Privacy Policy


We’re committed to respecting your privacy and keeping your personal information safe. This privacy policy tells you what to expect when Legacy International Center, Legacy Resort Hotel & Spa (“Legacy”) collects personal information.

Who We Are

Legacy International Center is a one-of-a-kind experience designed to celebrate the nations and cultures of the world. Located in San Diego, California, it includes the Legacy Resort Hotel & Spa.

What Personal Information We Collect About You

Legacy gathers Personal Data for two primary purposes: for fulfilling our responsibility to provide you with requested products, materials or services, and for communicating with our constituency to teach Kingdom principles, inspirational information, share ministry results driven by partner support, and request partner support.

Personal information can include information such as your name, communication preferences, email address, postal address, IP address, telephone number, mobile number, date of birth or bank account or bank card details so we can process payments, or information as to whether you are a taxpayer (where applicable). In some cases, we may also collect information about you from publicly available sources.

This can occur when you:

  • Ask about our activities
  • Register with us for information
  • Sign up for publications or newsletters
  • Submit a testimonial
  • Purchase an item from the online store
  • Purchase services
  • Telephone, write, contact us online or text us
  • Otherwise provide us with your personal information

We do not collect sensitive personal information about our supporters and customers unless there is a clear reason for doing so.

Service Providers

We use service providers such as direct mailing companies, mobile marketing providers, software, and software as a service (SaaS) providers to help us provide you with our services.

We may give relevant persons within these service providers access to your personal information, but only to allow them to perform their authorized services for us. Some service providers may be based in the US, the UK, or inside or outside of the European Economic Area (EEA) however, we will endeavor to ensure that any data transfers outside of the EEA are carried out in compliance with relevant data protection legislation for the location you have specified as your place of legal residence, and that the processing of your data is subject to appropriate security measures.

How We May Use Your Information

We will not rent, swap or sell your personal information.

The legal basis that we rely on for processing your data will depend upon the circumstances in which it is being collected and used, but will in most cases fall into one of the following categories:

  • Where you have provided your consent to allow us to use your data in a certain way
  • Where the processing is necessary to carry out for the performance of a contract with you
  • Where the processing is necessary in order for us to comply with a legal obligation such as reporting and audit requirements; or
  • Where it is in our legitimate interests to perform our functions

Legal Requirements

We may disclose your personal/sensitive personal information when required to by law, for example, transaction data to the HMRC (the tax authority of the U.K. government) for tax purposes, or as a result of a subpoena or court order. Further, we safeguard the sharing of such information with our vendors by using formalized information sharing agreements where appropriate, or on an ad hoc basis after ensuring the request and disclosure are legally compliant, such as filing HRMC reports.

Other ways we may use your information:

Online Payments

To make an online payment by direct debit or payment card, you will be directed to a payment gateway which uses security features and encryption to ensure your data remains safe. The payment gateway encrypts your bankcard information through the use of tokens, so we never keep your bankcard information in our records.

Further information about the collection and use of your data will be provided on the relevant payment gateway for you.

If you enter your details into one of our online forms and you don’t “send” or “submit” the form we may contact you to see if we can help you with any problems you may be experiencing with the form or our website.

Legacy’s Contracted Payment Gateways

The online payment gateways process your payment on behalf of Legacy. They use, retain and disclose your personal and credit card details for this purpose only, including transferring your data outside of the European Economic Area. Where such transfer occurs, we will ensure your data is adequately protected under data protection laws where applicable.

Data Profiling and Analysis

We may also carry out analysis of the personal information we collect about you and add publicly available information to create a profile of your interests and preferences.

This is so we can contact you in the most appropriate way and with the most relevant information.

Publicly available information is compiled from sources such as public registers (e.g. listed Directorships), newspaper articles, and social media posts.

Please let us know if you would prefer us not to process your data in this way by contacting us here.

Marketing Communications

Where you give us your consent, we will also use your personal data in order to send you marketing communications.

You decide how you want us to contact you, whether by mail, email or by phone or text message (SMS/MMS) and you can update your communication preferences at any time by contacting us here. Occasionally, we will also send you a communication to update and refresh your communication preferences.

Visitors to Our Website

When someone visits a Legacy website, we use third party services such as Google Analytics, to collect standard internet log information and details of visitor behavior patterns.

We do this to understand how our website was accessed, and the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow these third-party companies to make any attempt to find out the identities of those visiting our website other than a general IP Address. If we do want to collect personal information through our website such as asking you to fill out a form, we will make this clear and explain what we will do with it.

We also use click through and open mail tracking when sending emails so that we can understand whether the recipient has opened an email, unsubscribed, or clicked on a link to our website. This enables us to assess the effectiveness of our communication with you.


We use cookies to provide you with a better browsing experience. Cookies are small text files that sit on your device so that our website will remember you and your preferences.

To help us create a more effective website that reflects users’ needs, we use cookie files to collect and record information about how our site is used and collect your IP address (a number that identifies a specific computer or other internet device) for system administration and to report aggregated information. For more information about how we use cookies, please review our entire Cookie Policy here.

You can refuse to use cookies by turning them off in your browser. The ‘Help’ function within your browser should tell you how. You may also contact your browser’s software manufacturer for questions on how to disable your cookies. You do not need to have cookies turned on to use most of this site.

However, please be aware that restricting cookies may impact the functionality of some areas of our website. You may find that some areas on the website will be slower, or may not function at all, and you may not be able to participate in certain activities if cookies are disabled.

For more information on cookies, visit

Information Security

We protect your data by using up-to-date security features and procedures and we respect the privacy of all visitors to our website.

Associated Websites

Our website may also include links to other websites, not owned, associated or managed by Legacy. While we try our best to only link to reputable websites we cannot be held responsible for the privacy of information collected by sites not managed by us, nor can we accept responsibility or liability for them. For this reason, you should consult the privacy notice on any external website you link to before you submit any personal information to those websites.

How We Keep Your Data Safe and Who Has Access

We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and our contracted vendors.

We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collect or have access to.

Some of our suppliers run their operations in the US, the UK or inside or outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with applicable US, EU or UK data protection law. By submitting your personal information to us you agree to this transfer, storing and/or processing at a location of our choosing.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

How Long We Hold Your Personal Information For

We regularly review personal information we hold, and delete anything we no longer need. We will only keep your personal data for as long as necessary. Different laws require us to keep different data for different periods of time.

Certain regulations we are subject to, including the United States Internal Revenue Code, require that we keep records of financial transactions for seven years.

Certain regulations we are subject to in the EU and UK, including the HMRC, require that we keep certain records for 6 years and 35 days.

Otherwise, data on former partners and supporters is typically retained for up to three years after last contact. However, we will keep your data during your lifetime if you have included us in your will, estate planning, or trust.

Information that does not need to be accessed regularly, but which still needs to be retained, is archived or placed offline.

Keeping Your Information and Preferences Up To Date

We continually strive to improve the quality and accuracy of the information you have provided, such as your contact details, by checking against external data lists such as the Post Office’s National Change of Address database & The National Deceased Register. This helps us ensure our records are fully up-to-date and to avoid misdirecting communications.

You can help us keep our records up to date by telling us when your contact details and other personal information changes. You can also change your mind at any time about how we contact you or ask us to stop contacting you altogether.

Please contact us and we will make the changes for you:


Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

If you tell us that you no longer want to receive further contact from us and you are in our database, it may take a short while before our communications stop altogether as selection of information for some of our mail appeals is completed a few weeks in advance of the mailing. If you request to receive no further contact from us, we will keep the information we hold on you and add you to our suppression lists to ensure that you do not receive unwanted materials in the future.

Access to Your information, Correction, and Erasure

You have the right to see and access information contained in personal data we hold about you. If you would like to receive or transfer some or all of your personal information (called a Subject Access Request), please contact us:


Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

We may require proof of identity of the person making the request. Please see the appropriate Legacy Personal Data Request form for more information.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove any information you think is inaccurate by contacting us at the address provided below.

You have a right to ask us to delete your personal data; however, this is not an absolute right. We can refuse to erase personal data which we need to keep to comply with a legal obligation (for instance, bankcard provider requirements) and in relation to the exercise or defense of any legal claims. Please note, upon a request for erasure, we may also keep a minimal amount of personal data on an in-house marketing suppression file in order to comply with a request not to receive marketing.

Changes To This Policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on June 30, 2021.

How To Contact Us

If you have any questions, comments or suggestions, please let us know by contacting us:


Write to:
Legacy International Center
Legacy Resort Hotel & Spa
875 Hotel Circle South
San Diego, CA 92108

Last Updated: June 14, 2021