What benefits does Looker provide with regard to GDPR compliance?
One of the architectural benefits of the Looker platform is that it creates a single, governed location for users to access data. This reduces data sprawl, leverages the world-class security of today’s most advanced databases, and gives administrators control over who’s accessing data and how long it’s cached for. The Looker platform helps to empower business users to analyze data and gain insights to drive business outcomes, but leaves control of your data where it belongs, in your hands.
For additional information and ideas on how Looker can assist your company with maintaining compliance with GDPR and other global data privacy laws, view the below white papers: https://info.looker.com/looker-101/what-gdpr-means-for-your-business-data-strategies
What personal data does Looker as a data processor, collect and store, and for what purposes?
Looker holds two classes of data: information about Looker users and the customer data necessary to answer users’ queries.
Information about Looker users includes end-user login/registration account information for Looker users as well as metadata about their usage. Metadata is used to facilitate product improvements, customer support and license auditing. Login information is controlled by customers directly as it is entered on their Looker instance and they can delete their users’ (i.e. their employees’) information at any time. We retain basic user account information, which includes contact information used to send product updates, relevant marketing, training and events based on the users’ contact preferences.
Once Looker is connected to a customer database, the Looker cache retains data from the customer’s database that is fetched in response to a users’ queries. This data is encrypted and stored by Looker for a maximum of 30 days or 2GB of data—whichever occurs first. If you prefer, you can also take additional steps to reduce the amount of time that query results are held in cache.
Does Looker participate in the FTC Privacy Shield program?
Yes, Looker does participate in the following Privacy Shield programs, as administered by the U.S. Department of Commerce.
E.U.-U.S. Privacy Shield (including U.K.) effective June 7, 2018.
Switzerland-U.S. Privacy Shield effective June 7, 2018.
U.K.-U.S. Privacy Shield effective January 2019.
May I opt out of Looker Communications?
Yes. We retain basic user contact information to communicate with our customers and their users about marketing, training and events. Looker users may manage their communication preferences here.
Where does Looker host customer data?
Looker-hosted instances are hosted in the Amazon Web Services cloud. By default, Looker hosts in the Virginia (US) region, but at the customer’s request, we can host in various other regions, including within the EU. For customers who need to be hosted inside the EU, we host in AWS’s Dublin region. Customers can also host their own Looker instance on their servers.
Has Looker evaluated its security policies, management, and controls to meet GDPR?
Our data security program is designed to ensure that the policies, controls and processes are appropriate to the type of personal data and data processing collected. You can find our security policy here: https://looker.com/product/security
What security certifications does Looker have?
We have received certification for SOC 2 Type 2 Report for the Looker Cloud Hosted Data Platform.
How long does Looker retain customer data? Will Looker delete customer data when requested?
As a customer of Looker, you remain in control of your data and data about your users. When you remove users from your Looker instance, their data will be removed from Looker’s databases within 30 days. If you wish to delete a Looker user’s account data, our Data Engineering team has a process to permanently anonymize the data. If you would like Looker to delete your customer data or Looker user account detail, please send an email to firstname.lastname@example.org.
Where can I find a list of Looker’s vendors and subprocessors?
||Nature of Processing:
||Logging and security monitoring.
|Amazon Web Services (includes Cloudtrail)
||Hosting services for Looker software deployments.
||Repository of software code used to implement Looker software deployments.
||Authentication, business management.
||Marketing automation platform. Email delivery services for communications to data exporter personnel involved in the data exporter-data importer relationship. Contains names and contact information.
||Looker system cloud backups.
||Customer relationship management software. Contains names and contact information for data exporter personnel involved in the data exporter-data importer relationship.
||Email delivery services for communications to data exporter personnel involved in the data exporter-data importer relationship.
||Support chat services within the Looker software.
Where can I find Looker’s Data Protection Addendum (DPA)?
If you are a customer or prospect, you may request a copy of Looker's DPA directly from your account executive. You may also request a DPA by sending an email to email@example.com.
Has Looker appointed a Data Protection Officer (DPO)? Please provide contact information for the DPO.
We have appointed Lillian Pang of Taceo Limited as our DPO, firstname.lastname@example.org.
EU Region Headquarters
Looker Data Sciences Ireland Limited
John O'Keeffe, VP, EMEA
5 Harcourt Rd, Saint Kevin's
Dublin, D02 FW64, Ireland
Corporate Headquarters (U.S.)
Looker Data Sciences, Inc.
101 Church Street, 4th Floor, Santa Cruz, CA 95060