Privacy Policy

Effective as of December 14th, 2020

Lookback provides products and services to help bridge the gap between users and product teams to produce more usable products and ensure humanity is at the core of every product decision. Protecting your privacy is really important to us. This Privacy Policy explains the practices of Lookback Group, Inc. and its subsidiaries (“Lookback”, “we”, or “our”) with regard to information that is associated with an identified or identifiable natural person and is protected under applicable data protection law (“Personal Data”). Lookback is the controller for the Personal Data we process, except as otherwise described in this Privacy Policy. For information on how to contact us, please refer to Section 14 below.

This Privacy Policy contains the following sections:

  1. Scope
  2. Personal Data We Collect
  3. How We Use Your Information
  4. Retention
  5. Information We Share with Third Parties
  6. Your Privacy Choices and Rights
  7. Responding to Do Not Track Signals
  8. Security of Your Information
  9. International Transfers
  10. Our Policy Toward Children
  11. Supplemental Notice for California Residents
  12. Supplemental Notice for Nevada Residents
  13. Revisions to this Privacy Policy
  14. Contact

1. Scope

This Privacy Policy applies to Personal Data collected and processed by us, including on through our website located at www.lookback.io (the “Site”), and/or the Lookback software applications or mobile applications (the “Lookback Applications”, and collectively with the Site, the “Services”) as described throughout this Privacy Policy.

This Privacy Policy does not apply to the Personal Data that customers of Lookback who have purchased access to the Services (the “Customers”) and their authorized users may process using Lookback’s products and services (“Customer Data”). Our Customers’ respective privacy policies govern the collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our Customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our Customer.

The Customer is the controller of the Recording Information created by the use of the Services. The Customer is ultimately liable for ensuring that consents for the Customer’s use of the Recording Information have been legally obtained and must not engage any Participants where there is no legal basis for the collection and processing of Personal Data as referred to in this Privacy Policy.

Likewise, this Privacy Policy does not apply to any third-party websites, services or applications (each, a “Third-party Service”), even if they are accessible through our Services. Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. To protect your information, you should review the privacy policies of all Third-party Services that you access.

 

2. Personal Data We Collect

Lookback collects information directly from you and automatically, as described below.


Information We Collect from You


Lookback may collect the following information from Customers:

  • Account Information. If you create an account to use the Services (the “Account”) and/or sign up for a paid subscription to the Services, we will collect certain information that can be used to identify you, such as your name and email address.
  • Billing Information. When you sign up for a paid subscription with Lookback, we will also collect, as necessary, your billing information and billing address (collectively, “Billing Information”) to complete your order for the purchase of the Services via our Site. We use Stripe to process payments through our Site. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details). In connection with this service that Stripe provides to Lookback, Stripe may also collect your Billing Information. The information that you provide through Stripe is subject to the Stripe Privacy Policy (available at https://stripe.com/us/privacy/). You should read the Stripe Privacy Policy to learn about Stripe’s information collection and usage.

Information We Collect Automatically

Lookback may collect the following information from users of the Services:

  • Information Collected Using Cookies and other Web Technologies. Like many website owners and operators, we may use automated data collection tools such as Cookies, pixel tags, and Web Beacons (“Technologies”) to automatically collect certain information through your use of our Services.
    • “Cookies” are small text files that are placed on your device by a Web server when you access our Services. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own Cookies on your device. Note that this Privacy Policy covers only our use of Cookies and does not include use of Cookies by such third parties.
    • “Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).

Our uses of these Technologies fall into the following general categories:

  • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
  • Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);
  • Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
  • Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party websites.

See Section 6 below to understand your choices regarding these Technologies.

  • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services, such as Google Analytics. For more information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
  • Information Related to Use of the Services. Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying information about how our Services are used.
  • Information Sent by Your Device. We collect certain information that your device sends when you use our Services, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
  • Location Information. When you use a Lookback Application on your mobile device, we may collect and store information that can be used to infer your approximate location (e.g., IP address). We may use location information to improve and personalize our Services for you.

Information We Collect from Other Sources

We may obtain information about you from other sources, including through referrals from business partners, third-party services and organizations. For example, if you provide your email to one of our partners or other third party, we may collect information about you, such as your name and email address, from that third party that you have provided to them directly. The third party’s collection and use of your information is governed by their privacy policy.

3. How We Use Your Information

We use your information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

A. Provide Our Services

We use your information to fulfil our contract with you and provide you with our Services, such as:

  • Managing your information and accounts;
  • Providing access to certain areas, functionalities, and features of our Services;
  • Answering requests for customer or technical support;
  • Improving our Services;
  • Communicating with you about your account, activities on our Services, and policy changes;
  • Processing your financial information and other payment methods for products or Services purchased;
  • Processing applications if you apply for a job, we post on our Services; and
  • Allowing you to register for events.

B. Administrative Purposes

We use your information for various administrative purposes, such as:

  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
  • Measuring interest and engagement in our Services;
  • Short-term, transient use, such as contextual customization of ads;
  • Improving, upgrading or enhancing our Services;
  • Developing new products and Services;
  • Ensuring internal quality control and safety;
  • Authenticating and verifying individual identities;
  • Debugging to identify and repair errors with our Services;
  • Auditing relating to interactions, transactions and other compliance activities;
  • Enforcing our agreements and policies; and
  • Complying with our legal obligations.

C. Marketing and Advertising our Products and Services

We may use Personal Data to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.

Some of the ways we may market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.

If you have any questions about our marketing practices or if you would like to opt out of the use of your Personal Data for marketing purposes, you may contact us at any time as set forth below.

D. Other Purposes

We also use your information for other purposes as requested by you or as permitted by applicable law.

  • Consent. We may use Personal Data for other purposes that are clearly disclosed to you at the time you provide Personal Data or with your consent.
  • De-identified and Aggregated Information. We may use Personal Data and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services, or other analyses we create.
  • Share Content with Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a colleague, such as an email inviting your colleague to use our Services.

4. Retention

Lookback will retain the Personal Data we collect as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

5. Information We Share with Third Parties

We will not share any Personal Data that we have collected from or regarding you except as described below:

  • Parent Companies, Subsidiaries, or Affiliates. We may share your Personal Data and Recording Information with our parent companies, subsidiaries and affiliates for our administrative purpose including activities such as IT management, for them to provide services to you, or support and supplement the Services we provide.
  • Our Service Providers. We may engage third-party service providers to work with us to administer and provide the Services. These third-party service providers have access to your Personal Data only for the purpose of performing services on our behalf. We maintain a list of third parties we engage and we will notify Customers in advance if we engage any additional third-parties, as required by applicable law or our Customer agreement.
  • Third Parties. We may share aggregated or de-identified information with third parties for industry research and analysis, demographic profiling and other similar purposes.
  • Business Transactions. Information that we collect from our users, including Personal Data, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale, or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Data, may be disclosed or transferred to a third party acquirer in connection with the transaction.
  • For Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.

6. Your Privacy Choices and Rights

Privacy Choices

We offer you choices regarding the collection, use and sharing of your Personal Data and we will respect the choices you make. Please note that if you decide not to provide us with the Personal Data that we request, you may not be able to access all of the features of the Services.

Opt-Out. We may periodically send you free newsletters and e-mails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to “opt-out” (by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Use, our Lookback Cloud Service Agreement or this Privacy Policy or information about billing.

Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.

Privacy Rights

Individuals located in certain countries and jurisdictions, including the European Economic Area, California, and Brazil, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to:

  • Access Personal Data about you, including: (i) confirming whether we are processing your Personal Data; (ii) obtaining access to or a copy of your Personal Data;
  • Request Correction of your Personal Data where it is inaccurate, incomplete or outdated. In some cases, we may provide self-service tools that enable you to update your Personal Data, such as through your Account;
  • Request Deletion, Anonymization or Blocking of your Personal Data when processing is based on your consent or when processing is unnecessary, excessive or noncompliant;
  • Request Restriction of or Object to our processing of your Personal Data when processing is noncompliant;
  • Withdraw your Consent to our processing of your Personal Data. If you refrain from providing Personal Data or withdraw your consent to processing, some features of our Service may not be available;
  • Request data portability and receive an electronic copy of Personal Data that you have provided to us; and
  • Be informed about third parties with which your Personal Data has been shared.

If you are a user of our Customer, please contact our Customer to exercise your privacy rights.

If you are located in the European Economic Area, Switzerland, the United Kingdom or Brazil, you have the right to lodge a complaint with your local supervisory authority or the Swedish Data Protection Authority (Datainspektionen, datainspektionen@datainspektionen.se), which is our lead supervisory authority in the European Union, if you believe our processing of your Personal Data violates applicable law.

7. Responding to Do Not Track Signals

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

8. Security of Your Information

We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your Personal Data) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using TLS or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using our Services or providing personal data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.

9. International Transfers

General

Your Personal Data may be transferred to, and maintained on, computers or servers, that are located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your Personal Data to us, we may transfer your Personal Data to the United States and process it there. We work with our Customers, users and vendors with regard to legal compliance pertaining to international data transfers and endeavor to safeguard your information consistent with the requirements of applicable laws.

Privacy Shield

Compliance

Lookback complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union to the United States. Lookback has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Questions or Complaints

In compliance with the Privacy Shield Principles, Lookback commits to resolve complaints about our collection or use of your Personal Data. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lookback at privacy-complaints@lookback.io.

U.S. Federal Trade Commission Enforcement

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Third Parties and Data Processed

If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

For further information about what data we share with third parties, see Section 5 of this Privacy Policy.

Choices Regarding Your Data

You have different choices and means for limiting the use and disclosure of your Personal Data, as well as the right to access certain Personal Data that we hold about you. You can choose for your Personal Data not to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized. For more information about your privacy rights and choices, please see Section 6 of this Privacy Policy.

Requirement to Disclose

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

Dispute Resolution

If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from the EU Data Protection Authorities, or the Swiss Federal Data Protection and Information Commissioner (FDPIC), depending on your location. European and Swiss users may, under specific conditions set forth in Annex I to the Principles, invoke binding arbitration through the Privacy Shield panel to resolve any complaints.

10. Our Policy Toward Children

For Personal Data that we collect that is subject to this Privacy Policy, our Services are not directed to children under 16 and we do not knowingly collect Personal Data from children under 16. If we learn that we have collected Personal Data of a child under 16 we will take steps to delete such information from our files as soon as possible.

11. Supplemental Notice for California Residents

If you are a resident of California, please click here to view our Supplemental Notice for California residents.

12. Supplemental Notice for Nevada Residents

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A. For more information, please contact us as set forth below.

13. Revisions to this Privacy Policy

Any information that is collected via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of those changes by posting them on the Services or by sending you an email or other notification, and we will update the “Last Updated Date” above to indicate when those changes will become effective.

14. Contact

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:

Lookback Group, Inc
470 Ramona St
Palo Alto, California 94301
dpo@lookback.io