Lookback Privacy Policy

Effective as of May 24th, 2018

1. Background

Protecting your privacy is really important to Lookback Group, Inc and our subsidiares (all U.S. subsidiaries using brand name Lookback). (“Lookback”, “we”, or “our”). With this in mind, we are providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive through our website located at www.lookback.io (the “Site”), the Lookback Software Development Kit (the “Lookback SDK”), and/or the Lookback software applications or mobile applications (the “Lookback Applications”, and collectively with the Site and the Lookback SDK, the “Services”). This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services. Notwithstanding the foregoing, unless specified otherwise in this Privacy Policy, any references to “you” and “your”, will refer to customers of Lookback and their authorized users who have purchased access to the Services (the “Customers”) or to users who record their usage of a Customer’s application(s) using the Services (“Testers” or “Participants”).

2. Revisions to this Privacy Policy

Any information that is collected via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of those changes by posting them on the Services or by sending you an email or other notification, and we will update the “Last Updated Date” above to indicate when those changes will become effective.

3. Collection, Retention and Use of Information

3.1 Information Collected from You

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your Account, if you are an Account holder), to enable you to enjoy and easily navigate our Services, to monitor and secure the Service, to prevent unauthorized use of the Service and depending on your preference to deliver you advertising. The information that Lookback collects from you varies depending on your use of the Services as a Participant or as a Customer. We will process your information where there is a legitimate interest to do so. Those interests are described in this policy.

3.1.1 Information Obtained from Participants

If you are a Participant, you may access the Services to create Recordings by (i) receiving an invitation from a Customer or an authorized user of a Customer to test Customer’s application(s) by using the Services, or (ii) interacting directly with Customer’s application(s) that incorporate the Services. When you access the Services as a Participant, Lookback will collect the following information from you:

3.1.1.1 Information in Recordings. Depending on the settings on your device or on the application you are testing, when you create a Recording using the Services, Lookback will collect information regarding your device (such as device name, operating system and model), video content you create as a Participant (captured by the camera and the screen on your device), which may include your image or appearance, any audio captured by the microphone on your device, banners, and any other information that is displayed on your device screen as you create a Recording by interacting with a Customer application (collectively, the “Recording Information”).

3.1.1.2 Onboarding Information. After being invited to participate in a research session, we will collect certain information that can be used to identify you, such as your name and email address.

3.1.2 Information Obtained from Customers

If you are a Customer, you may use the Services to test your application(s) by (i) inviting Participants to use the Services with your application(s) to create Recordings, (ii) incorporating the Services into your application(s), or (iii) allowing your authorized users to act as Participants and create Recordings. As a Customer, Lookback will collect the following information from you and/or your authorized users:

3.1.2.1 Account Information. If you create an account to use the Services (the “Account”) and/or sign up for a paid subscription to the Services, we will collect certain information that can be used to identify you, such as your name and email address.

3.1.2.2 Billing Information. When you sign up for a paid subscription with Lookback, we will also collect, as necessary, your billing information and billing address (collectively, “Billing Information”) to complete your order for the purchase of the Services via our Site. We use Stripe to process payments through our Site and in connection with this service that Stripe provides to Lookback, Stripe may collect your Billing Information. The information that you provide through Stripe is subject to the Stripe Privacy Policy (available at https://stripe.com/us/privacy/). You should read the Stripe Privacy Policy to learn about Stripe’s information collection and usage.

3.1.3 Information Obtained from All Lookback Users

Lookback will collect the following information from Customers, Participants or any other users of the Site or the Services:

3.1.3.1 Information Collected Using Cookies and other Web Technologies. Like many website owners and operators, we use automated data collection tools such as Cookies and Web Beacons to collect certain information.

“Cookies” are small text files that are placed on your device by a Web server when you access our Services. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own Cookies on your device. Note that this Privacy Policy covers only our use of Cookies and does not include use of Cookies by such third parties.

“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).

3.1.3.2 Information Related to Use of the Services. Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying information about how our Services are used.

3.1.3.3 Information Sent by Your Device. We collect certain information that your device sends when you use our Services, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Services ("Device Information").

3.1.3.4 Location Information. When you use a Lookback Application on your mobile device, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.

3.1.3.5 Personal Data If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

4. Retention

Lookback will retain the collected information in accordance with Customer's instructions, including any applicable terms in the Terms of Use, Service Agreement and Customer's use of the Service's functionality, and as required by applicable law. Depending on the Services plan, Customer may be able to customize its retention settings. Lookback may retain collected information pertaining to Customer for as long as necessary for the purposes described in this Privacy Policy. This may include keeping Account Information, Log Data, Billing Information, Device Information and Location Information ("Other Information") after Customer have deactivated Customer's account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

5. Information that We Share with Third Parties

We will not share any Personal Data that we have collected from or regarding you except as described below:

Information Shared with Parent Companies, Subsidiaries, or Affiliates. We may share your Personal Data and Recording Information with our parent companies, subsidiaries and affiliates.

Information Shared with Our Service Providers. We may engage third-party service providers to work with us to administer and provide the Services. These third-party service providers have access to your Personal Data only for the purpose of performing services on our behalf.

Information Shared with Customers. If you, as a Participant, or an authorized user of a Customer, use or access the Services to create a Recording, you agree that we may share your Recording Information and Personal Data with the Customer(s) for whom you are providing testing services.

Information Shared with Third Parties. We may share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling and other similar purposes.

Information Disclosed in Connection with Business Transactions. Information that we collect from our users, including Personal Data, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale, or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Data, may be disclosed or transferred to a third party acquirer in connection with the transaction.

Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.

6. Your Choices

We offer you choices regarding the collection, use and sharing of your Personal Data and we will respect the choices you make. Please note that if you decide not to provide us with the Personal Data that we request, you may not be able to access all of the features of the Services.

Opt-Out. If you are a Customer or an authorized user of a Customer, we may periodically send you free newsletters and e-mails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to “opt-out” (by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Use, our Lookback Cloud Service Agreement or this Privacy Policy or information about billing.

Modifying Your Information. If you are a Customer or an authorized user of a Customer, you can access and modify the Personal Data associated with your Account by changing the settings in your Account. In addition, if you are an authorized user of a Customer, upon termination of Customer’s agreement with Lookback, the Personal Data associated with your Account will not be deleted and your Account will remain in existence, although you will no longer be able to access any content or Recordings associated with Customer. If you are a Participant you should contact the Customer to access, modify or delete your Personal Data or Recording Information, since the Customer is the controller of that data.

7. Responding to Do Not Track Signals

Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.

8. The Security of Your Information

We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your Personal Data) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using TLS or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.

9. Your Rights

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact Support at team@lookback.io for additional access and assistance.

To the extent that Lookback's processing of your Personal Data is subject to the General Data Protection Regulation, Lookback relies on its legitimate interests, described above, and the performance of the agreement between you and us (usually the Terms of Use and the Service Agreement) to process your data. We may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to our use of your Personal Data for this purpose at any time. Subject to applicable law, you also have the right to (i) restrict Lookback's use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority or the Swedish Data Protection Authority (Datainspektionen), which is our lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority at datainspektionen@datainspektionen.se

10. Links to Other Sites

Our Services may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service”). Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. We’re not responsible for the content, privacy or security practices and policies of any Third-party Service. To protect your information we recommend that you carefully review the privacy policies of all Third-party Services that you access.

11. International Transfer and Privacy Shield

11.1 General

Whether you are a Customer, an authorized user of a Customer, or a Participant, your Personal Data may be transferred to, and maintained on, computers or servers, that are located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your Personal Data to us, we may transfer your Personal Data to the United States and process it there. We work with our Customers, users and vendors with regard to legal compliance pertaining to data transfer.

For the avoidance of doubt, for information we collect from Participants or Customers’ authorized users, the Customer is responsible for obtaining any necessary consent from the Participants or such authorized users regarding the international transfer of any Personal Data included in their Recordings.

11.2 Privacy Shield

11.2.1 Compliance

Lookback complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Lookback has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

11.2.2 Questions or Complaints

In compliance with the Privacy Shield Principles, Lookback commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lookback at:

privacy-complaints@lookback.io

11.2.3 U.S. Federal Trade Commission Enforcement

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

11.2.4 Third parties and data processed

If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

For further information about what data we share with third parties see "5. Information that We Share with Third Parties" in this privacy policy.

11.2.5 Choices Regarding Your Data

You have different choices and means for limiting the use and disclosure of your personal data. You can choose for your personal data not to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized. Your other choices and means are described in this privacy policy.

11.2.6 Requirement to Disclose

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

11.2.7 Dispute Resolution

If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from the EU Data Protection Authorities, or the Swiss Federal Data Protection and Information Commissioner (FDPIC), depending on your location. European and Swiss users may, under specific conditions set forth in Annex I to the Principles, invoke binding arbitration through the Privacy Shield panel to resolve any complaints.

11.2.8 Right of Access

Some international users (including those whose personal data is within the scope of this Privacy Shield certification) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Those users may exercise some of those rights through the options described in this privacy policy.

12. Processing of Personal Data

The Customer is the controller of the Recording Information created by the use of the Services. The Customer is ultimately liable for ensuring that consents for such Customer’s use of the Recording Information have been legally obtained, and must not engage any Participants where there is no legal basis for the collection and processing of Personal Data as referred to in this Privacy Policy.

Where Lookback is processing a Customer’s Personal Data in the capacity of a data processor, we undertake to only process Personal Data in accordance with this Privacy Policy and the Customer’s instructions. Lookback will implement adequate technical and organizational measures to ensure the proper protection of the Personal Data which it processes on behalf of the Customer. Lookback will take responsibility for any third party we forward your Personal Data or Recording Information to and that they deploy security measures reasonably similar to those that we deploy on our own.

13. Our Policy Toward Children

Our Services are not directed to children under 16 and we do not knowingly collect Personal Data from children under 16. If we learn that we have collected Personal Data of a child under 16 we will take steps to delete such information from our files as soon as possible.

14. Contact

You can always reach out to us at team@lookback.io with questions or concerns.

To communicate with our Data Protection Officer, please email dpo@lookback.io.