Privacy Shield Compliance Information


Glooko Compliance with Privacy Shield Principles

Glooko processes data for multiple countries, and our main regulations are the GDPR regulation 2016/679 (“General Data Protection Regulation”) in Europe and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) in the US. The purpose of the regulations is to protect the rights of individuals about whom personal data is obtained, stored, processed and disclosed.



Glooko is committed to fulfilling its legal obligations within the provisions of the regulations.


Glooko complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Glooko has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit


Glooko commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.


As a Privacy Shield participant, Glooko is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, a person may be able to invoke binding arbitration. Glooko may be liable in cases of onward transfers to third parties.