We have set out below the categories of data we process and why we process each category of data.

1.Usage Data and Profile Information

1.1 Usage Data

We collect information about how internet users browse the internet and interact with online content and advertisements through our ShareThis Icon, the ShareThis Publisher Applications and user interactions with advertisements on the internet. We call this “Usage Data”.

Usage Data includes: 

• the unique IDs of the cookie(s) placed on your web browser (example: 37d387ca-f68a-11e5-b87d-0e58954c72b1) and/or a hashed version of an email address which help us recognize your browser or device over time.
• Information about the user’s browser and device
• User agent string
• Webpages viewed (including the URL addresses of such pages and search parameters, which may include search terms and key words) and the previous web pages that referred the user to that webpage 
• Time when webpages are viewed
• Search queries from which users are directed to a webpage
• Navigation from page to page
• Time spent on each webpage
• Interactions with the webpage, including items clicked or selected and content highlighted or copied
• Ads viewed or displayed to the user and the user’s interactions with those ads
• Shares of content including what content is shared and where – for example, the relevant social media site (e.g., Twitter, Facebook)
• Geographic information such as country, city, state or postal code.
• IP addresses
• Device IDs

Although the Usage Data listed above is not used by ShareThis to directly identify an actual person, it is considered to be personal data in many places.

1.2 Profile Information

We receive information about the content of the websites that you visit and information about the audience of those websites to enable us to infer and create groups of users who have similar characteristics, interests or behavioral patterns. We combine the Usage Data with data we receive from third party advertisers, analytics vendors and data partners to create categories of data that are helpful to advertisers seeking to deliver a more personalized advertising experience. For example, if a user regularly views or shares content about shopping for a car, our systems may infer that this user may be interested in purchasing an automobile.  This practice is sometimes referred to as interest based advertising, and a segment titled “interested in automobile” is sometimes referred to as an audience segment or a “profile.” When we group this data into profiles, we refer to it as “Profile Information”.

We can infer this Profile Information (by reference to browser identifiers, not actual names) using the information we obtain from third parties about the likely content and characteristics of the users and audiences of the websites which are visited. For example, users of a particular website may have an interest in cars and typically be within a certain age or income range. Where we are able to infer that two or more browsers or devices are the same user or household, we may use that information to bolster our Profile Information.

The characteristics by which we group users relate to age ranges, income ranges, education, gender, ethnicity and family composition, on the basis of the typical audience of websites they visit and content viewed.

In certain cases where Publishers that we work with utilize the “Google Analytics By ShareThis WordPress” plug-in on their websites, ShareThis uses a Google Analytics feature currently known as Google Analytics Demographics, in order to better understand the audience demographics of those Publisher websites, and to provide insights about those demographics to the Publishers that own or operate those websites. Where Google Analytics Demographics is enabled, certain Usage Data and Profile Information will be shared with Google so that we may provide demographic reporting features to those Publishers. To learn more about Google Analytics’ privacy practices, please click here. To opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, please click here, or you may also visit the NAI consumer choice page.

If you would like to see a list of the types of Profile Information used by ShareThis, including any Profile Information that is health or political in nature (U.S. only), please click here. ShareThis does not create Profile Information based upon visits to adult entertainment websites.

1.3 How we obtain Usage Data and Profile Information

We collect Usage Data when your device visits our website, uses or interacts with our services (including sharing content with the ShareThis Icon), when your device visits Publishers’ websites that use ShareThis Publisher Applications, and when your device views or clicks advertisements that we serve or are served on our behalf.  We do so by using cookies placed on your browser, pixel tags, and HTTP headers (or other communication protocols) and the use of hashed email address..

Our use of Cookies and other Tracking Technologies

Web Environment: (desktop, tablet, and smartphone browsers)

ShareThis uses browser cookies to “tag” visitors on the websites that use ShareThis Publisher Applications. These users are given a technical identifier, such as C62414AY9324FB5671069928026P0067.

This browser cookie tracks the user’s browsing data. Pixel tags are then used to transfer this browsing data to ShareThis and our customers and data partners.

Cookies: Small text files that contain a string of characters and uniquely identify a browser. Cookies are installed on a browser by the publisher of a website as well by third parties who do not operate the website but whose JavaScript and/or pixel tags (described below) are found on the website. ShareThis cookies and cookies of our customers are installed in user browsers by the ShareThis Publisher Applications which are on Publishers’ websites. Many browsers are initially set up to accept cookies. However, you may be able to change your browser settings to refuse or otherwise restrict cookies. Check your browser’s “Help” files to learn more about handling cookies on your browser. 

Pixel tags: These are small blocks of code on a webpage which read and place cookies. When you visit a webpage, ShareThis’ pixel will see if your browser has a ShareThis cookie installed on it. If it doesn’t, the pixel will install the cookie. If it does, the pixel will “read” the cookie and will send us information such as the time you viewed a webpage, the type of browser used and your IP address. This is how we learn about your interests and enable our customers to deliver targeted advertising to you.

HTTP headers: These are transmitted whenever a webpage is viewed, and contain technical information required to connect your browser to the webpage. This information may include information about the browser and the requested webpage. ShareThis collects this information.

Hashed emails: Hashing an email is a cryptographic function. Hashing is a way of encrypting a piece of data, like an email address, into a hexadecimal string. By doing this, each email address becomes an unrecognizable jumble of numbers and letters. This technique doesn’t allow us to send you an email message or to identify who you are. However, it does allow us to recognize your browser or device in the same way that cookies help us to recognize your browser or device. ShareThis may obtain hashed emails from our advertising partners to help provide our products and services. We may also receive and hash emails you provide to our Publishers. 

Other Environments: (Mobile applications)

To serve ads in mobile applications identifiers may be used, such as Google Advertising ID or Apple IDFA, depending on the operating system of your mobile device. The advertiser identifier identifies your device but not you directly and can be reset by you. See your device manufacturer for more information or visit NAI Mobile opt-out page at https://www.networkadvertising.org/mobile-choice/.

Linking Environments: (browsers and mobile apps used)

To serve you personalized advertisements and provide a seamless online experience, third party data partners that we work with may link your identifiers on the different environments you use. We may enable the linking of our Usage Data through cookie syncing. We do not use plain text information that may be used by ShareThis to identify you such as your name or address to operate the linking. Our data partners may use exact linking methods by leveraging the pseudonymous data collected through our technology such as advertising partner identifiers.

You can manage cookies, change consents or opt out of personalized ads using the mechanisms described in ‘User Choices’.

1.4 How we use Usage Data and Profile Information

We use Usage Data and Profile Information to enable the delivery of targeted advertising, to provide analytics, and for data modeling using cookies or similar tracking technologies described above. In the US, ShareThis creates modeled segments based off of demographic attributes for certain sensitive health conditions. ShareThis believes it is important to help pharmaceutical companies advertise treatments to help provide solutions for those looking to learn more about a given condition. This may include the individual with the ailment, family members, or medical professionals who are conducting online research on the condition. 

In addition, we may license portions of this data to our partners for their use for targeted advertising, analytics and modeling. Where allowed by law, our customers may use this data for other uses such as addressing fraud, enhancing their security efforts or understanding macro investment trends.

Our customers who we share your data with may use this information to generate their own Profile Information. They may independently gain other demographical information about you through their own cookies or web beacons and combine it with the data we provide to them. The use of cookies and pixel tags by these third-party advertisers, publishers, and ad networks are subject to their own privacy policies.   Please refer to the ‘Recipients of Your Data’ section of this Privacy Notice for more information about who we disclose your data to.

2. Children

ShareThis does not intentionally collect data from children and does not tailor any Profile Information to enable targeting of children under 16 years of age. If you are a parent or guardian and believe we may be processing data of children you are responsible for, please see the section on User Choices and Rights, or contact us directly.

3. Emails from Users with ShareThis Icon

When you share to email with the ShareThis Icon, you choose how to connect to email from your device. We will only know what content you shared, and that you did so by means of email. We do not receive any information about the email itself, for example, your email address, the email address of the recipient or the content of your email. We are not responsible for the information shared by users via the ShareThis Publisher Applications.

4. Account Information

“Account Information” means the information which Publishers and representatives of Publishers provide when they register for an account with us and when they use their account.

Many of our services can be used without registering with us. However if you are a Publisher, or represent a Publisher, and want to use some of our enhanced features, you will need to register with us.

If you choose to register with us, you must be and you affirm that you are 16 years of age or older. We do not sell or share registration information with third parties for direct marketing purposes.

5. Business contacts data

We may process your personal data if you are or your employer has a business relationship with us. You could be a customer, supplier, or a prospect (e.g. a Publisher, a data provider, a social media platform, an agency, an advertiser etc.). The personal data we hold about you refers to your professional life (name, email address, billing address, office address, phone numbers, title, company you work for). We would have collected that information from exchanging emails or business cards, meeting at industry meetings or client sessions etc. We may process that data for a number of legitimate business purposes, including: a) to communicate with you within the context of our business relationship; b) to provide our products or services; c) for billing and invoicing purposes; and d) for sales, marketing and product promotional purposes ((e.g., uploading emails into LinkedIn and similar platforms to advertise new services to current and prospective customers).

This data may also be processed for the purposes set out in the section ‘General purposes which apply to all data.’

6. Employee and Job Applicants’ data

If you are an employee of ShareThis, or you apply for a role with ShareThis, in the US or in Europe, please refer to our HR Policy for information about how we process your data. These can be obtained from our HR department at HR@ShareThis.com.  

7. Data Collected on ShareThis.com

This section sets out how we process data of visitors of our corporate website (ShareThis.com), apart from any ‘Usage Data and Profile Information’ and the ‘Account Information’ which relates only to Publishers who register with us.

When you visit our website, you may choose to provide information to us voluntarily if you interact with ShareThis.com in certain ways, such as by applying for employment with ShareThis, or using one of our contact forms. This information is used only for the reasons for which it was collected, such as responding to your communication, and it is not shared with third parties other than trusted service providers who are contractually required to only use such data to fulfill the purpose for which it was collected.

We use cookies and similar tracking technologies to collect data automatically when you visit ShareThis.com and use that information to help administer the website, to remember your preferences, to conduct website analytics and for security and fraud prevention purposes.  

This Privacy Notice does not apply to the privacy practices of other websites or of third parties who collect information on ShareThis.com. We encourage you to visit the applicable policies of those third parties, or visit www.aboutads.info to learn more about interest-based advertising and to see your opt-out choices from other participating companies that may be collecting and using data on ShareThis.com.

8. General purposes which apply to all data

There are a number of “general” reasons that ShareThis may process data on our systems. Many of them are required by applicable law and/or to help us ensure that the Internet remains a safe space. Some of them enable us to promote and grow our business. If you’d like additional information, please email privacy@sharethis.com. 

We may also process data for the following purposes: a) as required by applicable law; b) to cooperate with competent legal authorities such as data protection regulators, the police and the FBI; c) to enforce our terms and conditions, including by obtaining advice and conducting legal proceedings; d) to protect our operations, property and interests, and those of third parties; e)  to sell and promote the sale of our business and/or assets.

Finally, ShareThis may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If ShareThis is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

Definition of Personal Data

Both the GDPR and UK Data Protection Act define personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in the EEA or UK we treat it as personal data. Similarly, nearly all of the data collected from EEA and UK data subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees.

Special Categories of Personal Data

ShareThis does not collect nor process any special categories of personal data with respect to UK or EEA data subjects, and we do not create Profile Information of audience segments of such consumers based on special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation).

Legal Basis for Processing

Both the UK Data Protection Act and GDPR requires entities seeking to process personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent; b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations. We will endeavor to outline our legal basis for the most common types of processing conducted by ShareThis.

Cookie and Similar Tracking Technologies – We endeavor to obtain consent for our placement of cookies, pixels and similar tracking technologies as required under the ePrivacy Directive as implemented throughout the EEA. As ShareThis does not have direct relationships with Internet users in many cases, we ask Publishers and other partners to obtain a consent on our behalf as described below.  Where we directly place cookies (e.g., via ShareThis.com) we directly obtain the consent from data subjects we’ve identified as being from the EEA or other place where consent is required.

Usage Data and Profile Information – While we obtain a consent for our placement of cookies as described above, ShareThis processes Usage Data and Profile Information under our legitimate interest. For purposes of clarity, where this data is utilized for analytics, targeted advertising, measurement or reporting, we also process it via legitimate interest. To offer additional transparency, we endeavor to mention some of these use cases in the consents obtained for cookies and pixels.

Website Data – We collect personal data via ShareThis.com. Where that data is provided to ShareThis (e.g., via completing an online form), we consider it either Account Data and/or data collected pursuant to a Business Relationship which are described below. Where we place cookies via the website, we use consent. Where data is collected automatically (e.g., log files containing IP addresses), we process such data via our legitimate interest and in order to maintain the website and help us to a better job of personalizing the website to the interests of visitors.

Account Data and Business Relationships – We require some Publishers to setup an Account with ShareThis. Similarly, we maintain accounts containing personal data with most of the vendors who provide services to ShareThis, our Customers, our employees and our business partners. If you are an employee of one of those entities, ShareThis may have your personal data including your name, your work email or your work telephone number. For data subjects located in the EEA or UK, we process this data under the legal basis of contractual necessity. In other words, we need to process this data in order to honor the terms of the contract between ShareThis and the Publisher, Customer, vendor, Etc. This includes maintaining an account and login credentials, billing and payment purposes, communicating with the other party, and fulfilling requests. Where we are seeking to market additional products and services to these entities, we will do so via legitimate interest unless applicable law dictates that we use consent (e.g., for email marketing).

General Purposes – There are a number of instances where ShareThis processes personal data which are distinct from the descriptions provided above. For example:

Legal and Regulatory Compliance – Like most companies, ShareThis will process data in order to comply with law, cooperate with requests from competent legal authorities such as the police, and to pay taxes. The legal basis for this type of processing is necessary for ShareThis to meet our legal and regulatory obligations.

Enforcement of legal obligations – To enforce our terms and conditions, protect of our intellectual property and/or the rights of third parties, ShareThis processes personal data in these instances via our legitimate interest. This may include obtaining advice and conducting legal proceedings.

Sell and Promote our Business – ShareThis may choose to conduct, evaluate and/or promote the sale of our business via our legitimate interest.

Aggregated Data – Where we aggregate data and remove digital identifiers (e.g., cookie IDs), we may use this data for internal research, marketing, and statistical analysis purposes.

Data Controller

ShareThis is generally a Controller of data with respect to the data processed as described above. Where the GDPR or UK Data Protection Act applies to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies. ShareThis is also the controller of the data it collects via ShareThis.com.

Data Processors

ShareThis also has a number of agents and service providers who operate as processors of data on ShareThis’ behalf. This agents and service providers are only able to use the data as specifically directed by ShareThis and only to provide the services requested by us. They are also contractually obligated to process the data securely and under confidentiality obligations.

UK and EU Data Subject Rights

Where the GDPR or UK Data Protection Act applies, such data subjects have certain rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. As an example, the right to object applies to processing which is carried out because it is necessary for our legitimate interests and only if we cannot demonstrate compelling legitimate grounds which outweigh your rights, interests and freedoms. The same right does not apply to processing which is necessary for us to comply with our legal obligations or to perform a contract with you. Given that both the UK Data Protection Act and the GDPR defines personal data broadly, these rights may extend to the personal data we place into cookies or similar tracking technologies.

Where processing is based on your consent, in accordance with the GDPR and UK Data Protection Act (as applicable), you may withdraw that consent at any time, although any processing previously carried out will still be legal. In order to exercise your data subjects’ rights or if you have any questions about these rights, you can write to us at privacy@sharethis.com. We will endeavor to respond to any requests to exercise your rights within one month from when they are made, although this period may be extended in some cases in which case we will inform you before the expiration of the one month period.

You also have the right to submit complaints to the supervisory authority in your jurisdiction. A list of supervisory authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en. 

How ShareThis interacts with our Publishers on GDPR and UK Data Protection compliance

If you are in the European Economic Area, you may be familiar with websites asking you to consent to the use of cookies and similar technologies. If you are in the UK, you may see similar consent notices which pertain to the UK Data Protection Act. Where the ShareThis Applications are used to process personal data from data subjects in places where a notice and/or consent is required, our Publishers are required to notify you about the use of the ShareThis Applications, mention ShareThis as a third party who processes your personal data and ask you to consent to such processing as well as the placement of cookies.

Cross-border transfers of EU or UK personal data

We generally process data in the United States. When we share data, we provide data to companies globally. In each case, we have safeguards in place which allow those transfers to happen in a way that ensures data is handled in accordance with the applicable law. 

When we transfer personal data outside the EEA or UK, unless the recipient or location to which the data is transferred has been approved by the appropriate authorities as providing an adequate level of protection for personal data, we put in place measures to ensure that the transfer complies with the applicable data protection law and that the personal data which is transferred is appropriately safeguarded.

When we enter into business relationships which involves the transfer of EU personal data to the United States, we put in place reasonable transfer mechanisms such as the EU standard contractual clauses with the recipient. More information about international data transfers under the GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.  If requested, we may make available a copy of such safeguards, as required by the GDPR.

Data Protection Officer and Representative

ShareThis has appointed a data protection officer to supervise our personal data processing-related activities, and to respond to requests as required.  Our DPO can be contacted as follows: Vincent Potier (ShareThis DPO): dpo@sharethis.com 

ShareThis’ representative in the EU is: ShareThis UK Limited of 10 John Street, London WC1N 2EB, UK.      

Definition of Personal Data
Like the GDPR, the LGPD defines personal data broadly. As such, where Usage Data and/or Profile Information relates to an individual in the Brazil, we treat it as personal data. Similarly, nearly all of the data collected from EEA and UK data subjects in the context of our normal business operations is likely to be considered personal data. This includes: a) data collected via visits to ShareThis.com; b) data collected from Customers, Publishers and business partners; and c) data collected from employees and prospective employees, as applicable.

Special Categories of Personal Data
ShareThis does not collect nor process any special categories of personal data with respect to data subjects in Brazil.

Legal Basis for Processing
The LGPD entities seeking to process personal data to have a valid legal basis for doing so. The legal basis utilized by ShareThis include: a) consent; b) legitimate interest (i.e., where we believe that our need to process the data and/or the value we deliver by processing such data is not outweighed by the rights of the data subject); c) where necessary for the performance of a contract; and d) where processing is necessary to comply with our legal obligations.

Brazil and Data Subject Rights
Where the LGPD applies, such data subjects have certain rights, including: a) The right to be informed about the types of data being processed and the legal basis for processing; b) the right to access and see the data being processed; c) the right of rectification, to make corrections to data subject to processing; d) the right to erase data; e) the right to restrict processing of data; f) the right of data portability; g) the right to object to the processing of data and f) the right not to be subject to automated decision-making. Some of these rights apply only in certain circumstances and depend on the legal basis relied upon to process the data. If you are located in Brazil and have questions about how ShareThis implements these rights, please email us at privacy@sharethis.com.

Starting January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including:

• the right to see what data we have about you, your computer or device (i.e., the right to know),
• the right to delete the data we have about you, your computer or device (i.e., the right to delete), and
• the right to opt-out of the sale of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales of your information).

The CCPA defines personal information broadly. And as such, almost all of the information we collect is considered personal information under the CCPA. California data subjects may send an email to privacy@sharethis.com to exercise those rights of visit our data subject access page at CCPA GDPR Data Subject Access Request. California data subjects may also call us on our toll free CCPA privacy hotline at 1-800-272-1765.

We do not treat users that exercise any of the above rights differently. However, we may not be able to honor a right if doing so would violate applicable law. ShareThis does not sell data collected via our website or the data we use to operate our business. However, we transfer personal information collected via the ShareThis Publisher Applications to third parties and as such are considered to have sold data over the past twelve months under California law, including any of the Usage Data, Profile Information and/or audience segments.

Your California Data Subject Access and Deletion Rights

The California Consumer Privacy Act (CCPA) provides certain rights to California consumers – including the right to know the personal information that we may have about you, and the right to delete that information.  ShareThis is committed to transparency, and we want California consumers to have access to personal information that we may have about them and/or the devices that they may use to access the Internet.  We generally ask only for the minimum information necessary to help us process a subject access or deletion request and will keep information pertaining to your request for up to two years. If you are a customer of ShareThis with a login and password to the ShareThis platform, we ask that you first direct your request to the person or persons at your organization that administers the relationship with ShareThis.

If you’d like to make a CCPA access or deletion request, please send an email to privacy@sharethis.com. California data subjects may also call us on our toll free CCPA privacy hotline at 1-800-272-1765.

If you make a subject access request as set out in this policy, you are entitled to see and delete the personal information that we have about you including any digital identifiers such as cookie IDs and mobile advertising IDs that ShareThis may store. We will confirm your request within 10 days and make a good faith attempt to fulfill your request within 45 days.

Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information. Most of this information is described at least generally in our privacy policy.

Verifying Data Subject Access and Deletion Requests

We may take steps to verify your request and may require you to demonstrate or attest via affidavit that you own or control the computer or device from which you are making such requests – particularly where you are seeking access to or deletion of pseudonymous personal information such as digital identifiers.

We will fulfill requests we are able to verify so long as we are not prohibited from doing so by applicable law and/or the information is not essential to us for billing, fraud prevention or security purposes. We will share our reason(s) for denying your request in the event that we are unable to fulfill your request. If we are unable to fulfil your deletion request, we may invite you to make a request to opt-out at our privacy policy.

Access and Deletion Requests made via Authorized Agents

You may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will verify your request and/or require you to complete an affidavit as described above. We request that any authorized agent provide us with contact details such as an email address and phone number so that we may ensure a timely response to the consumer.

CCPA Metrics for 2020
Pursuant to CCPA Regulation 999.317(g), ShareThis informs you of the following metrics:
a. The number of CCPA requests to know that ShareThis received, complied with whole or part and denied in 2020: 9, 8, 1.
b. the number of CCPA requests to delete that ShareThis received, complied with whole or part and denied in 2020: 57, 57 and 0
c. The number of CCPA requests to opt-out that ShareThis received via our email form, complied with whole or part and denied in 2020: 1, 1 and 0.
d. The median number of days within which ShareThis substantively responded to requests to know, requests to delete and requests to opt-out: 10, 8, and 6
e. The number of opt-out requests we received via the ShareThis opt-out page or industry opt-out pages worldwide in 2020 was 18,887,357 and all resulted in the real-time placement of an opt-out cookie by ShareThis as described in this privacy policy.

1.Our Customers

We share Usage Data, Profile Information and/or audience segments for marketing and advertising purposes with:

1. Advertisers;
2. Publishers;
3. Advertising agencies and agency trading desks which operate technology platforms designed to deliver ads on websites and other forms of digital media;
4. Agency trading desks;
5. Data management platform which help advertisers and publishers organize data about Internet users;
6. Investment firms and financial institutions seeking to better understand how consumers use the Internet;
7. Device graph service providers who link different online identifiers to a single user;
8. Advertising technology providers which hep automate the. delivery of advertisements on websites and. other forms of digital media;
9. Research companies seeking to better understand consumer perceptions;
10. Data brokers and other data partners.

(all, our “Customers”) for the purposes listed in the section ‘Data Collection and Use.’

Where the GDPR applies to Usage Data and Profile Information and we share this data with our Customers, our Customers are independent controllers in relation to their processing of such data and they process it in accordance with their own privacy policies.

Customers may share the data which they process with other third parties who are not mentioned in this Privacy Notice, in accordance with their own privacy policies.   As an example, they may use third party service providers to display advertising or other content on their behalf. 

Please review some of our Customer’s privacy policies for more information:

LiveRamp: https://liveramp.com/privacy/
AppNexus: https://www.appnexus.com/platform-privacy-policy
Eyeota : https://www.eyeota.com/privacy-policy
Oracle: https://www.oracle.com/legal/privacy/privacy-policy.html
Lotame: https://www.lotame.com/about-lotame/privacy/
Nielsen: https://www.nielsen.com/ssa/en/legal/privacy-policy/
Retargetly: https://retargetly.com/privacy-policy
1plusX: https://www.1plusx.com/privacy-policy/
AptivIO: https://aptiv.io/privacy-policy
Dunn & Bradstreet: https://www.dnb.com/ca-en/utility-pages/privacy-policy.html

2. Other third party agents and service providers

We share the data described in this Privacy Notice trusted agents with data storage and processing facilities such as Amazon Web Services who are required under contract to only process data according to our written instructions and we require them to use data only for the purposes of providing services to us and to implement security controls and to maintain the confidentiality of that information. Here are the categories of service providers utilized by ShareThis:

• Cloud data storage providers such as Amazon Web Services;
• Customer billing systems providers;
• Email service providers offering tools to send emails on our behalf;
• Website analytics providers such as Google analytics;
• Customer relationship management software providers;
• Vendors assisting us with legally required audits;
• Third-party computer programmers helping ensure our systems are operating properly;
• Job ticket support vendors helping us record issues and debug; and
• Security vendors.

3. Data Retention

We have defined retention policies for different types of personal data. We only retain data for as long as necessary for the purpose for which we process it and only as long as it remains relevant, unless we need to retain it because we are required to do so by law, to defend and exercise claims, or for regulatory reasons.

3.1 Usage Data, Profile Information and Data Collected via ShareThis.com

We retain Usage Data and Profile Information for up to 13 months from the date of collection for targeted advertising, and for up to 36 months for insights and analytics. We also retain data collected via ShareThis.com for up to 36 months for analytics and to ensure that our website functions properly.

We may aggregate and anonymise data so that it can no longer be linked to a device or individual, therefore it ceases to be personal data, and we may retain this data for longer periods.

3.2 Account Information

We retain Account Information for as long as you have an active account with us. If you have not logged into any of our services with your username and password for a period of 14 consecutive months, we may deem your account as being inactive and delete your Account Information. This could result in the loss of data you may have saved and we do not accept liability for such deletion.

You always have the option to cancel your account with us at any time. Simply sign into the site and click on the My Account at the top of the page. Click on Edit Profile and then select Deactivate Account and follow the instructions. You may also request to have your Account Information removed by submitting a request to privacy@sharethis.com.

4. Data Security

The security of your information is a high priority to ShareThis. We have implemented industry-standard security measures.

While no transmission of data over the Internet is guaranteed to be completely secure, we strive to protect your data. It may be possible for third parties not under the control of ShareThis to unlawfully intercept or access transmissions of private communications. ShareThis cannot ensure or warrant the security of information you transmit to us.

ShareThis is a member of the following self-regulatory programs:

Network Advertising Initiative (NAI):

ShareThis adheres to the NAI Code of Conduct.  NAI offers an online web opt-out platform to allow consumers to express their choices and provides general information related to privacy and Interest Based Advertising.

The Digital Advertising Alliance (DAA):

ShareThis adheres to the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising.  The DAA opt-out platform offers the consumer a choice page to opt out from advertising services, and general information related to privacy.

EDAA:

ShareThis adheres to the European Interactive Digital Advertising Alliance’s (“EDAA”) principles.  The EDAA opt-out platform offers consumers in the European Union a choice page to opt out from advertising services, and general information related to privacy.

GDPR and Swiss Privacy Shield:

ShareThis, Inc. is committed to protecting data and enabling individual privacy rights in every location we do business. Therefore, we comply with the GDPR and the EU-US and Swiss-US Privacy Shield Frameworks.

In accordance with the GDPR, which is designed to empower and protect the data privacy rights of EU individuals, ShareThis makes available user consent tools (ShareThis is a registered CMP with the IAB Transparency and Consent Framework), as well as facilitating user data rights outlined throughout this notice.

Furthermore:

This process does not mean you will stop seeing advertisements, but that the advertisements you do see will not be influenced by the Usage Data collected and Profile Information used by ShareThis. 

If you have any questions about your opt-out rights, you can write to us at privacy@sharethis.com.

Browser environment: (desktop, tablet, and smartphone browsers)

When you change your consents or opt out, an opt-out cookie will be set on your browser. We must maintain the opt-out cookie on your browser in order to recognize you as having opted out from our service. The ShareThis opt-out cookie is like any other cookie; therefore, if you clear that cookie from your browser, use a different internet browser, or use a new computer to access the internet you must go through the process again.

You can also opt out by visiting the following links.

Network Advertising Initiative (“NAI”) Opt-Out Platform

Digital Advertising Alliance (“DAA”) Opt-Out Platform

European Interactive Digital Advertising Alliance (“EDAA”) Opt-Out Platform

The Ghostery browser extension is also a good tool to see a list of all third-party cookies on each website you visit and allows you to selectively opt out.

Note:

The opt-out tools above are currently cookie-based ie they set a cookie on your browser which tells us that you have opted out. This means that the opt-out will only function if your browser is set to accept third party cookies. If your browser is set to automatically reject cookies or if you remove all cookies from your browser, the opt-out mechanism will not work since we would not see an opt-out cookie on your browser.

Also keep in mind that cookies are browser based, therefore if you change browsers, operating systems or computers you would need to opt out again.

Mobile environment:

While the opt-out methods described above often work for mobile web browsing, they are cookie-based and are therefore less reliable in mobile “app” environments that may not accept interest-based advertising cookies.

Instead, you can typically opt out at the mobile platform level by the “limit ad tracking” function within the settings, as described below. Though we do not collect data from mobile apps for interest-based advertising, we or third parties we work with may use such data collected by others in delivering interest-based ads.

Most Android Users:

To use the “opt-out of interest-based advertising” option, follow the instructions provided by Google here: Google Play Help.

Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.

iOS users: (version 6 and above)

To use the “Limit Ad-Tracking” option, follow the instructions provided by Apple here: Apple Support Center.

Please note that this is a device setting and will disable interest-based ads from all providers, and not just for ShareThis.

Do Not Track:

You may also stop the collection of your Usage Data by using the do-not-track function of your browser. ShareThis recognizes these do-not-track signals from your browser. As required by law, or where we are able to ascertain that such signals are enacted by you and not set by default by your browser, we will consider them to be an indication that you have opted out.

Onward Transfer/Privacy Shield:

ShareThis complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland to the United States in reliance on Privacy Shield. The Privacy Shield is administered by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries as well as Switzerland and the United Kingdom. ShareThis has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

In the context of an onward transfer, ShareThis is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. ShareThis shall remain liable under the Privacy Shield principles if its agent processes such personal data in a manner inconsistent with the Privacy Shield principles, unless the ShareThis proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-US and Swiss-US Privacy Shield Principles, ShareThis commits to resolve complaints about your privacy and our collecting or use of your personal information. European Union, UK, or Swiss individuals with inquiries or complaints regarding this privacy notice should first contact ShareThis directly at privacy@sharethis.com. We will respond to your complaint within 30 days of receipt.

We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

For residual disputes that cannot be resolved by the methods above, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield. 

If you believe we have not respected your rights or otherwise not handled data correctly, then we encourage you to contact us directly and we will do everything possible to help.

However, where you still have a complaint, then you have the right to raise the matter with the Supervisory Authority (or data protection agency) in your country for resolution.