Corporate privacy notice

This Notice is addressed primarily to our (i) customers (including their representatives), (ii) service users (including visitors to our websites and trial users), (iii) supplier representatives, (iv) research participants, and (v) sales prospects.

It also applies to individuals whose personal data is processed as part of our services. For instance, if you are a publication author, a researcher, a patent holder, a party to an IP dispute or an individual otherwise involved in  such a dispute (e.g., a judge or an attorney), a clinical trials investigator or are otherwise an author of, or contributor to, reports, analysis, articles or other materials available in the public domain, your personal data may be included as content in our services.

Clarivate is a global leader of transformative intelligence. We offer enriched data, insights and analytics, workflow solutions and expert services across Academia & Government, Intellectual Property and Life Sciences & Healthcare. Learn more about our services here.

Clarivate Plc operates through a number of legal entities. A current list of Clarivate’s subsidiaries is included in the “List of Subsidiaries” section in Exhibit 21.1 of Clarivate Plc’s most recent Form 10-K (here).

We collect personal data directly from you, but also from third parties, as described below:

Direct interactions with you

• When you visit our websites (e.g., our company website or product websites), we collect information you provide (e.g., form submissions) and certain information about your visit.
• Using our services. When you purchase, access or download our services, you are usually required to provide us at least with your name and email address. You may also be required to provide other information necessary for your use of our services or additional information that you choose to disclose to us, such as your interests or your user or communication preferences.
• Contacting us. When you request information by completing an online form, seek support including technical support, participate in events, surveys or research activities, interact via phone, email, or chat including AI chat box, or AI search functions or posting, commenting on our social media pages or requesting information from us, we collect the information you provide.

Third party sources

• Partners and service providers. For example, from technology partners supporting your use of our services, market research agencies, content providers. With respect to cookies and other tracking technologies, our Cookie Notice includes further information.
• Public sources. For example, from academic or scientific publications, patent and trademark offices, regulatory agencies and court records.
• Your employer or institution as our customer. For example, from your employer or the institution you are affiliated with to set up access, single sign-on, or to integrate our services or to provide you with an individual license to use our services.
• Other public or licensed data sources. For example, from public websites such as company websites, industry publications, social media platforms or data suppliers.

We may combine information from these sources and use it for analytics to operate, secure, and improve our services; where feasible we use aggregated or de-identified data and we do not attempt to re-identify it.

The categories of personal data we collect depends on how you interact with us and which services you use. Not all categories of personal data collected apply to every service.

The personal data we process may consist of the following:

• Identifiers & contact details: name, personal email, business email, phone, postal address, account ID user credentials, signatures, etc.
• Account & authentication data: username, hashed passwords, security/login logs.
• Professional & educational: employer/affiliation, job title, licenses/registrations, CV/work history, publications, specialties/expertise.
• Device & technical data: IP address, device identifiers, browser/app type and version, operating system, crash/diagnostic data.
• Usage & interaction data: pages and features used, clicks, timestamps, session duration, product interaction/telemetry.
• Financial & transaction data: billing contact details, payment tokens or limited card data processed via PCI-compliant providers, incentives/honoraria where applicable.
• Commercial records: purchases/subscriptions, entitlements, transaction details, sanctions/export-control screening outcomes.
• Communications & recordings: emails, chat messages, voicemails/call recordings, meeting/webinar recordings.
• Marketing data: your consent/opt-in/opt-out status, topic and channel preferences (e.g., email, phone, in-product), related interaction metrics (e.g., opens, clicks, unsubscribes).
• Sensitive personal data (limited cases): We only process sensitive personal data (e.g., health data, biometric identifiers, government ID, or precise location) where strictly necessary and lawful (e.g., you volunteer information in a controlled research study, or we must verify your identity).

Non-personal data: We may also process non-personal data which includes data, such as anonymised, aggregated, statistical or de-identified data that could be derived from personal data but is considered non-personal in nature because it does not directly or indirectly reveal a person’s identity.

The purposes for which we process your data depend on how you interact with us and which services you use. Not all purposes apply to every service.

The purposes for which we process your personal data may consist of the following:

• Customer and product administration: Set up and manage accounts and subscriptions; provide access to products, apps and content; deliver user and technical support; enforce our terms; manage customer records; contact you about renewals; process payments, and perform related administration (including reporting permitted usage to customers/partners and content/technology providers).
• Delivery of the services: Provide our services and information that you or the sponsoring organization requested or for which you have expressed an interest, or that you access through our services.
• Product improvement & personalization: Deliver relevant features and content (e.g., remembering preferences, improving search results); analyze usage to understand which content and tools are most useful; to enhance the content, design, performance and security of our services; and suggest further services that may interest you (see our Cookie Notice and Preference Center for controls).
• Marketing and events: Offer and promote events/webinars which you can attend; send newsletters and product updates; provide marketing communications about our services (you can manage choices in the Preference Center); and measure and tailor advertising in our services and on third-party platforms.
• Product content: Curate and organize information from public sources for inclusion in our services; and, where you choose to publish certain information (e.g., profiles or collaboration features), make it available within the service according to your settings.
• Research activities: Identify and recruit participants, conduct interviews/surveys (including recordings where notified); manage incentives/honoraria; and contact you about future research in line with applicable rules and consents where legally required.
• Security: Protect our systems; detect/prevent fraud, abuse and security incidents; and ensure service integrity of our services.
• Legal rights & compliance: Comply with laws and regulatory requirements; respond to lawful requests; exercise or defend legal claims; and perform sanctions/export-control screening.
• Business operations & restructuring: Support corporate transactions (e.g., merger, acquisition, reorganization), subject to appropriate safeguards.

The applicable legal basis for the processing of your data depends on the data categories we process and the purposes for which we process your data.

In jurisdictions where privacy laws require a legal basis (e.g., EU and UK GDPR), we rely on the following legal bases (as applicable):

• Consent (e.g., to conduct certain marketing activities in specific jurisdictions; or to conduct some research activities). Where we rely on your consent, we ensure that you have previously given us your consent. We only ask for consent in limited circumstances. You can withdraw your consent at any time via the Preference Center, the link included in emails or as specified when we obtain your consent. In particular, you can opt out of our marketing communications at any time – all Clarivate marketing emails contain an “unsubscribe” or “manage my preferences” link.
• Contract (e.g., to provide and support the services under a contract with you, or with your employer/institution where needed to deliver access you are entitled to). If you have a contract (including a user agreement or end user license agreement) with us, we process your personal data to perform that contract (i.e., provide you with services or payment).
• Legal obligations (e.g., to comply with data storage obligations in certain jurisdictions, or to respond to justified requests from authorities). Where we process your data to comply with legal obligations, we ensure that such legal obligation applies to us as well as your data.
• Legitimate interests (e.g., product improvement, security, customer administration, service analytics, B2B relationship management, anonymization). When we rely on legitimate interests, we balance our interests against your rights and expectations. Only when our legitimate interests outweigh your interests, we rely on this legal basis.

In jurisdictions where such a requirement does not apply, we will process personal data in compliance with applicable local laws and in line with Clarivate’s global privacy standards.

We may anonymize, aggregate, or de-identify personal data and process the derivative non-personal, anonymized, aggregated, statistical or de-identified data (“Non-personal Data”), including through machine-based systems that are designed to operate with varying levels of autonomy and that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions that influence physical or virtual environments (“AI systems”) and/or AI systems that use deep learning foundation models specifically intended to generate, with varying levels of autonomy, content such as complex text, images, audio, or video.

Non-personal data may be derived from your personal data but is not considered legally personal data because this data does not directly or indirectly reveal your identity. We may use such non-personal data to analyse the effectiveness of our services, improve and add features to our services, conduct research and for other similar purposes. We will not attempt to re-identify aggregated or de-identified data. For the avoidance of doubt, relevant data protection laws and this Notice will continue to apply to the processing of all forms and categories of personal data.

The recipients of your personal data depend on how you interact with us and which services you use.

The following recipients may receive your data:

• Members and contractors of Clarivate whose roles require access to your personal data, e.g., for customer support, marketing, technical operations and account management purposes. All our personnel are required to protect your personal data and keep them confidential.
• The organization providing you access to our services (e.g., your account administrator, university, school, or employer) in case you use our services under corporate/institutional subscriptions, e.g., for usage analysis, access and license management, collection management, contract and regulatory compliance and cost allocation.
• Service providers we have engaged to support us with our delivery of the services and who process personal data on our behalf (e.g., providers of cloud computing, recruiting portals, tools supporting us with organizing events, web analytics services, and credit card payment processors). Such service providers are contractually bound to protect your personal data to the same standard as Clarivate does and to meet sector specific regulations such as the Payment Card Industry Data Security Standard (PCI DSS) for credit card payment processors.
• Business and other third-party partners with whom we deliver co-branded services or host events, engage for marketing purposes, or whose content or technology we make available through our services. We may also share certain personal data (pseudonymized) you provide to us, such as through web form submissions, with third-party advertising partners to optimize advertising and deliver personalized advertisements that you will see on other sites
• Professional advisors such as legal counsel and information security professionals where reasonably required to protect our rights, users, systems and our services.
• Prospective and actual buyers, sellers, advisers or partners in relation to any sale, merger, acquisition or similar corporate event involving Clarivate.
• Government agencies, law enforcement, courts and other public authorities where we have an obligation to disclose or keep your personal data by law or need to disclose them in order to adequately cooperate, defend ourselves, etc. You may be required to consent to disclosure if you wish to enter contests or sweepstakes.
• Subscribers to and members of our services can access your personal data where they are collected from public sources for inclusion in our product databases or you choose to provide your personal data to us for displaying them in our services (for example, in profiles and when using online forums). Additionally, if you or your organization register for one of our membership-based communities or products, we may make information about you (including contact and institutional information) available to other members through online and offline services.
• Other third parties you have asked us to share information with or if you are aware that they may access your information as it is public or where you have provided us your consent, e.g., if you upload information into a public platform or forum that is publicly accessible, or in case of certain research related disclosures to sponsors of the research project or disclosures in the context of contests/sweepstakes.

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data to help protect it against accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to, the Personal Data we process of use. Our controls include (as applicable) industry-standard encryption technologies, firewalls, role-based data access, intrusion-detection software, and physical security at the facilities where data is processed. Our privacy and security teams deliver training, maintain policies and records, and operate an incident response process. For more details on our program and any independent assessments, see our Trust Center.

Please note that no security measures can guarantee full security and therefore we cannot ultimately guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will never occur. If you believe your account or information has been accessed without your authorization, please contact us at data.privacy@clarivate.com. If we become aware of a personal data breach, we will comply with our legal obligations to notify the competent supervisory authorities and affected data subjects if required by applicable privacy laws.

Please read the Cookie Notice for information about cookies and other tracking technologies used in our services and for how we select partners to use cookies and similar tools. If you wish to change your cookie preferences or opt out of the use of non-essential cookies, please click the “Manage Cookie Preferences” link available in the website footer.

Our marketing emails contain tracking pixels that enable us to track when you open an email, click on links, and visit pages on our website. We use these pixels to gauge the effectiveness of our marketing emails and to tailor future email communications to your interests. Every marketing email you receive will include a link to unsubscribe from future marketing emails. You can also unsubscribe from marketing emails at any time by visiting our Preference Center. If you unsubscribe from marketing emails you may still receive transactional emails related to your product purchases and use (which, however, do not include such tracking pixels).

We retain your personal data throughout the period of your relationship with us and retain it for as long as necessary to fulfil the purposes for which we collected it as described in this Notice. For more information on how long we store your data, please contact us at data.privacy@clarivate.com.

Clarivate is a global business, and your data may be transferred to countries with different privacy and data protection laws, including to countries such as the United States.

If a  such transfer is required and no adequacy decision in respect of the country where the data recipient is based, including Clarivate companies, or no legal exception applies (e.g., if the transfer is required for the establishment, exercise or defense of legal claims), we protect transfers from the European Economic Area, the United Kingdom and Switzerland by way of  Standard Contractual Clauses approved by the European Commission (“Standard Contractual Clauses”) including the amendments under the UK Addendum and the required modifications for Switzerland. For personal data subject to other jurisdictions, we rely on other transfer mechanisms recognized under applicable law – you may find further information in the applicable supplemental notice.

Depending on where you are located or where you reside, you may have certain rights over your personal data under local data protection laws. We will honor the requests you make related to your rights as required by law; in some cases, there may be legal or other official reasons that we may not be able to fulfill the specific request you make related to your privacy rights.

You may have the following rights:

• Information and access: You may have a right to know what personal data we hold about you and be given information about how we process or have processed or have processed it. You may also have the right to obtain confirmation from us that we process your personal data, and if so, request access to or a copy of such personal data. To the extent permitted by law, we may charge a reasonable fee based on administrative costs for copies of your personal data requested by you.
• Correction: You may have the right to request that we correct inaccurate personal data we hold about you. You may also have the right to have incomplete personal data completed.
• Erasure: You may have the right to request that we erase some or all of your personal data.
• Restriction: You may have the right to ask us to restrict further processing of your personal data.
• Objection: You may have the right to object that we process some or all of the personal data we hold about you if we process your personal data based on our legitimate interests.
• Data portability. You may have a right to request to receive your personal data in a structured, commonly used and machine-readable format, or, where feasible, to have us transfer your personal data directly to another organization.
• The right to withdraw consent. You may have the right to withdraw your consent to the processing of your personal data where we rely solely on your consent for processing such data. Your withdrawal will not affect the lawfulness of our processing based on your consent before your withdrawal, and you can always give us your consent again in the future.
• Automated individual decision-making. You may have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, which produces legal or similarly significant effects on you. We will inform you if automated individual decision-making takes place.
• Right to complain. If you believe that we have infringed your rights, we encourage you to contact us first at data.privacy@clarivate.com so that we can try to resolve the issue. However, you may have the right to directly lodge a complaint with the competent data protection authority. For individuals in the European Union, please refer to this list of data protection authorities.

There may be further or other privacy rights available, depending on where you are based. For further information, please review the applicable supplemental notice.

We will respond to your request without undue delay and within the timeframe granted by the applicable privacy laws, e.g. within one (1) month under the EU and UK GDPR. Where permitted, we may extend this period (e.g., by up to two (2) additional months if the request is particularly complex or if you have made multiple requests). In such cases, we will notify you of the extension and the reasons for it. We may ask you to verify your identity and to clarify your request.

To exercise your rights as described above, please use one of the following methods:

• Through our online portal here.
• Or via email under data.privacy@clarivate.com

Our services may contain links to websites that are operated by third parties. We are not responsible for the content or privacy practices of those third parties and encourage you to review the privacy notices of these websites.

Where we embed a content feed, video player, social feeds, or other applications into our websites, the respective providers may set cookies or collect data when you interact with these services.

If you are located in the EEA, the UK or other countries with comparable data protection regimes, such feeds, video players, and/or applications do not set cookies and collect personal information from you unless you are informed about it and have provided your consent. If information is strictly necessary for the performance of the service, we require the service provider to protect your information consistent with this privacy policy.

Our services are generally not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you are under 13, please do not register or send us personal data about yourself. For more information, see our Children’s Privacy Policy.

Some of our services are offered to schools or libraries and may be used by students aged 13 or under 13 through an authorized institutional account. In those cases, we provide these services and they may only be accessed through an authorized institutional account. We rely on the institution to manage access and provide any required notices or consents in accordance with applicable privacy laws in that local jurisdiction. We design student interfaces to minimize personal data collection.

Clarivate is the controller for data as described in this Notice except as specified below, which means that Clarivate determines the purposes and means of the processing of personal data.

Some of our customers or business partners may enter your personal data into our services, provide or have us collect your personal data in order for us to process such data on their behalf. With respect to such data, depending on the individual case, Clarivate may be a processor. This includes but is not limited to the processing of your personal data in  connection with providing certain services, e.g., for verification purposes, such as Ex Libris services, ProQuest services, Techstreet private-label stores, and other software-as-a-service or hosted solutions and related services specified in our agreements with our customers. Where we act as processor, we conclude separate data processing agreements with the organization that is the controller.

In such cases we do not make decisions about how your personal data is processed in those instances and will not use or share any such data except as provided in the respective data processing agreements. To find out more about how these customers and business partners treat your personal data, you should refer to their privacy notices.

Additional information on our processing of personal data may be provided in offer descriptions, supplemental privacy notices or notices provided prior to or at the time of the collection of personal data.

We may update this Notice from time to time. When we do, we will post the revised version and update the “Last updated” date. If changes materially affect how we process your personal data or your rights, we may provide an additional notice (e.g., email, in-product message, or site banner) and, where required, obtain your consent before applying these changes. For non-material changes, posting the updated Notice will always be sufficient. We encourage you to review this Notice periodically. We will not use personal data already collected in a materially different way without an appropriate legal basis (and consent where required by law).

This Notice was last updated as of the effective date listed above.

Minor changes to the Notice may occur that will not significantly affect our use of personal data without notice or consent.

If you have any concerns about how we process your personal data, please contact us at data.privacy@clarivate.com or via the mailing address below.  We hope that we can satisfy any queries you may have about the way in which we process your personal data.

You may find additional information about Clarivate’s privacy program at the Clarivate Privacy Center.

If you have questions regarding our use of your information for marketing purposes, please contact the data privacy team at data.privacy@clarivate.com.

If you want to exercise your rights over your data, you can learn more and submit requests here.

The representative under the European General Data Protection Regulation for the Clarivate group is:

Clarivate Analytics (ESPAÑA) SAU
Carrer de Provença, 398
08025 Barcelona
Spain

Clarivate Analytics (UK) Limited

Attn: Legal, Clarivate Global Privacy Office
70 St Mary Axe
London EC3A 8BE
United Kingdomtel:442074334000

Clarivate Analytics (US) LLC

Attn: Legal, Clarivate Global Privacy Office
1500 Spring Garden Street
Philadelphia, PA 19130
United States

Email: data.privacy@clarivate.com

www.clarivate.com