New Datavant press release on its health data connectivity tools suitable under GDPR framework 🚀

More close-icon

Privacy Policy

DATAVANT PRIVACY POLICY

Last Updated: [May 9, 2023]

Datavant’s Privacy Policy describes how Datavant and the subsidiaries and affiliates, including Mirador Analytics Ltd and Convenet Ltd, to which this Privacy Policy links (together, “Datavant,” “we,” and “us”) collects, uses, and discloses the Personal Information we collect from you when you use our website or otherwise interact with us (the “Services”).  Please carefully review this Privacy Policy prior to using our Services or sharing your Personal Information with us.

The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) & State Law

Depending on the services that you use, our use and disclosure of certain information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and similar state laws regulating the healthcare industry. Any information that you submit to us that constitutes “Protected Health Information,” as defined by HIPAA, is subject to HIPAA and applicable state law, and such laws control to the extent of any conflict with this Privacy Policy. The term “Protected Health Information” or “PHI” refers to individually identifiable health information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care.

Note that PHI is generally exempt from the requirements of the California Consumer Privacy Act and similar U.S. state consumer privacy laws.

Datavant as a Service Provider

We are primarily a service provider for other businesses. In the course of providing services for other businesses, we may collect your Personal Information from our business customers. Generally, the businesses that we serve are responsible for determining how we may use and share your Personal Information. If you have questions about how your Personal Information is collected and used, we may direct you to the business who is responsible for your Personal Information. To the extent of any conflict between this Privacy Policy and our agreements (including HIPAA business associate agreements) with a business customer, the agreement will generally control.

PERSONAL INFORMATION WE COLLECT

Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.

As described in more detail below, Datavant collects Personal Information directly from you when send us emails or otherwise voluntarily submit your information to us. We may also collect your Personal Information from your employer (If you Interact with Datavant In the context of your employment), through our use of data collection technologies placed on our websites, and third parties that support our business operations, such as marketing and analytics partners, search information providers, recruiting partners, and background check or Disclosure and Barring Service providers.

Depending on how you use the Services, we may collect the following categories of Personal Information about you:

  • Identifiers, such as your name, mailing address, email address, phone number, business contact details, account numbers, and IP address. Typically, we collect this information directly from you to contact you regarding administrative notices, your use of the Services, or in connection with your interactions with us, such as through an employment application. We may also collect certain identifiers from your employer or through your use of our website.
  • Records about you, such as your signature and identity verification information, your account creation and modification dates, your marketing preferences, and the content of your communications (and any metadata associated with those communications).
  • Internet and other Electronic Activity Information, such as your browsing history, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, and browser preferences. Typically, we collect this information through cookies and other data collection technologies to understand how you use our website.
  • Geolocation Information derived from your IP address. We do not collect precise geolocation information.
  • Commercial Information, such as your financial and payment information, including credit card and payment card information, subscription information, and other and details about your transactions with us. Typically, we collect this information directly from you to process payments you request or otherwise adjust your account. We may also collect commercial information from our payment services provider.

If you are a job applicant, we may also collect the following Personal Information about you:

  • Protected class and demographic information, such as your age, military or veteran status, gender, and background check information relating to your criminal history, if any.
  • Professional or employment-related information, such as the contents of your resume, employment history, and references.

Some of the information we collect may be considered Sensitive Personal Information, such as your and financial account information.

How we use the PERSONAL INFORMATION WE COLLECT and our legal bases for processing

In general, we use your Personal Information to support our business activities. If you are located in the European Union or the United Kingdom, those business activities are pursuant to “legal bases” under applicable data protection laws. These business activities are described below:  

  • Operations. We may process your Personal Information for the purposes of operating our websites, providing our services, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is our legitimate interests and the performance of a contract between you and us, and/or taking steps, at your request, to enter into such a contract.
  • Publications. We may process Personal Information for the purposes of publishing information on our website and elsewhere through our services in accordance with your express instructions. The legal basis for this processing is your consent or our legitimate interests to publish content in the ordinary course of our operations.
  • Relationships and Communications. We may process Personal Information for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, post, and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of our relationships, enabling the use of our services, and the proper administration of our website, services and business.
  • Personalization. We may process your Personal Information for the purposes of personalizing the content and advertisements that you see on our website and through our services to ensure that you only see material that is relevant to you. The legal basis for this processing is our legitimate interests, namely offering the best possible experience for our website visitors and service users.
  • Direct Marketing. We may process Personal Information for the purposes of creating, targeting and sending direct marketing communications by email and/or and making contact by telephone for marketing-related purposes. The legal basis for this processing is our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users, and sometimes your consent.
  • Research and Analysis. We may process your Personal Information for the purposes of researching and analyzing the use of our website and services, as well as researching and analyzing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.
  • Record Keeping. We may process your Personal Information for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this Privacy Policy.
  • Security. We may process your Personal Information for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.
  • Legal Claims. We may process your Personal Information where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
  • Legal Compliance and Vital Interests. We may process your Personal Information where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.
  • Recruitment – We may process your Personal Information to evaluate your job application and ensure equal opportunities in our application process (if you’ve applied for a job).

We use and disclose your Sensitive Personal Information only for the following limited business purposes: (i) performing services an average person would expect; (ii) detecting security incidents; (iii) addressing malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use; (vi) performing or providing internal business services; and (vii) verifying or maintaining the quality or safety of a service or device.

How We Disclose the Information We Collect

We disclose your Personal Information in the following ways:

  • Service Providers. We may share your Personal Information with third parties that provide services to us. We may use third party service providers to host the Services, process job application, perform website analytics, and gather and use on our behalf your Personal Information as contemplated by this Privacy Policy and applicable law. It is our policy to require such third parties to process your Personal Information only on our behalf in an attempt to protect your information as much as is commercially reasonable.
  • Payment Services Providers. We may share your Personal Information with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. We have engaged Stripe to process payments for certain of our services, and you can find more information about Stripe’s privacy policies and practices at https://stripe.com/en-gb/privacy. Other services may use a different payment services provider.
  • To Our Group of Companies. We may disclose your Personal Information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this Privacy Policy.
  • Insurers and Professional Advisors. We may disclose your Personal Information to our insurers and/or professional advisers, such as the NHS, insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
  • In Connection with a Legal Right or Obligation. We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with the Services; or (c) protect our rights, reputation, property, or that of our users, affiliates, or the public.
  • In a Transaction. If we, or any of our businesses, are sold or disposed of as a going concern, whether by merger, reorganization, sale of assets or otherwise, or in the event of an insolvency, bankruptcy or receivership, any and all Personal Information, including your account information, may be one of the assets sold or merged in connection with that transaction. Information about you may also need to be disclosed in connection with a commercial transaction where we or any one of our businesses are seeking financing, investment, support or funding. In such transactions, Personal Information will be subject to the promises made in any pre-existing Privacy Policy in effect when the information was obtained.
  • With individuals to whom you direct us or are required to provide information under contract, such as your employer, colleagues, or references (such as in the case of a job application).

Datavant may use or disclose deidentified information so long as the entities to who Datavant discloses deidentified data are prohibited from re-identifying or attempting to re-identify data.

Except as stated in this Privacy Policy, we do not sell your Personal Information with third parties in exchange for monetary or other valuable consideration, nor do we share your Personal Information with third parties for cross-context behavioral advertising.

Cookies and Data Collection Technologies

Our online Services use cookies (small text files stored either temporarily or permanently on a user’s computer hard disk, which allow the website to recognize the user and track usage of the site, preferences, IP addresses, and pages visited, and to gather data and marketing information). Cookies may improve and/or simplify the use of Datavant’s online services. Of note:

  • Authentication and Status. We use cookies to identify you when you visit our websites and as you navigate our websites, which helps us determine if you are logged into our website.
  • Security. We use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally.
  • Third Party Analytics. We use third parties, such as Google Analytics, to evaluate usage of our website. We may also use other analytic means to evaluate and improve our website and your experience. These entities may use cookies and other tracking technologies to perform their services. You can learn more about how Google uses this information here: https://www.google.com/policies/privacy/partners/.
  • Session Replay Tools. We use session replay tools to record your interactions with the websites, such as how you move throughout the websites and engage with our webforms.
  • How We Respond to Do Not Track Signals. Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including Datavant, do not recognize or respond to DNT signals.

Most web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Refusing a cookie will generally not interfere with your use of our online Services. However, refusal of a cookie may, in some cases, preclude you from using or negatively impact the display, feature, or function of our online Services. Depending on where you live, we may first obtain your consent prior to using cookies that are not necessary to operate our websites.

Certain of our websites may have separate cookie policies that provide more details about the cookies and other data collection technologies used on that website. Please review those cookie policies for more information about those specific websites.

OUR data retention practices

We retain your Personal Information for only as long as we need it to provide our products and services, operate our business, and comply with our legal obligations. When we decide how long to keep your Personal Information, we keep in mind the nature and sensitivity of the information, the potential harm from unauthorized use, the reasons we collected the Personal Information, and our legal obligations.

How We Protect Your Information

We have appropriate security measures in place to prevent Personal Information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your Personal Information to those who have a genuine organizational need to know it. Those processing your Personal Information are asked to do so only in an authorized manner.

Communications between your browser and portions of the online Services containing Personal Information are protected with Secure Socket Layer (“SSL”) encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information, we strive to maintain the physical and electronic security of your Personal Information using commercially reasonable efforts.

NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD ENCRYPTION TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.

Where we’ve given you (or where you’ve chosen) login details which enable you to access certain services of ours, you’re responsible for keeping these details confidential. You agree that you won’t share your login details with anyone else.

In the Event of a Security Breach of Your Personal Information

If we determine that your Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you in accordance with and to the extent required by applicable state and federal law using the information that we have on file.

Disclosures for California Residents

California residents are entitled to the following disclosures about our data processing:

  • In the preceding 12 months, Datavant has collected the categories of Personal Information detailed in the PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT section above. The purposes for which Datavant has collected Personal Information and the sources of that information are also described above.
  • During the past 12 months, we have generally disclosed your Personal Information as follows:
Category of Personal InformationTo whom we’ve disclosed for a business purpose
IdentifiersService providers; Individuals to whom you direct us or are required to provide information under contract; Payment services providers; Our group of companies; Insurers and professional advisors
Records about youService providers; Individuals to whom you direct us or are required to provide information under contract; Our group of companies; Insurers and professional advisors
Commercial informationService providers; Individuals to whom you direct us or are required to provide information under contract; Payment services providers; Our group of companies; Insurers and professional advisors
Internet or other electronic network activity informationService providers; Individuals to whom you direct us or are required to provide information under contract; Our group of companies
Protected class and demographic informationService providers; Individuals to whom you direct us or are required to provide information under contract; Our group of companies
Professional or employment-related informationService providers; Individuals to whom you direct us or are required to provide information under contract; Our group of companies; Insurers and professional advisors
Sensitive informationService providers; Individuals to whom you direct us or are required to provide information under contract

We do not disclose your Personal Information to third parties for commercial purposes. We do not sell your Personal Information, and we do not share information with third parties for cross-context behavioral advertising (including the Personal Information of individuals under 16 years old).

Shine the Light – Third Party Marketing: This Privacy Policy describes how we may share your Personal Information, including for marketing purposes. California residents are entitled to request and obtain from Datavant once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at our C3 at 844-882-3809 or visit our C3 website at corporatecomplianceconnection.com.

In addition to the disclosures above, you have additional rights as explained in more detail below.

Disclosures to Individuals located in the EU and Uk

If you are located in the European Union or the United Kingdom, please note the following additional disclosures:

  • Cross-border Data Transfers. We, or our suppliers, may transfer Personal Information that we collect from you to third party data processors located, or have servers located, in countries that are outside of the European Economic Area, including the United States, in connection with the purposes described in this Privacy Policy. We’ll take all steps reasonably necessary, including entering into Standard Contractual Clauses, to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable privacy laws.
  • Supervisory Authority. If you consider that our processing of your Personal Information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.
  • Data Controller. The data controller of your Personal Information depends on which Datavant entity you are interacting with. For information about the data controller of your Personal Information, please contact us at 844-882-3809.

Your Rights

Depending on where you live, you may be entitled to the following privacy rights under the privacy and data protection laws that apply to our processing:

  • The right to know. You have the right to request to know the categories and specific pieces of Personal Information we have collected about you; the categories of sources from which that Personal Information was collected; and how we have sold, shared, or otherwise disclosed your Personal Information.
  • The right to correct/rectify. You may have the right to request that we correct or rectify inaccurate Personal Information that we maintain about you or complete incomplete Personal Information.
  • The right to deletion/erasure. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
  • The right to data portability. You can ask that we transfer your Personal Information to another organization or to you in a structured, commonly used and machine-readable format.
  • The right to opt out of the sale or sharing of your Personal Information. You have the right to opt out of the sale or sharing of your Personal Information. Datavant does not sell or share (for targeted advertising purposes) your Personal Information. If we change our business practices, we will update this Privacy Policy, notify you, and honor your right to opt out.
  • The right to restrict and object to processing. You can ask us to restrict and/or object the processing of your Personal Information depending on our purpose for processing and the legal basis upon which we rely. 
  • The right to withdraw consent. To the extent that the legal basis of our processing of your Personal Information is consent, you can withdraw that consent without affecting the lawfulness of processing prior to your withdrawal.

You may exercise your rights by contacting us at 844-882-3809 or visit our C3 website at www.cioxcomplianceconnection.com. We reserve the right to deny your request if a legal exception applies or the laws in the state or country where you reside to not require us to honor these rights. 

If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our services.

Datavant will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.

You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at 844-882-3809.

Marketing

If you have an agreement with us or where you’ve requested to receive marketing information from us, then we may contact you (including by SMS, telephone, e-mail or by social media information about services that we offer which are similar to those that you already receive from us, or information about services or offers you’ve opted in to receiving from us.

If you’d prefer not to receive this information, please let us know by emailing us to update your preferences. If you’re writing to us, please include your name, email address and state whether you’d like to opt out of email, text messages, or both.

Third Party practices

This Privacy Policy applies only to the Services provided by Datavant. The Services may contain links to other websites, which may be subject to a different privacy policy or are otherwise maintained or provided by a third party. We are not responsible for the privacy practices of any third-party website you access from our Services. You should review the privacy policy of every website before using the website or submitting any information to the website.

Changes to Our Policy

We reserve the right to modify or amend this Privacy Policy at any time. All changes to this Privacy Policy will be effective immediately upon their posting to the Services. We will notify you of material changes to this Privacy Policy by conspicuously posting the changes on the Services. Information collected before changes are made will be treated in accordance with the previous Privacy Policy. Continued use of the Services after the effective date of a modified privacy policy will indicate your agreement to any modified terms.  Each version of our Privacy Policy will be prominently marked with an effective date.

Contact Information and registrations

You may submit any questions or concerns about this Privacy Policy or our privacy practices by contacting us through the following methods:

visit our C3 website at corporatecomplianceconnection.com.

We regularly review our compliance with this Privacy Policy. If you believe your privacy rights have been violated, you have the right to file a complaint.  You may do so by contacting the Datavant Compliance Connection at 844-882-3809.

Convenet Ltd. is registered in England and Wales under registration number 12921479. Convenent Ltd. is also registered with the UK Information Commissioner’s Office under registration number ZA794672.

Our data protection officer’s contact details may be obtained by contacting the phone number above.