Allurion Insights Privacy Notice

Effective date: 12 June 2021

Allurion Technologies, Inc., ("Allurion", "our", "we", "us") sets out in this privacy notice ("Privacy Notice") how it collects and handles your personal data in connection with your registration and use of the Allurion Insights platform ("Allurion Insights") in accordance with the General Data Protection Regulation 2016/679 ("GDPR"), the GDPR in such form as incorporated into the law of the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018, and other applicable national data protection laws, as amended from time to time.

Allurion Technologies Inc., with its registered office in 11 Huron Drive, Natick, Massachusetts, 01760, USA, email: help@allurion.com, will be the controller of your personal data. Allurion has appointed Allurion S.a.s., with its address at rue de Tehéran, 75008, Paris, France as its data protection representative.

Personal data we collect from you and why we use it

When you choose to create an account with Allurion Insights, we will collect personal data from you such as: username, password, first name, last name, email address and the clinic you are based.

When you connect with your patients through Allurion Insights we will have access to the contents of these communications. Also, if you choose to store your notes, in connection with consultations you conduct with your patients, within Allurion Insights we will have access to this information.

We are required to specify the legal basis under which we are allowed to process certain personal data we process. We will process your personal data for our legitimate interests. Your personal data will be processed by Allurion for the following purposes:

Disclosure and storage of your personal data

Allurion may disclose your personal data as follows:

Allurion is based in the United States, and therefore your personal data will be transferred outside the European Economic Area and the United Kingdom to the United States. The United States may not provide the same level of protection as the data protection laws in your jurisdiction. For transfers to Allurion, these will be governed the European Commission approved Standard Contractual Clauses. For transfers to third parties we will ensure appropriate safeguards are in place to safeguard such transfers, according to applicable data protection laws. For any further information please contact Allurion at: help@allurion.com

We keep your personal data for as long as your Allurion Insights account is in existence because we need it to operate your account. Personal data will be deleted when your account has expired, unless we are required to retain such personal data under applicable laws.

Your rights

You may have the right to: (a) access the personal data we hold about you; (b) request we correct any inaccurate personal data we hold about you; (c) request we delete any personal data we hold about you; (d) restrict the processing of personal data we hold about you; (e) object to the processing of personal data we hold about you; and/or (f) receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company.

To exercise any of your rights in connection with your personal data, please contact us at: help@allurion.com. Please note that we may ask you to verify your identity before responding to such requests. You have the right to complain to your local data protection authority in your country about our collection and use of your personal data.