Your privacy is extremely important to us.
Last Updated December 23, 2019 | Effective Date January 01, 2020 | Archived Versions
As a super small business, we’re unclear on whether or not Lights Film School actually falls within the scope of the CCPA. But we share its vision for a transparent internet that champions people’s privacy and protection, which is why we’ve done our best to honor it – and by extension, you.
If you have any comments, questions, concerns, or requests at any time, please feel free to contact us via one of the methods listed at the bottom of this page. We’re here for you and happy to help.
An overview of the sources of personal data
Lights Film School obtains information about people in these main ways:
- When you visit one of our websites or contact us directly;
- When you become a student and/or purchase or use a product, feature, or service; and
- When you’re a service provider to Lights Film School.
We also maintain two help desk websites (faqs.lightsfilmschool.com and help.lfscommunity.com) through Help Scout; various landing pages at lightsfilmschool.lpages.co and extras.lightsfilmschool.com through Leadpages; and two students-only, WordPress-powered membership websites, both of which have been replaced by courses.lightsfilmschool.com.
“You” or “your” refers to the individual who uses our websites, features, and services, or accesses available information, or engages with us directly via email or other media outlets.
As we go along, we’ll do our best to explain what this looks like in action.
The goal, of course, is (1) to serve our existing customers, visitors, and subscribers as best we can, and (2) to keep growing as a business, thereby reaching as many aspiring filmmakers around the world as we can.
Whose information does Lights Film School collect?
Lights Film School collects information from these types of individuals:
Our visitors are individuals who visit one of our websites or contact us directly about becoming a student or customer or obtaining other information. Our students are individuals who have enrolled in Lights Film School’s indie Filmmaking Program. Our customers include our students, but also include people who have purchased other products and/or services from us without enrolling in Lights Film School.
Visitors, students, and customers are welcome to opt into our marketing emails and become subscribers.
And finally, visitors, students, customers, and subscribers are all considered a consumer, in the CCPA’s terminology.
What information does Lights Film School collect?
Depending on how you use our websites, features, and services – and depending on your direct interactions with us – we collect two types of information: personal information and non-personal information.
Personal information is information that identifies you or may be used in conjunction with other pieces of information to identify you.
For reference, the definition as it appears in the CCPA is as follows: “Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
So for example, your name, email address, or billing and credit card information collected via an industry standard payment gateway. (Speaking of which, know that Lights Film School does not touch, store, or transmit your payment method details. And we never solicit sensitive personal information – for example, billing and credit card information, or a student’s password – through insecure channels like email or text messages).
Personal information that does not identify you, but potentially could be combined with other information in a way that enables you to be identified, can include things like an Internet Protocol (IP) address and general current location.
Please note that Lights Film School students with Premium Membership are invited, but by no means required, to share details about themselves with the Lights Film School community. For example, their name, nationality, bio, project assignments, as well as posts that abide by our community guidelines and a representative photograph, like you see on traditional social media websites. For many of our students, the resulting community is an attractive aspect of the Lights Film School educational experience.
But first, here are the CCPA categories of personal information collected, processed, and shared by Lights Film School over the past 12 months:
- Identifiers. For example, real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers. Sources: Provided directly or automatically by the consumer through the use of our websites, features, and services. Purpose(s): Detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity. Debugging to identify and repair errors that impair existing intended functionality. Performing services on behalf of the business or service provider. Undertaking internal research for technological development and demonstration. Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service. Shared With: Service providers, applicable customers, law enforcement. Disclosed For: A business or commercial purpose.
- Information in customer records. For example, name, address, credit card number, and debit card number. Subdivision (e) of California Civil Code 1798.80 lists other examples, and excludes publicly available information. Sources: Provided directly by the consumer. Purposes: Prosecuting those responsible for malicious, deceptive, fraudulent, or illegal activity. Performing services on behalf of the business or service provider. Shared With: Service providers, law enforcement. Disclosed For: A business or commercial purpose.
- Characteristics of protected classifications under California or federal law. For example, gender and age. Sources: This information can be provided directly by the consumer; for example, when a student chooses to participate in the Lights Film School community and share their gender and age. Purposes: Performing services. Shared With: Service providers. Disclosed For: A business or commercial purpose.
- Commercial information. For example, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Sources: Provided directly or automatically by the consumer through the use of our websites, features, and services. Purposes: Debugging to identify and repair errors that impair existing intended functionality. Performing services on behalf of the business or service provider. Shared With: Service providers. Disclosed For: A business or commercial purpose.
- Geolocation data. For example, an IP address. Sources: Provided directly or automatically by the consumer through interaction with our websites, features, and services. Purposes: Detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity. Debugging to identify and repair errors that impair existing intended functionality. Performing services on behalf of the business or service provider. Undertaking internal research for technological development and demonstration. Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service. Shared With: Service providers, applicable customers, law enforcement. Disclosed For: A business or commercial purpose.
- Audio, electronic, visual, or similar information. For example, when a student chooses to share something with the Lights Film School community, or submit an assignment for review by a Lights Film School instructor. Sources: This information can be provided directly by the consumer. Purposes: Performing services. Shared With: Service providers. Disclosed For: A business or commercial purpose.
- Inferences. Drawn from any of the information in these categories, to create a “consumer profile” reflecting the consumer’s preferences. Sources: Provided directly or automatically by the consumer through the use of our websites, features, and services. Purposes: Performing services on behalf of the business or service provider. Shared With: Service providers. Disclosed For: A business or commercial purpose.
Again, we’ll unpack all of this in more detail in just a bit, when we dive into Lights Film School’s specific use cases below.
Non-personal information is information that cannot be used or combined with other information to identify or contact you. For example, browser types, device types, and some statistical website data. This helps us refine our websites, features, and services from a technical standpoint.
When does Lights film School use information from third parties?
Lights Film School collects only the information necessary to run our websites and provide our features and services successfully. Some of this information comes from or otherwise involves a careful selection of third parties, all of which are GDPR compliant.
For example, when you place an order on our courses.lightsfilmschool.com website, we receive information from a third party that provides automated fraud detection services. We can cross-check this information against other information, including the IP address associated with your first login to your membership account. If questions remain as to whether or not an order may be fraudulent, we can consult publicly available information on social media websites. You can control how much of your information social media websites make public by visiting those websites and changing your privacy settings.
As a second example, when you contact us via a contact form on our www.lightsfilmschool.com website for any reason, your message is delivered via that software to our email account to our help desk software.
As a third example, in addition to their Lights Film School membership accounts, students are invited to subscribe to “Premium Membership” and create community accounts on a messaging platform. The platform serves as the backbone of Lights Film School’s optional community features. Of course, students can control how much of their information the platform makes public by adjusting the settings to their liking.
Hopefully these three examples help illustrate when Lights Film School uses information from third parties. But we’d like to get even more specific, so that you can understand more how we work. As we do, please know:
We do not sell your personal information.
Thus, we do not maintain a notification or opt-out page related to selling personal information.
Instead, we sell our signature indie Filmmaking Program to ambitious storytellers with something to say. This online film school experience is Lights Film School’s bread and butter, period. You can check it out here, if you haven’t done so already!
This means that, for example, we don’t sell advertising space to third parties in any way, shape, or form. No obnoxious ads; no sponsored posts.
Occasionally we collaborate with people and companies who’ve created genuinely awesome solutions for indie filmmakers. And occasionally we recommend a product that can be purchased on Amazon or B&H Photo and Video, for which we’re compensated a small percentage of a qualifying sale. But in both cases, we’re about surfacing filmmaking solutions we genuinely believe in, to help students succeed in our flagship film school experience – because we’re an education provider first and foremost. You can read more about this in our Advertising Disclaimer, available on every page of our websites in the footer area for your convenience.
What third parties does Lights Film School involve, why, and how?
Below is a list in alphabetical order of the third parties who process your information, depending on how you use Lights Film School’s websites, features, and services, and depending on your direct interactions with us.
We use AirTable to store and maintain internal documents. For example, a database with relevant student details, including their indie Filmmaking Program progress across both our current and legacy membership websites. Having this centralized reference helps us keep organized and deliver individualized customer service more quickly and effectively.
Airtable uses industry-leading Amazon Web Services (AWS) hosting infrastructure. Servers are located in data centers that are SOC 1, SOC 2, and ISO 27001 certified. Data is encrypted both when it is sent to and from their servers and at rest. Airtable uses 256-bit SSL/TLS encryption.
We use CleanTalk’s SpamFireWall feature to help protect against spam bots and reduce server load on our WordPress-powered websites. CleanTalk filters inbound traffic by checking a visitor’s IP address against a private database blacklist of known IP addresses with spam bots. Log files are retained for 7 days, after which they are deleted.
We use Cloudflare, an industry-leading cloud network platform, to provide visitors to www.lightsfilmschool.com with a faster, more secure, more reliable internet experience. For example, Cloudflare’s CDN helps speed up content delivery, and its configuration helps prevent against DDOS attacks.
Cloudflare adheres to industry standard security compliance certifications and regulations, including ISO 27001, SOC 2 Type II, SOC 3, and PCI DSS Level I. Cloudflare, Inc. has certified under both the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Demio to prepare for, host, and manage live events, like webinars.
Demio enables us to send a handful of event-related emails to people who register. It manages the registration process directly and also integrates with Mailchimp, so that depending on the event, a registrant can opt into email marketing and/or have their existing Mailchimp profile updated with event-related details. Additionally, Demio-hosted landing pages integrate with Google Analytics, so that we can assess campaign performance where relevant.
All browser data is encrypted and stored privately. Demio complies with and is approved by the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Disqus as the commenting system for our WordPress-powered websites and a handful of Leadpages-powered landing pages, enabling interaction around our content. For example, visitors on our blog can comment on our posts.
In respect of users’ privacy and to ensure a safe experience, Disqus offers a strong Do Not Track (DNT) framework, among other privacy features. They also pseudonymize users’ email and IP addresses in the moderation panel.
We use Donut to facilitate virtual one-on-one networking opportunities for our students with Premium Membership. More specifically, Donut is a Slack bot that regularly pairs students who opt into a dedicated “Networking” channel in our community. It has access to the standard minimum amount of information on Slack, via Slack’s “bot” OAuth scope.
Donut Technologies Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Dropbox to host downloadable files for our students – for example, videos and sound effects files necessary for the completion of our indie Filmmaking Program’s Editing and Sound Design modules. Dropbox tracks each file’s viewing history. The data associated with each view is anonymous, so students appear in the viewing history as “Guests”.
Files are protected in transit between Dropbox’s apps and servers, and at rest. Each file is split into discrete blocks, which are encrypted using a strong cipher. Dropbox, Inc. is certified under the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
Facebook | Data Policy
We use Facebook Pixel for prospecting and retargeting on Facebook, with a default attribution window of 28 days (click) and 1 day (view). This allows us to build awareness of our brand, discover and engage people who may be interested in our content and in becoming customers, and engage with existing customers.
Facebook Inc. has certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
Flywheel is the WordPress-managed hosting solution we use for our WordPress-powered websites.
Data is encrypted at rest, in transit, and across Flywheel’s platform. You can learn more our hosting solution’s thorough security measures here. Fancy Chap, Inc. is SOC2 compliant, and a voluntary participant in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Google Suite to manage direct emails as well as emails initiated through our www.lightsfilmschool.com website. In the case of the latter, messages are logged and delivered through Typeform, then passed along to Help Scout via a forwarding rule in Google Suite. Google Suite also enables us to store internal documents, archive student-submitted project assignments as a courtesy, and create and share instructor reviews.
Additionally, Lights Film School uses Google Analytics to collect information about how visitors use our websites, so that we can evaluate and improve our business and offerings. It enables us to establish and continue user sessions, determine unique visitors and pageviews, store the types of referrals used by visitors, collect browser types and device types, track eCommerce goals, and the like. So as to facilitate historical analysis, user and event data never expires. It resets on new activity.
We use an EU compliance add-on for a premium WordPress plugin, MonsterInsights, on our most popular website (www.lightsfilmschool.com) to help with many aspects of GDPR compliance with regards to Google Analytics. For example, it anonymizes IP addresses on all Google Analytics hits, eCommerce hits, and form tracking hits; disables UserID tracking on Google Analytics hits, eCommerce hits, and form tracking hits; enables ga() compatibility mode; and disables the Demographics and Interests Reports for Remarketing and Advertising tracking on Google Analytics hits. Our other Google Analytics properties also use ClientID tracking, and their Remarketing and Advertising Reporting Features are toggled off.
Additionally, we experimented a little bit with Google Ads in 2019, but we ultimately decided that Facebook is a better fit for our limited advertising budget and efforts at this time.
Google Suite has earned ISO 27001 certification; complies with ISO 27017, ISO 27018, and the Federal Risk and Authorization Management Program; and has both SOC 2 and SOC 3 reports. Google complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Help Scout as our help desk software. It enables us to create, host, and manage self-service knowledge bases (located at faqs.lightsfilmschool.com and help.lfscommunity.com); as well as manage contacts and correspondence received through these knowledge bases, a Help Scout beacon onsite around www.lightsfilmschool.com, and email.
Everything is centralized, making it easier for us to deliver individualized customer service more quickly and effectively. Various reports help us gauge the effectiveness of our efforts, and knowledge bases integrate with Google Analytics so that we can assess their usefulness.
Help Scout also enables us to live chat with website visitors and make onsite announcements around www.lightsfilmschool.com through the Help Scout beacon.
All of Help Scout’s application and data infrastructure is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. TLS encryption is supported on all inbound and outbound correspondence. Help Scout is PCI Level I compliant, and certified under the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Leadpages to create and host beautiful landing pages located at lightsfilmschool.lpages.co and extras.lightsfilmschool.com.
In the past, we’ve used Leadpages to integrate with Demio for registration forms, Disqus for commenting, Mailchimp for email marketing, and Stripe for payment processing. These days, it mostly helps us maintain a 404 page and spin up simple redirect pages quickly and easily.
Built-in analytics help us track page views, form submissions, and conversion rates. Also, Leadpages integrates with Google Analytics so that we can assess campaign performance where relevant. Such information helps us evaluate and improve our business and offerings.
All pages on Leadpages’ servers are secured by default, and fully support SSL and HTTPS protocols.
We use Mailchimp as our marketing automation platform and email marketing service. It’s how we grow and manage our email list. Additionally, we sometimes run Facebook Ads through Mailchimp (as opposed to through Facebook directly), since it provides such a simple interface and process.
A website visitor can opt into Lights Film School’s email marketing via double opt-in signup forms hosted by OptinMonster, available around our www.lightsfilmschool.com website. It’s also possible to opt into our email marketing when registering for a public event in Demio, or when enrolling in our indie Filmmaking Program through Teachable. Occasionally, we use Mailchimp to manage a handful of transactional emails with students.
Our email list sometimes helps us form custom audiences for Facebook Ads. Mailchimp can integrate with Google Analytics to help us assess campaign performance, but currently that integration is toggled off.
The entire Mailchimp application is encrypted with TLS. Mailchimp performs annual SOC II audits and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use OptinMonster to power lead generation around our www.lightsfilmschool.com website. It integrates with Mailchimp, so that visitors can opt into our email marketing onsite.
It also enables us to add beautiful, minimalist forms to our WordPress-powered websites, providing announcements, notifications, and offers from time-to-time.
OptinMonster’s campaign cookies help us create a positive user experience by preventing prompts from showing again and again. If a campaign is closed but doesn’t convert, it won’t show again for 30 days. If a campaign converts, it won’t show again for 365 days.
OptinMonster integrates with Google Analytics so that we can assess campaign performance where relevant.
OptinMonster hosts with Pagely, a preferred Amazon partner, and protects information with 256-bit SSL encryption. Their servers are scanned for vulnerabilities regularly by Sucuri, their managed security provider.
We use PayPal to process and manage customer payments when they’re made through PayPal (as opposed to credit or debit card).
PayPal is an industry standard payment gateway that integrates with Teachable, the platform powering our students-only membership website. Consequently, Lights Film School does not touch, store, or transmit your payment method details.
When you login to PayPal, you connect with Transport Layer Security (TLS) and only with an HTTPS connection. PayPal is PCI compliant and holds certification under many programs and standards, including the Visa Cardholder Information Security Program, Mastercard Site Data Protection Program, and the American Institute of Certified Public Accountant’s Statement on Standards for Attestation Engagements No. 18 SOC 1.
We use Slack, a messaging platform for teams, for internal communications, and also to power optional community features included with Lights Film School’s Premium Membership. In the case of the latter, Slack facilitates interactions similar to those on a traditional social media website. For example, students can engage with each other and with Lights Film School’s instructors, sharing their perspectives and project assignments.
Students control whether or not to create Slack accounts and participate in our community. If a student chooses to do so, then they can adjust settings to their liking and control how much of their information to make public. All participating students are expected to abide by our community guidelines, ensuring that Lights Film School remains a safe and nurturing space for everyone.
Slack is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Data in Slack is encrypted in transit and at rest. Slack Technologies, Inc. has earned various compliance certifications and regulations, including the Federal Risk and Authorization Management Program, NIST 800-171, SOC 2, SOC 3, ISO 27001, ISO 27017, and ISO 27018. They are certified with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Stripe to process and manage customer payments when they’re made by credit or debit card (as opposed to PayPal).
Stripe is an industry standard payment gateway that integrates with Teachable, the platform powering our students-only membership website. Consequently, Lights Film School does not touch, store, or transmit your payment method details.
Stripe is delivered on Amazon Web Services, which provides extensive security control and privacy features. Stripe forces HTTPS for all services using TLS, and all card numbers are encrypted at rest with AES-256. Stripe, Inc. is certified to PCI Service Provider Level I and has subscribed to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use SurveyMonkey to store data that was provided directly by the consumer, such as student registration details, feedback to past live events, and answers to questions included in past marketing emails. In early 2019, we switched to Typeform as our survey software. However, our SurveyMonkey records are kept for reference, to assist with customer service and identify trends over the longterm that can help us improve our business and offerings.
Data is hosted in SurveyMonkey’s SOC 2 accredited data centers, and encrypted using industry standard encryption algorithms and strength at rest. SurveyMonkey Inc. has earned ISO 27001 certification and participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use Teachable, a leading online course development platform and service, to host and power our students-only membership website located at courses.lightsfilmschool.com.
Teachable integrates with PayPal and Stripe for customer payments. It integrates with Mailchimp so customers can opt into our email marketing, and for us to manage a handful of transactional emails. It also integrates with Google Analytics, so that real-world data can inform how we continue to develop and refine the Lights Film School educational experience.
On its own, Teachable facilitates account-essential transactional emails for students. It also provides some basic user analytics, enabling us to track students’ progress through the indie Filmmaking Program, so that we can provide individualized customer service. For example, when a student successfully completes their studies, they’re issued a commemorative certificate celebrating their accomplishment.
We use Typeform to collect and store data provided directly by the consumer. Perhaps most notably, Typeform powers the contact form experience on our www.lightsfilmschool.com website. The information provided delivers to Typeform, which triggers an email to Google Suite, which passes along to Help Scout via a forwarding rule.
We also use Typeform for (1) student registration details, so we can correctly configure new Teachable accounts, personalize the onboarding experience, and run a cross-check in our fraud prevention efforts; (2) feedback to live events, such as webinars through Demio; and (3) answers to surveys, such as those included in our marketing emails. Additionally, Typeform is how we collect a student’s mailing address when they request a physical copy of Lights Film School’s completion certificate. All information provided is kept for reference, to assist with customer service and identify trends over the longterm that can help us improve our business and offerings.
Typeform is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Information is encrypted in-transit, end-to-end, using secure TLS cryptographic protocols. The Advanced Encryption Standard (AES) is used with a 256-bit key to encrypt data at rest. Typeform is compliant with security and privacy standards, including the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
Wistia hosts the videos we’ve made for embedding on our websites and sharing with our visitors, customers, and subscribers.
Wistia tracks how you interact with these videos: for example, how much of a video you watch, at what points in a video you pause or rewind, and the like. In some cases, for our email marketing subscribers, Wistia can associate such usage data with their name and email address. This helps us assess campaign performance where relevant. It’s also possible to post a comment on some Wistia-hosted video pages. When you do, you determine what “name” and “message” to provide.
Wistia is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Wistia, Inc. is certified under the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
We use WordPress, a dynamic open-source content management system used by more than 33% of the web, to create and maintain our www.lightsfilmschool.com website. Flywheel serves as our WordPress-managed hosting solution (see “Flywheel” above). We use a careful selection of themes and plugins to configure our WordPress-powered websites and deliver a beautiful, stable, secure user experience.
We use Zapier to connect software where necessary. For example, existing email marketing subscribers could register for a webinar through Demio, so that their Mailchimp profile updated with event-related details. This helped us understand and communicate with registrants more effectively. Currently, Zapier is not connecting any of our software, but we keep our account around for if/when the need arises.
Zapier is hosted within the AWS Cloud and benefits from the comprehensive security controls in-place to secure their servers. Account access credentials held by Zapier are encrypted with AES-256, and TLS 1.2 is used wherever possible. Raw low-level request logs are stored for 7 days, Task History is stored rolling for the previous three months, and is stored for approximately 90 days in S3 as backups. Zapier, Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
Where and when is information collected?
Lights Film School will collect the personal information that you submit to us. We also may receive information about you from third parties, as described in detail above.
As a quick example, when you enroll in Lights Film School, we either create or approve your membership account. If you wish to use this account, then you may be required to provide some registration details. As a second example, we may obtain your personal information from you if you identify yourself to us by sending us a communication with questions or comments. As a third example, extra services are available – like extra project assignment reviews – the use of which also requires relevant information. A popular extra service is our commemorative completion certificate, issued to students who successfully complete the indie Filmmaking Program. If a qualifying student wishes to receive a physical copy via the post, we ask them for a mailing address so that we know where to send it.
Please feel free to reference the previous section for more details, in which we discuss as transparently as possible where, when, why, and how we collect information and involve third parties.
Cookies and web beacons
Like many websites, we use “cookies” on Lights Film School’s websites to collect information that helps us run, monitor, evaluate, grow, and ultimately improve our business and offerings.
A cookie is a small data file that can be placed on your computer or mobile device in order to identify your browser and activities on our websites. Examples include Facebook Pixel and Google Analytics data, as described above.
You do not have to accept cookies in order to interact with Lights Film School’s websites, features, and services, although this may lead to a degraded experience. While most browsers are configured to accept cookies out of the box, it is possible to change your browser settings to notify you when you receive a cookie or even to reject cookies generally. Similarly, some third party advertising networks, like Google, allow you to opt out of or customize your preferences in relation to your internet browsing. We don’t use ad networks to monetize our content, but it’s good to know you have some control while visiting websites that do!
To learn more about how you can control privacy settings and cookie management, click the link below pertaining to your web browser:
In addition to cookies, Lights Film School uses “web beacons”, a web technology used to help track website or email usage information, that can be embedded on web pages and in emails. For example, web beacons in our marketing emails enable open tracking, which helps give us a general overview of subscriber engagement. These can be blocked if you or your email client chooses not to display images.
Log files and other usage statistics
Our WordPress-managed hosting solution automatically records information including access logs, PHP error logs, and slow error logs, all of which is retained for 7 days.
We also track some usage statistics, such as when a student last logged into Lights Film School’s Teachable-powered membership website (aiding us in troubleshooting and fraud prevention), and how a student is progressing through the Program (improving the user experience and aiding us in customer service, so that, for example, we know when to issue a commemorative completion certificate).
For more details about log files and usage statistics, take a look at our list of third parties above. We’ve done our best to describe where, when, why, and how information is collected, so that you’re not in the dark about anything.
Does Lights Film School collect information from children?
We are committed to protecting the privacy of children. Lights Film School’s websites, features, and services are not designed for or directed to children under the age of 18, since some of our teaching materials include films that are unrated and/or have received an “R” rating from the Motion Picture Association of America.
What does Lights Film School do with the information it collects from you?
In general, we use the information collected (1) to provide you with the best possible experience interacting with us and when using Lights Film School’s websites, features, and services; (2) to help us understand who engages with us; (3) to enable our advertising in some cases, including using your email to send information to you about Lights Film School if you have opted into our marketing emails; (4) to contact customers for customer service, billing, and essential account operation purposes (such as membership account password resets); and (5) for internal operations, including the growth, monitoring, and evaluation of our business.
Again, for more details about what we do with information, please take a look at our discussion of third parties above. We’ve done our best to paint a clear and complete picture of our specific use cases.
Laws and legal rights
Lights Film School cooperates with government and law enforcement officials. We may disclose your information if we believe in good faith that we are required to do so in order to facilitate valid legal processes, protect our property and rights, protect the safety of the public or any person, or to prevent or stop activity we may consider to be illegal or unethical or at risk of becoming so. In short, we’re committed to protecting our community and upholding the rule of law!
Does Lights Film School disclose information to other third parties?
Could my information be sent to other countries?
Lights Media Collective LLC is an LLC formed in the United States. Information collected via our websites, features, and services, or through direct interactions with you, may be transferred from time to time to authorized team members, or to third parties, located throughout the world, and may be viewed anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. To the fullest extent allowed by applicable law, by using any of our websites, features, and services, you voluntarily consent to the trans-border transfer of such information. For more information about transfers in relation to third party services we use, please see their Privacy Policies, linked above.
Is the information Lights Film School collects secure?
We go to great lengths to ensure that your information is safe and secure.
For example, Flywheel, our WordPress-managed hosting solution, manages security at both the site and server level, proactively monitoring for malware and ensuring that all data is encrypted at rest, in transit, as well as across their hosting platform. Meanwhile, Cloudflare’s Performance and Security Services work in conjunction to reduce latency of websites, mobile applications, and APIs end-to-end, while protecting against DDoS attack, abusive bots, and data breach.
SSL is included on all of our websites. For our WordPress-powered websites, strong passwords are required by our user management systems, logins are limited to prevent brute force attacks, core files are locked down, intelligent IP blocking preempts potential attacks, and our firewall service adds an extra layer of protection against DDoS, RPC-XML, and SQL injection attacks. Additionally, strong passwords are also in place with our third party accounts, as is two-step verification in many cases.
These third parties go to great lengths to ensure security themselves, as suggested in our discussion of them above.
To top it all off, we regularly monitor and ensure that both WordPress and our WordPress-powered websites’ plugins are up-to-date, thereby preventing vulnerabilities, and we conduct routine manual reviews of all of our user management systems to ensure no unauthorized access.
Moreover, Lights Film School does not touch, store, or transmit your payment method details.
However, neither people nor security systems are foolproof, including encryption systems – this is the internet, after all. While we’re zealous about security and use reasonable efforts to protect your information, we cannot guarantee its absolute security. We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your sensitive information via email and/or conspicuous posting on our website(s), as expediently as possible and without unreasonable delay.
What choices do I have with regards to the use of personal information?
You’re welcome to contact us in order to (1) update, correct, or obtain your personal information; (2) change your Lights Film School communication preferences; or (3) delete your personally identifiable information from our systems. Except where otherwise described, personal information in our systems does not expire so as to ensure a stellar customer service experience. For example, we sometimes have lapsed students from years ago contact us to resume their studies. Our records also assist in other business operation, evaluation, growth, and improvement efforts, such as fraud prevention.
Please note that to protect your privacy and security, we may take reasonable steps to verify your identity before (in the case of a customer) granting you access to your membership account, or otherwise making corrections. You are responsible for maintaining the secrecy of your account information at all times.
Should you contact us to update, correct, obtain, change, or delete your personal information, we will make commercially reasonable efforts to honor your request. Of course, promptly after receiving your request, all personal information stored in databases we actively use, and other readily searchable media will be updated, corrected, exported and delivered to you, changed, or deleted as appropriate, as soon as and to the extent reasonably and technically practicable.
Your rights under the CCPA
The CCPA provides California residents with certain rights related to their personal information.
When receiving a request, we will work to verify that the individual making the request is the resident to whom the personal information subject to the request pertains. California residents may exercise their rights themselves or may use an authorized agent to make requests to disclose certain information about the processing of their personal information or to delete personal information on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a request does not require you to create an account with us. However, if you’re a customer, then we do consider requests made through your already-existing password-protected membership account sufficiently verified when the request relates to personal information associated with that specific account.
Of course, we will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.
With respect to their personal information, California residents may exercise the rights described below in points 1 through 5:
- Right to know what personal information is being collected, for what purposes and with whom it is shared. California residents have the right to request from a business disclosure of the categories and specific pieces of personal information it has collected from them in the preceding 12 months, the categories of sources from which such personal information is collected, the business or commercial purpose for collecting or selling such personal information, and the categories of third parties with whom the business shares personal information. If you request that a business disclose categories and specific pieces of personal information collected about you, you have the right to receive that information, free of charge, twice a year. The information may be delivered by mail or electronically and, if provided electronically, shall be in a portable and, to the extent technically feasible, readily usable format that allows the California resident to relatively easily transmit this information to another entity.
- Right to know whether your personal information is sold or disclosed for a business purpose and to whom. California residents have the right to request from a business that sells or discloses personal information for a business purpose separate lists of the categories of personal information collected, sold, or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the personal information was sold or disclosed for a business purpose.
- Right to non-discrimination of service or price if you exercise your privacy rights. The CCPA prohibits businesses from discriminating against a California resident for exercising any of their rights under the CCPA, including by denying goods or services; charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties; providing a different level or quality of goods or services; and suggesting that the person exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Right to deletion. California residents have the right to request that a business delete any of their personal information that the business collected from them, subject to the exceptions in CCPA 1798.105.
Who can I contact with privacy questions and requests?
The Lights Film School team has done its very best to explain our commitment and approach to privacy here, but should you have any comments, questions, concerns, or requests at all, we’re here for you.
Please go ahead and contact us via email – the best and fastest way to get in touch – or by post:
Lights Media Collective LLC
228 Park Ave S #72782
New York NY 10003-1502