This Privacy Notice explains how ReShape Lifesciences Inc. (“ReShape”, “we”, “us”, “our”) collects, uses, and shares your personal information, and your choices in connection with this.
Applicability of Privacy Notice
With respect to ReShape clinical trials conducted in the European Union, additional disclosures are provided to participants during the clinical trial process.
ReShape may collect and store protected health information (as defined by the Health Insurance Portability and Accountability Act of 1996) on behalf of your healthcare provider as a business associate. As a business associate, ReShape cannot use or disclosure protected health information in a way that your healthcare provider itself may not. For information on how your healthcare provider collects, uses, and shares your protected health information, please refer to your healthcare provider’s notice of privacy practices.
Information We Collect
Through your use of our Websites, we collect personal information, which is information that identifies you as an individual or relates to you as an identifiable individual. We collect personal information directly from you and automatically as you use our Websites.
A. Information You Provide To Us
When you engage with certain features of our Websites, we will collect personal information from you. Except as otherwise indicated below, the personal information you provide is such that we need in order to provide the requested service. If you do not provide us with your personal information, we would not be able to do so. Specifically, we collect personal information from you when you:
- Apply for employment. If you apply for employment with ReShape, we will collect your name, email address, telephone number, employment history, educational history, and resume. We collect this personal information to manage and consider your application for employment. The legal basis for this processing performance of our contract with you or to take steps at your request before entering a contract.
- Contact us. When you send us a question or inquiry, or ask for other support, you will need to provide us with your name, telephone number, and email address. We collect this personal information to fulfill your request for additional information or support from us. The legal basis for this processing is performance of our contract with you.
- Register for an online seminar. To register for our online seminars, we will collect your name, email address, telephone number, and zip code. We collect this personal information to register you for and to provide the seminar. The legal basis for this processing is performance of our contract with you. With your consent, we may also use this personal information to send you communications we feel may be of interest to you. The legal basis for this processing is your consent and you can revoke your consent at any time by clicking the “unsubscribe” link in the footer of our emails.
- Register for our healthcare professional portal. If you register for our healthcare professional portal, we will collect your name, organization name, zip code, email address, and telephone number. We collect this personal information to complete your registration and to provide you with access to webinars and training videos. The legal basis for this processing is performance of our contract at you.
- Request a consultation. If you elect to request a consultation through our Websites, we will collect your name, email address, telephone number, and zip code. At your direction and with your permission, we may collect additional information to facilitate your request for a consultation with a surgeon that offers our services. Based on the nature on this information and the fact you are being connected to a medical professional, this information may be considered protected health information and subject to HIPAA. Please note, we are not privy to any of the information you provide during the medical consultation. The legal basis for this processing is performance of our contract with you.
In our processing of your personal information, we may also use your personal information to defend our rights and the rights of others, to efficiently maintain our business, to improve our products and services, to comply with the law as, and for other limited circumstances as described in HOW WE SHARE YOUR INFORMATION.
B. Information Collected Automatically
In addition to the personal information you provide directly, we may also collect information from you automatically as you use the Websites. This information includes:
- Usage Information. This includes which pages you visit, the frequency of access, how much time you spend on each page, what you click on while using the Websites, and referring website addresses.
- Device Information. This includes certain information about your device that you use to access the Websites, such as browser type, browser language, hardware model, operating system, and your preferences.
- Location Information. We may collect information about your location, which may be determined through your IP address or geolocation.
- Essential Cookies. We use essential cookies to authenticate users, prevent fraudulent use of the Websites, and to allow the Websites and its features to function properly.
- Functional Cookies. We use functional cookies to provide enhanced functionality and personalization, to remember your preferences, to diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
- Advertising Cookies. Our advertising providers use advertising cookies to identify and store behaviors that users take when visiting our Websites. These cookies are used in order to: (i) identify you as a prospect for our Websites; (ii) deliver advertisements that are more relevant to you and your interests; (iii) limit the number of times you see an advertisement; and (iv) help measure the effectiveness of our advertising campaigns.
A list of all cookies we use, their purpose, and the information they collect as well as how to opt in / out of them can be found here.
Particular third-party cookies on our Website to note:
- Facebook Pixel. We use Facebook Pixel to customize our advertising and to serve you ads on your social media based on your browsing behavior. This allows your behavior to be tracked after you have been redirected to our Websites by clicking on the Facebook ad. The Facebook Pixel stores a cookie on your device to enable us to measure the effectiveness of Facebook ads for statistical and market research purposes. We do not have access to the information collected through the Facebook Pixel. However, the information collected via the Facebook Pixel, on the Websites as well as other websites on which Facebook Pixel is installed, is also stored and processed by Facebook. Facebook may link this information to your Facebook account and also use it for its own promotional purposes in accordance with Facebook’s Data Usage Policy. The Facebook Pixel also allows Facebook and its partners to show you advertisements on and outside of Facebook. You can opt-out of displaying Facebook ads by visiting your Facebook Ad Settings, and you can clear and control the information third parties share with Facebook in your Off-Facebook Activity page. If you do not have a Facebook account, you can opt-out of Facebook ads through the Digital Advertising Alliance here. For European users, please visit the European Interactive Digital Advertising Alliance here.
- Google Tag Manager. Google Tag Manager is a tag management system to manage tags used for tracking and analytics on Services. Tags are small code elements that, among other things, are used to manage traffic and visitor behavior and to test and optimize websites. We utilize Google Tag Manager to manage and organize all third-party tags on our Services and to control when those tags are triggered. You can view more information about Google Tag Manager’s privacy practices here.
How We Share Your Information
We share your personal information with our service providers and other third parties as described below:
With service providers. We share personal information with third-party service providers that perform functions on our behalf and help us to administer the Websites. The legal basis for this is our legitimate interest in providing the Websites more efficiently. We use the following service providers: IT support, data analytics, communications, website provider, and our patient engagement solution.
Within ReShape. We may share personal information within the ReShape corporate family, such as with subsidiaries, joint ventures, or affiliates, to the extent necessary in order to efficiently carry out our business and to the extent permitted by law. The legal basis for this is our legitimate interest in carrying out our business operations efficiently.
With authorized healthcare providers. We may share personal information with third-party healthcare providers that are authorized Lap-Band practices where we are a listed and compliant business associate. We share this information in order to connect patients to qualified providers. As a business associate, ReShape cannot use or disclose protected health information in a manner different to that of your healthcare provider. For more information on how your healthcare provider collects, uses, and shares your protected health information, please refer to their privacy notice.
In the event of a corporate reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we would share personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We would share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. The legal basis for this is our legitimate interest in carrying out our business operations.
For legal purposes and to prevent harm. We will share personal information where we are legally required to do so, such as in response to court orders, law enforcement or legal processes; to establish, protect, or exercise our legal rights or contractual obligations; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law. The legal basis for this processing is compliance with a legal obligation applicable to us and our legitimate interest in compliance with laws applicable to ReShape, compliance with legal obligations, and our legitimate interest in the protection of the rights of others.
With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time.
Your Information Choices
Access or correct your personal information. You may access your ReShape account to access or correct certain information you have provided to us and which is associated with your account.
Cookies. All session cookies expire after you close your browser. Persistent cookies can be removed by following your browser’s directions. To find out how to see what cookies have been set on your device, and how to reject and delete the cookies, please visit: https://www.aboutcookies.org/. Please note that each browser is different. For information on reviewing or deleting cookies from specific browsers, click on the appropriate browser: Firefox, Firefox IOS, Firefox Android, Safari, Safari Mobile, Chrome, Internet Explorer, Microsoft Edge, Opera. To find information relating to other browsers, visit the browser developer’s website. If you reset your browser to refuse all cookies or to indicate when a cookie is being sent, some features of our Websites may not function properly. If you choose to opt-out, we will place an “opt-out cookie” on your computer. The “opt-out cookie” is browser and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for essential cookies. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return and update your preferences.
Marketing Communications. You can opt-out of receiving marketing emails from us by clicking the “unsubscribe” link on our emails. You can opt-out of SMS messages from us by replying “STOP” on our SMS message. Please note we will continue to send you notifications necessary for the Websites or any assistance you request.
Rights of Individuals in the European Union
Individuals in the European Union (EU) are entitled certain rights under the General Data Protection Regulation (GDPR). If our processing of your personal information is subject to the GDPR, you are entitled to the following rights:
- Right to access. You have the right to ask us for copies of your personal information. This right has some exemptions, which means you may not always receive all the personal information we process.
- Right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
- Right to restrict processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances. See YOUR INFORMATION CHOICES for additional ways you can restrict processing of your personal information.
- Right to object to processing. You have the right to object at any time, for reasons arising from your particular situation, to processing of your personal information, which is carried out on the basis of our legitimate interests. See YOUR INFORMATION CHOICES for additional ways you can object to processing of your personal information.
- Right to data portability. This only applies to personal information you have given us. You have the right to ask that we transfer the personal information you gave us from one organization to another, or give it to you.
- Right to lodge a complaint. A list of Supervisory Authorities is available here.
To exercise these rights, please contact us at email@example.com.
Rights of Individuals in Australia
Citizens of Australia are entitled to certain rights under the Australia Privacy Act 1988. If our processing of your personal information is subject to the Australia Privacy Act, you may be entitled to the following rights:
- Right to know: You have the right to know why your personal information is being collected, how it will be used, and who it has been disclosed to.
- Right of using a pseudonym: You have the right to have the option of not identifying yourself or using a pseudonym in certain circumstances.
- Right to access: You have the right to request access to your personal information.
- Right to stop unwanted direct marketing: You have the right to request we stop unwanted direct marketing to you.
- Right to correct: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to file a complaint: You have the right to file a complaint with us, if we do not respond to your complaint within 30 days, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC), here.
To exercise these rights, please contact us at firstname.lastname@example.org.
Rights of Individuals in Canada
Citizens of Canada are entitled to certain rights under PIPEDA. If our processing of your personal information is subject to PIPEDA, you may be entitled to the following rights:
- Right to lodge a complaint: You have the right to lodge a complaint directly to us regarding our alleged noncompliance with PIPEDA. We will review and respond to your complaint. PIPEDA-related complaints can be directed to [contact].
- Right to access: You have the right to ask us for copies of your personal information. This right has some exemptions, which means you may not always receive all the personal information we process. Applicable exemptions may include the management information exemption (data that we process for management forecasting or management planning about a business or other activity), confidential references (references given or received about an individual), or certain instances of ongoing or prior negotiations with the requestor, among others.
- Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure: You have the right to request erasure of your personal information that we are not obligated to keep in some cases (also known as the right to be forgotten). For example, you can request us to delete such personal data if: (i) we no longer need the data for the purpose it was collected for, (ii) we process the data based on your consent and you revoke your consent, (iii) you object to our processing based on legitimate interest (and we do not have an overriding legitimate interest), or (iv) you object to our processing the personal data for direct marketing purposes. We may not be able to immediately erase your personal information if we have a lawful reason or a legal or contractual obligation to retain the information or continue the processing.
- Right to restrict processing: If you believe that your personal data is inaccurate, that our processing is unlawful, or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing (per your right to object below), you may also request us to restrict processing of that personal data while we make our assessment.
- Right to object to processing: You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) UK GDPR), by referencing your personal circumstances. You also have the right to object to our use of your personal data for direct marketing purposes. When you object to our use of your data for direct marketing purposes (i.e. let us know that you no longer wish to receive direct marketing from us), we will stop sending you direct marketing correspondence.
- Right to data portability: This right only applies to personal information you have given us. You have the right to ask that we transfer the personal information you gave us from one organization to another or give it to you.
- Automated Processing: You have the right to not be subjected to solely automated processing of your data in a way which will have a material impact on you.
- Rights under Quebec 64: If you are a resident of Quebec, you have some additional rights as described below:
- Decisions based on automated processing. If we use your personal information to render decisions based exclusively on automated processing, you have the right to be informed of this at or before the time of the decision.
- De-indexation and cessation of dissemination. Under certain circumstances, you have the right to request we cease disseminating personal information or de-index any hyperlink that provides access to this information by a technological means. You have this right when dissemination would violate the law, violate a court order, or cause serious injury to your privacy or reputation.
- Right to request source of information. Where we collect your personal information from another person or entity (i.e. not you), you may request us to inform you of the source of the data.
To exercise these rights, please contact us at email@example.com.
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of certain of your personal information. We do not currently sell any of your personal information under Nevada law, nor do we plan to do so in the future. If you have any questions regarding our data privacy practices, please contact firstname.lastname@example.org.
Cross Border Transfer
We process and store your personal information on servers or databases, and use third-party providers that process personal information in the United States. Therefore, your personal information will be transferred to this location. Please note that the laws in the United States may not be as protective as those in your location. For example, government entities in the United States may have certain rights to access your personal information.
How Long We Keep Your Personal Information
You can request deletion of your account by contacting us at email@example.com.
We will retain your personal information until the earlier of (i) the information is no longer necessary to accomplish the purpose for which it was provided; or (ii) we delete your information pursuant to your request. We retain your personal information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements. Even if you delete your account or personal information, please keep in mind that the deletion by our third-party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time.
Do Not Track
We do not support Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
The Websites are not intended for individuals under the age of eighteen (18). If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information. If you believe we have personal information on individuals under the age of eighteen (18), please contact us at the contact information provided below.
Security of Your Information
We implement and maintain reasonable security procedures and practices to protect the personal information we collect from unauthorized access, destruction, use, modification, or disclosure. These security practices include access controls, encryption, and monitoring software. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.
From time to time, we may amend this Privacy Notice. We will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our Privacy Notice to stay informed. If we make changes that materially affect your privacy rights, we will notify you via prominent posting on our Websites or via email.
If you have any questions about this Privacy Notice or our information practices, please contact us at firstname.lastname@example.org.