Effective date: 1 February 2022
The App has been developed and is operated by Allurion Technologies, Inc based at 11 Huron Drive, Natick, MA 01760 USA. Allurion Technologies, Inc is the controller of your Personal Data via the App.
2. Personal Data Collection and Use
We will process your Personal Data when you submit it in the following ways:
- App Account Registration and Profile Details: when you create an App account, the following information will be stored: your name, gender, date of birth, height, date and location of balloon placement, clinic, language preference, phone number, email address, password, authentication details and other registration information including your password for the App account. The App allows you to monitor your weight, body fat %, body water %, bone mass, muscle mass, body mass index, basal metabolic rate and visceral fat by connecting with your Bluetooth Allurion Scale. By connecting with your Bluetooth Allurion Scale, the App will collect and store this Personal Data. The App may also collect and store additional health and fitness data (such as sleep data, exercise and heart rate) that you share from your mobile device, from Fitbit and/or from the Allurion Health Tracker device.
- Customer Services: if you contact us about the App or for any other reason relating to customer services, we will keep a record of that contact. You may provide us with Personal Data when sending us your request. We will hold your email address in order to consider your request and to respond to you.
- Usage Data: when you access the App with a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, videos and screenshots of your user sessions, unique device identifiers and other diagnostic data (“Usage Data”).
- Location Data: we use location data, such as your current location, to search for clinics near you and to assist with syncing the Bluetooth Allurion Scale and Allurion Health Tracker device with the App. If you have allowed us to collect it, the location data we use will be based on your device’s location.
- Messages and Video Consults: if you choose to do so, the App will connect you with your selected clinic either via the Messages feature or a Video Consult. If you choose to connect to your selected clinic via the App’s Messages feature, Allurion will have access to the contents of your text messages as well as any responses from your selected clinic. Please note, however, if you choose to connect to your clinic via the Video Consult feature, Allurion will not be able to access the online consultation.
3. The Reasons for Using Your Personal Data
|To provide and maintain the service which is provided through the App.||Performance of a contract|
|To notify you about changes to the App.||Performance of contract or our legitimate interests|
|To allow you to participate in interactive features of the App, including sharing your App data with your family, friends, your selected Allurion clinic, and health care providers when you have chosen to do so.||Performance of contract; our legitimate interests; public interest in the area of public health; or your consent|
|To coordinate the care provided to you by your selected Allurion clinic and health care providers when you have chosen to do so.||Performance of contract; our legitimate interests; or your consent|
|To provide customer support when it is requested by you.||Performance of contract or our legitimate interests|
|To gather analysis and/or valuable information (including by analyzing and evaluating your usage of the App and/or by asking you to participate in market research and surveys) so that we can continue to develop, test and improve our products and the App to offer new and/or enhanced functionality and features.||Our legitimate interests or public interest in the area of public health|
|To better understand how you interact with the App, including its functionality and features, as well as ensure the content is presented in the most effective manner.||Our legitimate interests|
|If you qualify for discounts on further purchases of our products, we will process your Personal Data to issue you with vouchers and/or discount codes.||Performance of contract or our legitimate interests|
|To help search for Allurion clinics near to your location.||Our legitimate interests|
|To support the synchronization of the Bluetooth Allurion Scale and Allurion Health Tracker device with the App.||Performance of contract or our legitimate interests|
|To help us fix any issue with the App, including where we respond to your questions or respond to your request for support, maintenance, troubleshooting, or other performance issues.||Performance of contract or our legitimate interests|
|To conduct data analysis, testing and research, including for statistical purposes, and so that we can better understand the type of people who use our App and products to develop and expand our consumer market.||Our legitimate interests or public interest in the area of public health|
|To conduct scientific research relating to the App.||Our legitimate interests or public interest in the area of public health|
|To develop and implement security tools and mechanisms as part of our efforts to keep the App safe and secure.||Our legitimate interests|
|To measure the effectiveness and distribution of our advertising campaigns.||Our legitimate interests|
|To detect, prevent and address technical issues.||Performance of contract or our legitimate interests|
4. Retention of Personal Data
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us Personal Data for a feature of the App, we delete the Personal Data after it is no longer needed for the feature. If you choose to connect to your selected clinic via the App’s Messages feature, we will store your text messages between you and your clinic for two years.
We keep other information, like the Personal Data we obtain when you connect with your Bluetooth Allurion Scale, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the App. We also keep information about you and your use of the App for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the “Reasons for Using Your Personal Data” and “How we Share your Personal Data” sections. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5. Storage of your Personal Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
For individuals based in the United Kingdom or the EEA: If you are based in the United Kingdom or the EEA please be aware that when you use the App, your Personal Data will be stored by our Service Providers (as defined below) in the EEA. However, your Personal Data may also be accessed by Allurion Technologies, Inc in the United States. For further details, please contact us using the details in the “Contact Us” section below.
6. How we Share your Personal Data
Affiliates of Allurion Technologies, Inc may receive your Personal Data.
Disclosure for Law Enforcement
Under certain circumstances, Allurion Technologies, Inc may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We will share your Personal Data with the Allurion clinic that you selected so that they may provide their services to you and analyse your progress through use of our products.
Disclosure for Service Providers
We may employ third party companies and individuals to facilitate the App (“Service Providers”), provide the services through the App on our behalf, perform App-related services or assist us in analyzing how the App is used.
These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated to keep such Personal Data confidential, not to disclose or use it for any other purpose.
Allurion Technologies, Inc may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation;
- To protect and defend the rights or property of Allurion Technologies, Inc;
- To prevent or investigate possible wrongdoing in connection with the Service;
- To protect the personal safety of users of the Service or the public; or
- To protect against legal liability.
7. Security of Personal Data
You are responsible for protecting against unauthorized access to the App. You should use strong password security, by using a mix of letters, numbers and symbols and a different password than you use for any other accounts that you may have. You must keep your account password confidential and not share it with anyone.
We are not responsible for any lost, stolen or compromised passwords or for any access to your account from unauthorized users where caused by you. If you think your account has been compromised, please contact us as soon as possible, using the contact details in the “Contact Us” section below.
8. Exercising Your Rights
If you need to update your Personal Data you can do this through the App. If you are unable to access that information for any reason, you can notify us of any changes to (or errors in) your Personal Data.
For individuals based in the EEA or the United Kingdom: If you are based in the EEA or the United Kingdom, you may have the right to: (a) access the Personal Data we hold about you; (b) request we correct any inaccurate Personal Data we hold about you; (c) request we delete any Personal Data we hold about you; (d) restrict the processing of Personal Data we hold about you; (e) object to the processing of Personal Data we hold about you; and/or (f) receive any Personal Data we hold about you in a structured and commonly used machine readable format or have such Personal Data transmitted to another company.
Please note that we may ask you to verify your identity before responding to such requests.
Where you have been asked to consent to the processing of your Personal Data, you can withdraw consent, such as by contacting us using our contacts details below. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that where you withdraw consent, we will only stop processing your Personal Data that relates to the withdrawal of consent.
To exercise any of your rights in connection with your Personal Data, please contact us using the contact information in the “Contact Us” section below. If you are located in the EEA, you have the right to complain to a Data Protection Authority in your country about our collection and use of your Personal Data.
9. Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
10. Children’s Privacy
Our Service does not address anyone under the age of 16 (“Children”).
We do not knowingly collect Personal Data from anyone under the age of 16. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
12. Contact Us
We have appointed Allurion S.a.s., with its address at rue de Tehéran, 75008, Paris, France as our EU data protection representative who you may contact if you are based in the EEA.
- By email: firstname.lastname@example.org
13. If you are accessing the App from Mexico
a) Your ARCO rights.
To exercise any of your ARCO rights in connection with your Personal Data, please contact us at: email@example.com. When you choose to access, rectify, update, oppose, limit the use or divulging, or cancel your personal data, your request must include, at least, the following:
- Your name, address and e-mail address or any other means by which you wish for us to send our response to your request;
- Documents evidencing your identity or your legal representative, as applicable;
- A clear and precise description of the Personal Data you are exercising your rights in relation to. In the event of a request for rectification, you shall state the required modifications and provide supporting documentation; and
- Any other supporting information that facilitates us locating your Personal Data.
Unless you expressly indicate that you want to receive a reply by different means, we will respond to your request via the email address provided on your application within a maximum period of twenty (20) business days from the date the request was received. If we are required to do so, we will action your request within fifteen (15) business days from the date we responded to your request. In the case of requests for access to Personal Data, we will provide you with a copy of your Personal Data, providing we have prior proof of your identity or that of your legal representative, as applicable.
These deadlines may be extended once (for an equal period), if justified by the circumstances. Provided that the withdrawal of your consent does not result in us being able to comply with any obligations with regards our relationship with you, the consent granted by you for the processing of your Personal Data may be revoked by delivering a written notice or an email to us, using the contact details listed below. The withdrawal of consent will be effective from the date which we receive your request.
b) Consent for processing and transferring personal data.