Effective Date: April 1, 2021
Definitive Healthcare (“we”, “our”, “us”) is dedicated to providing the most comprehensive and accurate information and analytics on the healthcare provider market.
For residents of the State of California, please click here to access the California Privacy Disclosure find out more information including how to exercise your rights under the California Consumer Privacy Act (“CCPA”) review our CCPA policy.
Definitive Healthcare provides a world class healthcare data and analytics platform providing access to business information about healthcare providers and associated individuals (“Business Information”). The information we collect is combined into healthcare provider profiles and made available to enterprise customers of Definitive Healthcare for the purposes described below.
We collect data for our healthcare provider profiles in different ways and from different sources including:
In the case of healthcare professionals (HCPs) such as medical doctors, surgeons, and nurse practitioners, we collect business personal information, such as National Provider Identification Number, name, place(s) of employment, practice address, business e-mail and phone, affiliations to other HCOs (defined below), clinical, and quality data.
We also collect data from healthcare organizations (HCOs), including:
We also contract with service providers for data collection, maintenance, hygiene, and quality purposes and receive data from these service providers. We take measures to ensure that all our service providers use the information we share with them solely for the purposes of the engagement. Please see more in the “Service Providers” section below.
If you are a user of or visitor to our platform, in order to provide you with a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and e-mail address. The information that we collect will be used to contact or identify you in order to provide you information about services of interest, free trials, product demonstrations, and other relevant items that may be of interest.
We may also obtain information provided by you via conferences or tradeshows when you interact with our employees or access our materials at the event. We also collect information where you are an enterprise customer; please see the section “Customer Information we collect” below.
We also collect data from cookies stored on your device. For more information, please visit our Cookies Policy.
We license our product to our enterprise customers’ organizations who may wish to grant access to the product to their employees. If you are such an employee nominated by your employer as a user to access the Service, your employer may provide us with information such as your name, title, and e-mail address in order to create a credentialed log-in for our Service. After receiving log-in information, you may choose to use our Service for the purposes for which the license was granted. During your time using our Service as a registered user, we may collect the following additional data:
All of the above categories of information in this section are called “Customer Information”.
Under your organization’s license agreement, some individuals at your organization may have the right to access information for all users at your organization for purposes of tracking usage patterns across the organization. If you have questions about who at your organization can see your data, please contact your organization’s point of contact for Definitive Healthcare. If you do not know your company’s point of contact, we can if necessary, provide you with that information.
Definitive Healthcare may use Customer Information for its legitimate business interests, including to:
We share your information in the following ways:
Definitive Healthcare may make healthcare provider profiles, as described above, available to our licensed customers. If you are an HCP and do not want your information to be shared in this way please see the section entitled “Your Privacy Choices” below.
We may share your information with third-party vendors and service providers for a variety of business purposes, including:
We may share your information when required by law, subpoena, search warrant, or other lawful requests made by appropriate law enforcement agencies or enforce rights, including to:
We may share or transfer your information during the process or completion of any change in company ownership or structure or transaction involving a substantial portion of our assets, such as an investment, divestment, merger, acquisition, or bankruptcy, as part of the transferred assets.
Definitive Healthcare may share information in other ways that you specifically agree to while using our services.
We may if necessary share your information with our affiliate or group companies.
We want you to be clear about how to exercise your applicable rights and choices regarding the processing of your personal information and we have developed processes for individuals to exercise their rights as necessary.
Newsletters and marketing materials
If you wish to opt-out of our newsletter or other marketing materials, you may opt-out using the information in the specific communications or by filling out the form at this link. After receiving your request, we will send you an e-mail to confirm that you have been unsubscribed from the specific communications you requested.
Healthcare Provider Profiles
If you are an individual (including a HCP) and would like to opt-out of having your personal information provided to our enterprise customers (as applicable) please contact us using the online form here or using the information in the section entitled “Further Questions-Contact” below.
Attn: Data Privacy Officer
550 Cochituate Road
Framingham, MA 01701
Upon receipt of your request(s) we will respond to you in writing and honor your request(s) as we are required to do in accordance with law.
All data subjects/individuals
Residents of California can read about and exercise their rights by accessing our CCPA Privacy Statement.
If you are resident in the EEA or Switzerland, you can read about your rights and how to exercise them in the section entitled “Your rights under the GDPR” below.
Upon receipt of your request(s) we will respond to you in writing and act as appropriate in accordance with applicable law. To protect your privacy and security, we may take reasonable steps to verify your identity before granting you access or making corrections. In the case of deletion requests, please be aware that that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personally identifiable information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personally identifiable information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.
Definitive Healthcare takes the security of your data seriously. We invest considerable resources in implementing technical and organizational measures to secure your information. We value your trust in providing us your personal information and strive to use commercially acceptable means of protecting it. Definitive Healthcare takes reasonable steps to ensure that personal information is reliable for its intended use and all such information is up-to-date, accurate, and complete, and we remind you however, that no method of electronic transmission or electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Our site includes features from social media sites that allow you to like, share, or comment on content we post. Those features are governed by the privacy policies of the companies providing the feature. These features may collect information about you in order to provide the services requested, such as your IP address.
Definitive Healthcare’s products and services are directed at business professionals. Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we will delete this from our servers.
What information do we collect about data subjects in the EEA or Switzerland?
You can read about the general categories of information we collect in the section “Collection and Use of Information” above, however in the case of data subjects to whom the GDPR applies, we only collect the information about data subjects interested in our products and services. Only professional information is collected, and no sensitive personal information is collected or processed. We also collect information from data subjects who access our website in the EEA and Switzerland.
We do not collect personal information about HCPs in the EEA or Switzerland however we do track information on Healthcare Organizations (HCOs) in these regions but no information on specific individuals is collected by us as part of this process.
Data Controller and legal grounds for processing
If the GDPR applies to the processing of your data, then Definitive Healthcare is the data controller of your personal information.
Our legal basis for collecting and using the personal information described above will depend on the personal information collected and the specific context in which we collect it. However, we will normally collect personal information from you only where you have given your consent, to fulfill the obligations of a contract or agreement with you, and as otherwise necessary to protect our legitimate interests provided those do not conflict with your rights related to data privacy.
If we ask you to provide personal information to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your information is mandatory or not (as well as of the possible consequences if you do not provide the same).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to provide our services, communicate with you and for our legitimate commercial interest, for instance, by responding to your queries, improving our Services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
Transfer of your information
Your rights and how to exercise same
Under the terms of GDPR, you have the following rights:
Any requests must also include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via e-mail or in writing, asking only for information that we would need to respond to your request thoroughly and promptly. We will avoid requesting more information as much as possible.
To exercise any of your rights listed above, please contact the data controller at firstname.lastname@example.org: or by using the contact information in the “Further Questions-Contact” section below.
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us as first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. For more information about the cookies collected and your choices see our Cookies Policy here.
Your browser or device may include ‘Do Not Track’ functionality. Our information collection, disclosure practices, and the choices that we provide to visitors will continue to operate as described in this Policy, whether or not a Do Not Track signal is received.
Our website utilizes web beacons for the purpose of improving our website’s operation and improving the effectiveness of our customer and marketing communications. Web Beacons can be used alongside cookies to provide data about your web-browsing habits, such as when you visited a website or if you were directed to the website from a marketing e-mail. We also may use other standard Internet technologies for similar purposes when you visit our websites or interact with us online.
Check out our Frequently Asked Questions here.
Attn: Data Privacy Officer
550 Cochituate Road
Framingham, MA 01701