Effective Date: August 3, 2021 | Last Revised: May 11, 2026 | Review Cycle: Annual
1. Introduction and Scope
Summit Professional Education, LLC ("Summit") is committed to protecting the personal data and privacy of all individuals associated with our continuing education (CE) programs. This Privacy and Security Policy applies to:
- CE learners (course participants)
- Course instructors and subject-matter experts
- Course planners, instructional designers, and CE program staff
- Website visitors and subscribers
This policy governs how Summit collects, uses, stores, shares, and protects personal data across all program formats, including on-demand video, live webinars, live streams, in-person courses, and on-demand text. By enrolling in a Summit course or using our website, you acknowledge the practices described in this policy.
2. Information We Collect
2a. Learner Data
When you enroll in or complete a course, Summit may collect:
- Full name and professional credentials (e.g., PT, OT, SLP, AT, LPC, LCSW)
- ASHA account number (required to report completions to ASHA for participants wishing to earn ASHA CEUs)
- State license number and issuing state
- Email address, mailing address, and phone number
- Date of birth and/or last 4 digits of Social Security number (where required for CE reporting)
- Course registration, attendance, and completion records
- CEU reporting and certification maintenance records
- Assessment and evaluation responses
- Payment and billing information (processed by our secure payment processor)
2b. Instructor and Planner Data
For individuals involved in course planning, development, or instruction, Summit may collect:
- Name, credentials, and professional biography
- Contact information
- Financial disclosure and conflict-of-interest information
- Contractual agreements and intellectual property documentation
2c. Technical and Usage Data
Summit and its service providers may automatically collect:
- IP address and browser/device information
- Pages visited, time spent, and navigation behavior
- Cookie and tracking data (see Section 6)
3. Why We Collect This Information
Summit collects personal data for the following purposes:
- To administer courses, track completion, and issue certificates of completion.
- To report learner completion data to ASHA CE or other accrediting entities where required when a learner indicates intent to earn ASHA CEUs or credit assigned by other accreditation entities. By indicating this intent, the learner authorizes Summit to transmit their name, ASHA account number or license number, and completion data to ASHA CE or other accrediting entities.
- To send course confirmations, certificates, renewal reminders, and relevant marketing communications. Learners may opt out of marketing emails at any time.
- To process purchases and maintain billing records in compliance with financial regulations.
- To maintain records as required by accrediting bodies (minimum 12-year retention), state licensing boards, and applicable federal and state laws.
- To evaluate course effectiveness and learner satisfaction.
4. Third-Party Data Sharing
Summit does not sell personal information to third parties. We share data only in the following circumstances:
- When a learner indicates intent to earn ASHA CEUs, Summit will report the learner's name, ASHA account number, and course completion data to the ASHA Continuing Education Registry. This sharing is required for CEU credit to be awarded.
- Summit may report completion data to AOTA, NBCOT, BOC, state boards, or other relevant credentialing bodies as required.
- Summit shares data with vetted third-party vendors (e.g., learning management system providers, payment processors, email platforms, analytics services) under data processing agreements that require confidentiality and appropriate data protections.
- Summit may disclose information when required by law, to prevent fraud, or to protect the safety and interests of Summit or its users.
- In the event of a merger, acquisition, or sale, personal data may be transferred to a successor entity.
5. Data Security Measures
Summit employs administrative, technical, and physical safeguards to protect personal data, including:
- Data in transit is protected using HTTPS/TLS encryption. Sensitive data at rest is encrypted using industry-standard protocols.
- Access to personal data is restricted to authorized personnel on a need-to-know basis. Role-based access controls are enforced across our platforms.
- Administrative systems require multi-factor authentication (MFA).
- Regular automated backups are maintained with tested recovery procedures to ensure data availability and integrity.
- Contracts with service providers include data protection obligations, and Summit periodically reviews vendor security practices.
- All staff with access to learner or program data are trained on this policy and applicable privacy and security procedures.
While Summit employs robust security measures, no system is completely immune to risk. In the event of a data breach affecting your personal information, Summit will notify affected individuals and relevant authorities in accordance with applicable federal and state breach notification laws.
6. Cookies and Tracking Technology
Summit's website uses cookies and similar tracking technologies to improve the user experience, analyze site traffic, and support remarketing. Specifically:
- Analytics cookies track aggregate usage patterns using tools such as Google Analytics.
- Remarketing cookies allow Google and potentially other third parties to serve Summit-related ads to users on other websites based on their visit history. Users may opt out of this at Google's Ad Settings (adssettings.google.com) or NetworkAdvertising.org.
- Cookies do not independently collect personally identifiable information, but may be associated with data you have previously provided.
7. Data Retention
Summit retains personal data only as long as necessary to fulfill the purposes described in this policy, including legal and regulatory obligations. Specific retention periods include:
- Course planning records (learning outcomes, needs assessments, instructional materials): minimum 12 years from the end date of the last course offering.
- Participant completion and reporting records: minimum 12 years from the end date of the course offering for which the participant was reported or the certificate was issued.
- Financial records: as required by applicable tax and financial regulations.
Data that is no longer needed for its intended purpose is securely deleted or anonymized.
8. Your Rights and Choices
Depending on your location and applicable law, you may have the right to:
- Access the personal data Summit holds about you
- Request corrections to inaccurate or incomplete data
- Request deletion of your personal data, subject to legal retention requirements
- Opt out of marketing and promotional email communications
- Withdraw consent for completion data reporting to ASHA CE (note: this will prevent ASHA CEUs from being issued)
To exercise any of these rights, please contact Summit using the information in Section 10. Summit will respond to requests within a reasonable timeframe consistent with applicable law.
9. Regulatory Compliance
Summit's privacy and security practices are designed to comply with applicable federal and state laws and regulations, and accrediting body standards including but not limited to:
- ASHA CE Provider Standard 1.2.4 (privacy and security of CE program records)
- The CAN-SPAM Act (commercial email)
- Applicable state privacy laws
- Payment Card Industry Data Security Standards (PCI DSS) for payment processing
Summit conducts an annual review of this policy to ensure continued compliance with evolving laws and Accreditation Standards. Staff are notified of material updates, and instructors and planners receive the current version of this policy prior to involvement in any course.
10. Policy Distribution and Accessibility
This policy is distributed and made accessible to in the following ways:
- Shared with course instructors and planners prior to their involvement in CE programming
- Made accessible to learners during enrollment and throughout their course experience
- Published on the Summit website here.
- Reviewed and updated at least annually, with material changes communicated to affected parties
11. Contact Information
If you have questions, concerns, or requests related to this Privacy and Security Policy, please contact us:
Summit Professional Education, LLC
By Email: customerservice@summit-education.com
By Phone: 1-800-433-9570
We will acknowledge your inquiry promptly and work to resolve any concerns in a timely manner.
12. Changes to This Policy
Summit reserves the right to update this policy at any time. The date of the most recent revision is displayed at the top of this document. We will notify you of material changes that are less protective of your information via email or prominent notice on our website, prior to such changes taking effect. Continued use of our services after the effective date of any update constitutes acceptance of the revised policy.