Lookback is compliant with the EU General Data Protection Regulation (GDPR) both as a controller and as a processor.
Lookback's Service Agreement (SA) contains all necessary provisions for customers to engage us as a processor. The Service Agreement comes with a Data Protection Addendum (DPA), including the Standard Contractual Clauses (SCC).
If you are interested in what we do to keep your data safe we have detailed that on our security page where you can get an overview.
Where we act as a processor we currently only store your data in the EU. We may engage service providers outside of the EU to process that data, in which case the transfer will be covered by the SCC (as mentioned above).
You can find a list of our processors and sub-processors here.
What is the personal data stored for each participant?
Name (The participant self-identifies this information, we do not verify)
E-mail address (if you do not want to use their actual email address, this field just has to follow an email address convention, i.e. email@example.com, we do not verify or do anything with them. They are for your purposes in recruitment, rewarding etc.)
Customer number (internal Lookback number)
Date of Lookback registration and session
Voice and video images captured by microphone and camera on the device of the customers during the user experience sessions
Device data (as device name, operating system and model, recording information captured by camera and on screen on device of customer)
Log data (as IP address, geo-location, browser type, operating system, web page, use of functionalities on pages, time spent on pages, search terms, clicked links, other statistics).
What happens to our data when in the system – can this be accessed by the Lookback team?
The Lookback team cannot log in to your accounts, we can see your organization info but it is not easily accessible unless we are actively trying to troubleshoot, in which we would need permission and more information from you.
Selected members of our technical staff can access the video data for troubleshooting purposes, this is covered by our T&Cs. For Enterprise customers we do not do that without asking for permission first.