Allurion Technologies, Inc.
("us", "we", or "our") operates the Allurion
mobile application (hereinafter referred to as the "App").
This privacy policy (“Privacy Policy”)
describes how we collect, use, and share your Personal Data (defined below)
collected through the App. This Privacy
Policy does not, however, cover information collected through Allurion’s
website at https://allurion.com. For
further details on how we process your personal data in connection with our
website, please see our Website Privacy Policy available here: https://www.allurion.com/en/privacy-policy
The protection and security of
your personal data is important to us. Personal data means data about a living
individual (including 20 years following the individual’s death if the
individual is based in Canada) who can be identified from that data (or from
that data and other data either in our possession or likely to come into our
possession) (“Personal Data”).
The App has been developed and is
operated by Allurion Technologies, Inc. based at 11 Huron Drive, Natick, MA
01760 USA. Allurion Technologies, Inc., a Delaware corporation, is the
controller of your Personal Data collected via the App.
We will process your Personal
Data when you submit it in the following ways:
To the extent we collect Personal
Data from you, as described in this Privacy Policy, we use such information for
the purposes listed below; and where we are not otherwise required under
applicable law to seek your consent for such processing, we rely on the legal
bases listed below (in respect of individuals located in the European Economic
Area (EEA) and the United Kingdom). Note that, in certain circumstances
detailed below, we will process Personal Data on more than one legal basis
depending on the specific purpose for which we are using your Personal Data.
|
Purpose |
Legal
Basis |
|
To
provide and maintain the services that are provided through the App. |
Performance
of a contract |
|
To
notify you about changes to the App. |
Performance
of a contract or our legitimate interests |
|
To
allow you to participate in interactive features of the App, including
sharing your App data with your family and friends when you have chosen to do
so, and sharing App data with your selected Allurion clinic and healthcare
providers. |
Performance
of a contract; our legitimate interests; public interest in the area of
public health; or your consent |
|
To
coordinate the care provided to you by your selected Allurion clinic and
health care providers. |
Performance
of a contract; our legitimate interests; or your consent |
|
To
provide customer support when it is requested by you. |
Performance
of a contract or our legitimate interests |
|
To
gather analysis and/or valuable information (including by analyzing and
evaluating your usage of the App, the content of your messages/conversations
with App features and/or by asking you to participate in market research and
surveys) so that we can continue to develop, test, assess the quality of our
App features, train our artificial intelligence models, improve our products and
the App and to offer new and/or enhanced functionality and features. |
Our
legitimate interests or public interest in the area of public health; or your
consent |
|
To
better understand how you interact with the App, including its functionality
and features, as well as ensure the content is presented in the most
effective manner. |
Our
legitimate interests |
|
If
you qualify for discounts on further purchases of our products, we will
process your Personal Data to issue you with vouchers and/or discount codes. |
Performance
of a contract or our legitimate interests |
|
To
help search for Allurion clinics near to your location. |
Our
legitimate interests |
|
To
support the synchronization of the Bluetooth Allurion Scale and Allurion
Health Tracker device with the App. |
Performance
of a contract or our legitimate interests |
|
To
help us fix any issue with the App, including where we respond to your
questions or respond to your request for support, maintenance,
troubleshooting, or other performance issues. |
Performance
of a contract or our legitimate interests |
|
To
conduct data analysis, testing and research, including for statistical
purposes, and so that we can better understand the type of people who use our
App and products such that we can develop and expand our consumer market. |
Our
legitimate interests or public interest in the area of public health |
|
To
conduct scientific research relating to the App. |
Our
legitimate interests or public interest in the area of public health |
|
To
develop and implement security tools and mechanisms as part of our efforts to
keep the App safe and secure. |
Our
legitimate interests |
|
To
measure the effectiveness and distribution of our advertising campaigns. |
Our
legitimate interests |
|
To
detect, prevent and address technical issues. |
Performance
of a contract or our legitimate interests |
|
To
improve the quality of health information provided by us and our affiliates. |
Our
legitimate interests; public interest in the area of public health; or your
consent. |
|
To
improve and personalize the App experience and enable us and our affiliates
to make better decisions based on the information you provide to us. |
Our
legitimate interests; public interest in the area of public health; or your
consent. |
If you
decide to use Coach Iris, Coach Iris leverages third-party AI technology
provided by our service providers. This technology is trained to generate
intelligent and personalized responses in conversations with users. Coach Iris’
responses are based on information collected through the App. For example, if
you ask Coach Iris to provide support on your weight management, it will
provide personalized tips for managing your weight based on information you
provide in your conversations and through the App.
For Coach Iris to provide you with relevant responses, Allurion will
share your information with the AI service provider that powers Coach Iris.
They will only use your Personal Data to generate responses to your chats; they
will not use your data to train their AI models. Also, Allurion
shares your conversations with Coach Iris with your selected Allurion clinic
and/or healthcare provider(s). Allurion retains the history of your conversations with Coach Iris for
this reason, so you have access to previous conversations, and also so Coach
Iris can provide a better experience for you.
We keep your account information,
like your name, email address, and password, for as long as your account is in
existence because we need it to operate your account. We may also be required
to maintain your information to meet legal requirements. In some cases, when
you give us Personal Data for a feature of the App, we delete the Personal Data
after it is no longer needed for the feature and no longer required to be kept
by law. If you choose to connect to your selected clinic via the App’s Messages
feature, we will store your text messages between you and your clinic for two
years.
We keep other information, like
the Personal Data we obtain when you connect with your Bluetooth Allurion
Scale, until you use your account settings or tools to delete the data or your
account is no longer used, unless otherwise required or authorized by law. This
is because we use this data to provide you with your personal statistics and
other features of the App. We also keep information about you and your use of
the App for as long as necessary for our legitimate business interests, for
legal reasons, and to prevent harm, including as described in the “The Reasons
for Using Your Personal Data” and “How we Share your Personal Data” sections.
To determine the appropriate retention period for your Personal Data, we
consider the amount, nature, and sensitivity of the Personal Data, the
potential risk of harm from unauthorized use or disclosure of your Personal
Data, the purposes for which we process your Personal Data and whether we can
achieve those purposes through other means, and the applicable legal requirements.
Your information, including
Personal Data, may be transferred to — and maintained on — computers and
servers located in the United States or the EEA. Your information may also be
accessed by Allurion affiliates or service providers in other jurisdictions.
Where the storage or access location is outside of your state, province,
country or other governmental jurisdiction, the data protection laws may differ
from, and may not provide the same data protections as, those in your
jurisdiction.
In those instances, we will take
those steps reasonably necessary to ensure that your data is treated securely
and in accordance with this Privacy Policy and that no transfer of your
Personal Data will take place to an organization or a country unless there are
adequate controls in place for the security of your data and other personal
information.
For individuals based in
the United Kingdom or the EEA: If you are based in the United Kingdom or the EEA, please be aware
that when you use the App, your Personal Data will be stored by our Service
Providers (as defined below) in the EEA; however, your Personal Data may also
be accessed by Allurion Technologies, Inc. in the United States and other
Allurion entities or service providers located outside your jurisdiction. For
further details, please contact us using the details in the “Contact Us”
section below.
If we are involved in a merger,
acquisition, sale of company assets, financing, reorganization, bankruptcy,
receivership, or transition of service to another provider, your Personal Data
may be transferred, including as part of any due diligence process. We will
provide notice before your Personal Data is transferred and becomes subject to
a different privacy policy.
Affiliates of Allurion
Technologies, Inc., including in the US and EEA, may receive your Personal
Data.
Under certain circumstances, we
may be required to disclose your Personal Data if required or authorized to do
so by law or in response to valid requests by public authorities (e.g., a court
or a government agency).
We will share your Personal Data
if you select a clinic so that it may
provide its services to you and analyse your progress through the use of our
products.
We engage third party companies
and individuals to facilitate the App (“Service Providers”), provide the
services through the App on our behalf, perform App-related services, and/or
assist us in analysing how the App is used.
These Service Providers have
access to your Personal Data only to perform these tasks on our behalf and are
obligated to keep such Personal Data confidential and not to disclose or use it
for any other purpose.
Allurion Technologies, Inc. may
disclose your Personal Data in the good faith belief that such action is
necessary to:
We have implemented appropriate
administrative, technical and physical procedures and safeguards to protect the
confidentiality, integrity, and availability of your Personal Data, as well as
to ensure your Personal Data is processed securely and in accordance with this
Privacy Policy. Please note, however, that no storage or transmission of Personal Data can be
guaranteed as 100% secure. Consequently, while committing ourselves to protect
the information in our possession, we cannot guarantee or ensure the total
security of any information that you send us, including your health data.
You are responsible for
protecting against unauthorized access to the App. You should use strong
password security for both your Allurion account and for your mobile device, by
using a mix of letters, numbers and symbols and a different password than you
use for any other accounts that you may have. You must keep your passwords
confidential and not share them with anyone.
We are not responsible for any
lost, stolen or compromised passwords or for any access to your account from
unauthorized users where such access is caused by your action or inaction. If
you think your account has been compromised, please contact us as soon as
possible, using the contact details in the “Contact Us” section below.
If you need to update your
Personal Data, you can do so through the App. If you are unable to access that
information for any reason, you can notify us of any changes to (or errors in)
your Personal Data by contacting us at help@allurion.com.
Depending on where you are
located, you may have the right to: (a) access the Personal Data we hold about
you; (b) request we correct any inaccurate Personal Data we hold about you; (c)
request we delete any Personal Data we hold about you; (d) restrict the
processing of Personal Data we hold about you; (e) object to the processing of
Personal Data we hold about you; (f) not be subject to automated
decision-making; and/or (g) receive any Personal Data we hold about you in a
structured and commonly used machine readable format or have such Personal Data
transmitted to another company.
Please note that we may ask you
to verify your identity before responding to such requests.
Where you have been asked to
consent to the processing of your Personal Data, you can withdraw consent, such
as by contacting us using our contact details below. Any withdrawal of consent
will not affect the lawfulness of the processing based on your consent before
the withdrawal. Please also note that when you withdraw consent, we will only
stop processing your Personal Data that relates to the specific subject matter
of the withdrawal.
To exercise any of your rights in
connection with your Personal Data, please contact us using the contact
information in the “Contact Us” section below. Additionally, you may have the
right to complain to a Data Protection Authority in your country about our
collection and use of your Personal Data.
This Privacy Policy applies only
to the App. The App may contain links
to websites that are not operated or
controlled by us (“Third Party Sites”). If you click a third party link, you
will be directed to that Third Party Site. We strongly advise you to review the
privacy policy of every site you visit.
We have no control over and
assume no responsibility for the content, privacy policies or practices of any
Third Party Sites or the services offered by such sites.
Generally, our App does not
target or address anyone under the age of 18 (“Minors”).
We do not knowingly collect
Personal Data from Minors; however, if you are based in Chile, you may use our
App if you are aged 15 or over.
If you are a parent or guardian
and you are aware that a Minor has provided us with Personal Data, please
contact us using the details provided in the “Contact Us” section below. If we
become aware that we have collected Personal Data from a Minor without
verification of parental consent, we will take steps to remove that information
from our servers.
We may update our Privacy Policy
at any time. We will notify you of any changes by posting the new Privacy
Policy on this page.
We will let you know via email
and/or a prominent notice on our App prior to the change becoming effective and
update the “effective date” at the top of this Privacy Policy. You are advised
to review this Privacy Policy periodically for any changes. Changes to this
Privacy Policy are effective when they are posted on this page. Where required
by law, we will provide you the opportunity to read the revised policy so that
you may decide whether you wish to continue to use the App. Your continued use
of the App after the changes to this Privacy Policy will be deemed to be your
acceptance of those changes.
We have appointed Allurion France
S.a.s., with its address at 6 Boulevard Montmartre 75009 Paris, France as our
EU data protection representative that you may contact if you are based in the
EEA.
If you have any questions about
this Privacy Policy, please contact us:
To exercise any of your ARCO
rights in connection with your Personal Data, please contact us at:
help@allurion.com. When you choose to access, rectify, update, oppose, limit
the use or divulging, or cancel your Personal Data, your request must include,
at least, the following:
Unless you expressly indicate
that you want to receive a reply by different means, we will respond to your
request via the email address provided on your application within a maximum
period of twenty (20) business days from the date the request was received. If
we are required to do so, we will action your request within fifteen (15)
business days from the date we responded to your request. In the case of
requests for access to Personal Data, we will provide you with a copy of your
Personal Data, provided we have prior proof of your identity or that of
your legal representative, as applicable.
These deadlines may be extended
once (for an equal period), if justified by the circumstances. Provided that
the withdrawal of your consent does not result in us being unable to comply
with any obligations with regards our relationship with you, the consent
granted by you for the processing of your Personal Data may be revoked by
delivering a written notice or an email to us using the contact details listed
below. The withdrawal of consent will be effective from the date on which we
receive your request.
If you are based in Mexico, your
consent for the processing of your Personal Data according to the terms
provided herein will be deemed expressly granted when you acknowledge this
Privacy Policy. By your acceptance, you also consent to any transfer of Personal
Data that may be carried out by us pursuant to the terms of this Privacy
Policy. For the processing of your health data within the App, we require your
separate authorisation when you sign up to use the App.
You expressly agree that, for the
provision of the services once you create your App account, we may access,
process and transfer your data in accordance with this policy and Brazilian law
13.709/2018 (“LGPD”).
To exercise any of your LGPD
rights in connection with your Personal Data, please contact us at:
help@allurion.com. When you choose to access, rectify, update, oppose, limit
the use or divulgence of, or request the deletion of your Personal Data, your
request must include, at least, the following:
Unless you expressly indicate
that you want to receive a reply by different means, we will respond to your
request via the email address provided on your application within a maximum
period of fifteen (15) days from your request. In the case of requests for
access to Personal Data, we will provide you with a copy of your Personal Data,
provided we have prior proof of your identity or that of your legal
representative, as applicable.
These deadlines may be extended
once (for an equal period), if justified by the circumstances and legally
approved. Provided that the withdrawal of your consent does not result in us
being unable to comply with any obligations with regard to our relationship
with you, the consent granted by you for the processing of your Personal Data
may be revoked by delivering a written notice or an email to us, using the
contact details listed below. The withdrawal of consent will be effective from
the date that we receive your request.
If
you are based in Brazil, your consent for the processing of your Personal Data
according to the terms provided herein will be deemed expressly granted when
you acknowledge this Privacy Notice, including the processing of your sensitive
Personal Data. By your acceptance, you also consent to any transfer of Personal
Data that may be carried out by us pursuant to the terms of this Privacy
Notice.