Definitive Healthcare privacy policy

Effective Date: July 1, 2023

Definitive Healthcare (“we”, “our”, “us”) is dedicated to providing the most comprehensive and accurate information and analytics on the healthcare provider market. We enable those working to improve the healthcare industry to better understand the market, analyze trends, and support targeted outreach efforts.

We strongly believe in the individuals’ right to privacy and control over how their personal information is used. We’re passionate about data and passionate about protecting it too!

This privacy policy (the “Privacy Policy” or “notice”) explains what information we collect about you, our practices for handling the same and how you can exercise your rights.

Applicability of this Privacy Policy

This Privacy Policy explains how we collect, use and share personal information of individuals who visit and use our website or online services (the “Service”), who we meet at conferences or other events, healthcare professionals or individuals connected to healthcare providers whose information may be included within our products and database, users of our services, business contacts, prospects and any other individual whose information is stated to be subject to this notice.

For the purposes of this Privacy Policy, reference to personal information includes any information relating to an identifiable person.

Supplemental policies

For individuals residing in the European Economic Area (EEA) or Switzerland, please click here to access the General Data Protection Regulation (GDPR) Privacy Policy Supplement where you can find out more information including how to exercise your rights review our GDPR policy.

For residents of any U.S. state with a comprehensive privacy law (currently residents of California, Virginia, Colorado, Utah and Connecticut), please review our U.S. Supplemental Privacy Statement here to learn more information, including how to exercise your rights under your state law.

In addition, certain services/product offerings may result in collection and processing of information in a specific way. The privacy notices of these entities can be accessed below:

• Passport Analytics
• Monocl

Please review this Policy carefully. To the extent permitted by applicable law, by providing us your Personal Information or otherwise interacting with us, you are agreeing to this Policy.

When this policy does not apply:

This Privacy Policy does not apply to content of third-party websites accessible through the Services.

If you are an Employee, former Employee of Definitive Healthcare, or contractor processing of your information will be subject to our Employee Privacy Notice, which can be provided upon request by emailing privacy@definitivehc.com.

If you are a Job Applicant or candidate, please visit our Applicant Privacy Notice here.

Collection and use of information

Information we collect

Healthcare provider profiles

Definitive Healthcare provides a world class healthcare data and analytics platform providing access to key information about healthcare providers and associated individuals.

The information we collect is combined into healthcare provider profiles and made available to enterprise customers of Definitive Healthcare who purchase licenses to access our services to facilitate business-to-business communication and other business-related activities.

We collect data for our healthcare provider profiles in different ways and from different sources including:

• Publicly available information, including information obtained from federal, state, other regulatory agencies, and web research through use of technology and by our in-house research team
• Electronic and phone surveys conducted by our research team
• Through direct primary research
• Licensed data received from third-party data providers, such as:
  • clinical practice history of healthcare providers based upon HIPAA-certified de-identified patient data
  • limited personal, business-related or other information regarding healthcare professionals (HCPs) and leadership/executives connected to HCOs

HCPs: In the case of healthcare professionals such as medical doctors, surgeons, and nurse practitioners, we collect personal information such as: first middle and last name, LinkedIn profile, limited personal contact information (email address and mobile phone number) as well as business-related information like job title or professional position, National Provider Identification Number (NPI), name of employer and place(s) of employment, practice address, business e-mail and phone number, affiliations to other HCOs (defined below), clinical, and quality data.

HCOs: We also collect data from healthcare organizations (HCOs), including:

• Firmographic, demographic, technographic, financial, quality, and clinical metrics-in order to help our customers effectively analyze the healthcare market; and
• Data around executives/leadership at healthcare organizations, such as first and last name, limited personal contact information (email address and mobile phone number), job title, business e-mail and phone number, and social media links LinkedIn profile.

We contract with service providers for data collection, maintenance, hygiene, and quality purposes and receive data from these service providers. We take measures to ensure that all our service providers use the information we share with them solely for the purposes of the engagement. Please see more in the “Service Providers” section below.

How else do we collect and use your information?

If you are a user of or visitor to our platform, in order to provide you with a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and e-mail address. You may for example, provide us with your contact information through website forms for example where you sign up for a free trial. We may also obtain information provided by you via conferences or tradeshows when you interact with our employees or access our materials at the event.

The information that we collect may be used to contact or identify you in order to provide you information about services of interest, free trials, product demonstrations, send you marketing content about our products and services and other relevant items that may be of interest.

We occasionally run sweepstakes, events and/or promotions where we may award prizes (if and where appropriate and in accordance with law). These events may require you to enter an email address or other contact information that we can use to contact the winner or send special offers. E-mail addresses or contact information collected may be used to create a mailing list that we use to send promotional or marketing content about our products and services to you, but always subject to your right to opt out. You can read more about your right to opt out in the section “Your Privacy Choices” below. In addition to information in this Notice, Sweepstakes may have specific terms and conditions and you should carefully review the same.

Whenever you visit our Service, we collect information that your browser sends to us that is called Log Data. This log data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. We may aggregate or de-identify user information to better understand our customer base and what products and services would be of interest to them or improve the services. Aggregated or de-identified data which is not personal information is not subject to this Privacy Policy.

We also collect information where you are an enterprise customer; please see the section “Customer Information we collect” below.

We also collect data from cookies stored on your device. For more information, please visit our Cookies Policy.

Customer information we collect

We license our product to our enterprise customers’ organizations who may wish to grant access to the product to their employees or authorized representative. If you are such an employee or representative nominated by your employer as a user to access the Service, you may provide us with information such as your name, title, and e-mail address in order to create a credentialed log-in for our Service. After receiving log-in information, you may choose to use our Service for the purposes for which the license was granted. During your time using our Service as a registered user, we may collect the following additional data:

• Usage data, including but not limited to logins, IP address, and user behavior
• Information you submit to Definitive Healthcare, including through use of our Service or directly to one of our employees;
• Information you upload to our Service and/or we collect from you with your knowledge and approval including customer surveys, feedback, call transcripts and/or recordings or other related information

All of the above categories of information in this section are called “Customer Information”.

Under your organization’s license agreement, some individuals at your organization may have the right to access information for all users at your organization for purposes of tracking usage patterns across the organization. If you have questions about who at your organization can see your data, please contact your organization’s point of contact for Definitive Healthcare. If you do not know your company’s point of contact, we can if necessary, provide you with that information.

Use of Customer Information

Definitive Healthcare may use Customer Information for its legitimate business interests, including to:

• Administer your account and provide access to the Services
• Provide customer service
• Respond to direct inquiries from our users, through our site or with direct contact with one of our employees
• Personalize user experience
• Research, develop, test, evaluate future product features and enhancements and improve the Services
• Send communications and marketing material, such as newsletters, that fit your professional interests
• Provide general information about Definitive Healthcare’s events, services, and resources of interest to the user
• Respond to job applications or career inquiries
• Investigate and resolve problems or bugs, monitor usage and performance, and provide adequate resources for the operation of our site; and/or
• Investigate breaches of Definitive Healthcare security or license agreements

Other information provided to us by our Customers

In certain circumstances and as part of certain product offerings, our Customers may share information they possess about HCPs with us for various reasons, including;

• to provide data matching services;
• to improve our existing data sets.

Sensitive Personal Information

“Sensitive Personal Information” can encompass different categories of data under applicable laws, but may include information such as government-issued identification numbers like US Social Security numbers, financial account information, precise geolocation, driver’s license or passport numbers, information about race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where processed to uniquely identify a person, or information relating to an individual’s health or sexual orientation.

We generally do not collect Sensitive Personal Information about individuals subject to this Notice.

Sharing of information

We share your information in the following ways:

Customers

Definitive Healthcare may make healthcare provider profiles, as described above, available to our licensed customers. If you are an HCP and do not want your information to be shared in this way please see the section entitled “Your Privacy Choices” below.

Service providers

We may share your information with third-party vendors and service providers for a variety of business purposes, including:

• To facilitate and provide the Service;
• To perform Service-related services including providing support;
• To assist us in analyzing how our Service is used or improve our Services; and/or
• For security purposes and to prevent fraud.

Disclosures for legal reasons

We may share your information when required by law, subpoena, search warrant, or other lawful requests made by appropriate law enforcement agencies or enforce rights, including to:

• Comply with lawful requests;
• Enforce our contracts or other agreements;
• Defend ourselves against third party claims or lawsuits;
• Address a violation of law; and/or
• Protect the security, rights, and safety of Definitive Healthcare, its employees, customers, or others.

Business transfers

We may share or transfer your information during the process or completion of any change in company ownership or structure or transaction involving a substantial portion of our assets, such as an investment, divestment, merger, acquisition, or bankruptcy, as part of the transferred assets.

Definitive Healthcare may share information in other ways that you specifically agree to while using our services.

Our affiliates

We may if necessary, share your information with our affiliate or group companies.

Your privacy choices

We want you to be clear about how to exercise your applicable rights and choices regarding the processing of your personal information and we have developed processes for individuals to exercise their rights as necessary.

Newsletters and marketing materials

If you wish to opt-out of our newsletter or other marketing materials or promotional communications, you may opt-out using the information or unsubscribe link in the specific communications or by filling out the form here. After receiving your request, we will send you an e-mail to confirm that you have been unsubscribed from the specific communications you requested.

Healthcare provider profiles

If you are an individual (including a HCP) and would like to opt-out of having your personal information provided to our enterprise customers (as applicable) please contact us using the online form here or using the information in the section entitled “Further Questions-Contact” below.

• E-mail: privacy@definitivehc.com
• Online: Through our online form at this link 
• Phone: 1-866-679-6461
• Mail: 

Definitive Healthcare 
Attn: Data Privacy Officer 
492 Old Connecticut Path 
Suite 401 
Framingham, MA 01701 

Upon receipt of your request(s) we will respond to you in writing and honor your request(s) as we are required to do in accordance with law.

All data subjects/individuals

Residents of U.S. states with comprehensive privacy laws (including California, Virginia, Colorado, Utah and Connecticut), can read about and exercise their rights by accessing our US Supplemental Privacy Statement here.

If you are resident in the EEA or Switzerland and the GDPR applies to you, you can read about your rights and how to exercise them in the section entitled “Your rights under the GDPR” below.

In addition, all individuals subject to this Privacy Policy can request to exercise their rights and choices available to them under applicable law by contacting us using the contact information in the section below entitled “Further Questions-Contact.”

Upon receipt of your request(s) we will respond to you in writing and act as appropriate in accordance with applicable law. To protect your privacy and security, we may take reasonable steps to verify your identity before granting you access or making corrections. In the case of deletion requests, please be aware that that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personally identifiable information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personally identifiable information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.

Data retention

We will retain your information as long as reasonably necessary for the purposes set out in this Privacy Policy, and in accordance with applicable laws. Further, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or comply with law enforcement. Whenever possible, we aim to de-identify the information or otherwise remove some or all information that may identify you from records that we may need to keep for periods beyond the specified retention period.

Keeping your information secure

Definitive Healthcare takes the security of your data seriously. We invest considerable resources in implementing technical and organizational measures to secure your information. We value your trust in providing us your personal information and strive to use commercially acceptable means of protecting it. Definitive Healthcare takes reasonable steps to ensure that personal information is reliable for its intended use and all such information is up-to-date, accurate, and complete, and we remind you however, that no method of electronic transmission or electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Links to third-party sites

Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the privacy policy of these websites. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

Social media widgets

Our site includes features from social media sites that allow you to like, share, or comment on content we post. Those features are governed by the privacy policies of the companies providing the feature. These features may collect information about you in order to provide the services requested, such as your IP address.

Children’s privacy

Definitive Healthcare’s products and services are directed at business professionals. Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we will delete this from our servers.

Your rights under the GDPR and the UK GDPR

This section of the Privacy Policy provides specific information about how we comply with the EU General Data Protection Regulation and the UK General Data Protection Regulation (collectively referred to here as the “GDPR”). It supplements the information contained in the rest of our Privacy Policy and applies to all data subjects residing in the European Union (EU) the European Economic Area (EEA) Switzerland and the United Kingdom (UK).

What information do we collect about data subjects in the EU, EEA, Switzerland and the UK?

You can read about the general categories of information we collect in the section “Collection and Use of Information” above, however in the case of data subjects to whom the GDPR applies, we only collect the information about data subjects interested in our products and services. Only professional information is collected, and no sensitive personal information about individuals subject to the GDPR is collected or processed. We also collect information from data subjects who access our website in the EU, EEA, Switzerland and the UK.

We do not collect personal information about HCPs in the EU, EEA, Switzerland or the UK however we do track information on Healthcare Organizations (HCOs) in these regions but no information on specific individuals is collected by us as part of this process.

Data Controller and legal grounds for processing

If the GDPR applies to the processing of your data, then Definitive Healthcare is the data controller of your personal information.

Our legal basis for collecting and using the personal information described above will depend on the personal information collected and the specific context in which we collect it. However, we will normally collect personal information from you only where you have given your consent, to fulfill the obligations of a contract or agreement with you, and as otherwise necessary to protect our legitimate interests provided those do not conflict with your rights related to data privacy.

If we ask you to provide personal information to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your information is mandatory or not (as well as of the possible consequences if you do not provide the same).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to provide our services, communicate with you and for our legitimate commercial interest, for instance, by responding to your queries, improving our Services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

Transfer of your information

Personal information from data subjects in the European Union, European Economic Area, Switzerland or the UK may be transferred to the United States or another country where our affiliates, service providers, or sub-contractors are located. These countries may have data protection laws that are different to the laws of your country. In such cases we have taken appropriate safeguards to require that your data will remain protected in accordance with this Privacy Policy. These include putting in place available adequacy measures such as, the current version of the EU Model Clauses or other legally available mechanisms.

Your rights and how to exercise same

Under the terms of GDPR and the UK GDPR, you have the following rights:

• Right of access: You have the right to know what data about you that we process and request access to same (subject access request). This enables you to receive a copy of the personally identifiable information we hold about you and to check that we are lawfully processing it. If requested, we will provide the information in a machine-readable format that is industry standard and will easily be portable to another entity. We will not charge a fee to process or respond to your request unless we reasonably determine it is excessive, repetitive, or manifestly unfounded. As such, if we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the data subject’s request.
• Right to rectification: You have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Right to erasure/right to be forgotten: You have the right to request to delete or remove any personal information data that we may have about you and we will honor those requests to the extent legally and technically possible provided that we can verify your identity and we are not obligated to keep the data for other allowable reasons (e.g. required by law).
• Right to restriction of processing: You have the right to restrict or stop the processing of your personal information in certain circumstances, such as where you exercise your rights to rectification and completion. This enables you to ask us to suspend the processing of your personally identifiable information, for example, if you want us to establish its accuracy or the reason for processing it.
• Right to data portability: You have the right in certain circumstances to request the transfer of a copy of the information we hold about you to another party. If requested, we will provide the information in a machine-readable format that is industry standard so that it is easily be portable to another entity.
• Right to object: You have the right to object to us processing your personal data at any time, unless we are obligated to in certain circumstances (e.g. required by law).
• Right to withdraw consent: if you have previously given consent to us to collect or process your information, you may withdraw that consent at any time. Please contact us at the methods below.
• Right to lodge a complaint with a data protection authority: If you are resident in the European Union, the European Economic Area (EEA), Switzerland or the UK you have the right to register a complaint about our data collection and processing activities with the supervisory authority concerned. For more information on data protection authorities, please visit here.

Any requests must also include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via e-mail or in writing, asking only for information that we would need to respond to your request thoroughly and promptly. We will avoid requesting more information as much as possible.

To exercise any of your rights listed above, please contact the data controller at privacy@definitivehc.com: or by using the contact information in the “Further Questions-Contact” section below.

Cookies and similar technologies

Cookies

Information about you is collected through the use of cookies when you visit our website.

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us as first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. For more information about the cookies collected and your choices see our Cookies Policy here.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc., through a third party on our website in order to improve the experience of our website for its users and to improve our marketing activities. Google Analytics uses cookies and other tracking technologies to collect information such as IP address, time of visit, how you found our website, and whether you have previously visited our website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google clickhere.

Do not track signals

Your browser or device may include ‘Do Not Track’ functionality. Our information collection, disclosure practices, and the choices that we provide to visitors will continue to operate as described in this Policy, whether or not a Do Not Track signal is received.

Web beacons and other tracking technologies

Our website utilizes web beacons for the purpose of improving our website’s operation and improving the effectiveness of our customer and marketing communications. Web Beacons can be used alongside cookies to provide data about your web-browsing habits, such as when you visited a website or if you were directed to the website from a marketing e-mail. We also may use other standard Internet technologies for similar purposes when you visit our websites or interact with us online.

Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy as necessary at any time. We will alert you when changes have been made by indicating the date this Notice was last updated as the date the Notice became effective or as otherwise may be required by law. We advise you to review this page periodically for any changes. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy, as of its effective date.

Further questions-contact

Check out our Frequently Asked Questions here.

Contact us through any of the methods below if you have any questions about this Privacy Policy or if you want to exercise your applicable rights:

• E-mail: privacy@definitivehc.com
• Online: Through our online form here
• Phone: 1-866-679-6461

Mail:

Definitive Healthcare
Attn: Data Privacy Officer
492 Old Connecticut Path 
Suite 401
Framingham, MA 01701