Tenet Consulting Privacy Notice

We, Tenet Consulting, LLC (“Tenet,” “we,” “us,” or “our”) understand that your privacy is important to you. We are committed to respecting your privacy and protecting your personal data.

This Privacy Notice describes how we handle and protect your personal data when we collect it through our websites, applications, and digital assets (collectively, our “Sites”) and through our externally facing business activities—such as service offerings, events, surveys, and communications—when we interact with you and collect data from you for use by and on behalf of Tenet (i.e., when Tenet acts as a data controller or similar entity under applicable privacy law).

You are not required to share your personal data with us, but if you do not do so, Tenet may be unable to provide you with our full range of services or a good user experience with our Sites or communications.

Please see our terms of use for more information about other terms and policies applicable to the use of our Sites.

Cookie Notice

We use cookies and similar technologies to understand how visitors use our site, to collect and analyze information on site performance and usage, and for targeted advertising purposes.

We do not sell personal information, but we may share your personal data with third parties for cross-context behavioral advertising, where permitted by law.

You may manage your cookie preferences through your browser settings and, where available, through our on-site cookie controls.

Contents

Data controller

How do we collect your personal data?

Why and how are we using your personal data?

What do we not do when we collect and process your personal data?

Who has access to your personal data? Data recipients and international data transfers

Security

How long do we keep your personal data?

(This section removed)

What are your data protection rights, and how can you exercise them?

Legal definitions and additional GDPR information

1. Data controller

When Tenet collects and processes your personal data in accordance with this Privacy Notice, we do so as the data controller (or, where applicable, joint controller) under applicable law. That means we determine and are responsible for how your personal data is collected, used, protected, disclosed, and disposed of.

If you are located in a jurisdiction where a local Tenet entity is responsible for your data, then that entity may act as your data controller.

2. How do we collect your personal data?

Tenet collects personal data in the course of our business activities both directly from you and via third-party sources:

Direct collection:

When you interact with our Sites (including managing your cookie preferences)

When you register for newsletters, alerts, or other communications from us

When you participate in surveys, panel discussions, or feedback sessions

When you contact us by email, phone, or other communication channels to ask a question or request information

Third-party collection:

We may receive personal data about you from third parties, such as service providers or vendors. This may include publicly available information from business websites, public-facing social media platforms, or other allowed public sources. We may also acquire de-identified datasets from service providers that we maintain in de-identified form. In each case, we strive to ensure the third party has lawfully collected the data and is authorized to share it in compliance with this Privacy Notice.

Sensitive personal data:

We may also collect sensitive personal data only where you optionally provide it or where we have your explicit consent (or another lawful basis under applicable law). When used for research, analytics, or statistical purposes, we will maintain such data in de-identified or aggregated form where required.

We may combine personal data that we receive directly from you with personal data from third parties, provided all collection and use complies with this Privacy Notice.

3. Why and how are we using your personal data?

We use your personal data for various purposes, across multiple legal bases (including GDPR Article 6(1)(a)–(f), where applicable). These legal bases include your consent (Article 6(1)(a)), performance of a contract (Article 6(1)(b)), compliance with a legal obligation (Article 6(1)(c)), protection of vital interests (Article 6(1)(d)), performance of a task carried out in the public interest (Article 6(1)(e)), and our legitimate interests (Article 6(1)(f)).

Managing our business relationship with you

We use your personal data to manage our relationships with clients, prospects, and partners. For example, when we send you information about our consulting services, proposals, statements of work, or deliverables. Typical data used includes your name, pronouns (if provided), email address, location, employer, job title, and other professional details. The legal basis for this use is our legitimate interest in providing and managing our services and business relationships.

Providing access to content, resources, and tools

If you sign up for access to Tenet’s content (like white papers, reports, webinars) we use your personal data to register your access, manage your subscription, and tailor content to you if appropriate. This typically involves your name, email, organization, role, and interests or preferences. The legal basis is your consent (for the sign-up) and/or our legitimate interest in delivering and improving our services.

Newsletters, alerts, and marketing communications

If you register to receive our newsletters or alerts, we use your personal data to send you relevant business insights, industry updates, and information about Tenet’s services and events that may interest you. Data we use may include your name, email address, company, role, preferences, and engagement data (like email opens or link clicks). The legal basis is your consent (where required) and/or our legitimate interest in marketing our services. You can opt out of these communications at any time.

Public user posts, surveys, and research

If you post comments in public forums we host, or participate in surveys or research by Tenet, we use the data you provide to gather insights, develop thought leadership, and improve our offerings. The typical data includes your comments, preferences, or demographic information you voluntarily provide. The legal basis is your consent (when you participate) and/or our legitimate interest in developing our services and research.

Benchmarking, analytics, and service improvement

We conduct analytics and benchmarking (often using aggregated or de-identified data) to understand industry trends, cost-reduction opportunities, and operational performance across clients. Data may include business contact details, behavioral usage data, device/usage logs, and other business-related information. The legal basis is our legitimate interest in improving our services, and your consent where required.

Maintaining and providing Tenet’s services

We use personal data to deliver our consulting services and digital tools, communicate during engagements, manage access or user preferences on our Sites, and generally maintain our infrastructure. Typical data used includes contact details, project information, preferences, and usage logs. The legal basis is our legitimate interest in providing and optimizing our services, and if applicable performance of a contract.

Legal compliance, risk management, and governance

We process personal data to comply with applicable laws and regulations, respond to lawful requests from authorities, enforce our terms and policies, address fraud, and protect our business and clients. Data used depends on the specific compliance or legal requirement. The legal basis is compliance with legal obligations and/or our legitimate interest in managing risk and protecting rights.

Applications security, performance, and troubleshooting

We collect technical and usage data from your interaction with our Sites and applications to improve performance, detect and fix errors, and protect against security threats. Typical data includes device type, browser, IP address, logs, usage events, and error reports. The legal basis is our legitimate interest in ensuring the security, performance, and proper functioning of our services.

Aggregation, anonymization, and de-identification of data

We may aggregate, anonymize, or de-identify personal data so that it is no longer personally identifiable. We use such data for research, analytics, benchmarking, and service improvement. The legal basis is our legitimate interest in improving our offerings and protecting your privacy. Tenet maintains de-identified data in de-identified form and does not use or permit re-identification of individuals in those datasets.

Marketing and targeted advertising

With your consent where required, we may use your personal data and cookies or device identifiers to deliver personalized marketing messages and targeted advertising relevant to your interests, and to measure the effectiveness of marketing campaigns. Data may include contact info, engagement history, cookie/device IDs, browsing behavior on our Sites, and where applicable on third party platforms. The legal basis is your consent (where required) and/or our legitimate interest in promoting our services and understanding audience engagement.

Cookies and other tracking technologies

Tenet uses first- and third-party cookies and other tracking technologies (including web beacons and pixels) to operate our Site, understand how you use them, and to deliver relevant advertising. We may also collect data about whether you open or click links in our email or other communications. You can control or block cookies via your browser settings and our on-site preference tools.

Automated decision-making / profiling

Tenet does not use your personal data for automated decision-making, including profiling, which produces legal effects or similarly significantly affects you. Where profiling or automated decisions might be used in the future, we will notify you and provide you the opportunity to object or opt out in accordance with applicable law.

4. What we do not do when we collect and process your personal data

We do not acquire or use de-identified data with the intent of identifying or re-identifying individuals.

We maintain de-identified data in de-identified form, and do not permit re-identification of specific individuals or association of individuals with specific characteristics unless required by applicable law.

If we share de-identified datasets with third parties, we require those parties to keep the data de-identified and not attempt re-identification.

We do not sell your personal data (as defined under applicable state privacy laws).

We do not use automated decision-making that produces significant effects on you without appropriate human review.

5. Who has access to your personal data? Data recipients and international data transfers

Personal data collected by Tenet may be transferred and made available to Tenet corporate entities, service providers, and other third parties as needed to carry out the business purposes for which the data was collected, and to support our interactions with you.

Specifically, your personal data may be shared with:

Tenet subsidiaries, affiliates, and personnel across our organization

Tenet service providers (e.g., IT hosting, analytics, marketing platforms, CRM systems, event-management vendors)

Tenet legal and professional advisors

Law enforcement, regulators or government officials if required by law or lawful request

Third parties when necessary to protect the rights, property, or safety of Tenet, our clients, or others; in connection with investigation of suspected fraud, security incident, or misconduct; or to enforce our terms and policies

A successor or acquiring entity in connection with a merger, sale, assignment, reorganization or other business transfer

When transferring personal data outside the European Economic Area (EEA) or United Kingdom (UK), Tenet ensures appropriate safeguards are in place such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms under Articles 44-49 of the EU General Data Protection Regulation (GDPR).

6. Security

Tenet protects your personal data with technical and organizational measures appropriate to the risks associated with processing. We follow accepted industry standards to guard against accidental or unlawful loss, misuse, alteration or destruction of data. Only authorized personnel and service providers who have legitimate business needs may access data. They are required to treat it as confidential. However, no security system is completely fail-safe and we cannot guarantee that unauthorized access will never occur.

7. How long do we keep your personal data?

We retain your personal data only for as long as necessary to achieve the purposes described above, to satisfy our legal or regulatory obligations, or to support contract performance and business operations. When data is no longer required, we securely delete, anonymize, or destroy it in accordance with Tenet’s data-retention policies.

If you request deletion of your personal data, Tenet will comply with applicable law and make reasonable efforts to delete all copies of the data, subject to our right to retain a backup or limited residual copy where required by law or legitimate business interest. See Section 9 for further details.

8. (Children’s Data clause removed)

This section has been intentionally removed.

9. Your data protection rights and how you can exercise them

Under applicable law (including the EU General Data Protection Regulation (“GDPR”) for EEA/UK individuals), you may have the following rights regarding your personal data:

The right to request access to the personal data we hold about you, including how we use it, who has access to it, and the terms under which it may be shared.

The right to request a copy of your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller (data portability).

The right to request correction or update of your personal data if it is inaccurate or incomplete.

The right to request deletion of your personal data (“right to be forgotten”), subject to legal or contractual retention obligations.

The right to request restriction of processing or to object to certain types of processing, including direct marketing.

The right to withdraw your consent at any time if we rely on consent as a legal basis, without affecting the lawfulness of prior processing.

The right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects (see Section 3).

The right to lodge a complaint with your local data protection authority (for EEA/UK residents, details are available at https://edpb.europa.eu/about-edpb/about-edpb/members_en

).

Exercising your rights:

You can make a request by contacting us at:

Email: privacy@tenetconsulting.com

Mailing Address:

Tenet Consulting, LLC
401 N. Michigan Ave, Suite 1200
Chicago, IL 60611
United States

Once we receive your request, we will acknowledge receipt and inform you of next steps and timelines, as required by applicable law. We may require verification of your identity before acting on certain requests. If you use an authorized agent to act on your behalf, we may request proof of authorization.

10. Legal definitions and additional GDPR information

“Personal data” means any information relating to an identified or identifiable natural person (an “data subject”).

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means.

“Controller” means the entity which, alone or jointly with others, determines the purposes and means of processing personal data.

“Legitimate interest” means our interest in running and growing our business, providing consulting services, maintaining client relationships, and improving our tools and offerings, so long as those interests are balanced against your fundamental rights and freedoms.

Under the GDPR, we rely on the legal bases set out in Article 6(1) when processing your data. Where we transfer your data internationally (outside the EEA/UK), we rely on Articles 44-49 and adopt appropriate safeguards like SCCs.

Tenet Consulting, LLC
401 N. Michigan Ave, Suite 1200
Chicago, IL 60611
United States