing personal data for interest-based advertising: Before we place any targeting cookies on your device when you visit TIDAL websites or use TIDAL clients, we will present you with a cookie preference centre. You can opt out of targeted advertising through the cookie preference centre. You can also change your preferences any time by clicking on ‘Cookie Settings’ link at the bottom of our websites or you can opt out of certain targeted advertising on TIDAL mobile, desktop and web clients by modifying your cookie preferences through the ‘Privacy preferences’ button in the settings of your TIDAL client.

You may also adjust the privacy settings though your browser settings or through centralised solutions for interest-based advertising opt out from third-party advertisers who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioural Advertising.

On your mobile device you may use "Limit Ad Tracking" on iOS or "Opt Out of Ads Personalization" on Android.

Read the TIDAL Cookie Policy to learn more about these options.

California rights:

Right of access: In addition to the right of access described in section 7.1 above, California residents may have the right to request a copy of your personal data and information regarding:

Shine the Light: California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.

Do Not Track: Some web browsers transmit "do-not-track" signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. At this time our websites are not designed to respond to these signals or similar mechanisms from browsers.

9. Data Retention, Deletion and Anonymisation

Data retention:

We will keep your personal data only for the period necessary to fulfil the purposes for which we collect and process your personal data, as described in this Privacy Notice and in accordance with applicable law. This means that the retention periods will vary according to the data category and the purpose we have to process your personal data. The retention periods for data are determined on a case-by-case basis that depends on the following factors:

Data deletion and anonymisation:

Subject to applicable law, after the lapse of the retention periods, we will delete or permanently anonymise your personal data so that it is no longer capable of identifying you.

If you request that we delete your TIDAL user account, we will treat your TIDAL account deletion request as a request for erasure (deletion) of your personal data (see section 7.1 ‘Right to deletion (erasure) of your personal data’) and we will delete or anonymise your personal data, so that it no longer identifies you, in accordance with applicable law.

Depending on the jurisdiction in which you reside, there may be circumstances in which we retain your personal data for lawful reasons after receiving a deletion request, for example if:

In such cases, we will keep limited information about you in a protected form for the period necessary to fulfil processing under the applicable exception.

10. Security

We strive to keep your data safe. While we think we have strong defences in place, no one can ever guarantee that hackers won’t be able to break into our sites or steal your data while it is stored or flowing from you to us or vice versa.

We take reasonable measures, including administrative, technical, and physical safeguards to protect your information from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction. Nevertheless, the internet is not a 100% secure environment, and we cannot guarantee absolute security of the transmission or storage of your information. We hold information about you both at our own premises and with the assistance of third-party service providers.

Some of your personal data will be publicly accessible on TIDAL Services as described in section 6. Your data will be also accessible by our employees and third parties, as described in section 4., which require access for the purposes described in this Privacy Notice and only on a need-to-know basis.

We recommend that you always use strong passwords, that you change them regularly and that you do not use the same passwords for your TIDAL account as you already use to access other services or devices. We also recommend that you always access the Services and make payments from a secure computer or device. Any third-party services that you use to connect to your TIDAL account may also affect your information.

Please note that information collected by third parties may not have the same security protections as information you submit to us. We are not responsible for the functionality, privacy, or security measures of such third parties.

11. Children’s Personal Data

Our Services and their content are not directed at children under the age of 13. We do not knowingly collect or solicit any personal data from children under the age of 13 or knowingly allow such persons to register for our Services. If you are under the age of 13, please do not use our Services, do not browse our websites and do not send us any of your personal data. If we learn that we have collected personal data from a child under the age 13, we will promptly delete that information, in accordance with applicable law. If you are a parent or guardian and believe that we may have collected personal data from your child, please notify us immediately by sending an email to [email protected].

If you are 13 – 17 years of age, you may use our Services in line with our Terms. We reserve the right to limit access to our Services for children aged 13 – 17 years, if their use of our Services or processing of personal data would be illegal or would require a consent of a parent or guardian, according to law applicable in their country of residence.

12. Integration With Third-Party Websites and Services

Our Services may contain links to third-party websites or services. We do not control and we are not responsible for the privacy practices employed by any websites or services linked to or from our Services, including the information or content contained within them. When you use a link to go from our Services to another website or service, our Privacy Notice does not apply to those third-party websites or services. Your browsing and interaction on any third party website or service, including those that have a link on our Services, are subject to that third party’s own rules and policies. In addition, we are not responsible and do not have control over any third parties that you authorise to access your personal data. If you are using a third-party website or service and you allow them to access your personal data, you do so at your own risk. Please refer to that third party’s privacy policy to understand how it processes your personal data.

13. Amendments to This Privacy Notice

Our Services are subject to constant improvements and future changes may influence what personal data we process and how we collect, use, share, store or otherwise process it. We may develop other Services in the future which are currently not mentioned in this Privacy Notice. The Privacy Notice will apply to them accordingly, unless stated otherwise upon the launch of the new Services.

This Privacy Notice may be updated to reflect new changes in our Services, changes in legal framework or improvements in how we handle personal data. When we make material changes to the Privacy Notice, we will provide you with notice as appropriate under the circumstances, by sending you an email or notification within a TIDAL client. Unless stated otherwise, our most recent Privacy Notice applies to all information that we process about you.