As far as things go, the Spotify privacy agreement is not as long and complicated as some other ones (I’m looking at you iTunes), but there is a lot going on nonetheless. It is made clear that just about every interaction you have on Spotify generates data that they can use to “to provide and personalize the Spotify Service”. Additionally any interactions with third parties that go through the site are also recorded. This means that they can access some of your data from advertisers as well as any other accounts you have linked to your Spotify account (ex. Facebook).
The collection of data on how you use the service is not very surprising, but it is worth noting that they also collect information such as your IP address (which also provides general location) and in some instances even your specific location. Additionally any use of the voice search feature can be recorded and kept; they say this is to help develop and improve the feature.
It was interesting to read the policy since I usually just click “accept” to the terms and conditions without reading them, something that seems to be the norm for most people. Below is a clip of an American teenager explaining whether or not he reads privacy policies.