Lookback is compliant with the EU General Data Protection Regulation (GDPR) both as a controller and as a processor.
Lookback's Service Agreement (SA) contains all necessary provisions for customers to engage us as a processor. The Service Agreement comes with a Data Protection Addendum, including the Standard Contractual Clauses (SCC).
If you are interested in what we do to keep your data safe we have detailed that on our security page where you can get an overview.
We store most of your data in the EU. If you are located in the EU, Ireland is where the nearest local server is located. Cases where data is transferred to the United States are now GDPR compliant via Lookback's Service agreement, as mentioned, as specified in the SCC (Exhibit A).
You can find a list of our processors and sub-processors here.
What is the personal data stored for each participant?
- Name (The participant self-identifies this information, we do not verify)
- E-mail address (if you do not want to use their actual email address, this field just has to follow an email address convention, i.e. email@example.com, we do not verify or do anything with them. They are for your purposes in recruitment, rewarding etc.)
- Customer number (internal Lookback number)
- Date of Lookback registration and session
- Voice and video images captured by microphone and camera on the device of the customers during the user experience sessions
- Device data (as device name, operating system and model, recording information captured by camera and on screen on device of customer)
- Log data (as IP address, geo-location, browser type, operating system, web page, use of functionalities on pages, time spent on pages, search terms, clicked links, other statistics).
What happens to our data when in the system – can this be accessed by the Lookback team?
The Lookback team cannot log in to your accounts, we can see your organization info but it is not easily accessible unless we are actively trying to troubleshoot, in which we would need permission and more information from you.
Selected members of our technical staff can access the video data for troubleshooting purposes, this is covered by our T&Cs. For Enterprise customers we do not do that without asking for permission first.