Lookback is complying with the EU General Data Protection Regulation (GDPR) both as a controller and as a processor.
Our Service Agreement contains the necessary provisions for customers to engage us as a processor. There is no need to sign a Data Protection Addendum for that purpose (if you need a DPA for any other reason we offer that only on our Enterprise plan).
If you are interested in what we do to keep your data safe we have detailed that on our security page where you can get an overview, or download our security whitepaper for more details.
We store most of your data in the EU. If you are located in the EU, Ireland is where the nearest local server is located.
For cases where it's transferred outside of the EU Lookback has self-certified for the EU-US Privacy Shield.
You can find a list of our processors and sub-processors here.
What is the personal data stored for each participant?
- Name (The participant self-identifies this information, we do not verify)
- E-mail address (if you do not want to use their actual email address, this field just has to follow an email address convention, i.e. firstname.lastname@example.org, we do not verify or do anything with them. They are for your purposes in recruitment, rewarding etc.)
- Customer number (internal Lookback number)
- Date of Lookback registration and session
- Voice and video images captured by microphone and camera on the device of the customers during the user experience sessions
- Device data (as device name, operating system and model, recording information captured by camera and on screen on device of customer)
- Log data (as IP address, geo-location, browser type, operating system, web page, use of functionalities on pages, time spent on pages, search terms, clicked links, other statistics).
What happens to our data when in the system – can this be accessed by the Lookback team?
The Lookback team cannot log in to your accounts, we can see your organization info but it is not easily accessible unless we are actively trying to troubleshoot, in which we would need permission and more information from you.
Selected members of our technical staff can access the video data for troubleshooting purposes, this is covered by our T&Cs. For Enterprise customers we do not do that without asking for permission first.