Revision Date: 9/22/2023
Effective Date: 1/1/2020
Lookout, Inc. (“Lookout” or “us” or “we”) provides this Privacy Notice (the “Notice”) to inform you of our practices regarding the collection, use and disclosure of information we receive from users of the lookout.com website, any other Lookout sites that link to this Notice, other Lookout events such as trade shows or sponsored events (collectively, the "Site").
Except where explicitly provided otherwise herein, this Notice applies to information provided or collected through the Site, and other information collected by Lookout offline. Any information collected from you from the use of one of our applications will be subject to a separate privacy notice. Note that Lookout’s applicable terms of service for our services may contain additional notices and terms that apply to our collection and use of data and metadata in connection with your use of those services.
This Notice may be updated from time to time. We will notify you of any material changes by posting the new Notice on the Site. You are advised to consult this policy regularly for any changes.
1. Information We Collect
Lookout may collect the following categories of information, some of which you may voluntarily provide, from your use of the Site:
- Identification Data, including your name, title, job title, and company name.
- Contact Data, including your phone number, address, and email address.
- Cookie and Device Data, including information about your visit of our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting, and other similar tracking technology as further explained below.
- Event Registration Data, including Identification Data, Contact Data, and other information you provide to us when you access various Lookout content, such as whitepapers, videos, or other research materials.
- Job Applicant Data, including Identification Data and Contact Data, resume and other data provided by you or third parties (e.g. recruiters) on our website in connection with job openings.
- Third Party Information. We may also collect these same categories of information through the use of our third-party marketing and content syndication vendors.
2. How We Use Your Information
We take your privacy very seriously and will only use and disclose this information for the business and commercial purposes described in this Notice. How we use your information will vary depending on the type of data as described below:
- Addressing customer inquiries – we use Identification Data, and Contact Data to address customer inquiries so that you may receive a response from us when you contact us.
- Sending relevant marketing messages and inviting you to events/seminars – we use Identification Data, Contact Data, Cookie and Device Data, and Event Registration Data to communicate with you by way of email alerts and mail to provide you with information about product announcements, and special promotions from Lookout or our business partners, to invite you to events that may be of interest to you, or to administer participation in surveys, contests and sweepstakes. You can choose not to receive such marketing communications by clicking on the unsubscribe link in our emails, as further described below.
- Improving our Site – we use Cookie and Device Data to improve the functionality and user-friendliness of our Site. If you fill out a survey or email Lookout for support, we may retain that information in order to provide you with support and to improve our Site.
- Keeping our Site and IT systems and processes safe – we use Identification Data, Contact Data, and Cookie and Device data to ensure the security and confidentiality of your data, and to prevent illegal activities, including fraud, which could harm you and us.
- Recruitment – Job Applicant Data is collected and processed for purposes of screening, identifying, and evaluating candidates for positions; and record-keeping related to hiring processes. This processing is necessary in order to take steps at the request of the job applicant in the context of recruitment prior to entering into a contract and may be used as necessary to comply with legal, regulatory, and corporate governance requirements.
You may opt out of receiving promotional communications from Lookout by using the unsubscribe link within each email. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed.
3. How We Disclose Your Information
Lookout may disclose your information with other members of our corporate family, or with third parties to provide or improve our services. For example:
- Third Party Service Providers and Partners. We may share your information with third party service providers of products and services integrated with our Site that need to know your information for Site improvement purposes. We may share your information with our affiliates, resellers or other third-party service providers that are working with Lookout to perform business-related functions. We may also disclose your information to our third-party partners so they may contact you on our behalf with relevant marketing messages, which you can choose not to receive by clicking on the unsubscribe link in our emails.
- Internet-Based Ads. We may provide your data including the data about your interests in our products to third-parties for the purposes of serving you more relevant ads about our products. Where you are provided with interest-based ads on a site other than our own, we do not track your other activities on that site. For more information, please see Section 5 below.
- Cookies. To collect and analyze information regarding your usage of our Site as described in Section 5 below.
- To Comply with Law. We may disclose your information consistent with the law to, for example: (i) comply with a law, regulation, or legal process (including to meet national security or law enforcement requirements); (ii) protect the safety or security of any person, entity or facility; (iii) address potential violations of our Notice; (iv) investigate fraud, security, or technical issues; or (v) protect Lookout’s or a third party's rights or property, our employees, users and the public. We strongly believe that you have a right to know if we are required by law to disclose your information. As such, before we disclose your information in response to a law enforcement request (for example, a subpoena or court order), we will notify you at the email listed in your account, unless (a) we are prohibited from doing so or (b) in emergency cases where notice could create a risk of injury or death, or the case involves potential harm to minors. Furthermore, nothing in this Notice is meant to limit any legal defenses or objections that you may have to a third party, including the government’s, request to disclose your information.
- During a Change to Lookout’s Business. We may also disclose your information to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Notice.
- Pseudonymized and Aggregated Data. For data analysis we pseudonymize, aggregate and summarize data that may include some of your data.
- With Consent. We may also disclose your information to third-parties when we have your consent to do so.
4. Your Choices
- Email Opt-Outs: You may opt out of receiving promotional communications from Lookout by using the unsubscribe link within each email. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you may continue to receive transactional and product-related messages from us if you use the Lookout’s products/services, in which case you can opt-out of these notification messages in your account settings.
- Personalized Advertisements: You may be able to opt out of receiving certain personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. Please visit the Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance Opt-Out Page to opt out directly from providers who participate in those programs. Lookout does not control or operate these tools or the choices that advertisers and others provide through these tools.
- Cross-Device Advertising: You may opt-out from receiving cross-device site advertising (i.e. tracking a user across devices), by accessing your device setting or visiting and employing the controls described on the NAI’s Mobile Choices page.
- Cookies from Third-Parties: We believe it is important for you to know what third-party cookies we use on our Site. Listed below are some of the cookies we currently use, and as we develop and maintain our Site, we will maintain a complete list of all the cookies we use at the following link: https://www.lookout.com/legal/cookie-policy.
Google AdWords — These cookies allow our vendors to serve ads based on your past visits to our sites and for remarketing purposes. Google may use this cookie and other tracking technology to show you our ads across the internet. Google permits you to opt out of Google's use of these cookies by visiting Google's Ads Settings.
NextRoll, Inc. — These cookies help us recognize your device and understand how you use our Site so that we can improve our services to reflect your interests and serve you advertisements about the products and/or services that are likely to be of more interest to you. Specifically, NextRoll, Inc. collects information about your activity on our site to enable us to (a) measure and analyze traffic and browsing activity on our Site; and (b) show advertisements for our products and/or services to you on third-party sites. We may share data, such as hashed email derived from emails or other online identifiers collected on our Site with NextRoll, Inc. This allows our partners to recognize and deliver you ads across devices and browsers. We encourage you to read the NextRoll, Inc. Privacy Notice, and if you are a California resident, then you should read the California Residents section of the NextRoll, Inc. Privacy Notice.
- How to Control Cookies: Most Internet browsers automatically accept cookies, but some browsers may permit you to change your settings or use third-party tools to disable cookies or to prompt you before accepting cookies from the websites you visit. These browsers or other third-party tools may also permit you to delete cookies you already have. Please be aware that some parts of our services may not work for you if you delete or disable cookies.
6. Data Retention
Lookout will retain your information, including your Personal Data (as that term is defined by the GDPR), only as long as reasonably necessary to use the Site or as otherwise required for legal compliance purposes.
- Lookout’s Responsibilities: Lookout is a security company, and securing your data is important to us. Lookout uses commercially reasonable physical, managerial, and technical safeguards to ensure appropriate technical and organizational measures appropriate to the risk of processing your information. For example, we use a combination of firewalls, authentication, physical security, and other safeguards to protect your account and your data. When you enter sensitive information on the Site we encrypt that information while in transit and at rest using secure socket layer technology (SSL). We also perform third-party penetration tests to harden our systems from attack. Lookout takes every reasonable effort to implement controls to protect against complex technological threats and other criminal threats, as well as to guard against negligent employees.
Because no method of transmission over the Internet or method of electronic storage is 100% secure, we cannot ensure or warrant the security of any information, data or content that Lookout receives on your behalf to operate the Lookout Site, or that you transmit to Lookout. All such receipt or transmission of your information is provided under your own free will and at your own risk. We cannot guarantee that such information will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards
If Lookout learns of a security breach, we will attempt to notify you electronically so that you can take appropriate protective steps. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
- We Are Not Responsible for Content on Third-Party Websites: Our Site contains links to other websites. When you click on one of these links, you leave Lookout’s website and go elsewhere. Lookout does not accept liability for misuse of any information by any website controller to which we may link. We encourage you to read the privacy statements of these linked sites, which may differ from ours. In addition, if you take advantage of an offer from one of our partners, you may be providing information directly to that partner. We encourage you to review the privacy statements of these partners, as we are not responsible for the privacy practices of any partners or linked sites.
8. Users Under 16
Lookout does not knowingly collect or store any Personal Data about children under the age of 16.
9. International Data Transfers
Lookout is a San Francisco-based company with servers housed in the United States. Personal Data collected from users outside the United States is transferred to the United States. If you are using the Lookout Site from outside the United States your information may be transferred to, stored, and processed in the United States where our servers are located and our databases are operated.
10. Additional Terms for California Residents
- Personal Information: In accordance with the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act, below is a list of the categories of Personal Information (as that term is defined by the CCPA) that we collect (whether through the Site or elsewhere), the categories of sources we collect them from, the business and commercial purposes for which the information was collected, and the categories of third parties with which we share the Personal Information. The information listed in the chart below is accurate of the preceding 12 months.
- Consumer Rights: In accordance with the CCPA, and subject to exceptions, California Consumers (as that term is defined in the CCPA) have the following rights:
- Access. You have the right to request that Lookout disclose and deliver the categories of Personal Information (as that term is defined in the CCPA) Lookout has collected about you, or the specific pieces of Personal Information Lookout has collected about you;
- Deletion. You have the right to request the deletion of your Personal Information in certain situations, subject to certain exceptions outlined in the law;
- Correction. You have the right to correct or amend the Personal Information we have on file about you.
- Opt-Out. As stated above, you have the right to opt-out of the sale of your Personal Information as described in Section 10(b).
- Limit Use of Sensitive Personal Information. You have the right to limit the use of your “Sensitive Personal Information” (as that term is defined under the CCPA) for purposes that go beyond those permitted in Section 7027(m) of the CCPA regulations. We do not process any Sensitive Personal Information (as that term is defined under the CCPA).
- Non-Discrimination. You have the right to not be discriminated against, including but not limited to the right not to be charged a different price for the services or denying you access to the services, on the basis of your decision to exercise any of your rights in this Section. We will not discriminate against you for exercising any of your rights under the CCPA.
You may exercise your rights to access your information or to delete your information through two methods: (1) complete the webform accessible through https://personal.support.lookout.com, or (2) send a request to Privacy@Lokobokout.com. To verify your identity, we will send a verification email to the email address we have on file for you or ask for additional information associated with your account. If we cannot verify your identity, then we shall not disclose any specific pieces of Personal Information in response to an access request, and we shall deny your request to delete Personal Information in response to a deletion request. For requests to delete your information, Lookout shall use a two-step process where you must first, clearly submit the request to delete and then second, separately confirm that you want your Personal Information deleted. As a California Consumer, you may have an authorized agent make an access or deletion request on your behalf, provided that the authorized agent has your written permission, and you are able to verify your own identity directly with Lookout.
- Opt-Out Preference Signals: If you have implemented an opt-out preference signal (sometimes known as a global privacy control) through your browser or device, we will treat that opt-out preference signal as a valid request of your Right to Opt Out. Once we recognize the opt-out preference signal on our Site, we will automatically apply your right to opt-out of sale and sharing to the browser or device through which we recognize the signal. Our Site responds to opt-out preference signals in a frictionless manner (i.e., you do not need to take any additional steps for your opt-out preference signal to be recognized).
11. Additional Terms for European Economic Area (“EEA”) Residents
- Legal Basis for Processing: If you are a visitor from the EEA, Lookout is the data controller of your personal data. The legal basis for collecting and using your Personal Data as set out in this Notice will depend on the Personal Data (as that term is defined in the General Data Protection Regulation (“GDPR”)) concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where: (a) use of your Personal Data is necessary to perform our obligations under any contract with you; or (b) use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of the Lookout Site, operate and market the Lookout Services, ensure safe environments for our personnel and others, make and receive payments, prevent fraud and to know the customer to whom we are providing the Lookout Site); or (c) we have your consent to do so (such as for some of our marketing activities). Some processing is done to comply with applicable law.
- Data Privacy Framework: Lookout has self-certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from E.U. States, the United Kingdom and Switzerland. The Data Privacy Framework enables companies to comply with data protection requirements when transferring personal data from the European Union, the United Kingdom and Switzerland to the United States. To learn more about the Data Privacy Framework and view a list of entities who have current certifications under the Data Privacy Framework, please visit https://www.dataprivacyframework.gov/s/.
As required under the Data Privacy Framework Principles, when Lookout receives information under the Data Privacy Framework and then transfers it to a third-party service provider acting as an agent on Lookout’s behalf, Lookout has certain liability under the Data Privacy Framework if both (i) the agent processes the information in a manner inconsistent with the Data Privacy Framework and (ii) Lookout is responsible for the event giving rise to the damage.
With respect to personal information received or transferred pursuant to the Data Privacy Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To learn more about the Data Privacy Framework, please see Section 13 below.
12. Data Subject Rights
If you are a resident of the United Kingdom, EEA, or another jurisdiction with an applicable data protection law (such as Virginia, Colorado, Connecticut, and Utah), you may have certain rights in relation to your Personal Data. These rights may be subject to certain exemptions. These rights may include:
- Access. You may have the right to request a copy of the Personal Data that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
- Rectification. You may have the right to require the correction of any mistake in the Personal Data, whether incomplete or inaccurate, that we hold about you;
- Deletion. You may have the right to require the erasure of Personal Data concerning you in certain situations, such as where we no longer need it or if you withdraw your consent (where applicable). In addition to the rights granted under the section above entitled, “You Can Access and Update Your Privacy Settings,” you may contact us at email@example.com with your request;
- Portability. You have the right to receive the Personal Data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
- Objection. You may have the right to (i) object at any time to the processing of your Personal Data for direct marketing purposes and (ii) object to our processing of your Personal Data where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party.
- Opt-Out. You may have the right to opt-out of the sale or sharing of your Personal Data, as well as the right to opt-out of the use of your personal information for targeted advertising purposes.
- Restriction. You have the right to request that we restrict our processing of your Personal Data in certain circumstances, such as when you contest the accuracy of that personal information;
- Automated decision-making and profiling. You may have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
- Withdrawal of consent. If we rely on your consent for processing your Personal Data, you have the right to withdraw that consent at any time.
- Lodge a complaint to a data supervisory authority. Depending on your jurisdiction, you may have the right to lodge a complaint with your local data supervisory authority if you believe we are in violation of applicable data protection law.
If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org. We will respond to your request in the time period required under applicable law. Please note that we may need to verify your identity prior to complying with your request. We will verify your identity by sending you an email to the email address associated with your account or by asking you to provide additional information associated with your account. You may also designate an authorized agent to submit a request on your behalf (though we may still need to verify your identity).
13. Data Subject Rights and Choices Under the Data Privacy Framework
Lookout has certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. Data Privacy Framework and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. Data Privacy Framework. We have also certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework (collectively, the "Data Privacy Framework Principles").
To learn more about the Data Privacy Framework , and view our Data Privacy Framework certification, please visit https://www.dataprivacyframework.gov/s/.
As a Data Privacy Framework certified organization, Lookout adheres to the Data Privacy Framework Principles with respect to Personal Data transferred from the EEA, the UK, and Switzerland to the United States. As required under the Data Privacy Framework Principles, when Lookout receives information under the Data Privacy Framework and then transfers it to a third-party service provider acting as an agent on Lookout’s behalf, Lookout has certain liability under the Data Privacy Framework if both (i) the agent processes the information in a manner inconsistent with the Data Privacy Framework; and (ii) Lookout is responsible for the event giving rise to the damage.
If you are a resident of the EEA, United Kingdom, or Switzerland, then in accordance with the Data Privacy Framework, you have the right to request access to the Personal Data that we hold about you and request that we correct, amend, or delete your Personal Data if it is inaccurate or processed in violation of the DPF Principles. We will also give you an opportunity to opt out where Personal Data we control about you is to be disclosed to an independent third party or used for a purpose that is materially different from those set out in this Notice. If you otherwise wish to limit the use or disclosure of your Personal Data, please contact us via the details provided below.
Additionally, if you are dissatisfied with the manner in which we have addressed your concerns about our privacy practices under the Data Privacy Framework, you may seek further assistance, at no cost to you, from our designated Data Privacy Framework independent recourse mechanism, which you can learn more about by visiting https://www.jamsadr.com/eu-us-data-privacy-framework. You also have a right to lodge a complaint with the relevant supervisory authority. However, we encourage you to contact us first, and then we will do our very best to resolve your concern.
To find out more about the Data Privacy Framework’s binding arbitration scheme please see https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2. Lookout is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Please also note that under certain circumstances, we may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
14. Contact Us if You Have Any Questions or Concerns
Please contact our Data Protection Officer at email@example.com, or by postal mail at Lookout, Inc., Attn: Michael Musi, Data Protection Officer, 3 Center Plaza, Suite 330, Boston, MA 02108, with any questions or comments about this Notice. Residents of the EEA may also contact by sending inquiries to the attention of Mr. Wim Van Campen, VP, Sales EMEA, Florapark 3, 2012 HK Haarlem, Netherlands.