This Privacy Notice explains how ReShape Lifesciences Inc. (“ReShape”, “we”, “us”, “our”) collects, uses, and shares your personal information, and your choices in connection with this.
Applicability of Privacy Notice
With respect to ReShape clinical trials conducted in the European Union, additional disclosures are provided to participants during the clinical trial process.
ReShape may collect and store protected health information (as defined by the Health Insurance Portability and Accountability Act of 1996) on behalf of your healthcare provider as a business associate. As a business associate, ReShape cannot use or disclosure protected health information in a way that your healthcare provider itself may not. For information on how your healthcare provider collects, uses, and shares your protected health information, please refer to your healthcare provider’s notice of privacy practices.
Information We Collect
Through your use of our Websites, we collect personal information, which is information that identifies you as an individual or relates to you as an identifiable individual. We collect personal information directly from you and automatically as you use our Websites.
A. Information You Provide To Us
When you engage with certain features of our Websites, we will collect personal information from you. Except as otherwise indicated below, the personal information you provide is such that we need in order to provide the requested service. If you do not provide us with your personal information, we would not be able to do so. Specifically, we collect personal information from you when you:
Apply for employment If you apply for employment with ReShape, we will collect your name, email address, telephone number, employment history, educational history, and resume. We collect this personal information to manage and consider your application for employment. The legal basis for this processing performance of our contract with you or to take steps at your request before entering a contract.
Contact us. When you send us a question or inquiry, or ask for other support, you will need to provide us with your name, telephone number, and email address. We collect this personal information to fulfill your request for additional information or support from us. The legal basis for this processing is performance of our contract with you.
Register for an online seminar. To register for our online seminars, we will collect your name, email address, telephone number, and zip code. We collect this personal information to register you for and to provide the seminar. The legal basis for this processing is performance of our contract with you. With your consent, we may also use this personal information to send you communications we feel may be of interest to you. The legal basis for this processing is your consent and you can revoke your consent at any time by clicking the “unsubscribe” link in the footer of our emails.
Register for our healthcare professional portal. If you register for our healthcare professional portal, we will collect your name, organization name, zip code, email address, and telephone number. We collect this personal information to complete your registration and to provide you with access to webinars and training videos. The legal basis for this processing is performance of our contract at you.
Request a consultation. If you elect to request a consultation through our Websites, we will collect your name, email address, telephone number, and zip code. At your direction, we collect this personal information to facilitate your request for a consultation with a surgeon that offers our services. The legal basis for this processing is performance of our contract with you.
In our processing of your personal information, we may also use your personal information to defend our rights and the rights of others, to efficiently maintain our business, to improve our products and services, to comply with the law as, and for other limited circumstances as described in HOW WE SHARE YOUR INFORMATION.
B. Information Collected Automatically
In addition to the personal information you provide directly, we may also collect information from you automatically as you use the Websites. This information includes:
Usage Information. This includes which pages you visit, the frequency of access, how much time you spend on each page, what you click on while using the Websites, and referring website addresses.
Device Information. This includes certain information about your device that you use to access the Websites, such as browser type, browser language, hardware model, operating system, and your preferences.
Location Information. We may collect information about your location, which may be determined through your IP address or geolocation.
Essential Cookies. We use essential cookies to authenticate users, prevent fraudulent use of the Websites, and to allow the Websites and its features to function properly.
Functional Cookies. We use functional cookies to provide enhanced functionality and personalization, to remember your preferences, to diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
Advertising Cookies. Our advertising providers use advertising cookies to identify and store behaviors that users take when visiting our Websites. These cookies are used in order to: (i) identify you as a prospect for our Websites; (ii) deliver advertisements that are more relevant to you and your interests; (iii) limit the number of times you see an advertisement; and (iv) help measure the effectiveness of our advertising campaigns.
A list of all cookies we use, their purpose, and the information they collect as well as how to opt in / out of them can be found here.
Particular third-party cookies on our Website to note:
Facebook Pixel. We use Facebook Pixel to customize our advertising and to serve you ads on your social media based on your browsing behavior. This allows your behavior to be tracked after you have been redirected to our Websites by clicking on the Facebook ad. The Facebook Pixel stores a cookie on your device to enable us to measure the effectiveness of Facebook ads for statistical and market research purposes. We do not have access to the information collected through the Facebook Pixel. However, the information collected via the Facebook Pixel, on the Websites as well as other websites on which Facebook Pixel is installed, is also stored and processed by Facebook. Facebook may link this information to your Facebook account and also use it for its own promotional purposes in accordance with Facebook’s Data Usage Policy. The Facebook Pixel also allows Facebook and its partners to show you advertisements on and outside of Facebook. You can opt-out of displaying Facebook ads by visiting your Facebook Ad Settings, and you can clear and control the information third parties share with Facebook in your Off-Facebook Activity If you do not have a Facebook account, you can opt-out of Facebook ads through the Digital Advertising Alliance here. For European users, please visit the European Interactive Digital Advertising Alliance here.
Google Tag Manager. Google Tag Manager is a tag management system to manage tags used for tracking and analytics on Services. Tags are small code elements that, among other things, are used to manage traffic and visitor behavior and to test and optimize websites. We utilize Google Tag Manager to manage and organize all third-party tags on our Services and to control when those tags are triggered. You can view more information about Google Tag Manager’s privacy practices here.
How We Share Your Information
We share your personal information with our service providers and other third parties as described below:
With service providers. We share personal information with third-party service providers that perform functions on our behalf and help us to administer the Websites. The legal basis for this is our legitimate interest in providing the Websites more efficiently. We use the following service providers: IT support, data analytics, communications, website provider, and our patient engagement solution.
Within ReShape. We may share personal information within the ReShape corporate family, such as with subsidiaries, joint ventures, or affiliates, to the extent necessary in order to efficiently carry out our business and to the extent permitted by law. The legal basis for this is our legitimate interest in carrying out our business operations efficiently.
In the event of a corporate reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we would share personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We would share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. The legal basis for this is our legitimate interest in carrying out our business operations.
For legal purposes and to prevent harm. We will share personal information where we are legally required to do so, such as in response to court orders, law enforcement or legal processes; to establish, protect, or exercise our legal rights or contractual obligations; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law. The legal basis for this processing is compliance with a legal obligation applicable to us and our legitimate interest in compliance with laws applicable to ReShape, compliance with legal obligations, and our legitimate interest in the protection of the rights of others.
With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time.
Your Information Choices
Access or correct your personal information. You may access your ReShape account to access or correct certain information you have provided to us and which is associated with your account.
Cookies. All session cookies expire after you close your browser. Persistent cookies can be removed by following your browser’s directions. To find out how to see what cookies have been set on your device, and how to reject and delete the cookies, please visit: https://www.aboutcookies.org/. Please note that each browser is different. For information on reviewing or deleting cookies from specific browsers, click on the appropriate browser: Firefox, Firefox iOS, Firefox Android, Safari, Safari Mobile, Chrome, Internet Explorer, Microsoft Edge, Opera. To find information relating to other browsers, visit the browser developer’s website. If you reset your browser to refuse all cookies or to indicate when a cookie is being sent, some features of our Websites may not function properly. If you choose to opt-out, we will place an “opt-out cookie” on your computer. The “opt-out cookie” is browser and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for essential cookies. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return and update your preferences.
Marketing Communications. You can opt-out of receiving marketing communications from us by clicking the “unsubscribe” link provided in each communication. Please note we will continue to send you notifications necessary for the Websites or any assistance you request.
Rights of Individuals in the European Union
Individuals in the European Union (EU) are entitled certain rights under the General Data Protection Regulation (GDPR). If our processing of your personal information is subject to the GDPR, you are entitled to the following rights:
- Right to access. You have the right to ask us for copies of your personal information. This right has some exemptions, which means you may not always receive all the personal information we process.
- Right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
- Right to restrict processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances. See YOUR INFORMATION CHOICES for additional ways you can restrict processing of your personal information.
- Right to object to processing. You have the right to object at any time, for reasons arising from your particular situation, to processing of your personal information, which is carried out on the basis of our legitimate interests. See YOUR INFORMATION CHOICES for additional ways you can object to processing of your personal information.
Right to data portability. This only applies to personal information you have given us. You have the right to ask that we transfer the personal information you gave us from one organization to another, or give it to you.
- Right to lodge a complaint. A list of Supervisory Authorities is available here.
To exercise these rights, please contact us at email@example.com.
Rights of Individuals in Australia
Individuals in Australia are entitled to certain rights under the Privacy Act and Australian Privacy Principles. If our processing of your personal information is subject to the Privacy Act and Australian Privacy Principles, you are entitled to the following rights:
- Right to access. You can request access to your personal information, subject to certain exceptions. ReShape may charge reasonable costs for providing access to your personal information.
- Right to correction. If you believe that any personal information ReShape has collected about you is inaccurate, not up-to-date, incomplete, irrelevant or misleading, you may request correction.
- Right to lodge a complaint. You can make a complaint to ReShape about our handling of your personal information. To do so, please contact us at the contact information provided in this section setting out the details of the complaint. We will promptly investigate your compliant and respond to you in writing setting out the outcome of our investigation, what steps we propose to take to remedy the compliant, and any other action we will take to deal with your complaint. If you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner.
To exercise these rights, please contact us at firstname.lastname@example.org.
Rights of Individuals in Canada
If our processing of your personal information is subject to the Canadian law, you are entitled to the following rights:
- Right to access. You have the right to review your personal information in our possession, subject to certain exceptions.
- Right to correction. You can ask us to make corrections to the personal information in our possession that is not accurate.
- Right to file a complaint. You can express your concerns with ReShape at any time by email@example.com. If you are not satisfied with how we respond to your complaint, you can contact the Office of the Privacy Commissioner of Canada.
To exercise these rights, please contact us at firstname.lastname@example.org.
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of certain of your personal information. We do not currently sell any of your personal information under Nevada law, nor do we plan to do so in the future. If you have any questions regarding our data privacy practices, please contact email@example.com.
Cross Border Transfer
We process and store your personal information on servers or databases, and use third-party providers that process personal information in the United States. Therefore, your personal information will be transferred to this location. Please note that the laws in the United States may not be as protective as those in your location. For example, government entities in the United States may have certain rights to access your personal information.
How Long We Keep Your Personal Information
You can request deletion of your account by contacting us at firstname.lastname@example.org.
We will retain your personal information until the earlier of (i) the information is no longer necessary to accomplish the purpose for which it was provided; or (ii) we delete your information pursuant to your request. We retain your personal information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements. Even if you delete your account or personal information, please keep in mind that the deletion by our third-party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time.
Do Not Track
We do not support Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
The Websites are not intended for individuals under the age of eighteen (18). If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information. If you believe we have personal information on individuals under the age of eighteen (18), please contact us at the contact information provided below.
Security of Your Information
We implement and maintain reasonable security procedures and practices to protect the personal information we collect from unauthorized access, destruction, use, modification, or disclosure. These security practices include access controls, encryption, and monitoring software. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.
From time to time, we may amend this Privacy Notice. We will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our Privacy Notice to stay informed. If we make changes that materially affect your privacy rights, we will notify you via prominent posting on our Websites or via email.
If you have any questions about this Privacy Notice or our information practices, please contact us at email@example.com.