Introduction

Welcome to Clarovate. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how Clarovate ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our demand generation services, visit our website, or interact with our marketing campaigns.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for our services or create an account
• Fill out contact forms or request information
• Subscribe to newsletters or marketing communications
• Participate in surveys, webinars, or events
• Communicate with our customer support team
• Engage with our sales representatives

This information may include:

1.2 Information Automatically Collected

When you access our website or use our services, we automatically collect certain information about your device and usage patterns:

• Technical Data: IP address, browser type and version, device type, operating system, time zone settings, browser plug-in types and versions, screen resolution
• Usage Data: Pages visited, time spent on pages, links clicked, referring website, exit pages, date and time stamps, clickstream data, scroll depth
• Campaign Data: Email open rates, click-through rates, conversion tracking, campaign engagement metrics, attribution data
• Location Data: Approximate geographic location based on IP address

1.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Business intelligence and data enrichment providers (e.g., ZoomInfo, Clearbit, LinkedIn Sales Navigator)
• Marketing automation platforms and CRM systems
• Social media platforms when you interact with our content
• Analytics providers and advertising networks
• Publicly available sources such as company websites, press releases, and industry publications

1.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing activities. For detailed information, please see our Cookie Policy.

2. How We Use Your Information

We use the information we collect for various business purposes, including:

2.1 Service Delivery and Performance

• Provide, operate, and maintain our demand generation services
• Execute targeted marketing campaigns and outbound strategies
• Generate performance reports, analytics, and ROI metrics
• Optimize campaign targeting and improve conversion rates
• Process transactions and manage billing and payments

2.2 Communication and Customer Support

• Respond to your inquiries and provide customer support
• Send service-related announcements and updates
• Communicate about new features, products, or services
• Send newsletters, marketing materials, and promotional offers (with your consent)
• Notify you about changes to our terms, policies, or services

2.3 Business Operations and Improvement

• Analyze usage patterns and user behavior to improve our services
• Conduct research, testing, and analysis to develop new products and features
• Monitor and analyze trends, usage, and activities
• Personalize and improve user experience
• Detect, prevent, and address technical issues or bugs

2.4 Legal Compliance and Protection

• Comply with legal obligations, court orders, and regulatory requirements
• Enforce our terms and conditions and protect our legal rights
• Prevent fraud, security threats, and illegal activities
• Protect the safety and security of our users and services
• Respond to lawful requests from public authorities

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your data for specific purposes
• Contract Performance: Processing is necessary to fulfill our contractual obligations
• Legal Obligation: We must process your data to comply with applicable laws
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided your rights do not override these interests

4. Data Sharing and Third-Party Disclosure

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating our business:

• Marketing and Analytics Platforms: HubSpot, Salesforce, Google Analytics, LinkedIn Campaign Manager
• Email and Communication Services: SendGrid, Mailchimp, Intercom
• Payment Processors: Stripe, PayPal, wire transfer services
• Cloud Infrastructure: Amazon Web Services (AWS), Microsoft Azure
• Data Enrichment Services: ZoomInfo, Clearbit, Apollo.io

All service providers are contractually obligated to protect your data, use it only for specified purposes, and maintain appropriate security measures.

4.2 Business Transfers

If Clarovate is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change and choices you may have.

4.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, law enforcement requests).

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security and Protection

Clarovate implements enterprise-grade security measures to protect your personal information from unauthorized access, use, or disclosure:

5.1 Technical Safeguards

• 256-bit encryption for data in transit (TLS 1.2 or higher)
• AES-256 encryption for data at rest
• Regular security vulnerability assessments and penetration testing
• Secure firewalls and intrusion detection systems
• Multi-factor authentication (MFA) for all administrative access
• Regular security patches and system updates

5.2 Organizational Safeguards

• Role-based access controls limiting data access to authorized personnel only
• Employee training on data privacy and security best practices
• Confidentiality agreements with all employees and contractors
• Regular security audits and compliance reviews
• Incident response plan for data breaches

5.3 Compliance Certifications

Clarovate maintains the following security certifications and compliance standards:

• ISO 27001:2013 Information Security Management
• SOC 2 Type II certification for security, availability, and confidentiality
• GDPR compliance for EU data subjects
• CCPA/CPRA compliance for California residents

5.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable laws. Our notification will include the nature of the breach, data affected, potential consequences, and remedial actions taken.

6. Your Privacy Rights and Choices

You have certain rights regarding your personal information, depending on your location:

6.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Opt-Out: Unsubscribe from marketing communications at any time

6.2 GDPR Rights (EEA Residents)

• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or direct marketing
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA/CPRA Rights (California Residents)

• Know: Request disclosure of categories and specific pieces of personal information collected
• Delete: Request deletion of personal information
• Opt-Out of Sale/Sharing: Opt out of the sale or sharing of personal information (we do not sell your data)
• Correct: Request correction of inaccurate personal information
• Limit Use: Limit use and disclosure of sensitive personal information
• Non-Discrimination: Not be discriminated against for exercising your rights

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@clarovate.com or use our Data Subject Rights Request Form. We will respond to all requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Active Customers: Account data retained for the duration of the service agreement plus 7 years for legal and accounting purposes
• Campaign Data: Performance metrics and analytics retained for 24 months after campaign completion
• Marketing Communications: Email addresses retained until opt-out or 3 years of inactivity
• Support Tickets: Retained for 3 years after closure
• Financial Records: Retained for 7 years to comply with tax and accounting regulations

7.2 Secure Deletion

When data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent unauthorized recovery.

8. International Data Transfers

Clarovate operates globally, and your information may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers.

8.1 Transfer Mechanisms

For transfers from the EEA to countries without adequate data protection:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements compliant with GDPR Article 28
• Adequacy decisions for transfers to approved countries
• Privacy Shield Framework (where applicable)

8.2 Primary Processing Locations

Your data may be processed in the following locations:

• United States (primary data center)
• European Union (backup and redundancy)
• United Kingdom (post-Brexit under adequacy decision)

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@clarovate.com. We will promptly delete such information from our records.

10. Third-Party Websites and Services

Our website and services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

11. Marketing Communications and Opt-Out

We may send you marketing communications about our services, industry insights, and promotional offers. You can opt out at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Emailing us at unsubscribe@clarovate.com
• Adjusting your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we may still send you service-related messages (e.g., account notifications, billing information, security alerts).

12. Do Not Track Signals

Some web browsers have a "Do Not Track" feature that signals to websites that you do not want to be tracked. Currently, there is no industry standard for how to respond to these signals. Our website does not currently respond to Do Not Track signals, but we will update this policy if standards are established.

13. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes. If you have questions, contact us at privacy@clarovate.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

• Posting a prominent notice on our website
• Sending you an email notification (if you have an account)
• Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Definitions

For clarity, the following terms used in this Privacy Policy are defined as:

• Personal Information: Any information that identifies, relates to, or can be linked to an individual
• Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion
• Data Controller: The entity that determines the purposes and means of processing personal data (Clarovate)
• Data Processor: A third party that processes data on behalf of the data controller
• Cookies: Small text files stored on your device when you visit a website