Categories of personal data
Through the website the following categories of personal data (“Personal Data”) are collected and processed by the Data Controller.
- Browsing data: these data are necessary to use web-based services and are also processed in order to extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.), and check functioning of the services. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment;
- Data supplied by users: these data are provided by users sending messages, on the basis of the user’s free, voluntary, explicit choice, to the Data Controller contact addresses, or sending private messages to the Data Controller’s social media pages and profiles (where this option is available), and filling in and sending the forms made available on the Data Controller’s website. This data category may include both general data (e.g. name, surname, e-mail address, phone number, age, etc.) and special categories of personal data pursuant to Article 9 of the GDPR, in particular data concerning health. Specific information notices will be displayed on the pages of the websites that are used for providing certain services. The processing of Personal Data supplied by you through the on-line form in order to request information about the Elipse Balloon is regulated by a specific Data Protection Notice and requests your prior specific consent to different purposes of processing.
When sharing information or content through our Services, we invite you to think carefully about what you are deciding to make public. If you choose to invite your acquaintances to learn more about our Services, choose to do so under your sole responsibility, and warrant that you have received the necessary authorizations and approvals after having duly informed the person to whom the personal data belong. Users providing third-party personal data will be considered as the data controllers of their processing;
Purposes and Legal Basis for the processing
The Personal Data will be processed by Allurion for the following purposes:
- In order to provide the Services also in any reserved area of the website, according to Article 6, par. 1, lett. b), for purposes that are strictly connected with and/or necessary to the fulfilment of the requests submitted, from time to time, by the user through the website and/or by e-mail;
- On the basis of the prior explicit consent of the user collected according to Article 6, par. 1, lett. a), and Article 9, par. 2, lett. a), of the GDPR, in order to provide commercial information on, and promote, the services carried out by the Data Controller and/or by its associated companies;
- In order to comply with obligations required by law or applicable regulations, as well as by decisions and guidelines issued by the competent supervisory and control authorities/bodies.
Any further information about the processing of the Personal Data may be provided in specific sections of the website.
Communication and dissemination of data
We may share your information and Personal Data with the following subjects:
- Public bodies or private companies, which are authorized to receive them by any applicable law, in order to comply with the requirements of the law or any judicial decisions or in the event of a request for cooperation from a government agency;
- Entities which act as data processors in accordance with Article 28 of the GDPR with reference to the provision of the Services. The list of data processors is available upon written request to the Data Controller;
- Other Subjects in aggregate form. We may also share your information with third parties in aggregate or non-personally identifiable form.
Your Personal Data will be not disseminated or transferred to recipients located outside the European Union or to international organization. If such a transfer will be necessary for specific organizational and business needs of the Data Controller, it will be carried out exclusively towards (i) third countries or international organization that, according to Article 45 of the GDPR, on the basis of a European Commission’s decision, ensure an adequate level of protection, such as, for instance, the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield, or (ii) third countries or international organization providing appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available, according to Article 46 of the GDPR, such as the standard data protection clauses adopted by the Commission or by a supervisory national authority and approved by the Commission.
For any further information please contact the Data Controller at the following email address: email@example.com.
Modalities of the Personal Data processing and retention period.
The processing of your Personal Data will be performed according to the modalities and the guarantees set forth by the GDPR and any applicable privacy law, and it shall be carried out with automated and/or manual systems, suitable to ensure the security of the processing. The Personal Data will be processed by authorized personnel of the Data Controller, on the basis of its specific instructions, with guarantee of confidentiality.
The processing of your Personal Data will be carried out according to the principles of proportionality and necessity, so that no unnecessary personal data will be collected or processed. The processing of your Personal Data will be fair and transparent, and therefore it will always be given adequate communication to you on the processing activities carried out, and in compliance with the adequacy requirement of the security measures.
The Personal Data will be kept by Allurion for the period deemed strictly necessary to fulfil the relevant purposes in accordance with the minimization principle set forth by Article 5, par. 1, lett. c) of the GDPR, as well as with any applicable law.
Policy for the processing of personal data relating to minors
Our Services are not aimed at individuals under 18. If you are aware of the fact that a minor under 18 has given us your personal data, please contact us at firstname.lastname@example.org so that we will take the necessary measures to interrupt the processing of this information.
Amendments to this Policy
Exercise of users’ rights
Pursuant to Articles 15 to 22 of the GDPR, you have the right to obtain from Allurion, where appropriate, confirmation of the existence of your Personal Data and of their origin and treatment and of the purpose of the processing itself; access, erasure, transformation into anonymous form or blocking of Personal Data processed in violation of the law; updating, rectification or integration of Personal Data; to revoke the consent or object to the processing of your Personal Data at any time; the guarantee that the operations have been brought to the attention of those whose data have been communicated. Moreover, in case of violation in processing Personal Data, you have the right to lodge a complaint to the competent supervisory Authority.
Please contact Allurion via email at email@example.com to lodge all requests to exercise these rights and for any question regarding this Policy or about your privacy when using our Services.
Allurion Technologies, Inc. (“Allurion”) recognizes the importance of protecting the privacy of visitors to its website. With the exception of contact forms submitted with identifying information, Allurion does not collect any information that can identify you, such as your name, address, telephone number, e-mail address, and other similar personal information.
This site may collect some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using, the type of operating system you are using and the domain name and address of your Internet service provider. In particular, our web server may send to your computer a “cookie” when you access the website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies can tell us how and when pages in a website are visited and by how many people. This technology does not collect personal identifiable information. To learn more about your ability to manage cookies, please consult the privacy features in your browser. We may use the non-personal information described above on an aggregate basis, including for the purpose of analyzing and improving the website.
We may use additional technology to collect non-personal information on visitors to our website. Technology such as internet tags, single-pixel GIFs, clear GIFs, and invisible GIFs are a tiny graphic on a web page or in an e-mail message that is used to track pages viewed or messages opened. Web beacons tell the web site server information such as the IP address and browser type related to the visitor’s computer. This technology may be placed on online advertisements that bring people to our site and on different pages of our site.
This site is intended for adults and not for individuals under the age of 18. We do not knowingly collect information about children.