Updated September 30, 2019
ShareThis takes privacy seriously. This Privacy Notice sets out what data we collect, how we collect it, why we process it, who we may share it with and, where the data we collect is personal data, your rights with respect to such personal data. ShareThis may change this Notice from time to time by updating this page. You should check this page from time to time to ensure that you are up to date with any changes.
ShareThis is committed to processing information in accordance with applicable laws (including where applicable the European Union’s General Data Protection Regulation (“GDPR”) and as described in this Privacy Notice. For specific information about how ShareThis adheres to the GDPR and your rights as an EEA data subject please see below.
To access information for Publishers, please visit the Publisher Information page here.
About ShareThis and its Tools
ShareThis provides website operators (“Publishers”) with customizable social sharing tools, which makes sharing online content simple. Any user of a website can easily share anything on the web with their friends on social sites, such as Facebook, Twitter, Email, Digg, Reddit and more through using one of our tools on that website (“ShareThis Icon”).
ShareThis also collects data about internet users and how they interact with content, websites and adverts which enables ShareThis and our Publishers, advertisers, customers and data partners to facilitate the delivery of relevant, targeted advertising online to these groups. We also carry out analytics and provide insights to understand internet users’ behaviour and improve the effectiveness of online content and advertising, based on such browsing, sharing, and what is considered to be the profile of that group.
We do this by using technology such as cookies and pixels (including pixels and cookies for our customers) (“ShareThis Publisher Applications”) to gather information regarding the browsing and sharing activities of internet users, both on websites that use our ShareThis Icon and other websites which have our technology installed on them. We also receive data from others who operate in the data analytics and advertising industries. We analyse and aggregate the data we collect to create groups of data (called audience segments) based on defined criteria. For example, we segment into groups internet users who we believe have similar characteristics, interests, needs or behavioral patterns. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our audience segments.
Targeted advertising has the aim of displaying advertising which is more likely to be of interest to internet users, based on analyses of their recent browsing and sharing activities and interactions with the website and adverts. It is also sometimes referred to as interest-based advertising or online behavioural advertising. For more information on this type of advertising, click here.
We have set out below the categories of data we process and why we process each category of data.
1.Usage Data and Profile Information
1.1 Usage Data
We collect information about how internet users browse the internet and interact with online content and advertisements through our ShareThis Icon, the ShareThis Publisher Applications and user interactions with advertisements on the internet. We call this “Usage Data”.
Usage Data includes:
- the unique IDs of the cookie(s) placed on your web browser (example: 37d387ca-f68a-11e5-b87d-0e58954c72b1)
- Information about the user’s browser and device
- Webpages viewed (including the URL addresses of such pages and search parameters, which may include search terms and key words) and the previous web pages that referred the user to that webpage
- Time when webpages are viewed
- Search queries from which users are directed to a webpage
- Navigation from page to page
- Time spent on each webpage
- Interactions with the webpage, including items clicked or selected and content highlighted or copied
- Ads viewed or displayed to the user and the user’s interactions with those ads
- Shares of content including what content is shared and where – for example, the relevant social media site (e.g., Twitter, Facebook)
- Geographic information such as country, city, state or postal code.
- IP addresses
- Device IDs
Although the Usage Data listed above is not used by ShareThis to directly identify an actual person, it is considered to be personal data in many places.
1.2 Profile Information
We receive information about the content of the websites that you visit and information about the audience of those websites to enable us to infer and create groups of users who have similar characteristics, interests or behavioral patterns. We combine the Usage Data with data we receive from third party advertisers, analytics vendors and data partners to create categories of data that are helpful to advertisers seeking to deliver a more personalized advertising experience. For example, if a user regularly views or shares content about shopping for a car, our systems may infer that this user may be interested in purchasing an automobile. This practice is sometimes referred to as interest based advertising, and a segment titled “interested in automobile” is sometimes referred to as an audience segment or a “profile.” When we group this data into profiles, we refer to it as “Profile Information”.
We can infer this Profile Information (by reference to browser identifiers, not actual names) using the information we obtain from third parties about the likely content and characteristics of the users and audiences of the websites which are visited. For example, users of a particular website may have an interest in cars and typically be within a certain age or income range. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our Profile Information.
The characteristics by which we group users relate to age ranges, income ranges, education, gender, ethnicity and family composition, on the basis of the typical audience of websites they visit and content viewed.
If you would like to see a sample of the types of Profile Information used by ShareThis, please click here.
1.3 How we obtain Usage Data and Profile Information
We collect Usage Data when your device visits our website, uses or interacts with our services (including sharing content with the ShareThis Icon), when your device visits Publishers’ websites that use ShareThis Publisher Applications, and when your device views or clicks advertisements that we serve or are served on our behalf. We do so by using cookies placed on your browser, pixel tags, and HTTP headers (or other communication protocols).
Web Environment: (desktop, tablet, and smartphone browsers)
ShareThis uses browser cookies to “tag” visitors on the websites that use ShareThis Publisher Applications. These users are given a technical identifier, such as C62414AY9324FB5671069928026P0067.
This browser cookie tracks the user’s browsing data. Pixel tags are then used to transfer this browsing data to ShareThis and our customers and data partners.
Cookies: Small text files that contain a string of characters and uniquely identify a browser. Cookies are installed on a browser by the publisher of a website as well by third parties who do not operate the website but whose pixel tags (described below) are found on the website. ShareThis cookies and cookies of our customers are third party cookies, and these are installed in user browsers by the ShareThis Publisher Applications which are on Publishers’ websites. Many browsers are initially set up to accept cookies. However, you may be able to change your browser settings to refuse third-party cookies. Check your browser’s “Help” files to learn more about handling cookies on your browser.
Pixel tags: These are small blocks of code on a webpage which read and place cookies. When you visit a webpage, ShareThis’ pixel will see if your browser has a ShareThis cookie installed on it. If it doesn’t, the pixel will install the cookie. If it does, the pixel will “read” the cookie and will send us information such as the time you viewed a webpage, the type of browser used and your IP address. This is how we learn about your interests and enable our customers to deliver targeted advertising to you.
HTTP headers: These are transmitted whenever a webpage is viewed, and contain technical information required to connect your browser to the webpage. This information may include information about the browser and the requested webpage. ShareThis collects this information.
Other Environments: (Mobile applications)
To serve ads in mobile applications identifiers may be used, such as Google Advertising ID or Apple IDFA, depending on the operating system of your mobile device. The advertiser identifier identifies your device but not you directly and can be reset by you. See your device manufacturer for more information or visit NAI Mobile opt-out page at https://www.networkadvertising.org/mobile-choice/.
Linking Environments: (browsers and mobile apps used)
To serve you personalized advertisements and provide a seamless online experience, third party data partners that we work with may link your identifiers on the different environments you use. We may enable the linking of our Usage Data through cookie syncing. We do not use plain text information that may be used by ShareThis to identify you such as your name or address to operate the linking. Our data partners may use exact linking methods by leveraging the pseudonymous data collected through our technology such as advertising partner identifiers.
You can manage cookies, change consents or opt out of personalized ads using the mechanisms described in ‘User Choices’.
1.4 How we use Usage Data and Profile Information
We use Usage Data and Profile Information to enable the delivery of targeted advertising using cookies or similar tracking technologies described above.
ShareThis does not intentionally collect data from children and does not tailor any Profile Information to enable targeting of children under 16 years of age. If you are a parent or guardian and believe we may be processing data of children you are responsible for, please see the section on User Choices and Rights, or contact us directly.
3. Emails from Users with ShareThis Icon
When you share to email with the ShareThis Icon, you choose how to connect to email from your device. We will only know what content you shared, and that you did so by means of email. We do not receive any information about the email itself, for example, your email address, the email address of the recipient or the content of your email. We are not responsible for the information shared by users via the ShareThis Publisher Applications.
4. Account Information
“Account Information” means the information which Publishers and representatives of Publishers provide when they register for an account with us and when they use their account.
Many of our services can be used without registering with us. However if you are a Publisher, or represent a Publisher, and want to use some of our enhanced features, you will need to register with us.
If you choose to register with us, you must be and you affirm that you are 16 years of age or older. We do not sell or share registration information with third parties for direct marketing purposes.
5. Business contacts data
We may process your personal data if you are or your employer has a business relationship with us. You could be a customer, supplier, or a prospect (e.g. a Publisher, a data provider, a social media platform, an agency, an advertiser etc.). The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, company you work for). We would have collected that information from exchanging emails or business cards, meeting at industry meetings or client sessions etc. We may process that data for a number of legitimate business purposes, including: a) to communicate with you within the context of our business relationship; b) to provide our products or services; c) for billing and invoicing purposes; and d) for sales, marketing and product promotional purposes.
This data may also be processed for the purposes set out in the section ‘General purposes which apply to all data.’
6. Employee and Job Applicants’ data
If you are an employee of ShareThis, or you apply for a role with ShareThis, in the US or in Europe, please refer to our HR Policy for information about how we process your data. These can be obtained from our HR department at HR@ShareThis.com.
7. Data Collected on ShareThis.com
This section sets out how we process data of visitors of our corporate website (ShareThis.com), apart from the ‘Usage Data and Profile Information’ collected on ShareThis.com and the ‘Account Information’ which relates only to Publishers who register with us.
When you visit our website, you may choose to provide information to us voluntarily if you interact with ShareThis.com in certain ways, such as by applying for employment with ShareThis, or using one of our contact forms. This information is used only for the reasons for which it was collected, such as responding to your communication, and it is not shared with third parties other than to fulfill the purpose for which it was collected.
This Privacy Notice does not apply to the privacy practices of other websites or of third parties who collect information on ShareThis.com. We encourage you to visit the applicable policies of those third parties, or visit www.aboutads.info to learn more about interest-based advertising and to see your opt-out choices from other participating companies that may be collecting and using data on ShareThis.com.
8. General purposes which apply to all data
There are a number of “general” reasons that ShareThis may process data on our systems. Many of them are required by applicable law and/or to help us ensure that the Internet remains a safe space. Some of them enable us to promote and grow our business. If you’d like additional information, please email email@example.com.
We may also process data for the following purposes: a) as required by applicable law; b) to cooperate with competent legal authorities such as data protection regulators, the police and the FBI; c) to enforce our terms and conditions, including by obtaining advice and conducting legal proceedings; d) to protect our operations, property and interests, and those of third parties; e) to sell and promote the sale of our business and/or assets.
Finally, ShareThis may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If ShareThis is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.
Definition of Personal Data
The GDPR defines personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in the EEA, we treat it as personal data and comply with the GDPR when processing such data. Similarly, nearly all of the data collected from EU data subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees.
Special Categories of Personal Data
ShareThis does not collect nor process any special categories of personal data with respect to EU data subjects, and we do not create Profile Information of audience segments of EU consumers based on special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation).
Legal Basis for Processing
The GDPR requires entities seeking to process EU personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent; b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations. We will endeavor to outline our legal basis for the most common types of processing conducted by ShareThis.
Cookie and Similar Tracking Technologies – We endeavor to obtain consent for our placement of cookies, pixels and similar tracking technologies as required under the ePrivacy Directive as implemented throughout the EEA. As ShareThis does not have direct relationships with Internet users in many cases, we ask Publishers and other partners to obtain a consent on our behalf as described below. Where we directly place cookies (e.g., via ShareThis.com) we directly obtain the consent from data subjects we’ve identified as being from the EEA.
Usage Data and Profile Information – While we obtain a consent for our placement of cookies as described above, ShareThis processes Usage Data and Profile Information under our legitimate interest. For purposes of clarity, where this data is utilized for analytics, targeted advertising, measurement or reporting, we also process it via legitimate interest. To offer additional transparency, we endeavor to mention some of these use cases in the consents obtained for cookies and pixels.
Website Data – We collect personal data via ShareThis.com. Where that data is provided to ShareThis (e.g., via completing an online form), we consider it either Account Data and/or data collected pursuant to a Business Relationship which are described below. Where we place cookies via the website, we use consent. Where data is collected automatically (e.g., log files containing IP addresses), we process such data via our legitimate interest and in order to maintain the website and help us to a better job of personalizing the website to the interests of visitors.
Account Data and Business Relationships – We require some Publishers to setup an Account with ShareThis. Similarly, we maintain accounts containing personal data with most of the vendors who provide services to ShareThis, our Customers, our employees and our business partners. If you are an employee of one of those entities, ShareThis may have your personal data including your name, your work email or your work telephone number. For data subjects located in the EEA, we process this data under the legal basis of contractual necessity. In other words, we need to process this data in order to honor the terms of the contract between ShareThis and the Publisher, Customer, vendor, Etc. This includes maintaining an account and login credentials, billing and payment purposes, communicating with the other party, and fulfilling requests. Where we are seeking to market additional products and services to these entities, we will do so via legitimate interest unless applicable law dictates that we use consent (e.g., for email marketing).
General Purposes – There are a number of instances where ShareThis processes personal data which are distinct from the descriptions provided above. For example:
Legal and Regulatory Compliance – Like most companies, ShareThis will process data in order to comply with law, cooperate with requests from competent legal authorities such as the police, and to pay taxes. The legal basis for this type of processing is necessary for ShareThis to meet our legal and regulatory obligations.
Enforcement of legal obligations – To enforce our terms and conditions, protect of our intellectual property and/or the rights of third parties, ShareThis processes personal data in these instances via our legitimate interest. This may include obtaining advice and conducting legal proceedings.
Sell and Promote our Business – ShareThis may choose to conduct, evaluate and/or promote the sale of our business via our legitimate interest.
Aggregated Data – Where we aggregate data and remove digital identifiers (e.g., cookie IDs), we may use this data for internal research, marketing, and statistical analysis purposes. Please note that this type of de-identified data is not restricted by the GDPR.
ShareThis is generally a Controller of data with respect to the data processed as described above. Where the GDPR applies to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies. ShareThis is also the controller of the data it collects via ShareThis.com.
ShareThis also has a number of agents and service providers who operate as processors of data on ShareThis’ behalf. This agents and service providers are only able to use the data as specifically directed by ShareThis and only to provide the services requested by us. They are also contractually obligated to process the data securely and under confidentiality obligations.
EU Data Subject Rights
Where the GDPR applies, EU data subjects have the following rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. As an example, the right to object applies to processing which is carried out because it is necessary for our legitimate interests and only if we cannot demonstrate compelling legitimate grounds which outweigh your rights, interests and freedoms. The same right does not apply to processing which is necessary for us to comply with our legal obligations or to perform a contract with you.
Where processing is based on your consent, in accordance with the GDPR, you may withdraw that consent at any time, although any processing previously carried out will still be legal. In order to exercise your data subjects’ rights or if you have any questions about these rights, you can write to us at firstname.lastname@example.org. We will endeavor to respond to any requests to exercise your rights within one month from when they are made, although this period may be extended in some cases in which case we will inform you before the expiration of the one month period.
You also have the right to submit complaints to the supervisory authority in your jurisdiction. A list of supervisory authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
How ShareThis interacts with our Publishers on GDPR compliance
Cross-border transfers of EU personal data
We generally process data in the United States. When we share data, we provide data to companies both inside and outside the EU and the US. In each case, we have safeguards in place which allow those transfers to happen in a way that ensures data is handled in accordance with the applicable law.
When we transfer personal data outside the EEA, unless the recipient or location to which the data is transferred has been approved by the European Commission as providing an adequate level of protection for personal data, we put in place measures to ensure that the transfer complies with the GDPR and that the personal data which is transferred is appropriately safeguarded.
Data Protection Officer and Representative
ShareThis has appointed a data protection officer to supervise our personal data processing-related activities, and to respond to requests as required. Our DPO can be contacted as follows: Vincent Potier (ShareThis DPO): email@example.com
ShareThis’ representative in the EU is: ShareThis UK Limited of 10 John Street, London WC1N 2EB, UK.
We share Usage Data, Profile Information and/or audience segments with:
- Agency trading desks;
- Data management platforms;
- Device graph service providers who link different online identifiers to a single user;
- Advertising technology providers;
- Data aggregators and other data partners
(all, our “Customers”) for the purposes listed in the section ‘Data Collection and Use.’
Where the GDPR applies to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies.
Customers may share the data which they process with other third parties who are not mentioned in this Privacy Notice, in accordance with their own privacy policies. As an example, they may use third party service providers to display advertising or other content on their behalf.
Please review some of our Customer’s privacy policies for more information:
Eyeota : https://www.eyeota.com/privacy-policy
2. Other third party agents and service providers
We share the data described in this Privacy Notice with data storage and processing facilities such as Amazon Web Services who are required under contract to only process data according to our written instructions and we require them to use data only for the purposes of providing services to us and to implement security controls and to maintain the confidentiality of that information.
3. Data Retention
We have defined retention policies for different types of personal data. We only retain data for as long as necessary for the purpose for which we process it and only as long as it remains relevant, unless we need to retain it because we are required to do so by law, to defend and exercise claims, or for regulatory reasons.
3.1 Usage Data, Profile Information and Data Collected via ShareThis.com
We retain Usage Data and Profile Information for up to 13 months from the date of collection for targeted advertising, and for up to 48 months for insights and analytics. We also retain data collected via ShareThis.com for up to 48 months for analytics and to ensure that our website functions properly.
We may aggregate and anonymise data so that it can no longer be linked to a device or individual, therefore it ceases to be personal data, and we may retain this data for longer periods.
3.2 Account Information
We retain Account Information for as long as you have an active account with us. If you have not logged into any of our services with your username and password for a period of 14 consecutive months, we may deem your account as being inactive and delete your Account Information. This could result in the loss of data you may have saved and we do not accept liability for such deletion.
You always have the option to cancel your account with us at any time. Simply sign into the site and click on the My Account at the top of the page. Click on Edit Profile and then select Deactivate Account and follow the instructions. You may also request to have your Account Information removed by submitting a request to firstname.lastname@example.org.
4. Data Security
The security of your information is a high priority to ShareThis. We have implemented industry-standard security measures.
While no transmission of data over the Internet is guaranteed to be completely secure, we strive to protect your data. It may be possible for third parties not under the control of ShareThis to unlawfully intercept or access transmissions of private communications. ShareThis cannot ensure or warrant the security of information you transmit to us.
This process does not mean you will stop seeing advertisements, but that the advertisements you do see will not be influenced by the Usage Data collected and Profile Information used by ShareThis.
If you have any questions about your opt-out rights, you can write to us at email@example.com.
Browser environment: (desktop, tablet, and smartphone browsers)
When you change your consents or opt out, an opt-out cookie will be set on your browser. We must maintain the opt-out cookie on your browser in order to recognize you as having opted out from our service. The ShareThis opt-out cookie is like any other cookie; therefore, if you clear that cookie from your browser, use a different internet browser, or use a new computer to access the internet you must go through the process again.
You can also opt out by visiting the following links.
The Ghostery browser extension is also a good tool to see a list of all third-party cookies on each website you visit and allows you to selectively opt out.
The opt-out tools above are currently cookie-based ie they set a cookie on your browser which tells us that you have opted out. This means that the opt-out will only function if your browser is set to accept third party cookies. If your browser is set to automatically reject cookies or if you remove all cookies from your browser, the opt-out mechanism will not work since we would not see an opt-out cookie on your browser.
Also keep in mind that cookies are browser based, therefore if you change browsers, operating systems or computers you would need to opt out again.
While the opt-out methods described above often work for mobile web browsing, they are cookie-based and are therefore less reliable in mobile “app” environments that may not accept interest-based advertising cookies.
Instead, you can typically opt out at the mobile platform level by the “limit ad tracking” function within the settings, as described below. Though we do not collect data from mobile apps for interest-based advertising, we or third parties we work with may use such data collected by others in delivering interest-based ads.
Most Android Users:
To use the “opt-out of interest-based advertising” option, follow the instructions provided by Google here: Google Play Help.
Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.
iOS users: (version 6 and above)
To use the “Limit Ad-Tracking” option, follow the instructions provided by Apple here: Apple Support Center.
Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.
Do Not Track:
You may also stop the collection of your Usage Data by using the do-not-track function of your browser. ShareThis receives these do-not-track signals from your browser and considers them to be an indication that you opt out. Do-not-track functionality is available on many browsers.
The Privacy Shield is administered by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. ShareThis has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
In the context of an onward transfer, ShareThis is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. ShareThis shall remain liable under the Privacy Shield principles if its agent processes such personal data in a manner inconsistent with the Privacy Shield principles, unless the ShareThis proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-US Privacy Shield Principles, ShareThis commits to resolve complaints about your privacy and our collecting or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy notice should first contact ShareThis directly at firstname.lastname@example.org. We will respond to your complaint within 30 days of receipt.
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
For residual disputes that cannot be resolved by the methods above, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
If you believe we have not respected your rights or otherwise not handled data correctly, then we encourage you to contact us directly and we will do everything possible to help.
However, where you still have a complaint, then you have the right to raise the matter with the Supervisory Authority (or data protection agency) in your country for resolution.
3000 El Camino Real,5 Palo Alto Square, Suite 150. Palo Alto, CA 94306, USA
We have appointed a data protection officer to supervise our personal data processing-related activities, and to respond to requests as required. Our DPO can be contacted as follows:
Vincent Potier (ShareThis DPO): email@example.comShareThis’ representative in the EU is: ShareThis UK Limited of 10 John Street, London WC1N 2EB, UK.
Last Updated: September 30, 2019