The Summit Lighthouse, a nonprofit spiritual organization active since 1958, is committed to protecting and respecting your privacy. In offering you information through The Summit Lighthouse branded websites (“Website”), events, products, and services, we may collect personal data from guests and members. Some materials and offerings are available whether or not you enter personal data. Some require an email address, and sometimes additional information, to allow us to deliver requested material to you. Others require personal data we use to set up an account that allows you to log in to password-protected content areas. We do not knowingly attempt to solicit or receive information from children. Children under 16 years old, or the minimum age within their applicable jurisdiction, may not use this Website.
We will strive to process your personal data lawfully, fairly, and in a transparent manner. Your personal data will be collected for specified, explicit and legitimate purposes that align with the services you have requested and not further processed in a manner that is incompatible with the requested services. Our processing of your data shall be limited to that which is adequate, relevant and necessary to provide you the requested services. Once we have processed or stored your data we will use reasonable efforts to assure your personal data is accurate and up to date and eliminate inaccuracies we find or you notify us exist. We do not, however, assert, claim, or ensure the personal data you provide or is provided by others to us is accurate.
We will use industry standard practices for no longer than is necessary to provide you with requested services, or personal data may be stored for longer periods insofar as the personal data will be required for financial or legal reasons, or remains part of our normal archiving process when such data shall remain offline and not available to the public, or processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR Article 89(1). We implement industry standard practices to provide security and protect the confidentiality of your personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage. We periodically update our standard practices which can be obtained upon request.
Data Protection Officer
If you have questions or concerns regarding our personal data protection policies and practices, please contact TSL’s internal data protection officer:
The Summit Lighthouse
63 Summit Way
Gardiner, MT 59030-9314 USA
How We Collect and Use Your Personal Information
We collect your contact information you provide us by filling in forms on our website, including first and last name, e-mail and mailing address, and phone number, in order to provide you goods and services, information, and offers. We use your e-mail address supplied to us to fulfill requested e-mail or e-newsletter subscriptions and communicate with you regarding orders you have placed or questions you have asked.
We will only send unsolicited email to you with your consent. If you do not want to receive e-mail from us in the future, you may unsubscribe or revoke your consent (your opt-in choice) by either using the unsubscribe link provided in our emails, editing your profile or contacting us. We will honor your request as quickly as possible and retain a copy of that email address on our “master do not send” list.
If you supply us with your telephone number, we only use it to call you about your subscription(s), orders you place online, and/or questions you have asked, or to obtain information we need to authenticate your request or complete your requested service.
If you supply us with your mailing address, we may use it to contact you regarding orders you have placed or our non-electronic newsletter subscriptions or memberships. If you are on our mailing list due to a subscription or membership, we use your mailing address you provide to send items you have requested or subscribed to and/or periodic announcements for new products, upcoming events, and fundraising efforts.
If you do not want to receive promotional mail from us in the future, please let us know. If you opt out of promotional mail, we may still use your mailing address to contact you on business matters regarding any of your subscriptions and/or orders you’ve placed.
When you correspond with us, we may retain such correspondence and the information contained in it and use it to respond to your inquiry and fulfill your request. If you wish to have TSL “erase” your personal information or otherwise refrain from communicating with you, please contact us.
Personal Information You Provide
During our normal course of business we do not collect, process, or obtain from third-parties personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for the purpose of uniquely identifying a natural person, health data, data concerning a natural person’s sex life or sexual orientation, or data specifying the outcome of any legal proceeding. Should such personal data come into our possession when provided by you, we will obtain your explicit consent to store such data. We will erase this type of data upon your request. Only with your consent or for compelling reasons enumerated in GDPR Chapter 2 Article 2(2) or as compelled by law will we collect, store, or process such data.
Personal Information We Obtain
During our normal course of business we may obtain information about you from third-parties. We will notify you within one month after obtaining such information. If we communicate with you using information obtained from others we will notify you at the time.
Payment Card Information
When you choose to purchase goods or services from TSL using a payment card, you may input the payment card information directly into the PCI/DSS-certified payment processing service TSL uses. Occasionally, members or guests ask TSL employees to, on their behalf, enter payment card information into the PCI/DSS-certified payment processing service TSL uses. We strongly encourage you not to submit this information by email. When TSL employees receive payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.
We will process your personal data when you provide consent in compliance with all State and Federal laws, when the processing is necessary to provide you the service you requested, to protect your vital interests or that of someone else, when necessary to accomplish a task in the public interest, and when necessary for us to perform standard business and technical processes where such processes do not override your rights or that of a minor. If we intend to process or store your personal information for any other reason we will provide you with information on that other purpose and with any relevant further information prior to the further processing. Then we request your consent if such consent is required by the GDPR or any applicable laws.
You will have the right to obtain from us information as to whether your personal data is being processed, and if so,
(i) be informed of the purpose of the processing;
(ii) be informed of the categories of personal data processed;
(iii) be informed of the recipients or categories of recipient to whom the personal data have been or will be disclosed, if any;
(iv) be aware, if possible, of the time period for which the personal data will be stored, or, if not possible, the criteria used to determine that time period;
(v) be afforded the existence of the right to request from us, or a third-party, rectification or erasure of personal data or restriction of processing of your personal information, or object to such processing;
(vi) have the right to submit a complaint to us or the appropriate third-party;
(vii) have the right to request the source of any information not collected directly from you;
(viii) be notified if your personal data is utilized by algorithms to enhance your user experience or supplement personal data; and
(ix) the right to obtain a copy of the personal data undergoing such processing and you agree to pay a reasonable fee if requested for a copy of your personal data being so processed provided obtaining such a copy does not adversely affect the rights and freedoms of others.
You may restrict us from processing your personal data if you inform us that you contest the accuracy of the information, or the processing is unlawful, you do not want the data erased, and you request restriction of the processing, or we no longer require the personal data to provide the services for which the personal data was obtained but are required by you for the establishment, exercise, or defense of legal claims, or we have legitimate grounds that override your grounds for requesting restriction. If processing is restricted at your request, your personal data will only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person for reasons of compelling public interest as deemed by the State of Montana or the U.S.
Under all circumstances we will inform you prior to resuming the processing of your personal data.
We will process and store your personal data while you continue to use the requested services and, upon termination of your use of the requested services, we will erase your personal data from active repositories and erase your personal information from archives and backup storage through the normal course of business and technical processes.
You have the right to receive your personal data you provided to us in a structured, commonly used and machine-readable format of our choice and have the right to provide such information to any party of your choosing without restriction or hindrance from us. If practicable, and at our sole discretion, we may provide your personal data to a third-party upon your authenticated request. Receiving your data has no impact or relationship to decisions you may make regarding erasure of your personal data nor adversely affect the rights of others.
Cookies are used on our site only to track session information (keeping you logged in to any member areas or bookstore shopping cart) or in order to evaluate and improve our website content. We can only identify website visitors by IP address, which may reflect your general geographical area. Our tracking will not collect specific personal information or track your interactions with our Website by associating such collection or tracking with personally identifiable information such as your email address. We will obtain your consent through an opt-in process for any cookies that store personal information on your device, which consent you my revoke at any time. Such cookies may be used for:
We may use authentication cookies and similar technologies to tell us when you’re logged in to the Website. This lets us show you personalized views related to your interests and connect you with projects like those you may already have backed.
These cookies help protect your account from being accessed by anyone other than you, alert you and us when your account is accessed, and provide capabilities that allow us to disable any active sessions you have (for example, when you log out or change your password.
Some cookies help us provide a personalized experience — for example, by making sure you see the Website in your preferred language.
• Site features and services
Performance cookies help us provide prompt service so you are not waiting for the Website or service to respond to your request. For example, a cookie may help in providing us information if the Website fails to respond to your request or if the Website crashes.
• Analytics and research
• Social Media Platforms
Cookies and other technologies make interacting with social media platforms more seamless. For example, when you’re signed into social media accounts while you use our Services, these technologies enable you to share content with your social network or, in some cases, log in using your social media credentials. These features are usually controlled by the social media platform you are using and are governed by its separate privacy policies and the preferences you set with that service.
Certain choices you make are both browser- and device-specific. Use your browser to make these choices, over which we have no control.
Control of Personal Information
You understand and acknowledge that providing personal data may be a statutory or contractual requirement, or a requirement necessary to enter into a contract, or required by us for you to use or gain any value from the Website or the services offered through the Website. You understand and acknowledge that you may be denied access to the Website and supporting services as the result of a failure to provide such data. Once provided, you have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
If we intend to process your data for any reason other than access to the Website and services, we will gain your consent in advance. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we will have the obligation to erase personal data without undue delay when:
(i) your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(ii) you withdraw your consent on which the processing is based providing there is no other legal ground for the processing or retaining of your personal data;
(iii) you object to the processing and there are no overriding legal or legitimate grounds for the processing;
(iv) we have inadvertently or unlawfully captured or processed your personal data;
(v) your personal data must be erased in order to comply with a legal order issued by a court of proper jurisdiction or to comply with a statute to which we are subject;
(vi) your personal data has been collected in relation to the offer of information society services referred to in GDPR Article 8(1).
Where we have made your personal data public and are obligated to erase the personal data, we will, after taking account of available technology and the cost of implementation, take reasonable steps, including technical measures at our disposal, to inform others who are processing or storing your personal data that you have requested the erasure by such others of any links to, or copy or replication of, your personal data. You acknowledge that such public information may never be completely erased despite our efforts. We may not be able to erase your information, specifically when continued processing or storage is necessary for:
(i) exercising the right of freedom of expression and information;
(ii) compliance with a legal obligation which requires processing or storage where such legal obligation stems from a legal order issued by a court of proper jurisdiction or compliance with a statute to which we are subject;
(iii) reasons of public interest in the area of public health as specified in the GDPR;
(iv) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with those specified in the GDPR; or
(v) to assert, exercise, or defend legal claims.
With Outside Contractors
The Summit Lighthouse may contract with outside companies to provide needed services, such as bookstore order fulfillment; mail and e-mail distribution; website hosting; website programming and analysis. These service providers are only given the information they need to perform their services. If we, or they, require personal information, you will be asked to consent to us sharing specific information for a specific purpose, only. These service providers are restricted from using any personal information they receive in any way other than to provide services you requested from us per the GDPR. They are restricted from sharing or reselling this data. Our service providers are required to keep your personal information as confidential and secure as we do, per the GDPR. We will list the third-party contractors and service providers we use on our Website.
We may periodically provide regional contact lists to our local affiliated small groups in your geographic area to facilitate networking regarding upcoming local events and activities in which you may like to participate. These groups may reach out to you periodically by mail, email, or telephone with information regarding events and activities. Our affiliates are required to follow our standards of confidentiality and care in the use of your personal information. If these affiliates are third-parties not under our control, you shall be notified of such sharing and, if required, we will obtain your consent for such sharing.
For Legal Purposes
Personal information received by The Summit Lighthouse may be disclosed if required to cooperate with subpoena or court order obtained by law enforcement agencies to aid in identifying people engaged in illegal activities.
International Privacy Standards
TSL is headquartered in the United States. Information we collect from you is processed in the U.S. Summit University student information is processed by third-party service providers in the European Union. By submitting your personal data, you consent to this processing. Because the U.S. has not sought a recognition of “adequacy” of its data protection from the European Union under Article 45 of the GDPR, TSL in its U.S.-based activity relies on allowances provided in Article 49 of the GDPR: TSL only collects and transfers to the U.S. personal data either with your consent, to fulfill a contract with you, or to fulfill a compelling legitimate interest of the TSL in a manner that does not outweigh your rights and freedoms. TSL does not routinely collect or store sensitive information about you.
Under the GDPR, you have eight enumerated rights including 1) right to be informed (Articles 12, 13, 14); 2) right to access (12, 15); 3) right to correction (“rectification”) (12, 16); 4) right to erasure (right to be forgotten) (12, 17); 5) right to restriction of processing (12, 18); 6) right to data portability (12, 20); 7) right to object to processing (12, 21); 8) right to not be subject to automated decision-making (12, 22).
Security and Retention
We follow technical and administrative safeguards including enterprise security software and policies to protect the privacy of your data and personally identifiable information once we have received it. By nature, transmission over the Internet is not completely secure and is at your own risk. Once your information is in our control, we have security features in place to help prevent unauthorized access. We train our employees in procedures intended to maintain the privacy of your information and share personal data only with employees who need to know that information in order to serve you. TSL retains data for the duration of its business relationship with guests and members or until you ask us to erase or transfer that data.