Your privacy matters.
Effective Date August 05, 2022
An overview of the sources of personal data
Lights Media Collective obtains information about people in these main ways:
- When you visit one of our websites or contact us directly;
- When you purchase or use a product, feature, or service; and
- When you’re a service provider to Lights Media Collective.
“You” or “your” refers to the individual who uses our websites, products, features, and services, or accesses available information, or engages with us directly via email or other media outlets.
Whose information does Lights Media Collective collect?
Lights Media Collective collects information from these types of individuals:
Our "visitors" are individuals who visit one of our websites or contact us directly about our products, features, and services or about obtaining other information. Our "students" are individuals who have enrolled in Lights Film School’s indie Filmmaking Program (which is no longer available for purchase, although some features are still available to existing students). Our "customers" include our students, but also include people who have purchased other products and/or services from Lights Media Collective without enrolling in Lights Film School. Visitors, students, and customers are welcome to opt into our marketing emails and become "subscribers". And finally, visitors, students, customers, and subscribers are all considered a "consumer", in for example the CCPA’s terminology.
What information does Lights Media Collective collect?
Depending on how you use our websites, products, features, and services – and depending on your direct interactions with us – we collect two types of information: personal information and non-personal information.
Let's break down what this means:
Personal information is information that identifies you or may be used in conjunction with other pieces of information to identify you. For reference, the definition as it appears in the CCPA is as follows: “Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
So for example, your name, email address, or billing and credit card information collected via an industry-standard payment gateway. (Speaking of which, know that Lights Media Collective does not touch, store, or transmit your payment method details. And we never solicit sensitive personal information – for example, billing and credit card information, or a student’s password – through insecure channels like email or text messages).
Personal information that does not identify you, but potentially could be combined with other information in a way that enables you to be identified, can include things like an Internet Protocol (IP) address and general current location.
Please note that Lights Film School students who have activated their Premium Membership are invited, but by no means required, to share details about themselves with the Lights Film School community. For example, their name, nationality, bio, project assignments, as well as posts that abide by our community guidelines and a representative photograph, like you see on traditional social media websites. For some of our students, the resulting community is an attractive aspect of the Lights Film School educational experience.
The CCPA requires businesses to provide a list of the categories of personal information collected from consumers over the past twelve (12) months. Again, as a super small business, our understanding is that Lights Media Collective does not fall within the scope of the CCPA. But we share its vision for a transparent internet that champions people’s privacy and protection, and are happy to provide such a list.
- Identifiers. For example, real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers. Sources: Provided directly or automatically by the consumer through the use of our websites, products, features, and services. Purpose(s): Detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity. Debugging to identify and repair errors that impair existing intended functionality. Performing services on behalf of the business or service provider. Undertaking internal research for technological development and demonstration. Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service. Shared With: Service providers, applicable customers, law enforcement. Disclosed For: A business or commercial purpose.
- Information in customer records. For example, name, address, credit card number, and debit card number. Subdivision (e) of California Civil Code 1798.80 lists other examples, and excludes publicly available information. Sources: Provided directly by the consumer. Purposes: Prosecuting those responsible for malicious, deceptive, fraudulent, or illegal activity. Performing services on behalf of the business or service provider. Shared With: Service providers, law enforcement. Disclosed For: A business or commercial purpose.
- Characteristics of protected classifications under California or federal law. For example, gender and age. Sources: This information can be provided directly by the consumer; for example, when a student chooses to participate in the Lights Film School community and share their gender and age. Purposes: Performing services. Shared With: Service providers. Disclosed For: A business or commercial purpose.
- Commercial information. For example, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Sources: Provided directly or automatically by the consumer through the use of our websites, products, features, and services. Purposes: Debugging to identify and repair errors that impair existing intended functionality. Performing services on behalf of the business or service provider. Shared With: Service providers. Disclosed For: A business or commercial purpose.
- Geolocation data. For example, an IP address. Sources: Provided directly or automatically by the consumer through interaction with our websites, products, features, and services. Purposes: Detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity. Debugging to identify and repair errors that impair existing intended functionality. Performing services on behalf of the business or service provider. Undertaking internal research for technological development and demonstration. Undertaking activities to verify or maintain the quality or safety of a service, and to improve, upgrade, or enhance the service. Shared With: Service providers, applicable customers, law enforcement. Disclosed For: A business or commercial purpose.
- Audio, electronic, visual, or similar information. For example, when a student chooses to share something with the Lights Film School community, or submit an assignment for review by a Lights Film School instructor. Sources: This information can be provided directly by the consumer. Purposes: Performing services. Shared With: Service providers. Disclosed For: A business or commercial purpose.
- Inferences. Drawn from any of the information in these categories, to create a “consumer profile” reflecting the consumer’s preferences. Sources: Provided directly or automatically by the consumer through the use of our websites, products, features, and services. Purposes: Performing services on behalf of the business or service provider. Shared With: Service providers. Disclosed For: A business or commercial purpose.
Again, we’ll unpack all of this in more detail in just a bit, when we dive into Lights Media Collective’s specific use cases below.
Non-personal information is information that cannot be used or combined with other information to identify or contact you. For example, browser types, device types, and some statistical website data. This can help to refine our websites, products, features, and services from a technical standpoint.
When does Lights Media Collective use information from third parties?
Lights Media Collective collects only the information necessary to run our websites and provide our products, features, and services successfully. Some of this information comes from or otherwise involves a careful selection of third parties, all of which are GDPR compliant.
For example, when you contact Lights Film School via a Typeform-hosted contact form for any reason, your message is delivered via that software to our email account to our help desk software. As a second example, in addition to their Lights Film School membership accounts, students are invited to activate their Premium Membership and create community accounts on a messaging platform. The platform serves as the backbone of Lights Film School’s optional community features. Of course, students can control how much of their information the platform makes public by adjusting the settings to their liking. Hopefully these examples help illustrate when Lights Media Collective uses information from third parties. But we’d like to get even more specific, so that you can understand even more how we work. As we do, please know:
We do not sell your personal information.
Instead, we sell bespoke storytelling and screenwriting services available through our lightsmediacollective.com website (and in the past, we sold enrollment in Lights Film School's indie Filmmaking Program - a legacy product that's no longer available for purchase, as already mentioned). Ultimately, this means that, for example, we don’t sell advertising space to third parties in any way, shape, or form. No obnoxious ads; no sponsored posts. Period.
What third parties does Lights Media Collective involve, why, and how?
We use AirTable to store and maintain internal documents; for example, a database with relevant student details. Such a centralized reference helps us keep organized and deliver individualized customer service more quickly and effectively.
Airtable uses industry-leading Amazon Web Services (AWS) hosting infrastructure. Servers are located in data centers that are SOC 1, SOC 2, and ISO 27001 certified. Data is encrypted both when it is sent to and from their servers and at rest. Airtable uses 256-bit SSL/TLS encryption.
We use Donut to facilitate virtual one-on-one networking opportunities for students who have activated their Premium Membership and are set up in Slack. More specifically, Donut is a Slack bot that regularly pairs students who opt into a dedicated “Networking” channel in the Lights Film School community. It has access to the standard minimum amount of information on Slack, via Slack’s “bot” OAuth scope.
We use Dropbox to host downloadable files for our students – for example, videos and sound effects files necessary for the completion of the indie Filmmaking Program’s Editing and Sound Design modules. Dropbox tracks each file’s viewing history. The data associated with each view is anonymous, so students appear in the viewing history as “Guests”.
Files are protected in transit between Dropbox’s apps and servers, and at rest. Each file is split into discrete blocks, which are encrypted using a strong cipher.
We use Google Workspace to manage direct emails associated with our lightsfilmschool.com domain as well as emails initiated through various contact forms. In the case of the latter, messages are logged and delivered through Typeform, then passed along to Help Scout via a forwarding rule in Google Workspace. Google Workspace also enables us to store internal documents, archive student-submitted project assignments as a courtesy, and create and share instructor reviews.
Google Workspace has earned ISO 27001 certification; complies with ISO 27017, ISO 27018, and the Federal Risk and Authorization Management Program; and has both SOC 2 and SOC 3 reports.
We use Help Scout as our help desk software. It enables us to create, host, and manage our "Support Center" - a self-service knowledge base (located at faqs.lightsfilmschool.com); as well as manage contacts and correspondence. Everything is centralized, making it easier for us to deliver individualized customer service more quickly and effectively. Various reports help us gauge the effectiveness of our efforts. Help Scout also enables us to receive messages, live chat with website visitors, and make onsite announcements all through the Help Scout beacon, where and when active.
All of Help Scout’s application and data infrastructure is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. TLS encryption is supported on all inbound and outbound correspondence. Help Scout is PCI Level I compliant.
We use HEY for Domains to manage direct emails associated with our lightsmediacollective.com domain as well as emails initiated through various contact forms. In the case of the latter, messages are logged and delivered through Typeform.
HEY for Domains requires two-factor authentication. It uses the industry standard TOTP protocol and also supports WebAuthn. Data is encrypted at-rest, at-work, and in-transit, using the industry standard TLS encryption when sending emails to recipients. HEY for Domains performs external security audits on a regular basis.
We use Leadpages to create and host beautiful websites and landing pages located at lightsmediacollective.com and lightsfilmschool.com. Built-in analytics help us track page views, form submissions, and conversion rates. Such information helps us evaluate and improve our business and offerings.
All pages on Leadpages’ servers are secured by default, and fully support SSL and HTTPS protocols.
We use Mailchimp as our marketing automation platform and email marketing service. It’s the tool we use to maintain and grow our email list and thus stay in touch with our wider community. A visitor can opt into Lights Media Collective's email marketing directly through Mailchimp as well as via signup forms hosted by Leadpages, when available.
The entire Mailchimp application is encrypted with TLS. Mailchimp performs annual SOC II audits.
We use Slack, a messaging platform for teams, for internal communications, and also to power optional community features included with Lights Film School’s Premium Membership. In the case of the latter, Slack facilitates interactions similar to those on a traditional social media website. For example, students can engage with each other and with Lights Film School’s instructors, sharing their perspectives and project assignments.
Students control whether or not to create Slack accounts and participate in the community. If a student chooses to do so, then they can adjust settings to their liking and control how much of their information to make public. All participating students are expected to abide by our community guidelines, ensuring that Lights Film School remains a safe and nurturing space for everyone.
Slack is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Data in Slack is encrypted in transit and at rest. Slack Technologies, Inc. has earned various compliance certifications and regulations, including the Federal Risk and Authorization Management Program, NIST 800-171, SOC 2, SOC 3, ISO 27001, ISO 27017, and ISO 27018.
We use Stripe to process and manage customer payments. Stripe is an industry-standard payment gateway that includes invoicing functionality. It also integrates with Teachable, the platform powering our students-only membership website, as well as with Leadpages. Consequently, Lights Media Collective does not touch, store, or transmit your payment method details.
Stripe is delivered on Amazon Web Services, which provides extensive security control and privacy features. Stripe forces HTTPS for all services using TLS, and all card numbers are encrypted at rest with AES-256. Stripe, Inc. is certified to PCI Service Provider Level I.
We use Teachable, a leading online course development platform and service, to host and power our students-only membership website located at courses.lightsfilmschool.com.
Teachable can integrate with Stripe for customer payments. It also can integrate with Mailchimp so customers can be added to our email list and keep in touch. On its own, Teachable facilitates account-essential transactional emails for students. It also provides some basic user analytics, enabling the tracking of students’ progress through the indie Filmmaking Program, which can help to provide individualized customer service.
We use Typeform to collect and store data provided directly by a consumer. For example, Typeform powers Lights Media Collective's primary contact form experience. The information provided delivers to Typeform, which triggers an email to Google Workspace, which passes along to Help Scout via a forwarding rule.
In addition to powering contact forms, we also use Typeform for (1) inviting answers to surveys, such as those included in our marketing emails; and for (2) collecting a customer's name and/or business name as well as address in advance of rendering a service, so that an accurate invoice can be created and issued as appropriate. All information provided is kept for reference, to assist with customer service and identify trends over the longterm that can help us improve our business and offerings.
Typeform is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Information is encrypted in-transit, end-to-end, using secure TLS cryptographic protocols. The Advanced Encryption Standard (AES) is used with a 256-bit key to encrypt data at rest.
Where and when is information collected?
Lights Media Collective will collect the personal information that you submit to us. We also may receive information about you from third parties, as described in detail above.
As a quick example, we may obtain your personal information from you if you identify yourself to us by sending a communication with questions or comments. As another example, screenwriting services as well as extra services exclusively for Lights Film School students are available, like extra project assignment reviews – the use of which also requires relevant information, such as anything related to the project.
Please feel free to reference the previous section for more details, in which we discuss as transparently as possible where, when, why, and how we collect information and involve third parties.
Cookies and web beacons
Know that you do not have to accept cookies in order to interact with Lights Media Collective’s websites, products, features, and services, although this may lead to a degraded experience. While many browsers are configured to accept cookies out of the box, it is possible to change your browser settings to notify you when you receive a cookie or even to reject cookies generally. Similarly, some third party advertising networks, like Google, allow you to opt out of or customize your preferences in relation to your internet browsing. We don’t use ad networks to monetize our content, but it’s good to know you have some control while visiting websites that do!
To learn more about how you can control privacy settings and cookie management, click the link below pertaining to your web browser:
In addition to cookies, Lights Media Collective uses “web beacons”, a web technology used to help track website or email usage information, that can be embedded on web pages and in emails. For example, web beacons in our marketing emails enable open tracking, which helps give us a general overview of subscriber engagement, so that we can improve the content we're delivering. Such beacons can be blocked if you or your email client chooses not to display images.
Log files and other usage statistics
We track some usage statistics, such as when a student last logged into Lights Film School’s Teachable-powered membership website (aiding us in troubleshooting and fraud prevention), or how a student is progressing through the indie Filmmaking Program (improving the user experience and aiding in customer service). For more details about log files and usage statistics, take a look at our list of third parties above. We’ve done our best to describe where, when, why, and how information is collected, so that you’re not in the dark about anything.
Does Lights Media Collective collect information from children?
What does Lights Media Collective do with the information it collects from you?
In general, we use the information collected (1) to provide you with the best possible experience interacting with us and when using Lights Media Collective’s websites, products, features, and services; (2) to help understand who engages with us; (3) to enable our advertising in some cases, including using your email to send information to you about Lights Media Collective if you have opted into our marketing emails; (4) to contact customers for customer service, billing, and essential account operation purposes (such as Lights Film School membership account password resets); and (5) for internal operations, including the growth, monitoring, and evaluation of the business.
Again, for more details about what we do with information, please take a look at our discussion of third parties above. We’ve done our very best to paint a clear and complete picture of our specific use cases.
Laws and legal rights
Lights Media Collective cooperates with government and law enforcement officials. We may disclose your information if we believe in good faith that we are required to do so in order to facilitate valid legal processes, protect our property and rights, protect the safety of the public or any person, or to prevent or stop activity we may consider to be illegal or unethical or at risk of becoming so. In short, we’re committed to protecting our community and upholding the rule of law!
Does Lights Media Collective disclose information to other third parties?
Could my information be sent to other countries?
Lights Media Collective is an eenmanszaak formed in The Netherlands. Information collected via our websites, products, features, and services, or through direct interactions with you, may be transferred from time to time to authorized individuals, or to third parties, located throughout the world, and may be viewed anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. To the fullest extent allowed by applicable law, by using any of our websites, products, features, and services, you voluntarily consent to the trans-border transfer of such information. For more information about transfers in relation to third party services we use, please see their Privacy Policies, linked above.
Is the information Lights Media Collective collects secure?
We go to great lengths to ensure that your information is safe and secure. For example, SSL is included on all of our websites. Strong passwords are in place with our third party accounts, as is two-step verification in many cases. These third parties go to great lengths to ensure security themselves, as suggested in our discussion of them above. To top it all off, we conduct routine manual reviews of all of our user management systems to ensure no unauthorized access. Moreover, Lights Media Collective does not touch, store, or transmit your payment method details.
However, neither people nor security systems are foolproof, including encryption systems – this is the internet, after all. While we’re zealous about security and use reasonable efforts to protect your information, we cannot guarantee its absolute security. We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your sensitive information via email and/or conspicuous posting on our website(s), as expediently as possible and without unreasonable delay.
What choices do I have with regards to the use of personal information?
You’re welcome to contact us in order to (1) update, correct, or obtain your personal information; (2) change your Lights Media Collective communication preferences; or (3) delete your personally identifiable information from our systems. Except where otherwise described, personal information in our systems does not expire so as to ensure a stellar customer service experience. For example, we sometimes have lapsed students from years ago contact us to resume their studies. Our records also assist in other business operation, evaluation, growth, and improvement efforts, such as fraud prevention.
Should you contact us to update, correct, obtain, change, or delete your personal information, we will make commercially reasonable efforts to honor your request. Of course, promptly after receiving your request, all personal information stored in databases we actively use, and other readily searchable media will be updated, corrected, exported and delivered to you, changed, or deleted as appropriate, as soon as and to the extent reasonably and technically practicable.
Your rights under the CCPA
When receiving a request, we will work to verify that the individual making the request is the resident to whom the personal information subject to the request pertains. California residents may exercise their rights themselves or may use an authorized agent to make requests to disclose certain information about the processing of their personal information or to delete personal information on their behalf. If you use an authorized agent to submit a request, we may require that you provide us additional information demonstrating that the agent is acting on your behalf. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a request does not require you to create an account with us. However, if you’re a customer, then we do consider requests made through your already-existing password-protected membership account sufficiently verified when the request relates to personal information associated with that specific account. And of course, we will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.
With respect to their personal information, California residents may exercise the rights described below in points 1 through 5:
- Right to know what personal information is being collected, for what purposes and with whom it is shared. California residents have the right to request from a business disclosure of the categories and specific pieces of personal information it has collected from them in the preceding 12 months, the categories of sources from which such personal information is collected, the business or commercial purpose for collecting or selling such personal information, and the categories of third parties with whom the business shares personal information. If you request that a business disclose categories and specific pieces of personal information collected about you, you have the right to receive that information, free of charge, twice a year. The information may be delivered by mail or electronically and, if provided electronically, shall be in a portable and, to the extent technically feasible, readily usable format that allows the California resident to relatively easily transmit this information to another entity.
- Right to know whether your personal information is sold or disclosed for a business purpose and to whom. California residents have the right to request from a business that sells or discloses personal information for a business purpose separate lists of the categories of personal information collected, sold, or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the personal information was sold or disclosed for a business purpose.
- Right to non-discrimination of service or price if you exercise your privacy rights. The CCPA prohibits businesses from discriminating against a California resident for exercising any of their rights under the CCPA, including by denying goods or services; charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties; providing a different level or quality of goods or services; and suggesting that the person exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Right to deletion. California residents have the right to request that a business delete any of their personal information that the business collected from them, subject to the exceptions in CCPA 1798.105.
Who can I contact with privacy questions and requests?
Lights Media Collective has done its very best to explain our commitment and approach to privacy here, but should you have any comments, questions, concerns, or requests at all, we’re here for you. Please go ahead and contact us – the best and fastest way to get in touch – or by post:
Lights Media Collective