GDPR @ Looker FAQ
Version August 1, 2019
The Looker Platform can provide benefits with regard to GDPR compliance. Looker works closely with many data-driven organizations within the EEA and supports GDPR compliance in three ways: Architecture, Product and Company readiness.
Looker is a Data Processor to its customers, which are the Data Controller. Looker includes data ethics considerations into its privacy program and policy framework.
Architecture. A simpler, transparent architecture for data processing which reduces data sprawl and can support compliance with GDPR requirements - while providing modern data delivery capabilities and crucial insights to drive business success. The Looker platform creates a single, governed location for users to access data. It gives administrators control over who’s accessing data and how long it’s cached for. The Looker platform leaves control of your data where it belongs, in your hands.
Product. The Looker data platform provides numerous product features to assist with data management, setup, and processes to help you meet data security and privacy GDPR requirements.
Company. Looker’s data security and privacy programs are designed to ensure that company policies, controls and processes are appropriate to the type of personal data and data processing collected.
For more information about how Looker can assist your company with maintaining compliance with GDPR and other global data privacy laws, see our GDPR product compliance section.
Does Looker participate in the Privacy Shield program?
Looker participates in the following Privacy Shield programs, administered by the U.S. Department of Commerce. EU-U.S. and Swiss-U.S.
Privacy Shield since June 2018, current effective date is June 13, 2019.
Amended to include the U.K.-U.S. Privacy Shield as of February 1, 2019.
Where can I find Looker’s Data Protection Addendum (DPA)?
Customers or prospects may request the Looker DPA directly from your account executive. Request it at DPA at firstname.lastname@example.org.
Where can I find a list of Looker’s vendors and subprocessors?
What personal data does Looker as a data processor, collect and store, and for what purposes?
Looker, as a Data Processor, holds two classes of data: information about Looker Users and the customer data necessary to answer users’ queries.
Information about Looker Users includes end-user login/registration account information for Looker Users plus metadata about their usage of Looker.
Metadata is used to facilitate product improvements, customer support and license auditing.
Login information is controlled by customers directly as it is entered on their Looker instance and they can delete their Looker Users’ (i.e. their employees’) information at any time.
We retain basic user account information, which includes contact information used to send product updates, relevant marketing, training and events based on the users’ contact preferences.
Customer data necessary to answer users’ queries is data retained in the Looker cache, fetched in response to Looker User queries of their database that is connected to Looker.
- This data is encrypted and stored by Looker for a maximum of 30 days or 2GB of data—whichever occurs first. Customers may take additional steps to reduce the amount of time that query results are held in cache.
May I opt out of Looker Communications?
Yes. We retain basic Looker User contact information to communicate with our customers and their users about product and security updates, relevant marketing, training and events. Looker users may manage their communication preferences at our subscription center here.
Where does Looker host customer data?
Looker-hosted instances are hosted in the Amazon Web Services (AWS) or Google Cloud Platform (GCP). By default, Looker hosts in the AWS U.S. (Virginia) region, but at the customer’s request, we can host in various other regions. Customers who need hosting inside the EU, we offer AWS’s Ireland or Germany. Japan, Australia and Brazil are also options. GCP offers hosting in several locations around the world. Customers can also host their own Looker instance on their servers.
Has Looker evaluated its security policies, management, and controls to meet GDPR?
Our data security program is designed to ensure that the policies, controls and processes are appropriate to the type of personal data and data processing collected. You can find our security policy here:
What security certifications does Looker have?
We have received certification for SOC 2 Type 2 Report for the Looker Cloud Hosted Data Platform.
How long does Looker retain customer data? Will Looker delete customer data when requested?
As a customer of Looker, you remain in control of your data and data about your users. When you remove users from your Looker instance, their data will be removed from Looker’s databases within 30 days. If you wish to delete a Looker user’s account data, our Data Engineering team has a process to permanently anonymize the data. If you would like Looker to delete your customer data or Looker user account detail, please send an email to email@example.com.
Has Looker appointed a Data Protection Officer (DPO)?
We have appointed Lillian Pang of Taceo Limited as our DPO, firstname.lastname@example.org.
EU Region Headquarters
Looker Data Sciences Ireland Limited
John O'Keeffe, VP, EMEA
5 Harcourt Rd, Saint Kevin's
Dublin, D02 FW64, Ireland
Corporate Headquarters (U.S.)
Looker Data Sciences, Inc.
101 Church Street, 4th Floor, Santa Cruz, CA 95060