Privacy Policy

Effective date: 6 February 2024 

This privacy policy (“Privacy Policy”) describes how and when Allurion France S.A.S. (“Allurion”, “we”, “us” and/or “our”) collects, uses and shares your personal data when you use the website https://allurion.com and/or communicate with Allurion through another contact channel (collectively, the “Services”). Please note, however, that this Privacy Policy does not cover how we process your personal data collected via the Allurion mobile application (the “App”). For further details on how we process your personal data in connection with the App, please see our App Privacy Policy available in the App. 

 Allurion France S.A.S., with its registered office at 6 Boulevard Montmartre 75009 Paris, France, will be the controller of your personal data, and collects such data through your interactions with our Services. When you use our Services, you agree to the collection, transfer, retention, organization, consultation, processing, modification, selection, recovery, comparison, use, interconnection, blocking, communication, dissemination, deletion and other uses of your information as described in this Privacy Policy – therefore, we recommend that you read it carefully. 

References in this Privacy Policy to the Allurion Programme, Allurion balloon and Allurion App include, and this Privacy Policy applies to, the Elipse® Programme, the Elipse® balloon and the Elipse® App, respectively, in applicable markets.   

 

Your Data

PERSONAL DATA WE COLLECT

When you interact with our Services, we may collect personal data when you submit it to us in the following ways: 

- Allurion Programme:  If you wish to learn more about the Allurion Programme, you will be asked to provide your information on our website such as your name, telephone number, email, gender, age, height and weight, post code or zip code, preferred contact method and your preferences in how you wish to proceed with the Allurion Programme. Your information may be shared with our customer care managers, who will arrange for an Allurion Advisor to contact you to ask you more questions and potentially arrange an appointment with your selected participating clinic.  Please note that if there are no customer care managers in your region, we will share your information directly with a participating clinic, and such clinic will contact you. You can also submit your details using our Body Mass Index (BMI) calculator on the website to find out whether your BMI is below or above 27 and determine whether the Allurion Programme might be suitable for you. Furthermore, we will ask you to confirm if you are either currently pregnant or breastfeeding and/or if you have ever received esophageal or abdominal surgery (including bariatric surgery); this is vital for us to determine whether or not you can participate in the Allurion Programme.  
 

- Allurion Clinic: To assist you with selecting your participating clinic, you will be asked to provide your zip code or post code. Also, if your enquiry with us turns into an appointment or a placement, your selected participating clinic may share your name and email address with us so we are able to determine how many appointments lead to placements of our Allurion balloon.  Clinics are operated by independent third parties that are responsible for medical and health care decisions, including the suitability of the Allurion balloon and Programme, for patients.   
 

- Call with an Allurion Advisor: If you are contacted by an Allurion Advisor, the details of your call may be recorded for training and monitoring purposes. 
 

- Your questions: If you are a prospective or existing Allurion patient, a healthcare professional, or other person who wishes to contact us with an enquiry in connection with the Allurion Programme or another question or concern, you will be asked to provide your name, email address, telephone number, location and the details of your enquiry. You can also use our live agent, SMS and chatbot features or our WhatsApp click feature on our website to ask for more information. If you use these chat features, you will be asked to provide your name, telephone number, email address, location and your preferences on how you wish to be contacted to arrange a call back from an Allurion Advisor. Our chat features can be used to assist you with determining your eligibility to join the Allurion Programme. If you choose to use these chat features to determine your eligibility, in addition to collecting your name and contact information, you will be asked to provide your postal code, age, date of birth, height, weight, pregnancy status, whether your are breastfeeding, and whether or not you have had esophageal or abdominal surgery (including bariatric surgery). By using our chat features, you can also book an appointment with an Allurion Advisor or a participating clinic.  

- Customer engagement: If you are a health care professional and wish to offer Allurion’s Programme at your practice, we may collect certain personal data from you, or your representatives, such as name, contact details, business address and country. 
 

- Webinars: When you register for a webinar on our website, you will be asked to provide your name and email address. 
 

- Information we automatically collect: We collect personal data about you automatically when you use our Services. This information does not directly identify you (like your name or contact information), but may include the following information:  

    • “Device data” such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, device type (e.g., phone or tablet), IP address, and unique identifiers; and  
    • “Online activity data”, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before coming to our website, information about your activity on a page or screen, access times, and duration of access.  

Like many businesses, we collect this information through cookies and similar tracking technologies. Allurion may use this information to understand the manner in which pages of the website have been visited in order to monitor and improve the website. Allurion may also use this information to deliver targeted messages to you. For further details, please read our Cookie Policy.

 When sharing information or content through our Services, we invite you to think carefully about what you are deciding to make public. 

 If you choose to invite your acquaintances to learn more about our Services, you choose to do so under your sole responsibility, and warrant that you have received the necessary authorizations and approvals after having duly informed the person to whom the personal data belong. 

OUR USE OF YOUR PERSONAL DATA AND OTHER INFORMATION

When you use our Services, you may choose to provide your health-related information in order for us to determine your eligibility to join the Allurion Programme or to respond to a question and/or concern that you have raised with us. This health-related information may include details regarding your BMI, weight, pregnancy/breastfeeding status, and certain surgeries. 

We will ask you for your explicit consent to the processing of your health-related information as described in this Privacy Policy, which you can withdraw at any time by contacting us at: privacy@allurion.com 

We use the personal data we collect or receive via our Services for the following purposes:  

- To operate and administer our Services.  

We will use your personal data to perform our contractual obligations under our Terms of Use and when it is in our legitimate interests, such as:  

  • Processing any request or enquiry you make in connection with our Services, including the Allurion Programme; 
  • Contacting you via email, telephone, SMS or WhatsApp to ask questions concerning your eligibility to join the Allurion Programme and, if the criteria is met, arrange an appointment with a clinic; and 
  • Managing our relationship with you, which includes sending administrative information to you in relation to our Services and changes to our terms, conditions, and policies, and the Services generally.  

Where required by applicable laws, when we process your sensitive data (such as health data), we will ask for your explicit consent.  
 

- To improve, monitor, personalise, and protect our Services. 

It is in our legitimate business interests to improve and keep our Services safe, which includes: 

  • Analysing and understanding how you visit our website, how you interact with us and to enrich your user experience and customize your relationship with us;  
  • Conducting data analysis, testing and research, including for statistical purposes;  
  • Conducting scientific research relating to the Allurion Programme;  
  • Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems; and 
  • Preventing and detecting security threats, fraud or other criminal or malicious activities. 

When we process your sensitive data (such as health data), we will be processing your personal data for the purposes of carrying out scientific research.  

- For marketing and advertising purposes 

We may use your personal data for marketing and advertising purposes, such as:  

  • Enabling you to register for webinars on our website;  
  • Sending you information about healthcare professional organised events; and 
  • Sending you communications about our products and services that may be of interest to you, as described in the “MARKETING” section below.   

Where required under applicable laws, we will rely on your consent to send you marketing communications.  
 

- To enforce our agreements, to comply with legal obligations and to defend against legal claims or disputes 

We may use your personal data to comply with our legal obligations or when it is in our legitimate business interests, which includes:  

  • Complying with our legal and regulatory obligations and requests, including reporting to and/or being audited or investigated by national and international regulatory bodies; and 
  • Complying with court orders and to exercise and/or defend our legal rights. 

- To facilitate corporate acquisitions, mergers or transactions 

We may use your personal data, when it is in our legitimate business interests, when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding. 

If Allurion intends on using any personal data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the personal data is collected. 

MARKETING

We may contact you to provide you with information about products and services similar to those that were the subject of a previous sale or negotiation of a sale to you. You may be contacted by us or one of our selected partners.  

You may opt out of receiving our marketing communications by following the opt-out instructions in each marketing communication or at any time by contacting us at: privacy@allurion.com. 

We will continue to contact you for non-marketing related purposes where we need to issue a field corrective or safety notice, or to where we need to send certain information to you under a legal, regulatory, or ethical requirement. 

Please refer to our Cookie Policy for more information on how we use technologies for advertising and marketing purposes as well as information about the third-party cookies we use. 

OUR DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data with the following: 

 

  1. Subjects predetermined by law or when necessary to protect our Services. There may be cases of communication of your information to other parties in order to: 

 

  • protect the rights of Allurion and its affiliates, as well as users of its Services; 
  • protect the security of users of the Services; 
  • prevent fraud or for risk management purposes; or 
  • comply with the requirements of law or judicial proceedings or in the event of a request for cooperation from a government agency, whether or not required by law. 

 

  1. Our Service Providers. We engage third-party service providers to process personal data for any of the purposes listed in this Privacy Policy on our behalf and in accordance with our instructions, such as IT support, hosting, analytics, customer care management, legal services, marketing campaigns, and auditing. 
     
  2. Allurion clinics. We will share your personal data when you have selected a clinic and/or for the purposes of assessing your eligibility in joining the Allurion Programme. 
     
  3. Affiliates of Allurion. 
     
  4. Other Subjects in aggregate form. We may also share your information with third parties in aggregate or non-personally identifiable form. 
     
  5. Prospective sellers or buyers of any business, stock, or assets to which we might assign or novate any of our rights and obligations; in such case, we may disclose your personal data to the prospective seller or buyer of such business, stock, or assets. 

 

SECURITY MEASURES

We make use of physical, technical and administrative measures to safeguard the information in our possession against loss, theft and unauthorized use, communication or modification of personal data. Please pay attention to the fact that, in any case, no transmission or storage of personal data can be guaranteed as 100% secure. Consequently, while committing ourselves to protect the information in our possession, we cannot guarantee or ensure the total security of any information that you send us, including your health data. 

POLICY FOR THE PROCESSING OF PERSONAL DATA RELATING TO MINORS

Our Services are not aimed at individuals under 18. If you are aware of the fact that a minor under 18 has given us your personal data, please contact us at privacy@allurion.com. 

We do not intentionally collect personal information from children under 18. If we are aware of the fact that a minor under 18 has given us his/her personal data, we will take the necessary measures to remove such information.  

DIRECT MARKETING AND NON-TRACEABILITY SIGNALS 

Allurion does not share your personal data with third parties for direct marketing purposes. Some browsers may transmit the "non-traceability" signal to the websites with which the user communicates. We do not take initiatives to deal with these signals. If industry standards were established and accepted in response to these signals, we could re-evaluate how to respond to these signals. 

AMENDMENTS TO THIS PRIVACY POLICY

We may revise this Privacy Policy at any time. The most recent version of the Privacy Policy will govern Allurion's use of your personal data and will be available on the website: https://allurion.com. We may make changes to this Privacy Policy in our sole discretion. By continuing to access or use our Services after any changes have become effective, you accept the terms of the Privacy Policy as revised. 

DATA RETENTION

We keep personal data for as long as is reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law, whichever is longer. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

INTERNATIONAL DATA TRANSFERS

When you use the Services, you provide your personal data directly to us. We may transfer your personal data to our affiliates and service providers in the U.S. and other jurisdictions that may not provide the same protections as the data protection laws in your home country. In these instances, we will ensure that relevant safeguards are in place to afford adequate protection for your personal data, including by implementing approved contractual protections (for example, European Commission approved standard contractual clauses) for the transfer of your personal data. For more information about how we transfer personal data internationally, please contact us as set out in the “CONTACT US” section below. 

LINKS TO OTHER WEBSITES

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Allurion or our affiliates (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that Allurion endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies. 

OTHER TERMS AND CONDITIONS

Your access to and use of the website is subject to the  Terms of Use. 

EXERCISE OF USERS’ RIGHTS

You have and may exercise certain rights with respect to the data you provide us, as follows: 

 

Opt out of marketing communications. You may opt out of marketing-related communications by following the Opt-out or Unsubscribe instructions contained in the marketing communication we send you, or by contacting us as provided in the “CONTACT US” section below. You may continue to receive Service-related communications and other non-marketing emails. 

Opt out of online tracking. You can opt out of third-party cookies as described in our Cookie Policy.   

Personal data requests. We also offer you choices that affect how we handle your personal data. Depending on your location and the nature of your interactions with our Services, you may request the following in relation to your personal data:  

- Information about how we have collected and used personal data. We have made this information available without you having to request it by including it in this Privacy Policy. 

- Access to a copy of the personal data that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format. 

- Correction of personal data that is inaccurate or out of date. 

- Deletion of personal data that we no longer need to provide the Services or for other lawful purposes.  

- Additional rights, such as to object to and request that we restrict our use of your personal data. 

Please note that we may ask you to verify your identity before responding to such requests. 

Where you have been asked to consent to the processing of your personal data, you can withdraw consent by contacting us using our contact details below. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that where you withdraw consent, we will only stop processing your personal data that relates to the specific subject matter of the withdrawal. 

To exercise any of your rights in connection with your personal data, please contact us using the contact information in the “CONTACT US” section below. Based on where you are located, you may have the right to complain to a Data Protection Authority in your country about our collection and use of your personal data. 

CONTACT US

if you have any questions regarding this Privacy Policy or about your privacy when using our Services, please contact us at privacy@allurion.com