Start of Main Content

Definitive Healthcare U.S. supplemental privacy policy

California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”), together referred to as (“CCPA”); the Colorado Privacy Act (“CPA”); the Connecticut Personal Data Privacy and Online Monitoring Act (“CTDPA”); the Virginia Consumer Data Protection Act (“VCDPA”); and the Utah Consumer Privacy Act (“UCPA”)

Effective date: July 1, 2023 (Recently updated December 31, 2023)

This Privacy Policy supplements the information in Definitive Healthcare’s Global Privacy Policy for residents of U.S. states with comprehensive privacy laws. This policy describes the types of Personal Information that Definitive Healthcare may collect or process from U.S. residents in those states, how we may use and disclose that information, and how you may exercise any rights you may have regarding our processing of your Personal Information.

This Privacy Policy applies to Personal Information collected or processed by Definitive Healthcare from or about U.S. residents in states with Comprehensive Privacy Laws, including: the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CPRA”), together referred to as (“CCPA”); the Colorado Privacy Act (“CPA”); the Connecticut Personal Data Privacy and Online Monitoring Act (“CTDPA”); the Virginia Consumer Data Protection Act (“VCDPA”); and the Utah Consumer Privacy Act (“UCPA”). Collectively, these laws are referred to as “State Comprehensive Privacy Laws” in this Supplement, and this Supplement only applies to residents in those states unless otherwise noted.

This Supplement uses the terms “consumer,” “personal data” or “personal information,” and “sale” as defined in their respective laws. References to “Personal Information” include personal data or personal information as defined under State Comprehensive Privacy Laws.

Personal Information collected

Personal information we collect. In the past 12 months, depending on your use of the Service, we may have collected the following Personal Information about you:


Category   


Examples of data collected   


Collect   


Disclose   


Sell   


Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.   

  • Name (First, middle and last)
  • Business E-mail
  • Business Phone
  • Business Address   
  • Internet Protocol Address
  • National Provider Identification Number
  • Personal E-mail
  • Mobile phone number 


Yes


Yes


Yes


Personal Information as defined in the California customer records law, Section 1798.80(e), such as name, contact information, education, employment, employment history and financial information.

  • Business Address
  • Place of Employment
  • Business E-mail 
  • Business Phone
  • Personal E-mail
  • Mobile phone number


Yes


Yes


Yes


Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.   

  • Internet Protocol Address
  • Information about how consumers interact with our website or other online materials


Yes


No


No


Professional or employment-related information.   

  • Place of Employment
  • Job History
  • Job Title
  • Professional position
  • Leadership or executive role
  • Name of employer
  • Practice address (if HCP)
  • LinkedIn profile  


Yes


Yes


Yes


Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes   


   


Yes


Yes


Yes

 

How we collect Personal Information. Categories of sources from which we collect consumers’ personal information include:

  • Publicly available information from federal, state, and local government agencies, and web research through use of technology and by our in-house research team
  • Proprietary research by our in-house research team through publicly accessible websites and electronic and phone surveys
  • Licensed data from third parties including data like clinical practice history of healthcare providers (HCPs) based upon HIPAA-certified de-identified patient data
  • Directly from consumers
  • Directly and indirectly from consumers by their activities on our website or their devices
  • Directly and indirectly from our customers
  • Through communications with prospective customers

How we share Personal Information. Categories of third parties with whom personal information has been shared in the past 12 months include:

  • Definitive Healthcare customers
  • Service providers
  • Third parties integrated into our services
  • Third parties as required by law
  • Third parties in relation to a merger, sales, or asset transfer
  • Other third parties with consumers’ consent
  • Our affiliates

Sale of Personal Information. In the last 12 months, Definitive Healthcare has sold Personal Information related to healthcare providers (HCPs) and other individuals affiliated with healthcare organizations (HCOs), including name, place of employment, professional title, business e-mail address and phone number, office address, social media links, and work or educational history. Business Personal Information is sold to Definitive Healthcare’s enterprise customers, including for commercial strategy, analytics, and business-to-business sales and marketing.

How we use Personal Information. Business purposes for which the categories of personal information above are collected include:

  • To fulfill the purpose for which the information was provided;
  • To include in Definitive Healthcare’s platform licensed to customers, which is used for business-to-business sales and marketing efforts;
  • To provide consumers with information about Definitive Healthcare and its products, services, events, or other information, and to enhance their experience on our website and with our product, services, and marketing materials;
  • To research, develop, test, evaluate future product features and enhancements and improve the services;
  • To provide product customer service;
  • As necessary to comply with applicable federal, state, and local laws; and
  • To protect against security threats and protect against illegal, fraudulent, or malicious activity, and any subsequent investigation of that activity.

Sensitive Personal Information: At the time of this Supplement, Definitive Healthcare does not collect or process Sensitive Personal Information subject to the Global Privacy Policy

Personal Information subject to this U.S. Supplemental Privacy Policy does not include the information covered by certain federal and state laws, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), clinical trials, or other exemptions as described in State Comprehensive Privacy Laws.

Your privacy rights

As a resident of a state with a State Comprehensive Privacy Law, you may have the following privacy rights, subject to some limitations or exemptions as required or allowed by law:

  • To opt-out of sharing your Personal Information for cross-context behavioral advertising or, in other states, to opt-out of targeted advertising;
  • To opt-out of sale your Personal Information;
  • To request know and access your Personal Information,
  • To obtain a copy of your Personal Information, i.e., a right to data portability;
  • To request that we correct your Personal Information;
  • To request that we delete your Personal Information;
  • To request that we limit the processing of your Sensitive Personal Information;
  • To opt-out of processing of Sensitive Personal Information;
  • To not be discriminated against for exercising any of the rights above; and
  • To appeal the denial of a request.

Right to opt-out of the sharing your Personal Information for targeted advertising: For web-based activities, you can opt-out of sharing Personal Information or opt-out of targeted advertising for any website you visit by clicking on the Your Privacy Choices link located at the bottom of that website.

Right to opt-out of the sale of your Personal Information: Under State Comprehensive Privacy Laws, Consumers have the right to opt-out of the sale of any Personal Information that was collected and retained by Definitive Healthcare. We will also inform our customers and service providers of your decision to opt-out.

For web-based activities, you can opt-out of sale of your Personal Information for any website you visit by clicking on the Your Privacy Choices link located at the bottom of that website.

To opt-out of offline sale of your personal information, please contact us by:

Right to know and access your Personal Information: You may have the right to request that we disclose what Personal Information we collect, use, disclose, or sell. You may request to view a report of the categories of your Personal Information across our systems or a view report of your Personal Information across our systems. To do so, please submit a Privacy Rights Request by:

Right to obtain a copy of your Personal Information. Consumers have the right to obtain a portable copy of their data. You may ask us for a package of your data to be downloaded and transferred to another recipient. To do so, please submit a Privacy Rights Request by:

Right to delete your Personal Information: Consumers have the right to request the deletion of any Personal Information that was collected and retained by Definitive Healthcare for certain purposes. To do so, please submit a Privacy Rights Request by:

Right to correct your Personal Information: Consumers have the right to request that we correct any Personal Information that was collected and retained by Definitive Healthcare for certain purposes. To do so, please submit a Privacy Rights Request by:

Right to opt-out of sensitive Personal Information processing or request to limit the use of sensitive Personal Information: At the time of this Supplement, Definitive Healthcare does not collect or process Sensitive Personal Information subject to the Global Privacy Policy

Right to appeal: You have the right to appeal any denial of a Privacy Rights or Opt-Out Request. You will be provided instructions on how to do so in any response letter that is denying your request. If you have questions, you may contact us at privacy@definitivehc.com

Exercising your privacy rights

To exercise your any of your privacy rights in the previous section, please contact us in one of the following designated methods:

For Opt-Out of Sale, Sharing, or Targeted Advertising:

For Requests to Know, Access, Obtain, Delete, or Correct:

Definitive Healthcare will not discriminate in pricing and services against a consumer for exercising their State Comprehensive Privacy Laws rights.

Verifiable requests and authorized agents

We will make reasonable efforts to promptly respond to your requests in accordance with applicable laws, but your rights under State Comprehensive Privacy Laws are not absolute. For example, any such request must provide sufficient information that allows Definitive Healthcare to verify that you are the consumer whose Personal Information we have collected. We may, after receiving your request, require additional information from you to honor your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

You may be entitled, in accordance with applicable law, to submit a request through an authorized agent through the same mechanisms that you can use to submit a request directly. The request must also include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via e-mail or in writing.

Opt-out signals

Certain web browsers and other programs may transmit “opt-out” signals, also called a Global Privacy Control (or GPC) signal (we refer to these as “GPC Signals”), to websites with which the browser communicates.

For users that access our websites from California, we will recognize and apply the GPC Signal as a browser-level opt-out to inactivate all of the cookies for that website, except for cookies that are essential/strictly necessary for the website to operate. Additionally, you can determine if your browser GPC Signal has been recognized by clicking on the “Your Privacy Choices” link in the footer of the website that will include a short message at the top of the preference center indicating that your GPC Signal has been received.

For users from states not currently requiring recognition of the GPC Signal, our website servers will not recognize the GPC Signal, but you can always check and adjust your cookie settings by going to the Your Privacy Choices link in the footer of this website.

Children’s information

Definitive Healthcare’s products and services are directed at business professionals. Definitive Healthcare’s products and services are not targeted to children under the age of 16. We do not knowingly collect or maintain any Personal Information for children under the age of 16. If we discover we have collected any information for persons under the age of 16, we will delete their Personal Information.

Questions?

Definitive Healthcare is committed to protecting the privacy of Consumers’ Personal Information and being transparent about our privacy practices. We welcome questions, comments, or feedback on this supplemental policy or our Privacy Policy. To obtain more information or submit feedback or questions, please contact us:

Mail:

Definitive Healthcare
Attn: Data Privacy Officer
492 Old Connecticut Path
Suite 401
Framingham, MA 01701