Effective Date: March 17, 2020
At Looker, we believe people are at the core of everything we do. Our commitment to being an ethical and trusted steward of the data entrusted to us is core to who we are.
- Frank Bein
CEO @ Looker
Privacy Shield Principles
Data Integrity and Purpose Limitation
These are the ways we collect, use, and store Personal Information.
The Looker Platform
Collection and Use
The Looker Platform analyzes data in your databases on the basis of legitimate interest to fulfill our contractual commitments to you our customer. The Looker Platform acts as a Data Processor to you, our customer, as the Data Controller over your data.
The Looker Platform holds two types of Personal Information:
1. Information about Looker users.
Information about Looker users includes:
- End-user login/registration information (business email and password) for Looker users or External Business Users (PBL Users) as well as metadata about Looker usage.
- Login information is controlled by customers directly as it is entered on their Looker instance and they can delete their users' (i.e. their employees') or PBL users' information at any time.
- Job role information which may also be shared and used with Looker Certification and Learning Program.
- Metadata is used to facilitate product improvements, customer support and license auditing.
- We retain basic user contact information to send product updates, relevant marketing, training and events based on the users' communication preferences.
2. Customer data necessary to answer users' queries.
Once the Looker Platform is connected to a customer database, the Looker cache retains data from the customer's database that is fetched in response to its Users' queries.
Customer data is encrypted and stored by Looker for a maximum of 30 days or 2GB of data—whichever occurs first. You can also take additional steps to reduce the amount of time that query results are held in cache.
When you create an account or or your organization's administrator, creates an account to use the Platform on your behalf, additional information about your use of the Platform is collected:
- Unique identifier(s) allow us to monitor user experience.
- Device information may include the hardware model, operating system and version, unique device identifiers, network information, IP address, and/or Platform version.
- Information about all of your interactions with the Platform and training content ("Usage Data") and how the Platform is performing ("Analytics Data").
- License credentials to ensure that usage is in compliance with the customer's licensing terms. This information includes metadata about users, roles, database connections, server settings, features used, API usage, and Platform version. Information contained in your organization's Looker database used with the Platform, to which we have access when we automatically back it up and encrypt it for you.
- If a Looker customer uses the Platform to analyze personal information in their databases, Looker will process the categories of personal information analyzed (e.g. via looks, query strings, embedded messages), which may include special categories of data as determined by the customer, including without limitation factors specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity. Looker users should avoid using special or sensitive data categories, PHI, or other protected consumer information as part query strings, looks, embedded messages or similar.
Retention and Deletion
Looker customers create and remain in control of your data and data about your users and user activities and reports. When you remove users from your Looker-connected database instance, their data will be removed from Looker's databases within 30 days and within 30 days they will no longer remain in Looker's cache.
If you are a Looker user and wish to delete a Looker user's account data, please contact your Looker Administrator or internal compliance decision-maker for assistance. At the request of our customers, we have a process to permanently anonymize the data by data engineering. Looker Administrators may either self-serve or Contact Us to request assistance.
The Looker Platform uses a read-only connection for its Users to access the minimum amount of data needed to answer questions and only returns the relevant result set. Alternatively, customers can choose to give Looker write-access to their database to take advantage of PDTs (persistent derived tables). This feature lets you define summary tables that Looker will write on your behalf into your database, at a cadence of your choosing.
Additional Use and Retention
Looker has a legitimate interest to further process your Personal Information collected by the Platform as follows, depending upon the nature of your Looker deployment:
- To administer your Platform user accounts.
- To enable your access and use of the Platform, and to enable you to communicate, collaborate, and share information with those you designate.
- To enable Looker to verify the license(s) you've contracted with us to use the Platform.
- To provide product enablement and licensing, customer service and support.
- To enable your access and use of Platform Integration and Application services.
- To monitor your user experience on the Platform.
- To enable Looker to proactively help customers maintain the performance and functionality of deployments of the Platform.
- To validate certification and training information. This information is aggregated and anonymized and not used to create a profile about users.
Embedded "Powered by Looker"
Powered by Looker (PBL) is a version of the Looker Platform that is extended and customized, under contract, into third party workflows or applications, either within or external to the customer's organization. This allows customers to whitelabel the Looker BI application, embed analytics into SaaS applications, and build custom applications, integrations or data visualizations.
The Looker Marketplace is a central location within the Looker Platform for finding, deploying, and managing Looker Blocks, applications, visualizations, and plug-ins. We inform you when a tool is developed by Looker or by third-party developer. Before you download or purchase content from the Marketplace, be sure that you have evaluated the third party developer and tool. Looker shares with the developer aggregated, non-identifying and non-profiling, statistical information regarding the performance of their tool in the marketplace, such as upload and deletion counts. These third party developers are not subprocessors to Looker.
In order to set up and use the device provisioning, account authentication, and deployment features of Looker’s mobile application, and improve your experience, Looker collects usage information as described above for the Looker Platform and also certain unique identifiers from the User’s device and account information. These unique identifiers include the hardware identifier for the device, operating system information, and country location based on your IP address. Additionally, we may request that you provide access to your camera to scan a QR Code.
The Looker Site
When you use the Site, use our Platform, or communicate with us (e.g. via email) you will provide, and Looker will collect certain information, some of which can be used to personally identify and/or locate you ("Personal Information").
When you use the Site, create an account to use the Site (e.g. to access training content, register for an exam, or participate in the Looker Community), engage with our services, or otherwise communicate with us (e.g. via email or chat), Personal Information will be collected and may include:
- Business name and address
- Business telephone number
- Email address
- IP-address and other online identifiers
- Location Data
- Any customer testimonial you have given us consent to share.
- Information you provide to the Site's Interactive Areas, such as fillable forms or text boxes, training, webinars or event registration.
- Information about the device you are using, comprising the hardware model, operating system and version, unique device identifiers, network information, IP address, and/or Platform information when interacting with the Site.
- If you interact with the Looker Community or training, or registered for an exam or event, we may collect biographical information and the content that you share.
- Exam Information for individuals who participate in Looker's Certified Program.
- Information about all of your interactions with the Site ("Usage Data") and how the Site is performing ("Analytics Data").
Looker also may collect information that does not identify or locate you personally, meaning company information such as SIC code, industry, number of employees, or sales funnel status. Looker reserves the right to maintain, disclose, or otherwise use such information without limitation including aggregated with other information to improve the Looker Site, Platform and services.
Use and Retention
Looker may use the Personal Information collected by the Site to provide you with services, to accomplish our business purposes and to fulfill other legal obligations, including:
- To provide you services that you request, such as when we:
- Respond to your requests for information about our products, services, training and events;
- To enable your access and use of the Site, and to enable you to communicate, collaborate, and share information with those you designate;
- To send you technical notices, updates, security alerts, and support and administrative messages;
- For our business purposes we have a legitimate interest, when we:
- Operate the Site;
- Administer your account if you have registered on the Site, including billing and payment;
- send marketing, advertising, training, certification or event materials to which you've agreed, requested or subscribed or to otherwise inform you about our products and services;
- Apply information security policies and controls on the Site, including overall Site integrity, identity management and account authentication;
- For research and development to improve the Looker product, Site and services;
- Perform other general business management and operations purposes, such as to provide, operate, maintain, make modifications to protect and improve the Site.
- To fulfill legal obligations, including:
- legal compliance, such as to enforce our legal rights, to comply in good faith with applicable laws, and to protect users of the Site or Platform.
- For other purposes about which we notify you and, where relevant or required, give you choice about the new purpose.
This information is retained in accordance with Looker's retention policy.
If you participate in the Looker's Community, we process information about you in order to provide you with this service. Log into your account to access your information and manage your account: https://community.looker.com/
Contact email@example.com for program related questions.
Looker's Training Program
If you participate in the Looker Learn, we process information about you in order to provide you with this service. Log into your account to access your information and manage your account: https://learn.looker.com/login
Contact firstname.lastname@example.org for program related questions.
Looker's Certification Program
If you participate in the Looker's Certification Program, we process information about you in order to support Looker's customers and partners and to provide you with this service. Log into your account to access your information and manage your account: https://www.webassessor.com/looker
Contact email@example.com for program related questions.
Looker Hosted Events
If you participate in a Looker Event, and direct us to share your information, we may share information about you with event sponsors and partners so that they may contact you about their products. Please review the event page where you registered for a listing of sponsors. Contact Us if you would like to change your sharing instructions with these sponsors. Looker also shares information about event participants with resellers and other partners that may communicate with you on our behalf.
Job Candidate Applications
Collection, Use, and Retention
If you apply for a job at Looker, we collect and use your personal information for legitimate human resources and business management reasons including:
- identifying and evaluating candidates for potential employment, as well as for future roles that may become available;
- recordkeeping in relation to recruiting and hiring;
- ensuring compliance with legal requirements, including diversity and inclusion requirements and practices;
- conducting criminal history checks as permitted by applicable law;
- protecting our legal rights to the extent authorized or permitted by law; or
- emergency situations where the health or safety of one or more individuals may be endangered.
We retain this information in accordance with our retention policy.
Your personal information may be accessed by recruiters and interviewers working in the country where the position for which you are applying is based, as well as by recruiters and interviewers working in different countries.
We use third party service providers to provide a recruiting software system. We also share your personal data with other third party service providers that may assist us in recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruiting practices.
Choice, Control and Access
How to exercise your rights to access and control your Personal Information.
Email Communications Preferences
Looker respects your email communications and marketing preferences. If you prefer not to receive product release notes communications or promotional email messages (such as product updates, security alerts, marketing, events, training and certifications) from Looker, you can unsubscribe from Looker's email marketing by following the unsubscribe link located at the bottom of each promotional email, going to our Preference Center for all email communication categories, or contacting us at firstname.lastname@example.org with "UNSUBSCRIBE" in the subject line. Note: Please allow five (5) business days to be removed from all email communications.
Accessing, Correcting And Deleting Your Personal Information
Ensuring that Personal Information we hold about you is accurate and complete is important to us. If you would like to request access to, correct or delete your Personal Information, please submit your request online at (https://looker.com/trust-center/privacy/requests) or Contact Us with your request. We will verify these requests and respond to you in accordance with our legal obligations, which typically means forwarding your request to the licensed administrator (in your organization) of your Looker account for review.
Accountability and Onward Transfer
This section describes our accountability with regard to the onward transfer of your Personal Information to third party service providers (subprocessors, suppliers/vendors), partners and across country borders.
Except as listed below, Looker will not share Personal Information with third party service providers unless you have consented to the disclosure.
Depending on how Looker is deployed by the customer, Looker may share Personal Information with third-party service providers that need your information to provide the following operational or other support services to Looker, the Site or Platform:
- Data management.
- Database hosting.
- Integration services.
- Professional services.
- Information security, integrity, and identity and authentication services.
- Email communications (e.g. operational, marketing, events, training, certifications).
- Financial operations (e.g. licensing, billing).
- Payments and payment card processing.
- Shipping services.
- Communication services (e.g enabling collaboration, conferencing or messaging).
- Support services (e.g. providing customer service and support).
- Cloud services (e.g. functioning of the Site or Platform).
To ensure the confidentiality and security of your Personal Information, we ask service providers that handle Personal Information to sign a Data Protection Addendum and undergo a security and privacy review. These service providers are restricted by contract from using Personal Information in any way other than to provide services for Looker, including on your behalf as part of your contract with us. Looker is accountable and has liability in cases of onward transfers to third party service providers.
Looker does not share the information contained in your organization's Looker database and used with the Looker Platform with the above service providers.
If you integrate a 3rd party service through the Looker Action, Integration or Application Hubs, or through Professional Services contracted by you, you are choosing to share the information contained in your organization's Looker database with that 3rd party service.
Looker may also provide your Personal Information to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or lawful government request, including in connection with national security or law enforcement requirements. This may include disclosures: to respond to subpoenas or court orders; to establish or exercise our legal rights or defend against legal claims; or to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law. In each case, we will make reasonable efforts to verify the validity of the request before disclosing your personal information.
- To enforce our agreements, policies, Supplier Code of Conduct, Acceptable Use Policy and Terms of Service.
- To protect the security and integrity of the Site or Platform.
- To respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing serious bodily injury or death of any person.
Looker may also share your Personal Information with our subsidiaries, affiliates, and partners, to facilitate our global operations and in accordance with applicable laws, our Service Agreement, Terms of Service or Contracts with customers or service providers.
We may also provide your Personal Information to a third party in connection with a merger or acquisition of Looker, either in part or in whole, or the assignment or other transfer of the Site or Platform. In such event, such third party will either:
- inform you and get your express affirmative consent to opt-in to the new practices; and/or
- inform you in some prominent manner enabling you to make a choice about whether to agree to the new practices.
- You may choose to opt-out of allowing your Personal Information to be shared with certain third-parties. To do so, please Contact Us with your request. We will do our best to respond in a timely manner and grant your request to the extent permitted by law.
International Transfer And Storage Of Information Collected
Looker and our subprocessors and vendors primarily store information collected from you within the European Economic Area and the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Looker or our subprocessors have operations. For more information about our subprocessors, visit: https://looker.com/trust-center/privacy/subprocessors
We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs), or the EU - U.S. Privacy Shield.
By default, Looker hosts instances of the Looker Platform in the U.S. region. Customers may request that we host their instance in various other regions, including within the EU, Asia and Latin America, which varies based on each unique customer circumstances. Upon request, we host in the following EU regions:
- Dublin, Ireland or
- Frankfurt, Germany regions
Customers can also host their own Looker instance on their own servers. Contact your Account Executive for details.
- To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Looker has operations. We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs), or the EU - U.S. Privacy Shield.
Looker has a dedicated information security function responsible for security and data compliance across the organization.
Looker protects the Personal Information it collects via the Site or Platform with reasonable and appropriate physical, electronic, and procedural safeguards and has a SOC 2 Type II + HIPAA report and ISO27001 Certification. Any sections of the Site or Platform that collect sensitive Personal Information use industry-standard secure socket layer (TLS/SSL) encryption. The Looker platform uses AES 256 bit encryption to secure your database connection credentials and cached data stored at rest. Plus, TLS 1.2 is used to encrypt network traffic between users' browsers and the Looker platform. To take advantage of TLS, your browser must support up-to-date encryption protection, as found in the latest versions of most common browsers, such as Internet Explorer, Mozilla Firefox, Google Chrome, and Safari. The Looker data platform provides numerous product features to assist with data management, setup, and processes to help you meet data security and privacy requirements.
Recourse and Enforcement
You may contact us about our practices or to make a complaint and seek recourse according to these methods available to you, and subject to applicable enforcement powers.
In compliance with the EU-U.S. Privacy Shield Principles, Looker commits to resolve complaints about our collection or use of your personal information. European Union, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Looker at the information provided below in the "Contact Us" section.
If you have an unresolved complaint, Looker has committed and signed on to the JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield ADR (JAMSADR), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.
The services of JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield ADR are provided at no cost to you. Mediations will be conducted pursuant to JAMS International Mediation Rules unless the parties have specified a different set of Rules or Procedures.
Looker is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.
Do Not Track Signals
We do not track visitors to the Site across third-party websites and therefore we do not respond to Do Not Track signals in these circumstances.
Links To Third-Party Sites
Looker is a business service, not a consumer product. The Site or Platform is not directed to, nor intended to be used by, individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction. Looker does not knowingly collect personal information from individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction. If you become aware that an individual under the age of 16, or the equivalent minimum age in the relevant jurisdiction, has provided us with personal information, please contact us immediately at email@example.com. If we become aware that an individual under the age of 16, or the equivalent minimum age in the relevant jurisdiction, has provided us with personal information, we will take steps to delete such information.
(toll free at +1-888-315-5125)
Write: 101 Church Street, 4th Floor, Santa Cruz, CA 95060
Data Protection Officer
Lillian Pang, Taceo Limited
- " Affiliates" means Looker's parent and related entities, including: Looker Data Sciences, Inc., Looker Data Sciences Canada Inc., Looker Data Sciences Limited (U.K.), Looker Data Sciences Ireland Limited, and Looker K.K. (Kabushiki Kaisha Looker).
- " Analytics Data" means information about how the Site and/or the Platform are performing. Analytics Data includes information gathered via our licensing management service, which sends data to Looker concerning the performance of the Platform.
- " Do Not Track" is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
- " Interactive Areas" means the Site's publicly accessible blogs, community forums, comments sections, discussion forums, training material, certification portal, event registration or other interactive features.
- " Looker", " we" and " us" mean Looker Data Sciences, Inc.
- " Looker Users" means individuals designated by the Looker customer as a user of the Looker software products or Platform.
- " Looker Customers" means companies that license Looker software products or Platform, including "Powered by Looker" and white label versions.
- " JAMS" stands for Judicial Arbitration and Mediation Services. JAMS is the largest private alternative dispute resolution (ADR) provider in the world.
- " NAI&quoquot; means the Network Advertising Initiative.
- " Platform" means Looker's software products, including the Looker Data Platform, Looker Data Apps, Powered by Looker and white-label deployments.
- " Site" means the Looker website at https://looker.com and sub-domains.
- " Usage Data" means information about all of your interactions with the Site and/or the Platform. Pseudonymized usage data is gathered by a Looker service and a third-party service (Google Analytics 360) about how users are using the Looker product and how well it is performing. This data is analyzed and used to improve the Looker product. Administrators can disable these services for their instance by contacting Support. It may include pseudonymized data regarding any interaction you have with the Site or Platform, such as which functionalities are used and the frequency of use (e.g., pages visited, actions taken, queries run, fields added, user accounts, account roles, and connected database types).
- EU-U.S. and Swiss Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.