ShareThis takes privacy seriously. This Privacy Notice sets out what data we collect, how we collect it, why we process it, who we may share it with and, where the data we collect is personal data, your rights with respect to such personal data. ShareThis may change this Notice from time to time by updating this page. You should check this page from time to time to ensure that you are up to date with any changes.
ShareThis is committed to processing information in accordance with applicable laws (including where applicable the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) and as described in this Privacy Notice. For specific information about how ShareThis adheres to European, UK and Brazil data protection law and your rights as an EEA, UK, Swiss or Brazil data subject please click here. For information about how ShareThis adheres to applicable U.S. Privacy laws in States such as California, Colorado, Connecticut, Nevada, Virginia, and Utah, please click here.
To access information for Publishers, please visit the Publisher Information page here.
Last Updated on: December 30, 2022
About ShareThis and Its Tools
ShareThis provides website operators (“Publishers”) with customizable social sharing tools, which makes sharing online content simple. Any user of a website can easily share anything on the web with their friends on social sites, such as Facebook, Twitter, Email, Digg, Reddit and more through using one of our tools on that website (“ShareThis Icon”).
ShareThis also collects pseudonymous data about internet users and how they interact with content, websites, and advertisements while online. Some of the data is collected via our tools such as the ShareThis Icon, and some is collected through third-party data providers. We compile this data and provide it to our Publishers and license it to advertisers, agencies, and other businesses (our “Customers”) to facilitate the delivery of relevant, targeted advertising and for a number of other reasons which are listed below.
We do this by using technology such as cookies and pixels (including the pixels and cookies of our customers) (“ShareThis Publisher Applications”) to gather information regarding the browsing and sharing activities of Internet users, both on websites that have the ShareThis Icon and similar tools installed on them. We also receive data from others who operate in the data analytics and advertising industries. We analyze and aggregate the data we collect to create groups of data (called audience segments) based on defined criteria. For example, we segment into groups internet users who we believe have similar characteristics, interests, needs or behavioral patterns. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our audience segments. We compile this data to provide analytics to our Publishers and license it to our Customers for a number of purposes as described below, including targeted advertising.
Targeted advertising has the aim of displaying advertising which is more likely to be of interest to internet users, based on analyses of their recent browsing and sharing activities and interactions with the website and adverts. It is also sometimes referred to as interest-based advertising or online behavioral advertising. For more information on this type of advertising, click here.
II. The GDPR and Your Rights as an EU or UK Data Subject
III. The LGPD and Your Rights as a Brazil Data Subject
IV. The U.S. State Privacy Laws and Your Rights as a Data Subject
V. Data Sharing or Disclosure, Recipients of Your Data
VI. Commitments to Privacy Standards
VII. User Choices and Opt-out Rights
I. Data Collection and Use
In order to offer our products and services, we collect and use data relating to the websites you visit to display personalized advertisements, provide analytics, and data modeling based on social sharing, by us or third parties. This data is pseudonymous personal data in that it may not be used directly by ShareThis to identify an actual person. This data does enable our systems to recognize your computer, device and/or browser over time. In many places, this pseudonymous data is considered personal data and/or personal information under applicable law.
We do not intentionally collect identifiable personal information such as your name, postal address, phone number, email address, credit card information, or anything else that can allow us or our customers to contact you directly as part of our products and services. We may collect identifiable personal information and even financial information such as payment or bank details if you are one of our Publishers or if you have a business relationship with ShareThis.
We have set out below the categories of data we process and why we process each category of data.
- Usage Data and Profile Information
1.1 Usage Data
We collect information about how Internet users browse the Internet and interact with online content and advertisements through our ShareThis Icon, the ShareThis Publisher Applications and user interactions with advertisements on the Internet. We call this “Usage Data”.
Usage Data includes:
- The unique IDs of the cookie(s) placed on your web browser (example: 37d387ca-f68a-11e5-b87d-0e58954c72b1) and/or a hashed version of an email address which help us recognize your browser or device over time.
- Information about the user’s browser and device
- User agent string
- Webpages viewed (including the URL addresses of such pages and search parameters, which may include search terms and key words) and the previous web pages that referred the user to that webpage
- Time when webpages are viewed
- Search queries from which users are directed to a webpage
- Navigation from page to page
- Time spent on each webpage
- Interactions with the webpage, including items clicked or selected and content highlighted or copied
- Ads viewed or displayed to the user and the user’s interactions with those ads
- Shares of content including what content is shared and where – for example, the relevant social media site (e.g., Twitter, Facebook)
- Geographic information such as country, city, state, or postal code.
- IP addresses
- Device IDs
Although the Usage Data listed above is not used by ShareThis to directly identify an actual person, it is considered to be personal data in many places.
1.2 Profile Information
We receive information about the content of the websites that you visit and information about the audience of those websites to enable us to infer and create groups of users who have similar characteristics, interests, or behavioral patterns. We combine the Usage Data with data we receive from third party advertisers, analytics vendors and data partners to create categories of data that are helpful to advertisers seeking to deliver a more personalized advertising experience. For example, if a user regularly views or shares content about shopping for a car, our systems may infer that this user may be interested in purchasing an automobile. This practice is sometimes referred to as interest-based advertising, and a segment titled “interested in automobile” is sometimes referred to as an audience segment or a “profile.” When we group this data into profiles, we refer to it as “Profile Information”.
We can infer this Profile Information (by reference to browser identifiers, not actual names) using the information we obtain from third parties about the likely content and characteristics of the users and audiences of the websites which are visited. For example, visitors to a particular website may have an interest in cars while visitors to a different website may typically be within a certain age or income range. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our Profile Information.
The characteristics by which we group users relate to age ranges, income ranges, education, gender, product or activity interests and family composition (e.g., how many children in the family), on the basis of information available about the typical audience of websites they visit and content viewed.
In certain cases where Publishers that we work with utilize the “Google Analytics By ShareThis WordPress” plug-in on their websites, ShareThis uses a Google Analytics feature currently known as Google Analytics Demographics, in order to better understand the audience demographics of those Publisher websites, and to provide insights about those demographics to the Publishers that own or operate those websites. To learn more about Google Analytics’ privacy practices, please click here. To opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, please click here, or you may also visit the NAI consumer choice page.
In the U.S., ShareThis creates modeled segments based off of demographic attributes where those attributes are aligned with the target audience of products marketed by pharmaceutical drug companies.
If you would like to see a list of the types of Profile Information used by ShareThis, including any Profile Information that is health or political in nature (U.S. only), please click here. ShareThis does not create Profile Information based on topics we believe to be sensitive under applicable law, or based on visits to adult entertainment websites.
1.3 How we obtain Usage Data and Profile Information
We collect Usage Data when your device visits our website, uses or interacts with our services (including sharing content with the ShareThis Icon), when your device visits Publishers’ websites that use ShareThis Publisher Applications, and when your device views or clicks advertisements that we serve or are served on our behalf. We do so by using cookies placed on your browser (to the extent that cookies are not-restricted by the browser), pixel tags, and HTTP headers (or other communication protocols) and the use of hashed email address. We may also use probabilistic IDs generated via the user agent string and IP address when cookies are restricted by the browser.
Web Environment: (desktop, tablet, and smartphone browsers)
ShareThis places cookies containing a UID on the browsers of visitors to websites that use ShareThis Publisher Applications. The ShareThis Publisher Applications also may enable cookies to be placed by ShareThis partners and our Customers to enable the synchronization of unique identifiers between ShareThis and our third-party partners and Customers.
Cookies: Small text files that contain a string of characters and uniquely identify a browser. Many browsers are initially set up to accept cookies. However, you may be able to change your browser settings to refuse or otherwise restrict cookies. Check your browser’s “Help” files to learn more about handling cookies on your browser.
Below is a description of the cookies placed by ShareThis.
|_stid||1 year||ShareThis cookie ID.|
|_stidv||10 years||ShareThis cookie ID version.|
|wordpress_test_cookie||Session||ShareThis cookie, tests if we have access to cookies.|
|pubconsent||13 months||ShareThis cookie set to indicate user has made a declaration about GDPR data collection for IAB TCF v1 format.|
|st_optout||10 years||ShareThis cookie set to indicate that user has opted out from data collection.|
|_ga||2 years||Google Analytics cookie used by ShareThis to distinguish users.|
|_gat||1 day||Google Analytics cookie used by ShareThis to distinguish users.|
|_gid||1 day||Google Analytics cookie used by ShareThis to distinguish users.|
|visopt_s||3 months||VWO cookie to see the number of times the browser was closed and reopened.|
|_vis_opt_test_cookie||Session||VWO session cookie to see if the cookies are enabled on the browser of the user or not. Helps in tracking the number of browser sessions of a visitor.|
|_vwo_uuid_v2||1 year||VWO cookie calculates unique traffic on a website.|
|intercom-id-fe2c9dmj||10 months||Intercom: Anonymous visitor identifier cookie for site visitors.|
|intercom-session-fe2c9dmj||7 months||Intercom: Identifier for each unique browser session. Session cookie is refreshed on each successful logged-in ping, extending it to 1 week from that moment. User can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn’t intentionally terminated with ‘Intercom (’shutdown’), which usually happens on logout.|
|pxcelBcnLcy||Sessions||ShareThis Tag Management System cookie to track latency on reporting beacon.|
|pxcelAcc3PC||1 day||ShareThis Tag Management System cookie to check whether third party cookies are accepted by the browser. This is only set if there is no incoming cookie in the request.|
|1 year||ShareThis Tag Management System cookie to track status of pixel rotation loading. ShareThis uses a different cookie for different groups of sites within the ShareThis network.|
|usprivacy||n/a||ShareThis reads if the usprivacy cookie is present in the publisher domain.|
|fpestid||13 months||Fpestid is a ShareThis cookie ID set in the domain of the website operator.|
Pixel tags: These are small blocks of code on a webpage which read and place cookies. When you visit a webpage, ShareThis’ pixel will see if your browser has a ShareThis cookie installed on it. If it doesn’t, the pixel will place the cookie. If the browser already has a ShareThis cookie, the pixel will “read” the cookie and will send us information such as the time you viewed a webpage, the type of browser used and your IP address. This is how we learn about your interests and enable our customers to deliver targeted advertising to you.
HTTP headers: These are transmitted whenever a webpage is viewed, and contain technical information required to connect your browser to the webpage. This information may include information about the browser and the requested webpage. ShareThis collects this information.
Hashed emails: Hashing an email is a cryptographic function. Hashing is a way of encrypting a piece of data, like an email address, into a hexadecimal string. By doing this, each email address becomes an unrecognizable jumble of numbers and letters. This technique doesn’t allow us to send you an email message or to identify who you are. However, it does allow us to recognize your browser or device in the same way that cookies help us to recognize your browser or device. ShareThis may obtain hashed emails from our advertising partners to help provide our products and services. We may also receive and hash emails you provide to our Publishers. For more information, and to better understand the choices available to you, please visit https://thenai.org/opt-out/ama-opt-out/.
Mobile Environments: (Mobile applications)
To serve ads in mobile applications identifiers may be used, such as Google Advertising ID or Apple IDFA, depending on the operating system of your mobile device. The advertiser identifier does not identify you directly, but it enables advertisers and their technology partners to recognize your mobile device over time. Many of the mobile operating systems which provide these advertising IDs also provide the functionality to reset them and/or to record your opt-out choice. See your device manufacturer for more information or visit NAI Mobile opt-out page at https://www.networkadvertising.org/mobile-choice/.
Connected TV Environments: (Mobile applications)
To serve ads onto TV streaming devices and smart TVs, pseudonymous advertising identifiers may be used. The advertiser identifier does not identify you directly, but it enables advertisers and their technology partners to recognize your smart TV and/or streaming device over time. Many streaming devices and smart TVs that provide these advertising IDs also provide the functionality to reset them and/or to record your opt-out choice. See your device manufacturer for more information or visit the NAI SmartTV opt-out page at https://thenai.org/opt-out/connected-tv-choices/.
Linking Environments: (browsers and mobile apps used)
To serve you personalized advertisements and provide a seamless online experience, third party data partners that we work with may link your identifiers on the different environments you use. We may enable the linking of our Usage Data through cookie syncing. We do not use plain text information that may be used by ShareThis to identify you such as your name or address to operate the linking. Our data partners may use exact linking methods by leveraging the pseudonymous data collected through our technology such as advertising partner identifiers.
Probabilistic IDs: Some browsers may block or otherwise restrict our ability to place cookies in the ShareThis domain. When this occurs, ShareThis may use a combination of user agent and IP address to help us recognize a browser or device over time.
You can manage cookies, change consents, or opt out of personalized ads using the mechanisms described in ‘User Choices’.
1.4 How we use Usage Data and Profile Information
We use Usage Data and Profile Information internally for the following business purposes:
- To enable our tools to function;
- Pursuant to our relationship with Google Analytics Demographics, to enable demographic reporting features we provide to our Publishers;
- To link browsers and devices that we infer might belong to the same household;
- To enable us to sync unique identifiers;
- To enable ST to manage the security of our Website, tools, networks, and systems.
- To comply with applicable laws.
We may also use Usage Data and Profile Information and/or audience segments and license such information to our Customers for the following business purposes including (where not prohibited under applicable law):
- To enable the delivery of targeted advertising
- To conduct market research and analytics in order to find meaningful patterns in the data that enables ShareThis to draw insights into how web Users generally behave. This may have specific application to companies seeking to better understand the characteristics of their target customer. It also may help hedge funds attempting understanding macro investment trends.
- For data modeling in order to draw inferences. For example, to create lookalike audiences models.
- To create modeled segments based off of demographic attributes.
- To enhance security features or reduce fraud, including ad fraud,
- To enhance addressability features that enable a company to recognize the same browser, device and/or user over time.
ShareThis does not intentionally collect data from children and does not tailor any Profile Information or otherwise license data to enable targeting of children under 16 years of age. If you are a parent or guardian and believe we may be processing data of children you are responsible for, please see the section on User Choices and Rights, or contact us directly.
- Emails from Users with ShareThis Icon
When you share to email with the ShareThis Icon, you choose how to connect to email from your device. We will only know what content you shared, and that you did so by means of email. We do not receive any information about the email itself, for example, your email address, the email address of the recipient or the content of your email. We are not responsible for the information shared by users via the ShareThis Publisher Applications.
- Account Information
“Account Information” means the information which Publishers and representatives of Publishers provide when they register for an account with us and when they use their account.
Many of our services can be used without registering with us. However if you are a Publisher, or represent a Publisher, and want to use some of our enhanced features, you will need to register with us.
If you choose to register with us, you must be and you affirm that you are 16 years of age or older. We do not sell or share registration information with third parties for direct marketing purposes.
- Business contacts data
We may process your personal data if you are or your employer has a business relationship with us. For example, if you’re a Customer, a prospective Customer, a vendor/supplier of ours, or a business partner, we may process your data. The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, company you work for). We would have collected that information from exchanging emails or business cards, meeting at industry meetings or client sessions etc. We may process that data for a number of legitimate business purposes, including: a) to communicate with you within the context of our business relationship; b) to provide our products or services; c) for billing and invoicing purposes; and d) for sales, marketing and product promotional purposes ((e.g., uploading emails into LinkedIn and similar platforms to advertise new services to current and prospective Customers).
This data may also be processed for the purposes set out in the section ‘General purposes which apply to all data.’
- Employee and Job Applicants’ data
If you are an employee of ShareThis, or you apply for a role with ShareThis, in the US or in Europe, please refer to our HR Policy for information about how we process your data. These can be obtained from our HR department at HR@ShareThis.com.
- Data Collected on ShareThis.com
This section sets out how we process data of visitors of our corporate website (our “Website”, ShareThis.com), apart from any ‘Usage Data and Profile Information’ and the ‘Account Information’ which relates only to Publishers who register with us.
When you visit our Website, you may choose to provide information to us voluntarily if you interact with ShareThis.com in certain ways, such as by applying for employment with ShareThis, or using one of our contact forms. This information is used only for the reasons for which it was collected, such as responding to your communication, and it is not shared with third parties other than trusted service providers who are contractually required to only use such data to fulfill the purpose for which it was collected.
Where we enable third parties to collect pseudonymous information on ShareThis.com (e.g., using cookies and pixels), that information may be viewed as a sale of data by ShareThis under applicable in certain jurisdictions such as California. To address this, we provide you with a privacy notice when you visit the Website and the opportunity to opt-out of these third-party data collection practices on our Website. We encourage you to visit the applicable policies of those third parties or visit www.aboutads.info to learn more about interest-based advertising and to see your opt-out choices from other participating companies that may be collecting and using data on ShareThis.com.
- General purposes which apply to all data
There are a number of “general” reasons that ShareThis may process data on our systems. Many of them are required by applicable law and/or to help us ensure that the Internet remains a safe space. Some of them enable us to promote and grow our business. If you’d like additional information, please email firstname.lastname@example.org.
We may also process data for the following purposes: a) as required by applicable law; b) to cooperate with competent legal authorities such as data protection regulators, the police and the FBI; c) to enforce our terms and conditions, including by obtaining advice and conducting legal proceedings; d) to protect our operations, property and interests, and those of third parties; e) to sell and promote the sale of our business and/or assets.
Finally, ShareThis may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If ShareThis is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.
II. The GDPR and Your Rights as an EU, Swiss, or UK Data Subject
Definition of Personal Data
EEA Data Protection Laws define personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in the EEA, we treat it as personal data. Similarly, nearly all of the data collected from EEA Data Subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees.
Special Categories of Personal Data
ShareThis does not collect nor process any special categories of personal data with respect to EEA Data Subjects, and we do not create Profile Information of audience segments of such consumers based on special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation).
Legal Basis for Processing
EEA Data Protection Laws requires entities seeking to process personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent (our primary legal basis with respect to our Processing of Usage Data and Profile Information); b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations. We will endeavor to outline our legal basis for the most common types of processing conducted by ShareThis.
Cookie and Similar Tracking Technologies – We endeavor to obtain consent for our placement of cookies, pixels and similar tracking technologies as required under the ePrivacy Directive as implemented throughout the EEA. As ShareThis does not have direct relationships with Internet users in many cases, we ask Publishers and other partners to obtain a consent on our behalf as described below. Where we directly place cookies (e.g., via ShareThis.com) we directly obtain the consent from data subjects we’ve identified as being from the EEA or other place where consent is required.
Usage Data and Profile Information – We obtain a consent for our placement of cookies as described above, and ShareThis also processes Usage Data and Profile Information with consent.
Website Data – We collect personal data via ShareThis.com. Where that data is provided to ShareThis (e.g., via completing an online form), we consider it either Account Data and/or data collected pursuant to a business relationship which are described below. Where we place cookies via the Website, we use consent. Where data is collected automatically (e.g., log files containing IP addresses), we process such data via our legitimate interest and in order to maintain the Website and help us to a better job of personalizing the Website to the interests of visitors.
Account Data and Business Relationships – We require some Publishers to setup an Account with ShareThis. Similarly, we maintain accounts containing personal data with most of the vendors who provide services to ShareThis, our Customers, our employees, and our business partners. If you are an employee of one of those entities, ShareThis may have your personal data including your name, your work email, or your work telephone number. For data subjects located in the EEA or UK, we process this data under the legal basis of contractual necessity. In other words, we need to process this data in order to honor the terms of the contract between ShareThis and the Publisher, Customer, vendor, Etc. This includes maintaining an account and login credentials, billing and payment purposes, communicating with the other party, and fulfilling requests. Where we are seeking to market additional products and services to these entities, we will do so via legitimate interest unless applicable law dictates that we use consent (e.g., for email marketing).
General Purposes – There are a number of instances where ShareThis processes personal data which are distinct from the descriptions provided above. For example:
Legal and Regulatory Compliance – Like most companies, ShareThis will process data in order to comply with law, cooperate with requests from competent legal authorities such as the police, and to pay taxes. The legal basis for this type of processing is necessary for ShareThis to meet our legal and regulatory obligations.
Enforcement of legal obligations – To enforce our terms and conditions, protect of our intellectual property and/or the rights of third parties, ShareThis processes personal data in these instances via our legitimate interest. This may include obtaining advice and conducting legal proceedings.
Sell and Promote our Business – ShareThis may choose to conduct, evaluate and/or promote the sale of our business via our legitimate interest.
Aggregated Data – Where we aggregate data and remove digital identifiers (e.g., cookie IDs), we may use this data for internal research, marketing, and statistical analysis purposes.
ShareThis is generally a Controller of data with respect to the data processed as described above. Where the EEA Data Protection Laws apply to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies. ShareThis is also the controller of the data it collects via ShareThis.com.
ShareThis also has a number of agents and service providers who operate as processors of data on ShareThis’ behalf. These agents and service providers are only able to use the data as specifically directed by ShareThis and only to provide the services requested by us. They are also contractually obligated to process the data securely and under confidentiality obligations.
EEA Data Subject Rights
Where the EEA Data Protection Laws apply, such data subjects have certain rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. As an example, the right to object applies to processing which is carried out because it is necessary for our legitimate interests and only if we cannot demonstrate compelling legitimate grounds which outweigh your rights, interests and freedoms. The same right does not apply to processing which is necessary for us to comply with our legal obligations or to perform a contract with you. These rights may extend to the personal data we place into cookies or similar tracking technologies.
Where processing is based on your consent, in accordance with the GDPR and UK Data Protection Act (as applicable), you may withdraw that consent at any time, although any processing previously carried out will still be legal. In order to exercise your data subjects’ rights or if you have any questions about these rights, you can write to us at email@example.com. We will endeavor to respond to any requests to exercise your rights within one month from when they are made, although this period may be extended in some cases in which case we will inform you before the expiration of the one-month period.
You also have the right to submit complaints to the supervisory authority in your jurisdiction. A list of supervisory authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
How ShareThis interacts with our Publishers on GDPR, Swiss, and UK Data Protection compliance
Cross-border transfers of EEA personal data
We generally process data in the United States. When we share data, we provide data to companies globally. In each case, we have safeguards in place which allow those transfers to happen in a way that ensures data is handled in accordance with the applicable law.
When we transfer personal data outside the EEA or UK, unless the recipient or location to which the data is transferred has been approved by the appropriate authorities as providing an adequate level of protection for personal data, we put in place measures to ensure that the transfer complies with the applicable data protection law and that the personal data which is transferred is appropriately safeguarded.
When we enter into business relationships which involves the transfer of personal data of EEA Data Subjects to the United States, we put in place reasonable transfer mechanisms such as the EU standard contractual clauses with the recipient. More information about international data transfers under the GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en. If requested, we may make available a copy of such safeguards, as required by EAA Data Protection Laws.
Data Protection Officer and Representative
ShareThis has appointed a data protection officer to supervise our personal data processing-related activities, and to respond to requests as required. Our DPO can be contacted as follows: Vincent Potier (ShareThis DPO): firstname.lastname@example.org
ShareThis’ representative in the UK is: ShareThis UK Limited of 10 John Street, London WC1N 2EB, UK.
ShareThis’ representative in the EU is: Verasafe and they may be reached at email@example.com.
III. The LGPD and Your Rights as a Brazil Data Subject
Definition of Personal Data
The LGPD defines personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in the Brazil, we treat it as personal data. Similarly, nearly all of the data collected from EEA and UK data subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees, as applicable.
Special Categories of Personal Data
ShareThis does not collect nor process any special categories of personal data with respect to data subjects in Brazil.
Legal Basis for Processing
The LGPD entities seeking to process personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent; b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations.
Brazil and Data Subject Rights
Where the LGPD applies, such data subjects have certain rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. If you are located in Brazil and have questions about how ShareThis implements these rights, please email us at firstname.lastname@example.org.
IV. The U.S. State Privacy Laws (e.g., CCPA) and Your Rights as a Data Subject
A number of U.S. states (e.g., California, Colorado, Connecticut, Nevada, Virginia, and Utah) have enacted laws that may provide additional privacy protections for data subjects and users located into those states, including:
- the right to see what data we have about you, your computer or device (i.e., the right to know),
- the right to correct the data we have about you, your computer or device,
- the right to delete the data we have about you, your computer or device (i.e., the right to delete), and
- the right to opt-out of the sale or sharing of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales or sharing of your information) and the right to opt-out of profiling and/or targeted ads.
These U.S. state laws define personal information broadly. And as such, almost all of the information we collect is considered personal information under these laws. U.S. data subjects may send an email to email@example.com to exercise those rights of visit data subject access page. California data subjects may also call us on our toll free CCPA privacy hotline at 1-800-272-1765.
We do not treat users that exercise any of the above rights differently. However, we may not be able to honor a right if doing so would violate applicable law. ShareThis does not sell data collected via our Website or the data we use to operate our business. However, we transfer personal information collected via the ShareThis Publisher Applications to third parties and as such are considered to have sold data over the past twelve months under California law, including any of the Usage Data, Profile Information and/or audience segments.
We generally ask only for the minimum information necessary to help us process a subject access or deletion request and will keep information pertaining to your request for up to two years. If you are a customer of ShareThis with a login and password to the ShareThis platform, we ask that you first direct your request to the person or persons at your organization that administers the relationship with ShareThis. California data subjects may also call us on our toll free CCPA privacy hotline at 1-800-272-1765.
CCPA Metrics for 2021
Pursuant to CCPA Regulation 999.317(g), ShareThis informs you of the following metrics:
|a. The number of CCPA requests to know that ShareThis received, complied with whole or part and denied in 2021||16||16||0||0|
|b. The number of CCPA requests to delete that ShareThis received, complied with whole or part and denied in 2021||38||38||0||0|
|c. The number of CCPA requests to opt-out that ShareThis received via our email form, complied with whole or part and denied in 2021||7||7||0||0|
|d. The median number of days within which ShareThis substantively responded to requests to know, requests to delete and requests to opt-out||Total|
|Requests to know||9|
|Requests to delete||8|
|Requests to opt-out||8|
V. Data Sharing or Disclosure, Recipients of Your Data
We sell and/or share Usage Data, Profile Information and/or audience segments with the following types of businesses, and accept for Publishers, we view each of the below as our Customers:
- Publishers – We provide analytics tools for Publishers based on the data collected via the ShareThis tools.
- Advertisers and Retailers – companies seeking to better understand their customers so as to more effectively serve those customer’s needs
- Advertising Agencies – companies that purchase advertising on behalf of other companies.
- Advertising Technology Companies – companies that enable the delivery of advertising, mostly via digital channels, including demand side platforms, supply side platforms, advertising exchanges and ad servers.
- Marketing Technology Companies – companies that enable the delivery of marketing messages via channels such as email and SMS.
- Data Companies – companies that process data into profiles that enable other companies to market and advertise more effectively.
- Professional Services Companies – Companies that provide high level strategy and analytic services.
- Security or Fraud Prevention Vendors – Companies that help ensure the security and reliability of their customer’s data or infrastructure.
- Investment Firms – Financial services companies and investment firms seeking to better understand how consumers use the Internet.
We share this information for the purposes listed in the section ‘Data Collection and Use.’
Where the GDPR applies to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies.
Customers may share the data which they process with other third parties who are not mentioned in this Privacy Notice, in accordance with their own privacy policies. As an example, they may use third party service providers to display advertising or other content on their behalf.
Please review some of our Customer’s privacy policies for more information:
Eyeota : https://www.eyeota.com/privacy-policy
Dunn & Bradstreet: https://www.dnb.com/ca-en/utility-pages/privacy-policy.html
2. Other third-party agents and service providers
We share the data described in this Privacy Notice trusted agents with data storage and processing facilities such as Amazon Web Services who are required under contract to only process data according to our written instructions and we require them to use data only for the purposes of providing services to us and to implement security controls and to maintain the confidentiality of that information. Here are the categories of service providers utilized by ShareThis:
- Cloud data storage providers such as Amazon Web Services;
- Customer billing systems providers;
- Email service providers offering tools to send emails on our behalf;
- Website analytics providers such as Google analytics;
- Customer relationship management software providers;
- Vendors assisting us with legally required audits;
- Third-party computer programmers helping ensure our systems are operating properly;
- Job ticket support vendors helping us record issues and debug; and
- Security vendors.
3. Data Retention
We have defined retention policies for different types of personal data. We only retain data for as long as necessary for the purpose for which we process it and only as long as it remains relevant, unless we need to retain it because we are required to do so by law, to defend and exercise claims, or for regulatory reasons.
3.1 Usage Data, Profile Information and Data Collected via ShareThis.com
We retain Usage Data and Profile Information for up to 13 months from the date of collection for targeted advertising, and for up to 36 months for insights and analytics. We also retain data collected via ShareThis.com for up to 36 months for analytics and to ensure that our website functions properly.
We may aggregate and anonymize data so that it can no longer be linked to a device or individual, therefore it ceases to be personal data, and we may retain this data for longer periods.
3.2 Account Information
We retain Account Information for as long as you have an active account with us. If you have not logged into any of our services with your username and password for a period of 14 consecutive months, we may deem your account as being inactive and delete your Account Information. This could result in the loss of data you may have saved and we do not accept liability for such deletion.
You always have the option to cancel your account with us at any time. Simply sign into the site and click on the My Account at the top of the page. Click on Edit Profile and then select Deactivate Account and follow the instructions. You may also request to have your Account Information removed by submitting a request to firstname.lastname@example.org.
4. Data Security
The security of your information is a high priority to ShareThis. We have implemented industry-standard security measures.
While no transmission of data over the Internet is guaranteed to be completely secure, we strive to protect your data. It may be possible for third parties not under the control of ShareThis to unlawfully intercept or access transmissions of private communications. ShareThis cannot ensure or warrant the security of information you transmit to us.
VI. Commitments to Privacy Standards
ShareThis promotes transparency and control for users as members of various self-regulatory programs. ShareThis also participates in and has certified its compliance with the EU-US and Swiss U.S. Privacy Shield Frameworks.
ShareThis is a member of the following self-regulatory programs:
Network Advertising Initiative (NAI):
ShareThis adheres to the NAI Code of Conduct. NAI offers an online web opt-out platform to allow consumers to express their choices and provides general information related to privacy and Interest Based Advertising.
The Digital Advertising Alliance (DAA):
ShareThis adheres to the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising. The DAA opt-out platform offers the consumer a choice page to opt out from advertising services, and general information related to privacy.
European Interactive Digital Advertising Alliance (EDAA):
ShareThis adheres to the European Interactive Digital Advertising Alliance’s (“EDAA”) principles. The EDAA opt-out platform offers consumers in the European Union a choice page to opt out from advertising services, and general information related to privacy.
GDPR and Swiss Privacy Shield:
ShareThis, Inc. is committed to protecting data and enabling individual privacy rights in every location we do business. Therefore, we comply with the GDPR and the EU-US and Swiss-US Privacy Shield Frameworks.
In accordance with the GDPR, which is designed to empower and protect the data privacy rights of EU individuals, ShareThis makes available user consent tools (ShareThis is a registered CMP with the IAB Transparency and Consent Framework), as well as facilitating user data rights outlined throughout this notice.
VII. User Choices and Opt-out Rights
If you do not want to receive ads based on Usage Data collected by ShareThis whatever device or browser used, you must opt-out from our services for each device and each internet web browser.
Click below to “Limit Ad-Tracking” function on mobile devices:
Instructions by Google for most Androids: Google Play Help
Instructions by Apple for iOS version 6 and above: Apple Support Center
This process does not mean you will stop seeing advertisements, but that the advertisements you do see will not be influenced by the Usage Data collected and Profile Information used by ShareThis.
If you have any questions about your opt-out rights, you can write to us at email@example.com.
Browser environment: (desktop, tablet, and smartphone browsers)
When you change your consents or opt out, an opt-out cookie will be set on your browser. We must maintain the opt-out cookie on your browser in order to recognize you as having opted out from our service. The ShareThis opt-out cookie is like any other cookie; therefore, if you clear that cookie from your browser, use a different internet browser, or use a new computer to access the internet you must go through the process again.
You can also opt out by visiting the following links.
Network Advertising Initiative (“NAI”) Opt-Out Platform
Digital Advertising Alliance (“DAA”) Opt-Out Platform
European Interactive Digital Advertising Alliance (“EDAA”) Opt-Out Platform
The Ghostery browser extension is also a good tool to see a list of all third-party cookies on each website you visit and allows you to selectively opt out.
The opt-out tools above are currently cookie-based i.e., they set a cookie on your browser which tells us that you have opted out. This means that the opt-out will only function if your browser is set to accept third party cookies. If your browser is set to automatically reject cookies or if you remove all cookies from your browser, the opt-out mechanism will not work since we would not see an opt-out cookie on your browser.
Also keep in mind that cookies are browser based, therefore if you change browsers, operating systems, or computers you would need to opt out again.
While the opt-out methods described above often work for mobile web browsing, they are cookie-based and are therefore less reliable in mobile “app” environments that may not accept interest-based advertising cookies.
Instead, you can typically opt out at the mobile platform level by the “limit ad tracking” function within the settings, as described below. Though we do not collect data from mobile apps for interest-based advertising, we or third parties we work with may use such data collected by others in delivering interest-based ads.
Most Android Users:
To use the “opt-out of interest-based advertising” option, follow the instructions provided by Google here: Google Play Help.
Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.
iOS users: (version 6 and above)
To use the “Limit Ad-Tracking” option, follow the instructions provided by Apple here: Apple Support Center.
Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.
Do Not Track:
You may also stop the collection of your Usage Data by using the do-not-track function or similar privacy controls of your browser. ShareThis recognizes these do-not-track signals from your browser. As required by law, or where we are able to ascertain that such signals are enacted by you and not set by default by your browser, we will consider them to be an indication that you have opted out.
Onward Transfer/Privacy Shield:
ShareThis complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland to the United States in reliance on Privacy Shield. The Privacy Shield is administered by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries as well as Switzerland and the United Kingdom. ShareThis has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
In the context of an onward transfer, ShareThis is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. ShareThis shall remain liable under the Privacy Shield principles if its agent processes such personal data in a manner inconsistent with the Privacy Shield principles, unless the ShareThis proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, ShareThis commits to resolve complaints about your privacy and our collecting or use of your personal information. European Union, UK, or Swiss individuals with inquiries or complaints regarding this privacy notice should first contact ShareThis directly at firstname.lastname@example.org. We will respond to your complaint within 30 days of receipt.
We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
For residual disputes that cannot be resolved by the methods above, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
If you believe we have not respected your rights or otherwise not handled data correctly, then we encourage you to contact us directly and we will do everything possible to help.
However, where you still have a complaint, then you have the right to raise the matter with the Supervisory Authority (or data protection agency) in your country for resolution.
3000 El Camino Real
Building 4, Suite 200
Palo Alto, CA 94306, USA
We have appointed a data protection officer to supervise our personal data
processing-related activities, and to respond to requests as required. Our DPO can be contacted as follows:
Vincent Potier (ShareThis DPO): email@example.com
ShareThis’ representative in the UK is: ShareThis UK Limited of 10 John Street, LondonWC1N 2EB, UK
VeraSafe has been appointed as ShareThis’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to firstname.lastname@example.org, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Now, we can’t sell your data.