Effective Date: February 14, 2022
Looker Privacy Program
Looker maintains a privacy program aligned with global
privacy requirements, including the California Consumer
Privacy Act (CCPA) (see
Looker’s California Privacy Notice
for details), Brazil’s data privacy law
(“LGPD”), the General Data Protection Regulation
(GDPR) and with the EU-U.S., Swiss-U.S. Privacy Shield
Principles and Frameworks as set forth by the U.S.
Department of Commerce regarding the collection, use, and
retention of Personal Information about individuals in the
European Union, United Kingdom (UK) and Switzerland,
processed within the United States. Looker, as part of
Google, has certified to the Department of Commerce that it
adheres to the Privacy Shield Principles. If there is any
Privacy Shield Principles, the Privacy Shield Principles
shall govern. To learn more about the Privacy Shield
program, and to view our certification, please visit
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. As of July 16, 2020, we no longer rely on the EU-U.S.
Privacy Shield to transfer data that originated in the EEA
or the UK to the U.S.
Data Integrity and Purpose Limitation
These are the ways we collect, use, and store Personal Information.
The Looker Platform
Collection and Use
The Looker Platform analyzes data in your databases on the basis of legitimate interest to fulfill our contractual commitments to you, our customer. The Looker Platform acts as a Data Processor to you, our customer, as the Data Controller over your data.
The Looker Platform holds two types of Personal Information:
1. Information about Looker users.
Information about Looker users includes:
- End-user login/registration information (business email and password) for Looker users or External Business Users (PBL Users) as well as metadata about Looker usage.
- Login information is controlled by customers directly as it is entered on their Looker instance and they can delete their users' (i.e. their employees') or PBL users' information at any time.
- Job role information which may also be shared and used with Looker Certification and Learning Program.
- Metadata is used to facilitate product improvements, customer support and license auditing.
- We retain basic user contact information to send product updates, relevant marketing, training and events based on the users' communication preferences.
2. Customer data necessary to answer users' queries.
Once the Looker Platform is connected to a customer database, the Looker cache retains data from the customer's database that is fetched in response to its Users' queries.
Customer data is encrypted and stored by Looker for a maximum of 30 days or until the cache storage limits are reached—whichever occurs first. You can also take additional steps to reduce the amount of time that query results are held in cache.
When you create an account or or your organization’s administrator, creates an account to use the Platform on your behalf, additional information about your use is created, which may collect and use the following information:
- Unique identifier(s) allow us to monitor user experience.
- Device information may include the hardware model, operating system and version, unique device identifiers, network information, IP address, and/or Platform version.
- Information about all of your interactions with the Platform and training content ("Usage Data") and how the Platform is performing ("Analytics Data") both of which are “Service Data”. Customers may access System Activity information, which is retained for 90 days, with a longer retention available to Elite Customers
- License credentials to ensure that usage is in compliance with the customer's licensing terms. This information includes metadata about users, roles, database connections, server settings, features used, API usage, and Platform version. Information contained in your organization's Looker database used with the Platform, to which we have access when we automatically back it up and encrypt it for you.
- If a Looker customer uses the Platform to analyze personal information in their databases, Looker will process the categories of personal information analyzed (e.g. via looks, query strings, embedded messages), which may include special categories of data as determined by the customer, including without limitation factors specific to the individual's physical, physiological, genetic, mental, economic, cultural or social identity. Looker users should avoid using special or sensitive data categories, PHI, or other protected consumer information as part query strings, looks, embedded messages or similar.
Retention and Deletion
Looker customers create and remain in control of your data and data about your users and user activities and reports. When you remove users from your Looker-connected database instance, their data will be removed from Looker's databases within 30 days and within 30 days they will no longer remain in Looker's cache.
If you are a Looker user and wish to delete a Looker user's account data, please contact your Looker Administrator or internal compliance decision-maker for assistance. At the request of our customers, we have a process to permanently anonymize the data by data engineering. Looker Administrators may either self-serve or Contact Us to request assistance.
The Looker Platform uses a read-only connection for its Users to access the minimum amount of data needed to answer questions and only returns the relevant result set. Alternatively, customers can choose to give Looker write-access to their database to take advantage of PDTs (persistent derived tables). This feature lets you define summary tables that Looker will write on your behalf into your database, at a cadence of your choosing.
Additional Use and Retention
Looker has a legitimate interest to further process your Personal Information collected by the Platform as follows, depending upon the nature of your Looker deployment:
- To administer your Platform user accounts.
- To enable your access and use of the Platform, and to enable you to communicate, collaborate, and share information with those you designate.
- To enable Looker to verify the license(s) you've contracted with us to use the Platform.
- To provide product enablement and licensing, customer service and support.
- To enable your access and use of Platform Integration and Application services.
- To monitor your user experience on the Platform.
- To enable Looker to proactively help customers maintain the performance and functionality of deployments of the Platform.
- To validate certification and training information. This information is aggregated and anonymized and not used to create a profile about users.
Embedded "Powered by Looker"
Powered by Looker (PBL) is a version of the Looker Platform that is extended and customized, under contract, into third party workflows or applications, either within or external to the customer's organization. This allows customers to private label the Looker BI application, embed analytics into SaaS applications, and build custom applications, integrations or data visualizations.
The Looker Marketplace is a central location within the Looker Platform for finding, deploying, and managing Looker Blocks, applications, visualizations, and plug-ins. We inform you when a tool is developed by Looker or by a third-party developer. Before you download or purchase content from the Marketplace, be sure that you have evaluated the third party developer and tool. Looker shares with the developer aggregated, non-identifying and non-profiling, statistical information regarding the performance of their tool in the marketplace, such as upload and deletion counts. These third party developers are not subprocessors to Looker.
In order to set up and use the device provisioning, account authentication, and deployment features of Looker’s mobile application, and improve your experience, Looker collects usage information as described above for the Looker Platform and also certain unique identifiers from the User’s device and account information. These unique identifiers include the hardware identifier for the device, operating system information, and country location based on your IP address. Additionally, we may request that you provide access to your camera to scan a QR Code.
Looker Learning Services
We process information about the users of our customers that participate in the Looker learning program in order to provide this service. Users may log into their account to manage their profile at: connect.looker.com. Contact email@example.com for program-related questions.
Choice, Control and Access
How to exercise your rights to access and control your Personal Information.
Accessing, Correcting And Deleting Your Personal Information
Ensuring that Personal Information we hold about you is accurate and complete is important to us. If you would like to request access to, correct or delete your Personal Information, please Contact Us.
Accountability and Onward Transfer
This section describes our accountability with regard to the onward transfer of your Personal Information to third party service providers (subprocessors, suppliers/vendors), partners and across country borders.
Except as listed below, Looker will not share Personal Information with third party service providers unless you have consented to the disclosure.
Depending on how Looker is deployed by the customer, Looker may share Personal Information with third-party service providers that need your information to provide the following operational or other support services to Looker Platform:
- Data management.
- Database hosting.
- Integration services.
- Professional services.
- Information security, integrity, and identity and authentication services.
- Email communications (e.g. operational, marketing, events, training, certifications).
- Financial operations (e.g. licensing, billing).
- Payments and payment card processing.
- Shipping services.
- Communication services (e.g enabling collaboration, conferencing or messaging).
- Support services (e.g. providing customer service and support).
- Cloud services (e.g. functioning of the Platform).
To ensure the confidentiality and security of your Personal Information, we ask service providers that handle Personal Information to sign a Data Protection Addendum and undergo a security and privacy review. These service providers are restricted by contract from using Personal Information in any way other than to provide services for Looker, including on your behalf as part of your contract with us. Looker is accountable and has liability in cases of onward transfers to third party service providers.
Looker does not share the information contained in your organization's Looker database and used with the Looker Platform with the above service providers.
If you integrate a 3rd party service through the Looker Action, Integration or Application Hubs in the Marketplace, or through Professional Services contracted by you, you are choosing to share the information contained in your organization's Looker database with that 3rd party service.
Looker may also provide your Personal Information to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or lawful government request, including in connection with national security or law enforcement requirements. This may include disclosures: to respond to subpoenas or court orders; to establish or exercise our legal rights or defend against legal claims; or to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law. In each case, we will make reasonable efforts to verify the validity of the request before disclosing your personal information.
- To enforce our agreements, policies, Supplier Code of Conduct, Acceptable Use Policy and Terms of Service.
- To protect the security and integrity of the Platform.
- To respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing serious bodily injury or death of any person.
Looker may also share your Personal Information with our subsidiaries, affiliates, and partners, to facilitate our global operations and in accordance with applicable laws, our Service Agreement, Terms of Service or Contracts with customers or service providers.
We may also provide your Personal Information to a third party in connection with a merger or acquisition of Looker, either in part or in whole, or the assignment or other transfer of the Platform. In such event, such third party will either:
- inform you and get your express affirmative consent to opt-in to the new practices; and/or
- inform you in some prominent manner enabling you to make a choice about whether to agree to the new practices.
- You may choose to opt-out of allowing your Personal Information to be shared with certain third-parties. To do so, please Contact Us with your request. We will do our best to respond in a timely manner and grant your request to the extent permitted by law.
International Transfer And Storage Of Information Collected
Looker and our subprocessors and vendors primarily store information collected from you within the European Economic Area and the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Looker or our subprocessors have operations. For more information about our subprocessors, visit the page at https://cloud.google.com/terms/looker/privacy/subprocessors: We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs).
By default, Looker hosts instances of the Looker Platform in the U.S. region. Customers may request that we host their instance in various other regions, including within the EU, Asia and Latin America, which varies based on each unique customer circumstances. Upon request, we host in the following EU regions:
- Dublin, Ireland or
- Frankfurt, Germany regions
Customers can also host their own Looker instance on their own servers. Contact your Account Executive for details.
- To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Looker has operations. We use applicable, approved information transfer mechanisms where required, such as EU Standard Contractual Clauses (SCCs).
Looker has a dedicated information security function responsible for security and data compliance across the organization.
Looker protects the Personal Information it collects via the Platform with reasonable and appropriate physical, electronic, and procedural safeguards and has a SOC 2 Type II + HIPAA report and ISO27001 Certification. Any sections of the Platform that collect sensitive Personal Information use industry-standard secure socket layer (TLS/SSL) encryption. The Looker platform uses AES 256 bit encryption to secure your database connection credentials and cached data stored at rest. Plus, TLS 1.2 is used to encrypt network traffic between users' browsers and the Looker platform. To take advantage of TLS, your browser must support up-to-date encryption protection, as found in the latest versions of most common browsers, such as Internet Explorer, Mozilla Firefox, Google Chrome, and Safari. The Looker data platform provides numerous product features to assist with data management, setup, and processes to help you meet data security and privacy requirements.
Recourse and Enforcement
You may Contact Us about our practices or to make a complaint and seek recourse according to these methods available to you, and subject to applicable enforcement powers.
As part of our adherence to the EU-U.S. Privacy Shield Principles, Looker commits to resolve complaints about our collection or use of your personal information. European Union, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first Contact Us.
If you have an unresolved complaint, Looker commits to cooperate with your local EU data protection authority and/or the Swiss Federal Data Protection and Information Commissioner (cumulatively “DPAs”) as alternative dispute resolution providers. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, contact your local DPA.
Looker is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.
Do Not Track Signals
We do not track visitors across third-party websites and therefore we do not respond to Do Not Track signals in these circumstances.
Links To Third-Party Sites
Looker is a business service, not a consumer product. The Platform is not directed to, nor intended to be used by, individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction. Looker does not knowingly collect personal information from individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction. If you become aware that an individual under the age of 16, or the equivalent minimum age in the relevant jurisdiction, has provided us with personal information, please Contact Us immediately. If we become aware that an individual under the age of 16, or the equivalent minimum age in the relevant jurisdiction, has provided us with personal information, we will take steps to delete such information.
Data Protection Officer
- " Affiliates" means Looker's parent Google LLC and related entities, including: Looker Data Sciences, Inc., Looker Data Sciences Canada Inc., Looker Data Sciences Limited (U.K.), Looker Data Sciences Ireland Limited, and Looker K.K. (Kabushiki Kaisha Looker).
- " Analytics Data" means information about how the Services are performing, which is also referred to as Service Data. Analytics Data includes information gathered via our licensing management service, which sends data to Looker concerning the performance of the Platform.
- " Do Not Track" is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
- " Looker", " we" and " us" mean Google LLC.
- " Looker Users" means individuals designated by the Looker customer as a user of the Looker software products or Platform.
- " Looker Customers" means companies that license Looker software products or Platform, including "Powered by Looker" and Private Label versions.
- " NAI" means the Network Advertising Initiative.
- " Platform" means Looker's software products, including the Looker Data Platform, Looker Data Apps, Powered by Looker and Private Label deployments.
- " Usage Data" means information about all of your interactions with the Platform, which is also referred to as Service Data. Pseudonymized usage data is gathered by the Services about how users are using the Looker product and how well it is performing. This data is analyzed and used to improve the Looker product. Administrators can disable these services for their instance by contacting Support. It may include pseudonymized data regarding any interaction you have with the Platform, such as which functionalities are used and the frequency of use (e.g., pages visited, actions taken, queries run, fields added, user accounts, account roles, and connected database types).
- EU-U.S. and Swiss Privacy Shield Frameworks, while in effect, were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
- Standard Contractual Clauses (SCCs), also known as Model Clauses (MCCs) were developed and updated by the European Commission to provide organizations with a mechanism to comply with data protection requirements when transferring personal data from the EU to third countries or third parties.