ShareThis takes privacy seriously. This Privacy Notice sets out what data we collect, how we collect it, why we process it, who we may share it with and, where the data we collect is personal data, your rights with respect to such personal data. ShareThis may change this Notice from time to time by updating this page. You should check this page from time to time to ensure that you are up to date with any changes.       

ShareThis is committed to processing information in accordance with applicable laws (including where applicable the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) and as described in this Privacy Notice. For specific information about how ShareThis adheres to European, UK and Brazil data protection law and your rights as an EEA, UK, Swiss or Brazil data subject please click here. For information about how ShareThis adheres to applicable U.S. Privacy laws in States such as California, Colorado, Connecticut, Nevada, Virginia, and Utah, please click here.

To access information for Publishers, please visit the Publisher Information page here.

To access Publisher Terms of Use, please click here.

Last Updated on: February 21, 2024


About ShareThis and Its Tools

ShareThis provides website operators (“Publishers”) with customizable social sharing tools, which makes sharing online content simple. Any user of a website can easily share anything on the web with their friends on social sites, such as Facebook, Twitter, Email, Digg, Reddit and more through using one of our tools on that website (“ShareThis Icon”).

ShareThis also collects pseudonymous data about internet users and how they interact with content, websites, and advertisements while online. Some of the data is collected via our tools such as the ShareThis Icon, and some is collected through third-party data providers. We compile this data and provide it to our Publishers and license it to advertisers, agencies, and other businesses (our “Customers”) to facilitate the delivery of relevant, targeted advertising and for a number of other reasons which are listed below.

We do this by using technology such as cookies and pixels (including the pixels and cookies of our customers) (“ShareThis Publisher Applications”) to gather information regarding the browsing and sharing activities of Internet users, both on websites that have the ShareThis Icon and similar tools installed on them. We also receive data from others who operate in the data analytics and advertising industries. We analyze and aggregate the data we collect to create groups of data (called audience segments) based on defined criteria.  For example, we segment into groups internet users who we believe have similar characteristics, interests, needs or behavioral patterns. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our audience segments. We compile this data to provide analytics to our Publishers and license it to our Customers for a number of purposes as described below, including targeted advertising.

Targeted advertising has the aim of displaying advertising which is more likely to be of interest to internet users, based on analyses of their recent browsing and sharing activities and interactions with the website and adverts. It is also sometimes referred to as interest-based advertising or online behavioral advertising. For more information on this type of advertising, click here.

Contents

I. Data Collection and Use

II. The GDPR and Your Rights as a Swiss, EU, or UK Data Subject

III. The LGPD and Your Rights as a Brazil Data Subject

IV. The U.S. State Privacy Laws and Your Rights as a Data Subject

V. Data Sharing or Disclosure, Recipients of Your Data

VI. Commitments to Privacy Standards

VII. User Choices and Opt-out Rights

I. Data Collection and Use

In order to offer our products and services, we collect and use data relating to the websites you visit to display personalized advertisements, provide analytics, and data modeling based on social sharing, by us or third parties. This data is pseudonymous personal data in that it may not be used directly by ShareThis to identify an actual person. This data does enable our systems to recognize your computer, device and/or browser over time. In many places, this pseudonymous data is considered personal data and/or personal information under applicable law.

We do not intentionally collect identifiable personal information such as your name, postal address, phone number, email address, credit card information, or anything else that can allow us or our customers to contact you directly as part of our products and services. We may collect identifiable personal information and even financial information such as payment or bank details if you are one of our Publishers or if you have a business relationship with ShareThis.


We have set out below the categories of data we process and why we process each category of data.

  1. Usage Data and Profile Information

1.1 Usage Data

We collect information about how Internet users browse the Internet and interact with online content and advertisements through our ShareThis Icon, the ShareThis Publisher Applications and user interactions with advertisements on the Internet. We call this “Usage Data”.

Usage Data includes:

  • The unique IDs of the cookie(s) placed on your web browser (example: 37d387ca-f68a-11e5-b87d-0e58954c72b1) and/or a hashed version of an email address which help us recognize your browser or device over time.
  • Information about the user’s browser and device
  • User agent string
  • Webpages viewed (including the URL addresses of such pages and search parameters, which may include search terms and key words) and the previous web pages that referred the user to that webpage 
  • Time when webpages are viewed
  • Search queries from which users are directed to a webpage
  • Navigation from page to page
  • Time spent on each webpage
  • Interactions with the webpage, including items clicked or selected and content highlighted or copied
  • Ads viewed or displayed to the user and the user’s interactions with those ads
  • Shares of content including what content is shared and where – for example, the relevant social media site (e.g., Twitter, Facebook)
  • Geographic information such as country, city, state, or postal code.
  • IP addresses
  • Device IDs

Although the Usage Data listed above is not used by ShareThis to directly identify an actual person, it is considered to be personal data in many places.

1.2 Profile Information

We receive information about the content of the websites that you visit and information about the audience of those websites to enable us to infer and create groups of users who have similar characteristics, interests, or behavioral patterns. We combine the Usage Data with data we receive from third party advertisers, analytics vendors and data partners to create categories of data that are helpful to advertisers seeking to deliver a more personalized advertising experience. For example, if a user regularly views or shares content about shopping for a car, our systems may infer that this user may be interested in purchasing an automobile.  This practice is sometimes referred to as interest-based advertising, and a segment titled “interested in automobile” is sometimes referred to as an audience segment or a “profile.” When we group this data into profiles, we refer to it as “Profile Information”.

We can infer this Profile Information (by reference to browser identifiers, not actual names) using the information we obtain from third parties about the likely content and characteristics of the users and audiences of the websites which are visited. For example, visitors to a particular website may have an interest in cars while visitors to a different website may typically be within a certain age or income range. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our Profile Information.

The characteristics by which we group users relate to age ranges, income ranges, education, gender, product or activity interests and family composition (e.g., how many children in the family), on the basis of information available about the typical audience of websites they visit and content viewed.

In certain cases where Publishers that we work with utilize the “Google Analytics By ShareThis WordPress” plug-in on their websites, ShareThis uses a Google Analytics feature currently known as Google Analytics Demographics, in order to better understand the audience demographics of those Publisher websites, and to provide insights about those demographics to the Publishers that own or operate those websites. To learn more about Google Analytics’ privacy practices, please click here. To opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, please click here, or you may also visit the NAI consumer choice page.

In the U.S., ShareThis creates modeled segments based off of demographic attributes where those attributes are aligned with the target audience of products marketed by pharmaceutical drug companies. 

ShareThis does not create Profile Information based on topics we believe to be sensitive under applicable law, or based on visits to adult entertainment websites.

1.3 How we obtain Usage Data and Profile Information

We collect Usage Data when your device visits our website, uses or interacts with our services (including sharing content with the ShareThis Icon), when your device visits Publishers’ websites that use ShareThis Publisher Applications, and when your device views or clicks advertisements that we serve or are served on our behalf. We do so by using cookies placed on your browser (to the extent that cookies are not-restricted by the browser), pixel tags, and HTTP headers (or other communication protocols) and the use of hashed email address. We may also use probabilistic IDs generated via the user agent string and IP address when cookies are restricted by the browser.

Our use of Cookies and other Tracking Technologies

Web Environment: (desktop, tablet, and smartphone browsers)

ShareThis places cookies containing a UID on the browsers of visitors to websites that use ShareThis Publisher Applications. The ShareThis Publisher Applications also may enable cookies to be placed by ShareThis partners and our Customers to enable the synchronization of unique identifiers between ShareThis and our third-party partners and Customers.

Cookies: Small text files that contain a string of characters and uniquely identify a browser. Many browsers are initially set up to accept cookies. However, you may be able to change your browser settings to refuse or otherwise restrict cookies. Check your browser’s “Help” files to learn more about handling cookies on your browser.

Below is a description of the cookies placed by ShareThis. 

CookieDurationPurpose
_stid1 yearShareThis cookie ID.
_stidv10 yearsShareThis cookie ID version.
wordpress_test_cookieSessionShareThis cookie, tests if we have access to cookies.
pubconsent13 monthsShareThis cookie set to indicate user has made a declaration about GDPR data collection for IAB TCF v1 format.
st_optout10 yearsShareThis cookie set to indicate that user has opted out from data collection.
_ga2 yearsGoogle Analytics cookie used by ShareThis to distinguish users.
_gat1 dayGoogle Analytics cookie used by ShareThis to distinguish users.
_gid1 dayGoogle Analytics cookie used by ShareThis to distinguish users.
visopt_s3 monthsVWO cookie to see the number of times the browser was closed and reopened.
_vis_opt_test_cookieSessionVWO session cookie to see if the cookies are enabled on the browser of the user or not. Helps in tracking the number of browser sessions of a visitor.
_vwo_uuid_v21 yearVWO cookie calculates unique traffic on a website.
intercom-id-fe2c9dmj10 monthsIntercom: Anonymous visitor identifier cookie for site visitors.
intercom-session-fe2c9dmj7 monthsIntercom: Identifier for each unique browser session. Session cookie is refreshed on each successful logged-in ping, extending it to 1 week from that moment. User can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn’t intentionally terminated with ‘Intercom (’shutdown’), which usually happens on logout.
pxcelBcnLcySessionsShareThis Tag Management System cookie to track latency on reporting beacon.
pxcelAcc3PC1 dayShareThis Tag Management System cookie to check whether third party cookies are accepted by the browser. This is only set if there is no incoming cookie in the request.
pxcelPage_c010
and/or
pxcelPage_c010_B
and/or
pxcelPage_c010_C
and/or
pxcelPage_c010_D
1 yearShareThis Tag Management System cookie to track status of pixel rotation loading. ShareThis uses a different cookie for different groups of sites within the ShareThis network.
usprivacyn/aShareThis reads if the usprivacy cookie is present in the publisher domain.
fpestid13 monthsFpestid is a ShareThis cookie ID set in the domain of the website operator.

Pixel tags: These are small blocks of code on a webpage which read and place cookies. When you visit a webpage, ShareThis’ pixel will see if your browser has a ShareThis cookie installed on it. If it doesn’t, the pixel will place the cookie. If the browser already has a ShareThis cookie, the pixel will “read” the cookie and will send us information such as the time you viewed a webpage, the type of browser used and your IP address. This is how we learn about your interests and enable our customers to deliver targeted advertising to you.

HTTP headers: These are transmitted whenever a webpage is viewed, and contain technical information required to connect your browser to the webpage. This information may include information about the browser and the requested webpage. ShareThis collects this information.

Hashed emails: Hashing an email is a cryptographic function. Hashing is a way of encrypting a piece of data, like an email address, into a hexadecimal string. By doing this, each email address becomes an unrecognizable jumble of numbers and letters. This technique doesn’t allow us to send you an email message or to identify who you are. However, it does allow us to recognize your browser or device in the same way that cookies help us to recognize your browser or device. ShareThis may obtain hashed emails from our advertising partners to help provide our products and services. We may also receive and hash emails you provide to our Publishers. For more information, and to better understand the choices available to you, please visit https://thenai.org/opt-out/ama-opt-out/.

Mobile Environments: (Mobile applications)

To serve ads in mobile applications identifiers may be used, such as Google Advertising ID or Apple IDFA, depending on the operating system of your mobile device. The advertiser identifier does not identify you directly, but it enables advertisers and their technology partners to recognize your mobile device over time. Many of the mobile operating systems which provide these advertising IDs also provide the functionality to reset them and/or to record your opt-out choice. See your device manufacturer for more information or visit NAI Mobile opt-out page at https://www.networkadvertising.org/mobile-choice/.

Connected TV Environments: (Mobile applications)

To serve ads onto TV streaming devices and smart TVs, pseudonymous advertising identifiers may be used. The advertiser identifier does not identify you directly, but it enables advertisers and their technology partners to recognize your smart TV and/or streaming device over time. Many streaming devices and smart TVs that provide these advertising IDs also provide the functionality to reset them and/or to record your opt-out choice. See your device manufacturer for more information or visit the NAI SmartTV opt-out page at https://thenai.org/opt-out/connected-tv-choices/.

Linking Environments: (browsers and mobile apps used)

To serve you personalized advertisements and provide a seamless online experience, third party data partners that we work with may link your identifiers on the different environments you use. We may enable the linking of our Usage Data through cookie syncing. We do not use plain text information that may be used by ShareThis to identify you such as your name or address to operate the linking. Our data partners may use exact linking methods by leveraging the pseudonymous data collected through our technology such as advertising partner identifiers.

Probabilistic IDs: Some browsers may block or otherwise restrict our ability to place cookies in the ShareThis domain. When this occurs, ShareThis may use a combination of user agent and IP address to help us recognize a browser or device over time.

You can manage cookies, change consents, or opt out of personalized ads using the mechanisms described in ‘User Choices’.

1.4 How we use Usage Data and Profile Information

We use Usage Data and Profile Information internally for the following business purposes:

  • To enable our tools to function;
  • Pursuant to our relationship with Google Analytics Demographics, to enable demographic reporting features we provide to our Publishers;
  • To link browsers and devices that we infer might belong to the same household;
  • To enable us to sync unique identifiers;
  • To enable ST to manage the security of our Website, tools, networks, and systems.
  • To comply with applicable laws.

We may also use Usage Data and Profile Information and/or audience segments and license such information to our Customers for the following business purposes including (where not prohibited under applicable law):

  • To enable the delivery of targeted advertising
  • To conduct market research and analytics in order to find meaningful patterns in the data that enables ShareThis to draw insights into how web Users generally behave. This may have specific application to companies seeking to better understand the characteristics of their target customer. It also may help hedge funds attempting understanding macro investment trends.
  • For data modeling in order to draw inferences. For example, to create lookalike audiences models.
  • To create modeled segments based off of demographic attributes.
  • To enhance security features or reduce fraud, including ad fraud,
  • To enhance addressability features that enable a company to recognize the same browser, device and/or user over time.

Our Customers who we share your data with may use this information to generate their own Profile Information. They may independently gain other demographical information about you through their own cookies or web beacons and combine it with the data we provide to them. While we ask our customers to avoid merging data received from ShareThis with identifiable personal data such as a clear email address (i.e., in violation of the NAI Code of Conduct), the use of cookies and pixel tags by these third-party advertisers, publishers, and ad networks are subject to their own privacy policies.  Please refer to the ‘Recipients of Your Data’ section of this Privacy Notice for more information about who we disclose your data to.

  1. Children

ShareThis does not intentionally collect data from children and does not tailor any Profile Information or otherwise license data to enable targeting of children under 18 years of age. If you are a parent or guardian and believe we may be processing data of children you are responsible for, please see the section on User Choices and Rights, or contact us directly.

  1. Emails from Users with ShareThis Icon

When you share to email with the ShareThis Icon, you choose how to connect to email from your device. We will only know what content you shared, and that you did so by means of email. We do not receive any information about the email itself, for example, your email address, the email address of the recipient or the content of your email. We are not responsible for the information shared by users via the ShareThis Publisher Applications.

  1. Account Information

Account Information” means the information which Publishers and representatives of Publishers provide when they register for an account with us and when they use their account.

Many of our services can be used without registering with us. However if you are a Publisher, or represent a Publisher, and want to use some of our enhanced features, you will need to register with us.

If you choose to register with us, you must be and you affirm that you are 18 years of age or older. We do not sell or share registration information with third parties for direct marketing purposes.

  1. Business contacts data

We may process your personal data if you are or your employer has a business relationship with us. For example, if you’re a Customer, a prospective Customer, a vendor/supplier of ours, or a business partner, we may process your data. The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, company you work for). We would have collected that information from exchanging emails or business cards, meeting at industry meetings or client sessions etc. We may process that data for a number of legitimate business purposes, including: a) to communicate with you within the context of our business relationship; b) to provide our products or services; c) for billing and invoicing purposes; and d) for sales, marketing and product promotional purposes ((e.g., uploading emails into LinkedIn and similar platforms to advertise new services to current and prospective Customers).

This data may also be processed for the purposes set out in the section ‘General purposes which apply to all data.’

  1. Employee and Job Applicants’ data

If you are an employee of ShareThis, or you apply for a role with ShareThis, in the US or in Europe, please refer to our HR Policy for information about how we process your data. These can be obtained from our HR department at HR@ShareThis.com.  

  1. Data Collected on ShareThis.com

This section sets out how we process data of visitors of our corporate website (our “Website”, ShareThis.com), apart from any ‘Usage Data and Profile Information’ and the ‘Account Information’ which relates only to Publishers who register with us.

When you visit our Website, you may choose to provide information to us voluntarily if you interact with ShareThis.com in certain ways, such as by applying for employment with ShareThis, or using one of our contact forms. This information is used only for the reasons for which it was collected, such as responding to your communication, and it is not shared with third parties other than trusted service providers who are contractually required to only use such data to fulfill the purpose for which it was collected.

We use cookies and similar tracking technologies to collect data automatically when you visit ShareThis.com and use that information to help administer the Website, to remember your preferences, to conduct website analytics and for security and fraud prevention purposes.  

Where we enable third parties to collect pseudonymous information on ShareThis.com (e.g., using cookies and pixels), that information may be viewed as a sale of data by ShareThis under applicable in certain jurisdictions such as California. To address this, we provide you with a privacy notice when you visit the Website and the opportunity to opt-out of these third-party data collection practices on our Website. We encourage you to visit the applicable policies of those third parties or visit www.aboutads.info to learn more about interest-based advertising and to see your opt-out choices from other participating companies that may be collecting and using data on ShareThis.com.

  1. General purposes which apply to all data

There are a number of “general” reasons that ShareThis may process data on our systems. Many of them are required by applicable law and/or to help us ensure that the Internet remains a safe space. Some of them enable us to promote and grow our business. If you’d like additional information, please email privacy@sharethis.com. 

We may also process data for the following purposes: a) as required by applicable law; b) to cooperate with competent legal authorities such as data protection regulators, the police and the FBI; c) to enforce our terms and conditions, including by obtaining advice and conducting legal proceedings; d) to protect our operations, property and interests, and those of third parties; e) to sell and promote the sale of our business and/or assets.

Finally, ShareThis may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If ShareThis is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

II. The GDPR and Your Rights as an EU, Swiss, or UK Data Subject

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) applies to our processing of personal data. If you are located in Switzerland, The Swiss Federal Data Protection Act applies to our processing of personal data. If you are located in the United Kingdom, then the Data Protection Act 2018 applies to our processing of personal data. These laws each grant those located respectively in the EEA, Switzerland, and the UK a set of clear privacy rights and imposes responsibilities on ShareThis as we process the personal data of data subjects located in those places. The ShareThis privacy policy outlines how and why ShareThis processes personal data. This section is designed to provide more information on how ShareThis adheres to the above data protection laws and your rights as a data subject. For purposes of this privacy policy, we’ll refer to the above data protection laws as “EEA Data Protection Laws” and data subjects located in the above places as “EEA Data Subjects.”


Definition of Personal Data

EEA Data Protection Laws define personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in the EEA, we treat it as personal data. Similarly, nearly all of the data collected from EEA Data Subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees.

Special Categories of Personal Data

ShareThis does not collect nor process any special categories of personal data with respect to EEA Data Subjects, and we do not create Profile Information of audience segments of such consumers based on special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation).

Legal Basis for Processing

EEA Data Protection Laws requires entities seeking to process personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent (our primary legal basis with respect to our Processing of Usage Data and Profile Information); b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations. We will endeavor to outline our legal basis for the most common types of processing conducted by ShareThis.

Cookie and Similar Tracking Technologies – We endeavor to obtain consent for our placement of cookies, pixels and similar tracking technologies as required under the ePrivacy Directive as implemented throughout the EEA. As ShareThis does not have direct relationships with Internet users in many cases, we ask Publishers and other partners to obtain a consent on our behalf as described below.  Where we directly place cookies (e.g., via ShareThis.com) we directly obtain the consent from data subjects we’ve identified as being from the EEA or other place where consent is required.

Usage Data and Profile Information – We obtain a consent for our placement of cookies as described above, and ShareThis also processes Usage Data and Profile Information with consent.

Website Data – We collect personal data via ShareThis.com. Where that data is provided to ShareThis (e.g., via completing an online form), we consider it either Account Data and/or data collected pursuant to a business relationship which are described below. Where we place cookies via the Website, we use consent. Where data is collected automatically (e.g., log files containing IP addresses), we process such data via our legitimate interest and in order to maintain the Website and help us to a better job of personalizing the Website to the interests of visitors.

Account Data and Business Relationships – We require some Publishers to setup an Account with ShareThis. Similarly, we maintain accounts containing personal data with most of the vendors who provide services to ShareThis, our Customers, our employees, and our business partners. If you are an employee of one of those entities, ShareThis may have your personal data including your name, your work email, or your work telephone number. For data subjects located in the EEA, Switzerland, or UK, we process this data under the legal basis of contractual necessity. In other words, we need to process this data in order to honor the terms of the contract between ShareThis and the Publisher, Customer, vendor, Etc. This includes maintaining an account and login credentials, billing and payment purposes, communicating with the other party, and fulfilling requests. Where we are seeking to market additional products and services to these entities, we will do so via legitimate interest unless applicable law dictates that we use consent (e.g., for email marketing).

General Purposes – There are a number of instances where ShareThis processes personal data which are distinct from the descriptions provided above. For example:

Legal and Regulatory Compliance – Like most companies, ShareThis will process data in order to comply with law, cooperate with requests from competent legal authorities such as the police, and to pay taxes. The legal basis for this type of processing is necessary for ShareThis to meet our legal and regulatory obligations.

Enforcement of legal obligations – To enforce our terms and conditions, protect of our intellectual property and/or the rights of third parties, ShareThis processes personal data in these instances via our legitimate interest. This may include obtaining advice and conducting legal proceedings.

Sell and Promote our Business – ShareThis may choose to conduct, evaluate and/or promote the sale of our business via our legitimate interest.

Aggregated Data – Where we aggregate data and remove digital identifiers (e.g., cookie IDs), we may use this data for internal research, marketing, and statistical analysis purposes.

Data Controller

ShareThis is generally a Controller of data with respect to the data processed as described above. Where the EEA Data Protection Laws apply to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies. ShareThis is also the controller of the data it collects via ShareThis.com.

Data Processors

ShareThis also has a number of agents and service providers who operate as processors of data on ShareThis’ behalf. These agents and service providers are only able to use the data as specifically directed by ShareThis and only to provide the services requested by us. They are also contractually obligated to process the data securely and under confidentiality obligations.

EEA Data Subject Rights

Where the EEA Data Protection Laws apply, such data subjects have certain rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. As an example, the right to object applies to processing which is carried out because it is necessary for our legitimate interests and only if we cannot demonstrate compelling legitimate grounds which outweigh your rights, interests and freedoms. The same right does not apply to processing which is necessary for us to comply with our legal obligations or to perform a contract with you. These rights may extend to the personal data we place into cookies or similar tracking technologies.

Where processing is based on your consent, in accordance with the GDPR, the Swiss Federal Data Protection Act, and UK Data Protection Act (as applicable), you may withdraw that consent at any time, although any processing previously carried out will still be legal. In order to exercise your data subjects’ rights or if you have any questions about these rights, you can write to us at privacy@sharethis.com. We will endeavor to respond to any requests to exercise your rights within one month from when they are made, although this period may be extended in some cases in which case we will inform you before the expiration of the one-month period.

You also have the right to submit complaints to the supervisory authority in your jurisdiction. A list of supervisory authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en

How ShareThis interacts with our Publishers on GDPR, Swiss, and UK Data Protection compliance

If you are in the European Economic Area or Switzerland, you may be familiar with websites asking you to consent to the use of cookies and similar technologies. If you are in the UK, you may see similar consent notices which pertain to the UK Data Protection Act. Where the ShareThis Applications are used to process personal data from data subjects in places where a notice and/or consent is required, our Publishers are required to notify you about the use of the ShareThis Applications, mention ShareThis as a third party who processes your personal data and ask you to consent to such processing as well as the placement of cookies.

Cross-border transfers of EEA, Swiss, and UK personal data

We generally process data in the United States. When we share data, we provide data to companies globally. In each case, we have safeguards in place which allow those transfers to happen in a way that ensures data is handled in accordance with the applicable law. 

When we transfer personal data outside the EEA, Switzerland, or UK, unless the recipient or location to which the data is transferred has been approved by the appropriate authorities as providing an adequate level of protection for personal data, we put in place measures to ensure that the transfer complies with the applicable data protection law and that the personal data which is transferred is appropriately safeguarded.

When we enter into business relationships which involves the transfer of personal data of EEA Data Subjects to the United States, we put in place reasonable transfer mechanisms such as the EU standard contractual clauses with the recipient. More information about international data transfers under the GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.  If requested, we may make available a copy of such safeguards, as required by EAA Data Protection Laws.

Data Protection Officer and Representative

ShareThis has appointed a data protection officer to supervise our personal data processing-related activities, and to respond to requests as required.  Our DPO can be contacted as follows: Vincent Potier (ShareThis DPO): dpo@sharethis.com 

ShareThis’ representative in the UK is: ShareThis UK Limited of 10 John Street, London WC1N 2EB, UK.

ShareThis’ representative in the EU is: Verasafe and they may be reached at representative@sharethis.com.

III. The LGPD and Your Rights as a Brazil Data Subject

If you are located in Brazil, then the Brazilian General Law for the Protection of Personal Data (LGPD) applies to our processing of personal data. The LGPD grants those located Brazil a set of clear privacy rights and imposes responsibilities on ShareThis as we process the personal data of data subjects located in Brazil. The ShareThis privacy policy outlines how and why ShareThis processes personal data. This section is designed to provide more information on how ShareThis adheres to the LGPD and your rights as a data subject located in Brazil.


Definition of Personal Data

The LGPD defines personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in Brazil, we treat it as personal data. Similarly, nearly all of the data collected from EEA, Swiss, and UK data subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees, as applicable.

Special Categories of Personal Data
ShareThis does not collect nor process any special categories of personal data with respect to data subjects in Brazil.

Legal Basis for Processing
The LGPD entities seeking to process personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent; b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations.

Brazil and Data Subject Rights
Where the LGPD applies, such data subjects have certain rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. If you are located in Brazil and have questions about how ShareThis implements these rights, please email us at privacy@sharethis.com.

IV. The U.S. State Privacy Laws (e.g., CCPA) and Your Rights as a Data Subject


A number of U.S. states (e.g., California, Colorado, Connecticut, Nevada, Virginia, and Utah) have enacted laws that may provide additional privacy protections for data subjects and users located into those states, including:

  • the right to see what data we have about you, your computer or device (i.e., the right to know),
  • the right to correct the data we have about you, your computer or device,
  • the right to delete the data we have about you, your computer or device (i.e., the right to delete), and
  • the right to opt-out of the sale or sharing of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales or sharing of your information) and the right to opt-out of profiling and/or targeted ads.

These U.S. state laws define personal information broadly. And as such, almost all of the information we collect is considered personal information under these laws. U.S. data subjects may send an email to privacy@sharethis.com to exercise those rights of visit data subject access page. California data subjects may also call us on our toll free CCPA privacy hotline at 1-800-272-1765. Data subjects in Colorado and Virginia have the additional right to appeal in the event that they are unsatisfied with the way that ShareThis has honored one or more of the above rights – and have the further right to appeal to the Attorney General of their state.

We do not treat users that exercise any of the above rights differently. However, we may not be able to honor a right if doing so would violate applicable law. ShareThis does not sell data collected via our Website or the data we use to operate our business. However, we transfer personal information collected via the ShareThis Publisher Applications to third parties and as such are considered to have sold data over the past twelve months under California law, including any of the Usage Data, Profile Information and/or audience segments.

We generally ask only for the minimum information necessary to help us process a subject access or deletion request and will keep information pertaining to your request for up to two years. If you are a customer of ShareThis with a login and password to the ShareThis platform, we ask that you first direct your request to the person or persons at your organization that administers the relationship with ShareThis. California data subjects may also call us on our toll free CCPA privacy hotline at 1-800-272-1765.

CCPA Metrics for 2023
Pursuant to CCPA Regulation 999.317(g), ShareThis informs you of the following metrics:

TotalWholePartDenied
a. The number of CCPA requests to know that ShareThis received, complied with whole or part and denied in 20230000
b. The number of CCPA requests to delete that ShareThis received, complied with whole or part and denied in 2023171700
c. The number of CCPA requests to opt-out that ShareThis received via our email form, complied with whole or part and denied in 20239900
d. The median number of days within which ShareThis substantively responded to requests to know, requests to delete and requests to opt-outTotal
Requests to know0
Requests to delete27
Requests to opt-out14.6
Total
e. The number of opt-out requests we received via the ShareThis opt-out page or industry opt-out pages worldwide in 2023 all of which resulted in the real-time placement of an opt-out cookie by ShareThis as described in this privacy policy.7,524,354

V. Data Sharing or Disclosure, Recipients of Your Data


We sell and/or share Usage Data, Profile Information and/or audience segments with the following types of businesses, and accept for Publishers, we view each of the below as our Customers:

  • Publishers – We provide analytics tools for Publishers based on the data collected via the ShareThis tools.
  • Advertisers and Retailers – companies seeking to better understand their customers so as to more effectively serve those customer’s needs
  • Advertising Agencies – companies that purchase advertising on behalf of other companies.
  • Advertising Technology Companies – companies that enable the delivery of advertising, mostly via digital channels, including demand side platforms, supply side platforms, advertising exchanges and ad servers.
  • Marketing Technology Companies – companies that enable the delivery of marketing messages via channels such as email and SMS.
  • Data Companies – companies that process data into profiles that enable other companies to market and advertise more effectively.
  • Professional Services Companies – Companies that provide high level strategy and analytic services.
  • Security or Fraud Prevention Vendors – Companies that help ensure the security and reliability of their customer’s data or infrastructure.
  • Investment Firms – Financial services companies and investment firms seeking to better understand how consumers use the Internet.

We share this information for the purposes listed in the section ‘Data Collection and Use.’

Where the GDPR or similar privacy or data protection laws applies to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies.

Customers may share the data which they process with other third parties who are not mentioned in this Privacy Notice, in accordance with their own privacy policies.   As an example, they may use third party service providers to display advertising or other content on their behalf. 

Please review some of our Customer’s privacy policies for more information:

LiveRamp: https://liveramp.com/privacy/
AppNexus: https://www.appnexus.com/platform-privacy-policy
Eyeota : https://www.eyeota.com/privacy-policy
Oracle: https://www.oracle.com/legal/privacy/advertising-privacy-policy.html
Lotame: https://www.lotame.com/about-lotame/privacy/
Nielsen: https://www.nielsen.com/ssa/en/legal/privacy-policy/
Retargetly: https://retargetly.com/privacy-policy
1plusX: https://www.1plusx.com/privacy-policy/
AptivIO: https://aptiv.io/privacy-policy
Dunn & Bradstreet: https://www.dnb.com/ca-en/utility-pages/privacy-policy.html

2. Other third-party agents and service providers

We share the data described in this Privacy Notice trusted agents with data storage and processing facilities such as Amazon Web Services who are required under contract to only process data according to our written instructions and we require them to use data only for the purposes of providing services to us and to implement security controls and to maintain the confidentiality of that information. Here are the categories of service providers utilized by ShareThis:

  • Cloud data storage providers such as Amazon Web Services;
  • Customer billing systems providers;
  • Email service providers offering tools to send emails on our behalf;
  • Website analytics providers such as Google analytics;
  • Customer relationship management software providers;
  • Vendors assisting us with legally required audits;
  • Third-party computer programmers helping ensure our systems are operating properly;
  • Job ticket support vendors helping us record issues and debug; and
  • Security vendors.

3. Data Retention

We have defined retention policies for different types of personal data. We only retain data for as long as necessary for the purpose for which we process it and only as long as it remains relevant, unless we need to retain it because we are required to do so by law, to defend and exercise claims, or for regulatory reasons.

3.1 Usage Data, Profile Information and Data Collected via ShareThis.com

We retain Usage Data and Profile Information for up to 13 months from the date of collection for targeted advertising, and for up to 36 months for insights and analytics. We also retain data collected via ShareThis.com for up to 36 months for analytics and to ensure that our website functions properly.

We may aggregate and anonymize data so that it can no longer be linked to a device or individual, therefore it ceases to be personal data, and we may retain this data for longer periods.

3.2 Account Information

We retain Account Information for as long as you have an active account with us. If you have not logged into any of our services with your username and password for a period of 14 consecutive months, we may deem your account as being inactive and delete your Account Information. This could result in the loss of data you may have saved and we do not accept liability for such deletion.

You always have the option to cancel your account with us at any time. Simply sign into the site and click on the My Account at the top of the page. Click on Edit Profile and then select Deactivate Account and follow the instructions. You may also request to have your Account Information removed by submitting a request to privacy@sharethis.com.

4. Data Security

The security of your information is a high priority to ShareThis. We have implemented industry-standard security measures.

While no transmission of data over the Internet is guaranteed to be completely secure, we strive to protect your data. It may be possible for third parties not under the control of ShareThis to unlawfully intercept or access transmissions of private communications. ShareThis cannot ensure or warrant the security of information you transmit to us.

VI. Commitments to Privacy Standards

ShareThis promotes transparency and control for users as members of various self-regulatory programs. ShareThis also participates in and has certified its compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss U.S. DPF.


ShareThis is a member of the following self-regulatory programs:

Network Advertising Initiative (NAI):

ShareThis is a member in good standing with the NAI. The NAI offers an online web opt-out platform to allow consumers to express their choices and provides general information related to privacy and Interest Based Advertising.

The Digital Advertising Alliance (DAA):

ShareThis adheres to the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising.  The DAA opt-out platform offers the consumer a choice page to opt out from advertising services, and general information related to privacy.

European Interactive Digital Advertising Alliance (EDAA):

ShareThis adheres to the European Interactive Digital Advertising Alliance’s (“EDAA”) principles.  The EDAA opt-out platform offers consumers in the European Union a choice page to opt out from advertising services, and general information related to privacy.

VII. User Choices and Opt-out Rights

If you do not want to receive advertisements based on Usage Data and Profile Information collected by ShareThis on your current browser, you can change and manage your preferences in relation to the collection and processing of Usage Data and Profile Information by clicking the ShareThis opt-out button available on this privacy policy. When data subjects opt-out, ShareThis will stop profiling, engaging in targeted advertising and/or selling or otherwise transferring data about their browser or device to third parties in accordance with applicable law.

If you do not want to receive ads based on Usage Data collected by ShareThis whatever device or browser used, you must opt-out from our services for each device and each internet web browser. 

Click below to “Limit Ad-Tracking” function on mobile devices:

Instructions by Google for most Androids: Google Play Help

Instructions by Apple for iOS version 6 and above: Apple Support Center


Furthermore:

This process does not mean you will stop seeing advertisements, but that the advertisements you do see will not be influenced by the Usage Data collected and Profile Information used by ShareThis. 

If you have any questions about your opt-out rights, you can write to us at privacy@sharethis.com.

Browser environment: (desktop, tablet, and smartphone browsers)

When you change your consents or opt out, an opt-out cookie will be set on your browser. We must maintain the opt-out cookie on your browser in order to recognize you as having opted out from our service. The ShareThis opt-out cookie is like any other cookie; therefore, if you clear that cookie from your browser, use a different internet browser, or use a new computer to access the internet you must go through the process again.

You can also opt out by visiting the following links.

Network Advertising Initiative (“NAI”) Opt-Out Platform

Digital Advertising Alliance (“DAA”) Opt-Out Platform

European Interactive Digital Advertising Alliance (“EDAA”) Opt-Out Platform

The Ghostery browser extension is also a good tool to see a list of all third-party cookies on each website you visit and allows you to selectively opt out.

Note:

The opt-out tools above are currently cookie-based i.e., they set a cookie on your browser which tells us that you have opted out. This means that the opt-out will only function if your browser is set to accept third party cookies. If your browser is set to automatically reject cookies or if you remove all cookies from your browser, the opt-out mechanism will not work since we would not see an opt-out cookie on your browser.

Also keep in mind that cookies are browser based, therefore if you change browsers, operating systems, or computers you would need to opt out again.

Mobile environment:

While the opt-out methods described above often work for mobile web browsing, they are cookie-based and are therefore less reliable in mobile “app” environments that may not accept interest-based advertising cookies.

Instead, you can typically opt out at the mobile platform level by the “limit ad tracking” function within the settings, as described below. Though we do not collect data from mobile apps for interest-based advertising, we or third parties we work with may use such data collected by others in delivering interest-based ads.

Most Android Users:

To use the “opt-out of interest-based advertising” option, follow the instructions provided by Google here: Google Play Help.

Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.

iOS users: (version 6 and above)

To use the “Limit Ad-Tracking” option, follow the instructions provided by Apple here: Apple Support Center.

Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.

Do Not Track:

You may also stop the collection of your Usage Data by using the do-not-track function or similar privacy controls of your browser. ShareThis recognizes these do-not-track signals from your browser. As required by law, or where we are able to ascertain that such signals are enacted by you and not set by default by your browser, we will consider them to be an indication that you have opted out.

Onward Transfer/Data Privacy Framework:

ShareThis has certified that it adheres to the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF program principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies of this privacy policy and the above listed DPF program principles, the DPF program principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In the context of an onward transfer, ShareThis is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. ShareThis shall remain liable under the DPF principles if its agent processes such personal data in a manner inconsistent with the DPF principles, unless the ShareThis proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, ShareThis commits to resolve complaints about your privacy and our collecting or use of your personal information. European Union, UK, or Swiss individuals with inquiries or complaints regarding this privacy notice should first contact ShareThis directly at privacy@sharethis.com. We will respond to your complaint within 30 days of receipt.

For complaints that cannot be resolved between ShareThis and the individual concerned, ShareThis has further committed to refer unresolved privacy complaints under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to the BBB Data Privacy Framework Program, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you are an EU, UK, or Swiss individual and you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint.

If your complaint is not satisfactorily addressed, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Other jurisdictions such as Switzerland and the UK may have similar panels and data protection regulators that may receive your complaint ShareThis agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel.

Should your complaint remain fully or partially unresolved after a review by ShareThis, BBB Data Privacy Framework Program and the relevant DPA, you may be able to, under certain conditions, seek binding arbitration before the Data Privacy Framework Panel. For more information, please visit https://www.dataprivacyframework.gov/s/european-individuals.

The Federal Trade Commission has investigation and enforcement authority over our compliance with the Data Privacy Framework. 

If you believe we have not respected your rights or otherwise not handled data correctly, then we encourage you to contact us directly and we will do everything possible to help.

However, where you still have a complaint, then you have the right to raise the matter with the Supervisory Authority (or data protection agency) in your country for resolution.

Contact Information

ShareThis, Inc.
3000 El Camino Real
Building 4, Suite 200
Palo Alto, CA 94306, USA
privacy@sharethis.com

We have appointed a data protection officer to supervise our personal data
processing-related activities, and to respond to requests as required. Our DPO can be contacted as follows:

Vincent Potier (ShareThis DPO): dpo@sharethis.com

ShareThis’ representative in the UK is: ShareThis UK Limited of 10 John Street, LondonWC1N 2EB, UK

VeraSafe has been appointed as ShareThis’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to representative@sharethis.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Opt-out confirmed

Now, we can’t sell your data.

Close

Back to contents