Start of Main Content

Your rights under the GDPR

This section of the Definitive Healthcare Privacy Policy provides specific information about how we comply with the EU General Data Protection Regulation (“GDPR”). It supplements the information contained in the rest of our Privacy Policy and applies to all data subjects residing in the EEA and Switzerland.

What information do we collect about data subjects in the EEA or Switzerland?

You can read about the general categories of information we collect in the section “Collection and Use of Information” above, however in the case of data subjects to whom the GDPR applies, we only collect the information about data subjects interested in our products and services. Only professional information is collected, and no sensitive personal information is collected or processed. We also collect information from data subjects who access our website in the EEA and Switzerland.

We do not collect personal information about HCPs in the EEA or Switzerland however we do track information on Healthcare Organizations (HCOs) in these regions but no information on specific individuals is collected by us as part of this process.

Data Controller and legal grounds for processing

If the GDPR applies to the processing of your data, then Definitive Healthcare is the data controller of your personal information.

Our legal basis for collecting and using the personal information described above will depend on the personal information collected and the specific context in which we collect it. However, we will normally collect personal information from you only where you have given your consent, to fulfill the obligations of a contract or agreement with you, and as otherwise necessary to protect our legitimate interests provided those do not conflict with your rights related to data privacy.

If we ask you to provide personal information to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your information is mandatory or not (as well as of the possible consequences if you do not provide the same).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to provide our services, communicate with you and for our legitimate commercial interest, for instance, by responding to your queries, improving our Services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

Transfer of your information

Personal information from data subjected in the European Union may be transferred to the United States or another country where our affiliates, service providers, or sub-contractors are located. These countries may have data protection laws that are different to the laws of your country. In such cases we have taken appropriate safeguards to require that your data will remain protected in accordance with this Privacy Policy. These include putting in place the current version of the EU Model Clauses or other adequacy provisions.

Your rights and how to exercise same

Under the terms of GDPR, you have the following rights:

  • Right of access: You have the right to know what data about you that we process and request access to same (subject access request). This enables you to receive a copy of the personally identifiable information we hold about you and to check that we are lawfully processing it. If requested, we will provide the information in a machine-readable format that is industry standard and will easily be portable to another entity. We will not charge a fee to process or respond to your request unless we reasonably determine it is excessive, repetitive, or manifestly unfounded. As such, if we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the data subject’s request. 
  • Right to rectification: You have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure/right to be forgotten: You have the right to request to delete or remove any personal information data that we may have about you and we will honor those requests to the extent legally and technically possible provided that we can verify your identity and we are not obligated to keep the data for other allowable reasons (e.g. required by law).
  • Right to restriction of processing: You have the right to restrict or stop the processing of your personal information in certain circumstances, such as where you exercise your rights to rectification and completion. This enables you to ask us to suspend the processing of your personally identifiable information, for example, if you want us to establish its accuracy or the reason for processing it.
  • Right to data portability: You have the right in certain circumstances to request the transfer of a copy of the information we hold about you to another party. If requested, we will provide the information in a machine-readable format that is industry standard so that it is easily be portable to another entity.
  • Right to object: You have the right to object to us processing your personal data at any time, unless we are obligated to in certain circumstances (e.g. required by law).
  • Right to withdraw consent: if you have previously given consent to us to collect or process your information, you may withdraw that consent at any time. Please contact us at the methods below.
  • Right to lodge a complaint with a data protection authority: If you are resident in the European Union (EEA) or Switzerland you have the right to register a complaint about our data collection and processing activities with the supervisory authority concerned. For more information on data protection authorities, please visit here.

Any requests must also include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via e-mail or in writing, asking only for information that we would need to respond to your request thoroughly and promptly. We will avoid requesting more information as much as possible.

To exercise any of your rights listed above, please contact the data controller at privacy@definitivehc.com: or by using the contact information in the “Further Questions-Contact” section in the Definitive Healthcare Privacy Policy.