Global Privacy Notice-job applicants and candidates

Effective date: January 1, 2023

This Privacy Notice (the “Notice” or “Privacy Notice”) tells you how Definitive Healthcare, LLC and its subsidiaries* (collectively “Definitive Healthcare” “we” or “us”) processes personal information we collect from job applicants or candidates (collectively, “you”) and your rights and choices in respect of same.

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. Please take the time to read this Notice and the related statements in their entirety to ensure you are fully informed. This Notice is not a contract and does not create any legal rights or obligations.

We may change this notice from time to time. We will post any changes to this notice on this page. Each version of this notice is identified at the top of the page by its version date.

What is personal information?

The term “personal information” in this Notice, means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you.

Employees, former employees, and independent contractors:

If you are an employee, former employee, or independent contractor retained by Definitive Healthcare, this Notice is not applicable to you, please contact us at privacy@definitivehc.com and request a copy of the Global Employee Privacy Notice.

Compliance with specific laws

You should be aware that data privacy laws may be different in the various countries where Definitive Healthcare and its subsidiaries operate. Our policy is to comply with applicable laws in each specific jurisdiction and therefore you may receive notices and documentation supplementary to this Notice may also implement additional measures in those locations as required by applicable laws.

If you are resident in:

The EEA* or Switzerland (the “European Countries”) or the United Kingdom and if the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or the UK General Data Protection Regulation (“UK GDPR”) applies to the processing of your information, please see the GDPR Addendum Notice below for more specific information including what rights may be available to you and how to exercise them.
*European Economic Area including the European Union.
The State of California and the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to you. Please see the CCPA Applicant Privacy Addendum Notice (“CCPA Notice”) below for more specific information including what rights may be available to you and how to exercise them.
Any other country and wish to exercise rights available to you under applicable law, please contact us using the contact details provided in the “How to contact us” section of this Notice.

How we collect your personal information

We collect certain personal information about you in the following ways:

Directly from you, such as when you directly send us a job application including when you access and use any of the applicable links to the Definitive Healthcare careers website https://www.definitivehc.com/about/careers, or otherwise provide your information to us.
From third party sources, such as where we find your contact information on websites such as, for example, LinkedIn or when we work with recruitment agencies who may provide contact information of people who may be interested in employment with us and so forth.
Through personal recommendations or referrals from individuals who know you.

Categories of information we collect about you.

Information we collect will depend on your location and applicable law.

We collect the following categories of personal information from you and through the recruitment process:

Contact information and other identifiers, such as your name, date of birth, government identification numbers or similar, photo (where you provide same to us), email address, postal address, and phone number.
Professional or employment-related information, such as resume, CV, residency and work permit status (if applicable), work history, professional background, work and personal references, and social media or LinkedIn profile.
Educational information, such as educational history, qualifications, certifications, and skills.
Financial Information: salary information and other benefits.
Data for diversity monitoring, such as veteran status, gender, race, ethnicity, and disability (strictly where the collection of such data is allowed by law,).
Citizenship or immigration information, such as for visa purposes, and right to work information.
Other information you have chosen to voluntarily submit to us in connection with your application for employment, such as contact information of references, information disclosed in an interview, compensation history, and information about your personal situation.
Usage data: such as technical details about your visit to our recruitment portal, or analytics data relating to your usage and activity on our online services.

We may also collect personal information about you from other sources, such as:

Information from third-party sources Examples of third-party sources include employment screening agencies, background check agencies (if permitted by applicable laws in your location), recruiting agencies, service providers, former employers and/or schools and educational institutions, publicly available information on websites or social media (e.g., when applying through LinkedIn), and others where they are legally allowed to share your personal information with us. For example, if you register to be contacted by prospective employers on another website, the website may provide your personal information to us.
Where individuals refer you or pass your information to us.

Sensitive information:

Personal information also includes “Sensitive personal information”. Depending on your location the definition of what constitutes sensitive or special category personal information will differ.

EEA/UK: Under the GDPR/UK GDPR, sensitive personal information includes any information that reveals your racial or ethnic origin, religious, political, religious, or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health-related data, sex life, sexual orientation (“Sensitive personal information”).

India: Under applicable data protection laws of India, sensitive personal information (SPDI) includes information relating to; password; certain financial information; physical, physiological, and mental health condition; sexual orientation; medical records and history, biometric information. Employees in India have received more information about how this information is processed and upon what legal grounds as well as providing express consent where such sensitive data is processed.

United States/other locations: In the case of certain employees who are generally not in the European Countries (usually in the United States) we may process information you have provided to us on a voluntary basis about your race or ethnic origin, veteran or disability status in order to ensure meaningful equal opportunity monitoring and reporting.

California: Please see the CCPA Applicant Privacy Addendum Notice (“CCPA Notice”) for more information regarding how we process sensitive data and your rights.

In all cases, we will handle your Sensitive Personal Information where permitted in accordance with applicable laws. If you have questions about this, please contact us using the information provided in the “How to contact us” section of this Notice.

How we use personal information

In general, we collect, use, store, and process your personal information to:

Process your job application for employment.
Identify you as a candidate, assess and evaluate you in the recruitment and hiring process either for a specific position you have applied for or for other available positions or job openings as a suitable candidate.
Add you to our candidate pool for consideration for future positions as they arise.
Communicate with you or others on your behalf about your application or job opportunities.
Verify information you may have provided us as needed.
Ensure compliance with our legal or regulatory obligations.
Monitor and support diversity and equal employment opportunities.
Analyze hire trends with aggregate and anonymous data.
For research, general recruitment and other purposes we may use aggregated or de-identified information.
Review your immigration status, eligibility to work in a particular location and/ or review visa applications.
For administration purposes and to manage your relationship with us.
Conduct internal investigations, audits, compliance, risk management, problem resolution and security operations.
Comply with applicable laws, rules, regulations, legal proceedings, enforcement actions, and government investigations, including relating to tax reporting and immigration.

How we share your personal information

We do not disclose your personal information to any third party in a manner that would be considered a sale under applicable laws.

We may share your information in a manner consistent with this notice and in accordance with applicable law.

Service providers. We share your personal information with other companies we use to support our recruitment processes such as third party software or systems providers. These companies may provide services like talent acquisition and administration services, background checks, and employment history checks. These service providers may change over time but we will always use trusted vendors who will handle your Information with the utmost care.
Group companies. We share your personal information with our group companies as necessary.
Recruitment agencies. We may share your personal information with recruitment agencies with whom you provided your personal information or make your personal information publicly accessible to recruitment agencies.
Your employer or organization or reference checks. When you apply for a position with us we may contact your previous or current employer (if you wish us to do so) to verify your employment history, or your references if provided by you.
Legal requirement. We may share your personal information with judicial or regulatory authorities to follow applicable law or to respond to legal process.
Business transactions. We may share your personal information during a corporate transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions.
Consent. We may share your personal information in other ways if you have asked us to do so or have given consent.
Sale or merger: Where we consider or engage in a business transition, like a merger, acquisition by another company, or sale of all or part of our assets, we may disclose or transfer your personal information to the purchaser.

Retention of your personal information

The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Generally, this means we retain your personal information to comply with any retention or statutory limitations, and as reasonably needed for the purposes described in this notice including our recruitment processes, including to respond to recruitment inquiries. If you are successful in your application and become an employee retention of your personal information will be subject to our Global Employee Privacy Notice.

How we protect your personal information

To keep your personal information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the personal information we collect, use, and store, and the current state of technology. We protect your personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure and alteration.

GDPR Addendum Notice

This section of this Notice applies to employees in European Countries EEA and Switzerland, the United Kingdom (the “Designated Countries”):

GDPR and UK GDPR

To the extent you are located in the Designated Countries then the Definitive Healthcare corporate entity which processes your application is the data controller of your personal information. For applicants who apply for a job with our subsidiary in Sweden, the data controller will be Monocl AB.

Legal basis

For employees in the Designated Countries, our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we normally collect or use personal information from you or others where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. For example, our legitimate interests may be to:

Retain personal information to process your job application and to store your information for our purposes as well as to comply with applicable laws and regulations.
Use personal information to facilitate communication with you and perform data analytics to ensure recruitment of appropriate job candidates and prospects in accordance of best recruitment practices.
Manage applicants and conduct our recruitment processes efficiently and fairly.

Your rights under the GDPR and the UK GDPR
Please see the section Your Privacy Rights below. You can also find information about how you can contact the data controller and our data protection officer in the Section “How to contact us” of this Notice.

Cross-border transfer of personal information

Personal information collected under this Privacy Policy may be transferred from time to time to our global offices, personnel, and/or to our service providers in countries globally. If you are a resident in the Designated Countries and we transfer your personal information outside of the EEA or the UK to a country with data protection laws that may offer a different level of protection, we rely on legally available data transfer mechanisms including, where applicable, European Commission-approved Standard Contractual Clauses.

Your privacy rights

You may have certain rights related to your personal information, subject to local applicable data protection laws in your country. Please note your rights and choices vary depending upon your location. One example is the Right to opt out-if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Certain personal information may be exempt from such requests under applicable law.

GDPR and UK GDPR: If you are in the European Countries, you may have the right to:

Request access to your personal information (commonly known as ‘subject access request’). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove your personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your personal information in certain circumstances.

Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party.

Lodge a complaint with the relevant supervisory authority in the EEA or UK as appropriate to you.

Monocl AB’s lead supervisory authority is: The Swedish Data Protection Authority (Integritetsskyddsmyndigheten) contactable by email at: imy@imy.se

California: If you are a California resident, please see our CCPA Applicant Privacy Addendum Notice (“CCPA Notice”) below for additional disclosures and information about the personal information we have collected about you over the last 12 months and your data subject rights. If you wish to exercise your rights or have any questions about the processing of your personal information, you can contact us using the information provided in the “How to contact us” section of this Notice.

We respond to all requests we receive from all individuals wishing to exercise their data protection rights as required by and in accordance with applicable data protection laws. Please note that we reserve the right to refuse any request to exercise such rights to the extent permitted by applicable law.

To protect your privacy and security, we may take reasonable steps to verify your identity before granting you access or making corrections or otherwise processing your request. Please note that we reserve the right to refuse any request to exercise such rights if applicable law dictates.

Updates to this Notice This Notice may be updated periodically to reflect any necessary changes in our privacy practices. When we do, in all cases, we will revise the “last updated” date at the top of the privacy notice. This Notice replaces any other applicant privacy notice or policy covering your Definitive Healthcare’s general use and disclosure of your information that you may have previously received, including from us or from any company or entity that we may have acquired.

How to contact us

In compliance with applicable law, we commit to consider and resolve complaints about your privacy and our processing of your Personal Information. If you wish to exercise your privacy rights or if you have questions or concerns about our data use practices or this notice, please contact us as follows:

Residents of all jurisdictions/locations including the United States can contact us at:

E-mail: privacy@definitivehc.com

Postal mail: 
Definitive Healthcare 
Attn: Data Privacy Officer 
550 Cochituate Road 
Suite 4 
Framingham, MA 01701 

Residents of the EEA and Switzerland

If you wish to contact the data controller to exercise any of your rights under the GDPR or need further information concerning the lawful basis on which we collect and use your personal information, please contact us as follows:

By e-mail: privacy@monocl.com

Postal mail:
Monocl AB
Attn: Nicola Sheehan-Björklund (Data Protection Officer)
Hvitfeldtsplatsen 7,
41120 Inom Vallgraven
Gothenburg
Sweden

CCPA Applicant Privacy Addendum Notice (“CCPA Notice”) – for California employees and independent contractors

This CCPA Notice is an addendum to the Definitive Healthcare-Global Applicant Privacy Notice (the “Notice”) and shall apply to you only if you are a Californian resident applying for a job/position with Definitive Healthcare LLC or its subsidiaries (collectively “Definitive Healthcare” “we” or “us”).

As used in this CCPA Notice, “sell” (including any grammatically inflected forms thereof) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, applicant information (as defined below) to another business or a third party for monetary or other valuable consideration.

“Selling” does not include (i) disclosing applicant information to a third party at your direction, provided the third party does not sell the applicant information except in accordance with the CCPA, (ii) where you intentionally interact with a third party, provided the third party does not also sell the applicant information, (iii) using or sharing your applicant information with a service provider as necessary to perform business purposes, provided that such service provider provides its services on Definitive Healthcare ’s behalf and provided that the service provider does not further collect, sell or use the applicant information except as necessary to perform the business purpose, or (iv) transfers of your applicant information to a third party as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of Definitive Healthcare or its group entities provided that information is used or shared consistently with the CCPA.

We do not disclose your personal information to any third party in a manner that would be considered a sale under applicable laws.

Applicant personal information (“applicant information”)

Applicant personal information collected: We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you, your device, or your households, to the extent you are a California Resident (“applicant information”). Applicant personal information does not include deidentified or aggregated information, publicly available information from government records, or any other information that is excepted from the definition of “personal information” under the CCPA as amended by CPRA, or any information that is otherwise not regulated by the CCPA, such as personal information covered by certain sector-specific privacy laws, such as Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related statutes. In particular, we have collected the following categories of applicant information from California residents, households or devices within the last twelve (12) months:

Category	Examples	Business or commercial purposes for which we collect and use applicant information.	Categories of third parties to whom we have disclosed applicant information for a business or commercial purpose in the preceding twelve (12) months.	Categories of sources from which applicant information is collected.
A. Identifiers.	Name, date of birth, alias, address, telephone number, unique personal identifier, spouse/partner/ dependent information, gender, email address, emergency contact information, account name, Social Security card and number, immigration visa, tax identification number, driver’s license image and number, passport image and number, or other similar identifiers.	To evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable).	Third party service providers Other group companies or affiliate entities As described in the Section How we share your personal information of the Privacy Notice above.	Submitted to us by you
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	Name, signature, Social Security card and number, address, telephone number, passport image and number, driver’s license or state identification card image and number, insurance policy number, education, employment, employment history, bank account number.	To evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable).	Third party service providers customers and prospective customers, solely with respect to employees and contractors Other group companies or affiliate entities As further described in the Section How we share your personal information of the Privacy Notice above.	Submitted to us by you.
C. Protected classification characteristics under California or federal law.	Race; Color; Religion (includes religious dress and grooming practices; Sex/gender (includes pregnancy, childbirth, breastfeeding and/ or related medical conditions); Gender identity, gender expression; Sexual orientation; Marital status; Medical Condition (genetic characteristics, cancer or a record or history of cancer); Military or veteran status; National origin (includes language use and possession of a driver’s license issued to persons unable to provide their; presence in the United State is authorized under federal law; Ancestry; Disability (mental and physical including HIV/AIDS, cancer, and genetic characteristics); Genetic information; Request for family care leave; Request for leave for an employee’s own serious health; condition; Request for Pregnancy Disability Leave; Retaliation for reporting patient abuse in tax-supported institutions; Age (over 40)	For government reporting obligations and/or ongoing equal opportunities monitoring.	Third party service providers As described in the Section How we share your personal information of the Privacy Notice	Submitted to us by you.
D. Commercial information.	Receipts for reimbursement purposes.	To facilitate the recruitment process	Third party service providers of the Privacy Notice above Other group companies or affiliate entities As described in the Section How we share your personal information of the Privacy Notice	Submitted to us by you.
E. Internet or other similar network activity.	Browsing history, search history, information on your interaction with a website, application, or advertisement.	To facilitate the recruitment process For security and to improve our recruitment processes	Third party service providers As described in the Section How we share your personal information of the Privacy Notice	Collected when you interact with our job postings or apply for a position
F. Professional or employment-related information.	Resume, CV, substantive areas of expertise, cover letter, payroll withholding information, rate of pay and any other compensation paid, starting date of employment or contract engagement, job or contract applications, and/or other forms of employment or contract engagement inquiries submitted to us, waivers and other employment or contractual engagement agreements, termination notices, documents related to discipline, and evaluations and other information related to job performance.	If you are an Applicant, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable).	Third party service providers Other group companies or affiliate entities As described in the Section How we share your personal information of the Privacy Notice	Submitted to us by you.

Use of applicant information; categories of sources: We use applicant information for the business or commercial purposes described in the table above and for the business or commercial purposes described in the Section How we use your personal information of the Privacy Notice above. Regarding the categories of sources from which applicant information is collected, we collect applicant information from the categories of sources specified in the table above.
If you are a resident of the State of California, the provisions of this notice describe the personal information we collect about you as well as the purposes for which we collect share and use that information as currently required under applicable law (CCPA). In the event that rights which may be afforded to you under applicable law become effective we will update this Privacy Policy at the appropriate time and as the law requires.
Disclosures of applicant information: We may disclose your applicant information described in the table above to a third party for a business or commercial purpose, as described in Section How we share your personal information of the Privacy Notice above. In the preceding twelve (12) months, we have disclosed the categories of applicant information described in the table above for a business or commercial purpose to the categories of third parties described in the table above.
California residents’ rights and choices: This Section 4 describes your CCPA rights and explains how to exercise those rights.
1. Access to specific information and data portability rights: You may have the right to request that we disclose certain information to you about our collection and use of your applicant information over the past 12 months. Once we receive and confirm your verifiable request (in the manner described in Section 5 below), to the extent required by the CCPA, subject to applicable law, we will disclose to you:
  1. The categories of applicant information we collected about you.
  2. The categories of sources for the applicant information we collected about you.
  3. Our business or commercial purpose for collecting that applicant information.
  4. The categories of third parties with whom we share that applicant information.
  5. The specific pieces of applicant information we collected about you (also called a data portability request).
  6. If we disclosed your applicant information for a business or commercial purpose, a list of disclosures we made for a business or commercial purpose, identifying the applicant information categories that each category of recipient obtained.
2. Deletion request rights: You have the right to request that we delete any of your applicant information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you (if you are a California resident) in the manner described in Section 5 below (“verifiable request”), we will delete your applicant information from our records, unless an exception applies or applicable law dictates otherwise.
3. Correction request rights: You have the right to request that we correct any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you (if you are a California resident) in the manner described in Section 5 below (“verifiable request”), we will update and correct inaccuracies in your personal information from our records, unless an exception applies or applicable law dictates otherwise.
4. Opt-out of sharing your personal information: You have the right to request that we do not sell or share your personal information. We do not disclose your personal information to any third party in a manner that would be considered a sale under applicable laws. To opt out of sharing your personal information, you can click the “Do Not Sell or Share My Personal Information” link in the footer of the website as described in Section 5 below.
5. These rights may not be available to you based on where you are located or may be limited in some circumstances by law, including for example, maintaining personal information for the establishment, exercise, or defense of legal claims.
Exercising access, data portability, and deletion rights:
1. To exercise the access, data portability, deletion, and correction rights described in Section 4 of this CCPA Notice, please submit a verifiable request to us by either:
  
  (1) calling us at toll free number 1-866-679-6461; or
  (2) submitting a data subject rights request form here Privacy Request Form; or
2. To exercise the right to opt-out of sale or sharing of your personal information, as described in Section 4 of this CCPA Notice, you can click the link “Do Not Sell or Share My Personal Information” at the bottom of that website.
3. In the event you wish to contact us regarding how we process your personal information, please see the “How to contact us” section above.
4. Only you, or someone legally authorized to act on your behalf (such as an authorized agent), may make a verifiable request related to your applicant information. You may also make a verifiable request on behalf of your minor child. You may make a verifiable request for access or data portability no more than twice within a 12-month period. The verifiable request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected applicant information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with applicant information if we cannot verify your identity or authority to make the request and confirm the applicant information relates to you. Making a verifiable request does not require you to create an account with us. We will only use applicant information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
5. We endeavour to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your applicant information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, considering the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify you of the reason for refusing the request.
Non-discrimination: We will not discriminate against you for exercising any of your CCPA rights, including, unless permitted by the CCPA, by:
1. Denying you goods or services.
2. Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
3. Providing you a different level or quality of goods or services.
4. Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.