Privacy Statement

MedeAnalytics Privacy Statement (U.S. website)

MedeAnalytics, Inc., (“MedeAnalytics” or “we” or “our” or “us”) along with MedeAnalytics Group Holdings, LLC, MedeAnalytics Intermediate Holdings, LLC, Moon MA Acquisition, LLC, MedeAnalytics Parent, Inc., Maverick Holding, Inc. values individual privacy, and we are committed to protecting individuals’ personal information.

This Privacy Statement (this “Statement”) explains what personal information we collect, how we collect that information, and what we do with the personal information we collect. This Statement also explains the rights you may have related to your personal information, and how you can contact us with questions about our privacy practices or to request changes or updates to the personal information we have about you.

Explanations about our general personal information practices are provided below, or you may wish to skip one of the following topics:

General Personal Information Practices
Information for California Residents
Information for Other (Non-California) U.S. State Residents
Information for Individuals Subject to EU Data Protection Law

Scope of this Privacy Statement

This Statement applies to information that we collect about you as an individual user (“you”):

by your use of our public website at https://medeanalytics.com/ (directed to the United States) (“Public Site”),
by your use of online services available to our clients that may be accessed via our websites (“Client Services”), and
by providing your personal information to us or to a partner, service provider, or other entity for the purpose of obtaining information (whitepapers, newsletters, etc.), products or services from us, or
when applying for a position with us.

This Statement does not apply to personal information that we receive or collect from or on behalf of our clients in connection with the use of our products or services (including, but not limited to, when information is provided to us through Client Services). We process this data in our role as a service provider or data processor, and only in connection with products and services that we provide to our clients, and according to our clients’ instructions.

Additionally, this Statement does not apply to the personal information that is collected in a human resources (“HR”) context. If you are a California resident, or a resident of another U.S. state with an applicable enacted state privacy law, and we have collected personal information from you in an HR context, such as an employee, please contact us by mail or phone as provided under Section A.9 (Contact Us) below regarding our HR Privacy Notice.

A. General personal information practices

1. Information we collect and how we collect it

a. Information that You Decide to Provide to Us. When you register as a user, request information from us, subscribe to a service, apply for an available position with us, visit our booth at an industry event, or communicate with us through our Public Sites or Client Services, we may ask you to provide certain information about yourself, such as your name, email address, phone number, employer, or similar information to respond appropriately to your request. In these cases, you will know what information is collected through the Public Site or Client Services because we collect the information you provide to us. If there is information that you are required to provide to us or that we are required to collect, based on either law or contract, we will advise you of the requirement at the time we collect that information, and we will also provide information about any consequences of a failure to provide required information.

b. Information that We Collect Automatically. As part of the standard operation of the Site, we automatically collect information from your computer or device, including IP address, domain name (that you visited from www.company.com, for example), referral or exit data (the last website that you visited before coming to the Site and the next website you visit afterwards), as well as browser and platform type (a Google browser or an Apple platform, for example). In addition, we collect information about how you use the Site, such as the date and time of your visit, the amount of time you spend on the Site, how often you visit the Site, the areas, or pages that you spend the most time on, and other click-stream data.

c. Cookies, Beacons and Tags. A cookie is a small text file that is stored on your computer or device when you access the Site. We use cookies on the Site to collect some of the information described above as information we collect automatically, to remember your settings, and for authentication. You can manage the use of cookies through your browser. You may still use the Site if you reject cookies, but it may limit your ability to use some areas of the Site. In addition, with the assistance of our third-party partners and service providers, we may use technologies such as web beacons, tags, Flash cookies or HTML5 to collect or use information about visitors to our Public Sites or Client Services and your actions on those sites for site operations/functionality purposes, and content and/or formatting effectiveness.

d. Information We Collect Indirectly About You. We may receive personal information about you from others, for example: submitted through our Client Services if you request additional information about our products or services through one of our business partners, through employment recruiters, by referral from a current client or from another third party who may share your personal information with us. We may also collect your personal information through our relationship with our clients, in accordance with the contractual relationship we have with a client.

For information about opting out of or managing the collection or use of such information, please see the section below regarding “Your Choices.”

2. How we use information we collect

Information that we collect, including your personal information, may be used for the following purposes:

To present the Public Sites and Client Services and their content to you.
To provide online services that you may access through the Public Sites or Client Services.
To provide, maintain and improve our products and services.
To respond to your questions or requests for information, or to fulfill any other purpose for which you provide your information to us through the Public Sites or Client Services.
To provide you with information about our services, product updates, industry education, invitations to upcoming events, and similar information.
To conduct surveys to ensure the Public Sites and/or Client Services are relevant to your needs, or to follow up with you personally to make sure your needs are being met.
To better understand how people, use our Public Sites and Client Services, including measuring and monitoring user traffic and using aggregate statistical analysis, which informs future enhancements and changes to the websites.
To better understand how our clients, use and interact with our products and services, including by combining information collected through the Public Site and Client Services with information about our clients collected by other means.
To consider your application for a position available with us.
To contact you about our products and services in response to your visiting our booth at a tradeshow, through a partner that you provided your information to, or other platform that facilitates targeted or other marketing based on their direct relationship with you (such as LinkedIn).
For the purpose of providing contracted services to our clients.
For any other purpose that we describe at the time we collect your information.

Referrals. If you choose to use our referral service to tell a friend about our website, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the website. We will use information you submit only to send this email and track the success of the success of our referral program.

In addition, if you use the Site or access client services through the Site on behalf of one of our clients, we may combine information about you that is collected through the Site with information about you that has been provided by our client.

3. Disclosures of your information

We may disclose information about visitors to our Public Websites and our Client Services, or that we may otherwise have about an individual, which does not identify the individuals, without restrictions.

Personal information about you, that you provide or that we collect as described in this Statement, that may identify you, may be disclosed to third parties as follows:

To our subsidiaries and affiliates.
To agents and service providers who are bound by confidentiality obligations and who use the personal information only on our behalf.
With your consent.
To deliver requested products or services, or otherwise to fulfill a contractual obligation to you or to a client.
To initiate a background check if you have applied for a position with us.
As otherwise described in this Privacy Statement.

We may also disclose your personal information:

As required by law, court order, or legal process, including responding to a subpoena, to respond to a government or regulatory request, or to cooperate with law enforcement investigations.
To enforce our contractual rights, take precautions against liability, investigate suspected or actual illegal activities, or to investigate and defend ourselves against third party claims or allegations.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about users of the Site is among the assets transferred.
When we believe that disclosure is necessary or appropriate to protect the rights, property, or personal safety of ourselves, our clients, or others.

Whenever we disclose personal information to a third party, we endeavor to minimize the disclosure to only information that is necessary for the purpose of that disclosure.

The types of personal information that may be disclosed about you include unique identifiers (your name, date of birth), demographic information (phone number, mailing address), transaction history with us or our websites, etc.

It is our policy not to sell, rent or exchange your personal information with any third party for commercial purposes. It is our policy not to provide your personal information to third parties for those third parties’ direct marketing purposes without your consent.

4. How long we retain your information

5. Transfers of personal information to other countries

6. Your choices

a. Client Controls.If you are one of our clients, you may control the personal information we have about you through your account profile page.

b. Non-Client Controls. If you are not one of our clients – for example, if you are a former client, a website visitor, a sales/marketing or vendor contact, or job applicant – and you wish to inquire about, access, correct, update, or delete personal information that we may hold about you, please submit your request via:

https://medeanalytics.com/privacy-requests/
For U.S. by email: ChiefPrivacyOfficer@medeanalytics.com
For EEA or UK by email: DataProtectionOfficer@medeanalytics.co.uk or contact us by mail or phone as provided under Section A.9 (Contact Us) below.

Please understand that before responding to your request, we may ask you for additional information in order to verify your identity or take other actions that we believe are appropriate in order to verify your identity.

Please also understand that we may not be able to alter or delete your personal information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In some circumstances, we may charge a reasonable fee to fulfill your request.

c. Personal information held on behalf of our clients. In some cases, we may hold personal information as a service provider, solely on behalf of our clients (who determine the means and purposes of processing that personal information). In those cases, we may have no direct relationship with individuals whose personal information we hold, and any inquiries or requests to access, correct, update, or delete personal information about you should be made directly to our client. We will honor and support any instructions we receive from a client with respect to your personal information that we process on behalf of that client.

In some cases, we may simply not be aware that we have personal information about an individual, because it was collected through the direct relationship between the client and the individual. We may also encourage requests to be directed to our clients for this reason.

d. Marketing and Advertising.We have engaged third parties to manage marketing and advertising communications on other sites, which may collect personal information about you and provide advertising to you based upon your browsing activities and interests. If you prefer not to have information used for the purpose of serving you personalized ads, you may opt-out or change your preferences at http://www.google.com/settings/ads, if you are located in the European Union at http://www.youronlinechoices.eu/

To show videos on our websites, we have engaged a third party that uses local shared objects such as Flash cookies and local storage such as HTML5 to save content and viewing preferences (volume, for example). Flash cookies may be managed at:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html. Your browser may offer tools to manage HTML5.

e. Opting out of communications. If you no longer wish to receive our newsletter or marketing emails, you may stop those communications by following the unsubscribe instructions included in the emails, or if you are a client, by accessing the email preferences in your account settings page, by contacting us as follows:

Existing MedeAnalytics clients: https://client.medeanalytics.com

All others: https://medeanalytics.com/privacy-requests/ or as provided under Section A.9 (Contact Us) below.

f. Do-not-track settings. The Public Site and Client Services do not respond to “do-not-track” requests or similar browser settings.

7. Security

We take reasonable steps and follow generally accepted industry data practices to protect the personal information submitted to us from accidental loss and from unauthorized access, use, alteration, and disclosure. There is no totally secure or error-free method of transmitting data over the Internet, and we cannot guarantee the absolute security of your personal information.

You are also responsible for the safety and security of your information. It is your responsibility to keep secret any username and password that you use for client login or to access other features of the Site. Please do not share this information with any other person and remember that you are responsible for any use of the Site when it is accessed with your username and password. If you ever suspect or believe that your username or password have been compromised or used by somebody else, please promptly tell us by emailing us at ChiefPrivacyOfficer@medeanalytics.com.

8. Changes to our Privacy Statement

We review this Privacy Statement annually, or as otherwise required, and update it to reflect changes to our information practices, applicable legal requirements, or other changes as we deem appropriate or are required of us. If we make any material changes to how the personal information, we collect about you or how we process it, we will provide a notice on our websites by updating the date the Statement was last revised. We encourage you to periodically review this Statement.

9. Contact us

Please feel free to contact us with any questions, comments, complaints, to exercise a right or control related to your personal information or submit suggestions regarding this Privacy Statement or our information practices.

You can contact us by any of the following methods:

Via webpage contact form: https://medeanalytics.com/privacy-requests/ (Before using this form please note: This form is hosted in the United States and data entered on this form will be reviewed in the United States and may be shared with our Data Protection Officer located in the UK)
For U.S. by email: ChiefPrivacyOfficer@medeanalytics.com or DataProtectionOfficer@medeanalytics.com

For EEA or UK by email: DataProtectionOfficer@medeanalytics.co.uk
By postal mail or telephone at:

MedeAnalytics, Inc.
501 W. President George Bush Highway, Suite 250
Richardson, TX 75080

Phone: (469) 916-3300

Toll-free: (866) 470-6333 (select option #4)

Our Data Protection Officer/Privacy Officer can address any concerns or complaints. If you are a resident of a country in the European Economic Area, you may elect to lodge complaints with a supervisory authority, particularly the supervisory authority in your place of residence, place of work, or in the place where any alleged improper acts occurred.

B. Information for California Residents

We are required under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”) (collectively, the “CCPA”), to provide California residents with certain information about the rights granted to California residents under the CCPA and about our practices with respect to the collection, use and sharing of personal information and sensitive personal information. For the purposes of this section of this Privacy Policy, “personal information” and “sensitive personal information” have the meaning given to those terms under the CCPA.

1. Privacy Rights of California Residents

Where applicable and with certain exceptions, California residents have the following privacy rights under the CCPA:

The right to request information described below about how we have collected and used personal information about you within the past 12 months, subject to certain exceptions and limitations:
- The categories of personal information we have collected about you;
- The categories of sources from which we collected personal information about you;
- The categories of third parties to whom your personal information was disclosed;
- The business or commercial purpose for which your personal information was collected and/or sold;
- Whether we have disclosed your personal information for a business purpose, and if so, the categories of personal information received by each category of third-party recipient; and
- Whether we have sold your personal information for a business purpose, and if so, the categories of personal information sold to each category of third-party recipient.
The right to request a copy of the specific pieces of personal information we hold about you;
The right to request that we erase your personal information, subject to certain exceptions;
The right to request that we correct inaccurate personal information we hold about you, subject to certain exceptions;
The right to limit our use of your sensitive personal information to specifically permitted purposes;
The right to direct a business that sells your personal information to cease selling your personal information; and
The right to be free from discrimination for exercising any of the rights above.

In certain instances, we are only obligated to comply with verified consumer requests, and we will need to verify your identity prior to addressing or fulfilling a request made pursuant to the CCPA. Your request must provide information that allows us to reasonably verify that the request comes from the person about whom we collected personal information, or a person authorized to act on their behalf.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to personal information collected about you. If a request is made by an agent on your behalf, the agent must provide sufficient information for us to reasonably verify that they have been properly designated or authorized by you to act on your behalf.

Please also be aware that the regulation establishes our obligation to provide you, upon request, a copy of your personal information held by MedeAnalytics up to twice in a 12-month period.

2. How to exercise your rights

3. Personal information that we collect, use and share

We are also required under the CCPA to provide California residents with certain information about how we collect, use, and share personal information by reference to statutory categories set forth in the CCPA. The chart below summarizes our practices with respect to personal information of California residents during the 12 months preceding the date of this Privacy Policy, by reference to the information provided above.

Please note that we do not and will not, “sell” personal information collected about you, as “selling” is defined in the CCPA.

Statutory Category	Information Collected	Sources of Information	Purposes of Collection	Disclosures to Third Parties
Identifiers (such as name, email, address, phone number)	A.1	A.1	A.2 and A.3	A.3
Financial, medical or insurance information (such as payment cards, financial account numbers)	A.1	A.1	A.2 and A.3	A.3
Characteristics of protected classifications under California or federal law (such as age, gender, race, citizenship)	A.1	A.1	A.2 and A.3	A.3
Commercial activity and information (such as transaction history)	A.1	A.1	A.2 and A.3	A.3
Internet or network activity and information (such as usage and browsing data)	A.1	A.1	A.2 and A.3	A.3
Professional or employment information	A.1	A.1	A.2 and A.3	A.3
Geolocation data	Not collected in ordinary business operations	Not collected in ordinary business operations	Not collected in ordinary business operations	Not collected in ordinary business operations
Sensory or biometric information (such as photos, other recorded electronic information)	Not collected in ordinary business operations	Not collected in ordinary business operations	Not collected in ordinary business operations	Not collected in ordinary business operations
Inferences drawn from any personal information collected	Not collected in ordinary business operations	Not collected in ordinary business operations	Not collected in ordinary business operations	Not collected in ordinary business operations
Sensitive Personal Information (such as social security or driver’s license number, religious or philosophical beliefs, racial or ethnic origin, sexual orientation, or account log-in or credit card number combined with required access credentials)	Not collected in ordinary business operations.	Not collected in ordinary business operations.	Not collected in ordinary business operations.	Not collected in ordinary business operations.

C. Information for other (Non-California) U.S. state residents

Residents of Colorado, Connecticut, Virginia, and certain U.S. states may have specific rights regarding our collection and use of your personal information under your state’s consumer privacy laws, where applicable. We comply with relevant data privacy laws of those U.S. states, including the Colorado Privacy Act (“CPA”), Connecticut Personal Data Privacy and Online Monitoring Act (“CTDPA”), and Virginia Consumer Data Protection Act (“VCDPA”).

D. Information for individuals subject to European Data Protection Law

With respect to persons located in the European Union (“EU”), European Economic Area (“EEA”), the United Kingdom (“UK”) or other locations subject to EU (and aligned) data protection laws (collectively “Europe”), we recognize and comply with relevant data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”), and we provide the following information in accordance with such law. For the purposes of this section of this Privacy Statement, “personal information” has the same meaning as “personal data” under GDPR.

1. Why we are able to collect and use your personal information

We rely on our legitimate interests and the legitimate interests of our clients as the legal basis for processing personal information subject to European data protection laws. Specifically, it is necessary for us to process personal data in order to pursue our legitimate interests in ensuring the proper operation and furthering our understanding of the Site and services accessed through the Site. Also, for people who use the Site or access services on behalf of one of our clients, we collect and process information as a necessary part of the services that we provide to our clients.

In some cases, where we ask for your consent to use information about you, your consent acts as the legal basis for our use of that data. In those cases, you have the right to withdraw your consent at any time. If you would like to withdraw your consent, please contact us or our Data Protection Officer by email. For U.S. by email: ChiefPrivacyOfficer@medeanalytics.com or DataProtectionOfficer@medeanalytics.com. For EEA or UK by email: DataProtectionOfficer@medeanalytics.co.uk or as otherwise provided in this Statement under Section A.9 (Contact Us) above.

2. Transfer of your personal information outside of Europe

For the purposes described in this Statement, we may transfer personal information out of Europe as follows:

To the United States, including for purposes of recruiting through our online portal, as well as for purposes of communications and engagement with our customers, vendors, and service providers.
In connection with data practices described above, under How We Use Information We Collect.

These countries may not have enacted laws that provide the same level of protection of personal information as the laws of the EEA, and the European Commission has not issued any formal decision that these countries provide an adequate level of protection of personal information.

a. EU-U.S. Data Privacy Framework and UK Extension.

MedeAnalytics, Inc. complies with the EU-U.S. Data Privacy Framework (the “EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. MedeAnalytics has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (the “EU-U.S. DPF Principles”) with regard to the processing of all personal information received from European Union (EU), European Economic Area (EEA) and the United Kingdom (UK). (Additionally, in recognition of the Schrems II decision invalidating the Privacy Shield Framework/Data Privacy Framework, we may enter into standard contractual clauses or seek individuals’ consent to transfers of personal information to the U.S., as necessary or as appropriate.)

We are committed to subjecting all personal information received from European Union (EU), European Economic Area (EEA) member countries and the United Kingdom (UK), in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, to the applicable EU-U.S. DPF Principles. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We continue to recognize our responsibility for the processing of personal information we receive under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and for our subsequent transfers of that personal information to any third party acting on our behalf. As required under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we enter into written agreements to require those third parties to provide at least the same level of protection that would be required under the Framework, to use information only for limited and specific purposes, and to meet other Framework requirements. We comply with the EU-U.S. DPF Principles for all onward transfers of personal data from the EU, EEA and the UK, including the onward transfer liability provisions.

With respect to personal information received or transferred pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF , MedeAnalytics, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required under applicable law to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In continuing compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, MedeAnalytics commits to resolve EU-U.S. DPF Principles-related complaints about our collection or use of your personal information. EU, EEA and UK individuals with inquiries or complaints regarding our handing of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF or this Privacy Statement should first contact MedeAnalytics at

for U.S. by email: ChiefPrivacyOfficer@medeanalytics.com or DataProtectionOfficer@medeanalytics.com.

For EEA or UK by email: DataProtectionOfficer@medeanalytics.co.uk, or as we may otherwise provide in this Statement under Section A.9 (Contact Us) above. We are committed to addressing complaints raised to us and will investigate and seek to resolve any complaints within 45 days of receipt.

If you have an unresolved complaint about our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, please contact our U.S.-based third-party dispute resolution provider, TRUSTe, at https://feedback-form.truste.com/watchdog/request. The services of TRUSTe are provided at no cost to you.

Under certain conditions, more fully described on the Data Privacy Framework Program website at https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may have the option to invoke binding arbitration when other dispute resolution procedures have been exhausted.

b. Standard Contractual Clauses. Transfers of personal information to other countries will be performed under standard contractual clauses approved by the European Commission, as permitted pursuant to Article 46(2)(d) and (5) of the General Data Protection Regulation (Regulation 2016/679).

If you would like more information about our transfer of data outside of the EEA or copies of relevant documents, please contact us or our Data Protection Officer by email for U.S. by email: ChiefPrivacyOfficer@medeanalytics.com or DataProtectionOfficer@medeanalytics.com

For EEA or UK by email: DataProtectionOfficer@medeanalytics.co.uk, or as otherwise provided in this Statement under Section A.9 (Contact Us) above.

3. Your rights

If you are a resident of a country within Europe, you have certain individual rights under the General Data Protection Regulation (Regulation 2016/679) or related local legislation. You have the right to obtain confirmation from us as to whether or not we process personal information about you. And if we do process your personal information, your other rights may include, subject to certain exceptions:

The right to access your personal information and receive certain information about our privacy practices.
The right to have us correct incorrect information that we hold concerning you, or to complete incomplete information.
The right to request that we erase information concerning you and to have that information erased under certain conditions.
The right to restrict our processing of information concerning you under certain conditions.
The right to object to our processing of information concerning you under certain conditions.
The right to object to our use of information concerning you for direct marketing, or for profiling relating to direct marketing.
The right to receive personal information that you provided to us in a structured and commonly used electronic format and the right to transmit that information to another entity, in certain situations.
The right to object to decisions based on automated processing of information concerning you if those decisions have legal effects or similarly significant effects.

If you would like to exercise any of these rights, please contact us or our Data Protection Officer by email: DataProtectionOfficer@medeanalytics.com, or as otherwise provided in this Statement under Section A.9 (Contact Us) above.

Please understand that, before responding to your request, we may ask you for additional information in order to verify your identity.

If we hold information concerning you on behalf of one of our clients, please understand that we may not be aware that we have your information because we avoid receiving personally identifying details from many of our clients. Or, if we are aware that we hold or process information about you on behalf of a client, we may not be able to accommodate your request to exercise these rights, and we may direct you or your request to our client who controls that data.

In addition, we may not be obligated to fulfill your request to exercise your rights if we are restricted by applicable local laws, or when fulfilling your request would negatively impact the rights and freedoms of other individuals.

We may decline to fulfill requests or charge a reasonable fee based on our administrative costs if requests are clearly excessive or unfounded, and particularly in cases where requests are repetitive.

Last Review Date: February 5, 2024

Last Modified: February 5, 2024