Privacy Policy of Medical Data Analytics (MDA)

an RTI Health Solutions Business

Effective Date: 22 December 2020

This privacy policy (“Privacy Policy”) relates to Medical Data Analytics’ (“MDA,” “we,” “us,” or “our”) collection, processing, and disclosure of personal information in connection with provision of our Services. Please refer to the Cookie Policy and Privacy Policy for information relating to services that may be made available through (the “Website”).

MDA provides research subject recruiting, data analytics, and related services (“Services”) to pharmaceutical companies and other organizations (“Clients”). MDA, our Clients, or third parties engage clinical research organizations and other research services providers (collectively, “Research Providers”) on behalf of Clients to conduct research studies and provide related services.

The Information We Collect

During the provision of our Services, we may collect or receive the following information:

From Clients and Research Providers: The categories of personal information we manage related to our Clients and Research Providers (and their affiliates and contractors) include company name, identification information, tax information, and bank details, together with the name and contact information of natural persons employed by or representing the company in their interactions with MDA. We obtain this information when Clients and Research Providers voluntarily provide it to us, through automatic collection via participation in a research study or from third parties. We may record telephone calls between our Clients and MDA representatives for the purposes of accuracy and general quality assurance as well as between Research Providers and MDA representatives for the purposes of accuracy, performance reviews, training, and general quality assurance. 

From Participants in Research Studies: MDA typically has no direct contact with individual participants (“Participants”) in research studies and therefore does not receive or collect information directly from individual participants.  In certain studies, MDA will obtain consent to have a Participant’s email address to send a link to a questionnaire.  In those studies, information collected from the questionnaire will not be linked to the email address so MDA would not be able to associate the answers with the individual participant.   MDA typically collects and/or receives information regarding Participants (“Participant Data”) from Clients, and/or from Research Providers on behalf of specified Clients. Depending on our Clients’ research objectives, we collect and/or receive all or part of the following Participant Data: age, gender, height, weight, and region (country/state/zip code) and, for Participants located outside the European Economic Area, we also collect and /or receive race and ethnicity information. MDA does not collect and/or receive Participant names, postal address information (except as noted above), telephone or fax numbers, social security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate and license numbers, vehicle identification numbers, device identifiers and serial numbers, biometric identifiers (such as voiceprints and fingerprints), or full-face photographs or comparable images.  MDA receives only the minimum amount of personal data necessary to complete the research services it is contracted to conduct. MDA is prohibited by contract and its internal policies from obtaining, or attempting to obtain, the identity of any Participant or any additional personal or other data that would permit MDA to identify any Participant.

How We Use This Information

We use personal information collected and/or received regarding our Clients and Research Providers to assist with provision of the Services, including for purposes of customer service, accounting, billing, collections, honorarium disbursement, and direct marketing of our other products and/or services. MDA processes Participant Data for the purpose of meeting our Clients’ study and/or trial objectives. 

How and With Whom We Share This Information

MDA shares personal data from research studies, which cannot be directly attributed to a specific subject, with subcontractors and professional advisors who are engaged to assist with Client research pursuant to written agreements.  These written agreements include the same restrictions on processing as per this Privacy Policy, MDA’s contractual obligations regarding personal data, and appropriate privacy and security obligations under law. MDA permits access to specific information collected through the course of the study only to the extent necessary to perform the functions assigned to subcontractors and professional advisors. Subcontractors and professional advisors will not have access to data that could be linked to re-identify subjects.  We also share such information with any of our parent companies, subsidiaries, affiliates, or other companies under common control with us for the purposes described herein.

In the event of a merger, dissolution, reconstruction, liquidation, bankruptcy, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.

We are required to disclose personal information in response to lawful requests by public authorities. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.


MDA takes very seriously the security and privacy of the personal information that it collects and/or receives pursuant to this Privacy Policy. Accordingly, we will implement reasonable and appropriate security measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.


The Website contains links to, or you may be directed to, other websites. When you click on one of these links or are directed to such other websites, we encourage you to read the privacy statements of these linked sites, as their privacy policy may differ from ours. MDA has no control over the privacy practices or the content of any of our business partners, advertisers, sponsors, or other websites to which we provide links. As such, we are not responsible for the content or the privacy policies of those third-party websites.

Personal Information Rights

You have the right to opt-out of receiving marketing communications from MDA.  In addition, you have the right to review, change, or modify information you have previously provided.  You may also be entitled (subject to certain exceptions) to request access to the data MDA holds about you or for such data to be erased.  MDA will follow internal procedures when these requests are made to protect the integrity of the data MDA holds.

MDA offers individuals / participants in our research studies the opportunity to choose whether their Personal Information is (a) to be disclosed to a third party, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual / participant.  MDA will not process Sensitive Personal Information (health-related and racial or ethnic origin data) about individuals / participants for purposes other than those which the information was originally obtained or subsequently authorized by the individual / participant unless the individual / participant explicitly consents to the processing (“opt-in”), or as required or permitted. MDA will provide individuals / participants with reasonable mechanisms to exercise their choices to the extent required by applicable law.

If you would like to exercise your rights, please see the ‘Contact Us’ section. You cannot opt out of receiving transactional or administrative e-mails related to the Services.

Retention of Personal Information

We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, subsequently authorized, or permitted by applicable law. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not and cannot be used to identify you personally.

Important Notice for Individuals of the European Economic Area and Switzerland

MDA operates a global business.  As a result, the personal data that we may collect and/or receive regarding natural persons may be transferred to, and stored at, our MDA location in the United States, which is outside the European Economic Area (“EEA”) and Switzerland.  Such personal data may also be processed by people around the world who work for us or for one of our suppliers/vendors.  These people may be engaged in, among other things, the fulfillment of your information requests, data analysis and the provision of support services.  By submitting your personal data, you agree to this transfer, storing, or processing.

MDA has put in place a number of measures designed to protect personal data transferred from Europe and Switzerland to the US.  We maintain a network of specific agreements to require contracting parties to observe data protection legislation.   MDA will rely on your consent for the export of your personal data to the US or will execute standard contractual clauses (SCC) as approved by the European Commission with the exporting data controller. In either situation, MDA will abide by the requirements of the GDPR in the handling of all personal data it receives or processes relating to residents of the EEA and Switzerland.

MDA’s accountability for personal data that it receives in the United States and subsequently transfers to a third party is compliant with GDPR. In particular, MDA remains responsible if third-party agents that are engaged to process the personal data on their behalf do so in a manner inconsistent with the GDPR, unless MDA (as applicable) prove that they are not responsible for the event giving rise to the damage.

If there is any conflict between the terms in this Privacy Policy and the requirements of the GDPR, the GDPR requirements shall govern. 

If you believe MDA maintains your personal data within the scope of the GDPR, you may direct any of your inquiries or concerns concerning MDA’s compliance with the GDPR to MDA commits to resolve complaints about our collection or use of your personal information and we will respond within 30 days. 

MDA has retained an EU representative according to Article 27 GDPR. This representative is ePrivacy and more information may be found at their website

Representative of controllers or processors not established in the Union (Article 27 GDPR):

ePrivacy GmbH
Große Bleichen 21
20354 Hamburg

If you do not find the proposed solution satisfactory, MDA will resolve the dispute under dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) to resolve disputes. The EU DPAs may be contacted directly via the information provided at


We do not knowingly collect personal information from children under the age of 13 through the Website or the Service. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy Policy by instructing their children to never provide us Personal Information. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us, and we will endeavor to delete that personal information from our databases.

California Residents

Under California Civil Code Section 1798.83, California residents who have an established business relationship with MDA or RTI Health Solutions may choose to opt out of our sharing their Information with third parties for direct marketing purposes.  If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your Information to third parties for direct marketing purposes, please send an e-mail to

In addition, MDA does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.

Changes to this Privacy Policy

MDA will amend this Privacy Policy from time to time and will post any changes on the Website. By visiting the Website or engaging our Services after changes are posted, you are deemed to have accepted such changes. Please refer to this Privacy Policy on a regular basis.

Contact Us

For questions, concerns, or additional information regarding MDA’s personal data processing policies please contact our privacy officer: 
•    Via email:
•    Via postal mail address: 5 Sylvan Way, Parsippany, NJ, 07054, USA