Effective Date: July 1, 2023
Definitive Healthcare (“we”, “our”, “us”) is dedicated to providing the most comprehensive and accurate information and analytics on the healthcare provider market. We enable those working to improve the healthcare industry to better understand the market, analyze trends, and support targeted outreach efforts.
We strongly believe in the individuals’ right to privacy and control over how their personal information is used. We’re passionate about data and passionate about protecting it too!
For residents of any U.S. state with a comprehensive privacy law (currently residents of California, Virginia, Colorado, and Connecticut), please review our U.S. Supplemental Privacy Statement here to learn more information, including how to exercise your rights under your state law.
In addition, certain services/product offerings may result in collection and processing of information in a specific way. The privacy notices of these entities can be accessed below:
Please review this Policy carefully. To the extent permitted by applicable law, by providing us your Personal Information or otherwise interacting with us, you are agreeing to this Policy.
When this policy does not apply:
If you are an Employee, former Employee of Definitive Healthcare, or contractor processing of your information will be subject to our Employee Privacy Notice, which can be provided upon request by emailing email@example.com.
If you are a Job Applicant or candidate, please visit our Applicant Privacy Notice here.
Collection and use of information
Information we collect
Healthcare provider profiles
Definitive Healthcare provides a world class healthcare data and analytics platform providing access to key information about healthcare providers and associated individuals.
The information we collect is combined into healthcare provider profiles and made available to enterprise customers of Definitive Healthcare who purchase licenses to access our services to facilitate business-to-business communication and other business-related activities.
We collect data for our healthcare provider profiles in different ways and from different sources including:
- Publicly available information, including information obtained from federal, state, other regulatory agencies, and web research through use of technology and by our in-house research team
- Electronic and phone surveys conducted by our research team
- Through direct primary research
- Licensed data received from third-party data providers, such as:
- clinical practice history of healthcare providers based upon HIPAA-certified de-identified patient data
- limited personal, business-related or other information regarding healthcare professionals (HCPs) and leadership/executives connected to HCOs
HCPs: In the case of healthcare professionals such as medical doctors, surgeons, and nurse practitioners, we collect personal information such as: first middle and last name, LinkedIn profile, limited personal contact information (email address and mobile phone number) as well as business-related information like job title or professional position, National Provider Identification Number (NPI), name of employer and place(s) of employment, practice address, business e-mail and phone number, affiliations to other HCOs (defined below), clinical, and quality data.
HCOs: We also collect data from healthcare organizations (HCOs), including:
- Firmographic, demographic, technographic, financial, quality, and clinical metrics-in order to help our customers effectively analyze the healthcare market; and
- Data around executives/leadership at healthcare organizations, such as first and last name, limited personal contact information (email address and mobile phone number), job title, business e-mail and phone number, and social media links LinkedIn profile.
We contract with service providers for data collection, maintenance, hygiene, and quality purposes and receive data from these service providers. We take measures to ensure that all our service providers use the information we share with them solely for the purposes of the engagement. Please see more in the “Service Providers” section below.
How else do we collect and use your information?
If you are a user of or visitor to our platform, in order to provide you with a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and e-mail address. You may for example, provide us with your contact information through website forms for example where you sign up for a free trial. We may also obtain information provided by you via conferences or tradeshows when you interact with our employees or access our materials at the event.
The information that we collect may be used to contact or identify you in order to provide you information about services of interest, free trials, product demonstrations, send you marketing content about our products and services and other relevant items that may be of interest.
We occasionally run sweepstakes, events and/or promotions where we may award prizes (if and where appropriate and in accordance with law). These events may require you to enter an email address or other contact information that we can use to contact the winner or send special offers. E-mail addresses or contact information collected may be used to create a mailing list that we use to send promotional or marketing content about our products and services to you, but always subject to your right to opt out. You can read more about your right to opt out in the section “Your Privacy Choices” below. In addition to information in this Notice, Sweepstakes may have specific terms and conditions and you should carefully review the same.
We also collect information where you are an enterprise customer; please see the section “Customer Information we collect” below.
We also collect data from cookies stored on your device. For more information, please visit our Cookies Policy.
Customer information we collect
We license our product to our enterprise customers’ organizations who may wish to grant access to the product to their employees or authorized representative. If you are such an employee or representative nominated by your employer as a user to access the Service, you may provide us with information such as your name, title, and e-mail address in order to create a credentialed log-in for our Service. After receiving log-in information, you may choose to use our Service for the purposes for which the license was granted. During your time using our Service as a registered user, we may collect the following additional data:
- Usage data, including but not limited to logins, IP address, and user behavior
- Information you submit to Definitive Healthcare, including through use of our Service or directly to one of our employees;
- Information you upload to our Service and/or we collect from you with your knowledge and approval including customer surveys, feedback, call transcripts and/or recordings or other related information
All of the above categories of information in this section are called “Customer Information”.
Under your organization’s license agreement, some individuals at your organization may have the right to access information for all users at your organization for purposes of tracking usage patterns across the organization. If you have questions about who at your organization can see your data, please contact your organization’s point of contact for Definitive Healthcare. If you do not know your company’s point of contact, we can if necessary, provide you with that information.
Use of Customer Information
Definitive Healthcare may use Customer Information for its legitimate business interests, including to:
- Administer your account and provide access to the Services
- Provide customer service
- Respond to direct inquiries from our users, through our site or with direct contact with one of our employees
- Personalize user experience
- Research, develop, test, evaluate future product features and enhancements and improve the Services
- Send communications and marketing material, such as newsletters, that fit your professional interests
- Provide general information about Definitive Healthcare’s events, services, and resources of interest to the user
- Respond to job applications or career inquiries
- Investigate and resolve problems or bugs, monitor usage and performance, and provide adequate resources for the operation of our site; and/or
- Investigate breaches of Definitive Healthcare security or license agreements
Other information provided to us by our Customers
In certain circumstances and as part of certain product offerings, our Customers may share information they possess about HCPs with us for various reasons, including;
- to provide data matching services;
- to improve our existing data sets.
Sensitive Personal Information
“Sensitive Personal Information” can encompass different categories of data under applicable laws, but may include information such as government-issued identification numbers like US Social Security numbers, financial account information, precise geolocation, driver’s license or passport numbers, information about race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where processed to uniquely identify a person, or information relating to an individual’s health or sexual orientation.
We generally do not collect Sensitive Personal Information about individuals subject to this Notice.
Sharing of information
We share your information in the following ways:
Definitive Healthcare may make healthcare provider profiles, as described above, available to our licensed customers. If you are an HCP and do not want your information to be shared in this way please see the section entitled “Your Privacy Choices” below.
We may share your information with third-party vendors and service providers for a variety of business purposes, including:
- To facilitate and provide the Service;
- To perform Service-related services including providing support;
- To assist us in analyzing how our Service is used or improve our Services; and/or
- For security purposes and to prevent fraud.
Disclosures for legal reasons
We may share your information when required by law, subpoena, search warrant, or other lawful requests made by appropriate law enforcement agencies or enforce rights, including to:
- Comply with lawful requests;
- Enforce our contracts or other agreements;
- Defend ourselves against third party claims or lawsuits;
- Address a violation of law; and/or
- Protect the security, rights, and safety of Definitive Healthcare, its employees, customers, or others.
We may share or transfer your information during the process or completion of any change in company ownership or structure or transaction involving a substantial portion of our assets, such as an investment, divestment, merger, acquisition, or bankruptcy, as part of the transferred assets.
Definitive Healthcare may share information in other ways that you specifically agree to while using our services.
We may if necessary, share your information with our affiliate or group companies.
Your privacy choices
We want you to be clear about how to exercise your applicable rights and choices regarding the processing of your personal information and we have developed processes for individuals to exercise their rights as necessary.
Newsletters and marketing materials
If you wish to opt-out of our newsletter or other marketing materials or promotional communications, you may opt-out using the information or unsubscribe link in the specific communications or by filling out the form here. After receiving your request, we will send you an e-mail to confirm that you have been unsubscribed from the specific communications you requested.
Healthcare provider profiles
If you are an individual (including a HCP) and would like to opt-out of having your personal information provided to our enterprise customers (as applicable) please contact us using the online form here or using the information in the section entitled “Further Questions-Contact” below.
Attn: Data Privacy Officer
492 Old Connecticut Path
Framingham, MA 01701
Upon receipt of your request(s) we will respond to you in writing and honor your request(s) as we are required to do in accordance with law.
All data subjects/individuals
Residents of U.S. states with comprehensive privacy laws (including California, Virginia, Colorado, and Connecticut), can read about and exercise their rights by accessing our US Supplemental Privacy Statement here.
If you are resident in the EEA or Switzerland and the GDPR applies to you, you can read about your rights and how to exercise them in the section entitled “Your rights under the GDPR” below.
Upon receipt of your request(s) we will respond to you in writing and act as appropriate in accordance with applicable law. To protect your privacy and security, we may take reasonable steps to verify your identity before granting you access or making corrections. In the case of deletion requests, please be aware that that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personally identifiable information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personally identifiable information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.
Keeping your information secure
Definitive Healthcare takes the security of your data seriously. We invest considerable resources in implementing technical and organizational measures to secure your information. We value your trust in providing us your personal information and strive to use commercially acceptable means of protecting it. Definitive Healthcare takes reasonable steps to ensure that personal information is reliable for its intended use and all such information is up-to-date, accurate, and complete, and we remind you however, that no method of electronic transmission or electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Links to third-party sites
Social media widgets
Our site includes features from social media sites that allow you to like, share, or comment on content we post. Those features are governed by the privacy policies of the companies providing the feature. These features may collect information about you in order to provide the services requested, such as your IP address.
Definitive Healthcare’s products and services are directed at business professionals. Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we will delete this from our servers.
Your rights under the GDPR and the UK GDPR
What information do we collect about data subjects in the EU, EEA, Switzerland and the UK?
You can read about the general categories of information we collect in the section “Collection and Use of Information” above, however in the case of data subjects to whom the GDPR applies, we only collect the information about data subjects interested in our products and services. Only professional information is collected, and no sensitive personal information about individuals subject to the GDPR is collected or processed. We also collect information from data subjects who access our website in the EU, EEA, Switzerland and the UK.
We do not collect personal information about HCPs in the EU, EEA, Switzerland or the UK however we do track information on Healthcare Organizations (HCOs) in these regions but no information on specific individuals is collected by us as part of this process.
Data Controller and legal grounds for processing
If the GDPR applies to the processing of your data, then Definitive Healthcare is the data controller of your personal information.
Our legal basis for collecting and using the personal information described above will depend on the personal information collected and the specific context in which we collect it. However, we will normally collect personal information from you only where you have given your consent, to fulfill the obligations of a contract or agreement with you, and as otherwise necessary to protect our legitimate interests provided those do not conflict with your rights related to data privacy.
If we ask you to provide personal information to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your information is mandatory or not (as well as of the possible consequences if you do not provide the same).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to provide our services, communicate with you and for our legitimate commercial interest, for instance, by responding to your queries, improving our Services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
Transfer of your information
Your rights and how to exercise same
Under the terms of GDPR and the UK GDPR, you have the following rights:
- Right of access: You have the right to know what data about you that we process and request access to same (subject access request). This enables you to receive a copy of the personally identifiable information we hold about you and to check that we are lawfully processing it. If requested, we will provide the information in a machine-readable format that is industry standard and will easily be portable to another entity. We will not charge a fee to process or respond to your request unless we reasonably determine it is excessive, repetitive, or manifestly unfounded. As such, if we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the data subject’s request.
- Right to rectification: You have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Right to erasure/right to be forgotten: You have the right to request to delete or remove any personal information data that we may have about you and we will honor those requests to the extent legally and technically possible provided that we can verify your identity and we are not obligated to keep the data for other allowable reasons (e.g. required by law).
- Right to restriction of processing: You have the right to restrict or stop the processing of your personal information in certain circumstances, such as where you exercise your rights to rectification and completion. This enables you to ask us to suspend the processing of your personally identifiable information, for example, if you want us to establish its accuracy or the reason for processing it.
- Right to data portability: You have the right in certain circumstances to request the transfer of a copy of the information we hold about you to another party. If requested, we will provide the information in a machine-readable format that is industry standard so that it is easily be portable to another entity.
- Right to object: You have the right to object to us processing your personal data at any time, unless we are obligated to in certain circumstances (e.g. required by law).
- Right to withdraw consent: if you have previously given consent to us to collect or process your information, you may withdraw that consent at any time. Please contact us at the methods below.
- Right to lodge a complaint with a data protection authority: If you are resident in the European Union, the European Economic Area (EEA), Switzerland or the UK you have the right to register a complaint about our data collection and processing activities with the supervisory authority concerned. For more information on data protection authorities, please visit here.
Any requests must also include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via e-mail or in writing, asking only for information that we would need to respond to your request thoroughly and promptly. We will avoid requesting more information as much as possible.
To exercise any of your rights listed above, please contact the data controller at firstname.lastname@example.org: or by using the contact information in the “Further Questions-Contact” section below.
Cookies and similar technologies
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us as first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. For more information about the cookies collected and your choices see our Cookies Policy here.
Do not track signals
Your browser or device may include ‘Do Not Track’ functionality. Our information collection, disclosure practices, and the choices that we provide to visitors will continue to operate as described in this Policy, whether or not a Do Not Track signal is received.
Web beacons and other tracking technologies
Our website utilizes web beacons for the purpose of improving our website’s operation and improving the effectiveness of our customer and marketing communications. Web Beacons can be used alongside cookies to provide data about your web-browsing habits, such as when you visited a website or if you were directed to the website from a marketing e-mail. We also may use other standard Internet technologies for similar purposes when you visit our websites or interact with us online.
Check out our Frequently Asked Questions here.
Attn: Data Privacy Officer
492 Old Connecticut Path
Framingham, MA 01701