Client Privacy Notice

Last Updated (1 November 2018)

Introduction

Gemological Institute of America, Inc. ("GIA", “we”, or “our”) values the privacy of its clients (“you” and “your”). This Client Privacy Notice (“Notice”) describes GIA’s policies and practices regarding its collection, use and handling of your Personal Data, and sets forth your privacy rights. Personal Data is defined as information relating to an identified or identifiable individual. We recognise that valuing your privacy is an ongoing responsibility, and so we may from time to time update this Notice as we adopt new privacy policies or undertake new Personal Data practices.

For complete disclosure and updates, please refer to the GIA Privacy Notice at https://www.gia.edu/privacy-notice and to the Student Privacy Notice at https://www.gia.edu/privacy-notice#student-privacy-notice.

Privacy Office

GIA’s headquarters is in Carlsbad, California. If you have any questions or concerns about GIA’s Personal Data policies or practices please contact GIA’s privacy office:

Privacy Office
Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, California 92008 USA

privacy@gia.edu

Personal Data Collection, Use and Processing

GIA collects and uses Personal Data about you for a lawful purpose(s) in accordance with applicable data protection laws. This means that, where law requires a legal basis for our collection and use of Personal Data, we collect and use Personal Data only for one of the following legal basis: consent; contract performance; legal obligation; protect vital interests; public interest; and for legitimate interests pursued by GIA or by a third party.

We use this information for the purposes described in further detail below, including to facilitate your experience with GIA and to provide you with laboratory services and related products. We may share your Personal Data with our GIA Affiliated Entities at https://www.gia.edu/affiliated-entities and others as described in this Notice.

Providing your Personal Data is voluntary. Please note, however, that without your Personal Data, we may be unable to provide you with the laboratory services and related products you request.

Rights of California Residents

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information regarding the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To see a copy of the information disclosure provided by GIA pursuant to Section 1798.83 of the California Civil Code, please contact GIA using one of the methods described in this Notice.

Types of Personal Data We Collect

Including without limitation, GIA may collect the following categories of Personal Data:

General contact information (e.g., title, first name, last name, home address, mailing address, phone number(s), email address)
Business information (e.g., business name, doing business as (“DBA”), address, phone number(s), email address, website, beneficial owners, principals, company officers, and authorised representatives such as employees, agents, contractors, couriers or any other person(s) acting on your behalf)
Government identifiers (e.g., driver’s licence, passport, government-issued identification with photograph, tax identification number, business licence number, business licence document, GSTIN number with code (India only), voter registration card, permanent resident alien card, national identity card, vehicle licence plate number (as applicable))
Client processing information (e.g., date of birth, residency)
Financial information (e.g., billing information, payment information, bank account number, banking institution, payment card information, third-party payer information)
Images and recordings (e.g., call recording, electronic video and audio monitoring and surveillance, film, photographs)

Purposes for Which We Use Personal Data

GIA may use your Personal Data to:

Assist with quality assurance and training, respond to enquiries and provide customer service
Review and process account application
Provide laboratory services and products requested by you
Deliver publications and subscriptions
Ensure compliance with applicable laws and regulations including sharing your data with third parties
Monitor compliance with our existing policies and procedures
Investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use at https://www.gia.edu/terms-of-use or this Notice where we believe it is necessary
Respond to formal or informal government requests
Ensure the integrity and security of GIA’s premises and processes
Direct marketing, for example to send you news and newsletters, special offers and promotions, or to contact you about products or information we think may interest you in accordance with our opt-in/opt-out practices
Help us to determine which advertisements to direct to you, to place on our websites and where to advertise our services
Assist us in advertising our services on third-party websites
By way of example only, we may use and share your Personal Data as follows:

New Client Processing

Purpose: For review and approval of account application

The Personal Data that is collected during the new client process may be shared with GIA affiliated entities, and legal or regulatory officials to ensure compliance with applicable laws and regulations.

Client Financial Services

Purpose: To administer your account

The Personal Data that client financial services collects is used to process payments, refunds and credits, and may be shared with third-party collection agencies.

Security

Purpose: To ensure the security and integrity of GIA premises and for the safety of our employees, clients, students, visitors and others; and for emergency security purposes

Video and Audio Monitoring

Purpose: To ensure the integrity and security of GIA’s premises and processes

GIA uses both video and audio monitoring in public and work spaces. Appropriate signs are displayed in all areas where video and audio monitoring are used.

Call Recording

Purpose: For quality assurance, training, responding to enquiries and providing customer service

GIA may record inbound and outbound calls to and from client services representatives (“CSRs”) and gemmological services representatives (“GSRs”) as well as transport and other staff who have telephonic contact with laboratory clients. A recorded or recited notice advises callers of call recording and by continuing the call, the caller consents to being recorded.

Types of information we collect include without limitation: your name and other Personal Data you provide during the phone call.

Those Under the Age of 18

GIA does not knowingly collect or solicit personal information from anyone under the age of 18, or knowingly allow such persons to register on our websites. If you are under 18, please do not attempt to register or to send any information about yourself to us. No one under the age of 18 may provide or post any Personal Data on any GIA websites. In the event that we learn that we have inadvertently collected Personal Data from a child under 18 without verification of parental consent, we will promptly delete that information.

Payment Card Information

You may choose to purchase products or services from GIA using a payment card. Typically, payment card information is provided directly by users, via the GIA website, into the payment processing service to which GIA subscribes, and GIA does not, itself, process or store the card information. GIA is not responsible or liable for the payment processing service. Occasionally, customers may ask a GIA employee to, on their behalf, enter payment card information into the payment processing service to which GIA subscribes. For your privacy, do not submit this information by email or leave card information on voicemails.

Third-Party Links

In addition to producing original content, GIA may provide news feeds produced by others, which we may link to from our websites. This means you may find yourself on one of GIA's websites reading a press release or article that may offer you a link to another organisation’s website where you may find related content. At these times, you will be leaving the GIA website. GIA is not responsible or liable for content provided by these third-party websites or the Personal Data they may happen to gather from you.

GIA Websites

As is true of most other websites, GIA’s websites collect certain information automatically and store it in log files. The information may include internet protocol (“IP”) addresses, the region or general location where your computer or device is accessing the Internet, browser type, operating system and other usage information about the use of GIA’s websites, including a history of the pages you view. We use this information to help us design our websites to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyse trends, track visitor movements and gather broad demographic information that assists us in identifying visitor preferences.

Information About Our Use of Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us provide you with a good experience when you browse our website and also allows us to improve our website. Our Cookie Policy at https://www.gia.edu/cookie-policy provides you with information about the cookies and similar technologies we use, and our reason for using them.

Information About Our Use of Technologies Similar to Cookies

Web beacons, pixel tags and other technologies that are similar to cookies: Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. Clear GIFs are small pieces of code embedded invisibly on web pages, not stored on your hard drive, which often work in conjunction with cookies. We may use clear GIFs in connection with our websites to, among other things, track the activities of users, help us manage content and compile statistics about website usage. We and our third-party service providers also use web beacons in HTML emails to you to help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded.

Analytics: We work with third-party service providers (including Google Analytics and Flurry) who conduct website analytics to help us track and understand how visitors use our websites. If you would prefer not to participate in Flurry, please follow the instructions provided at http://www.flurry.com/ to opt out. To prevent Google Analytics from using your data, you can download the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

Do-Not-Track: Currently, our systems do not recognise browser “do-not-track” requests. You may however disable certain tracking as discussed in our Cookie Policy at https://www.gia.edu/cookie-policy.

User-generated content: Certain portions of our websites may permit user-generated content, such as blogs and forums. Any information that you post to a publicly facing blog or forum may be viewable by other visitors to websites. Information that you submit through our student/educational blogs, will be available to other registered users of those services, at a minimum. We are not responsible for the privacy of any information that you choose to post to our websites, or for the accuracy of any information contained in those postings. Any information that you disclose becomes public information.

Opting In and Out of Marketing Mailings

In certain cases, we may request that you opt in to receive marketing communications from us, including electronic communications about GIA’s various products, services, newsletters or general updates. You may opt out of these communications by clicking the “unsubscribe” option or by contacting us through https://www.gia.edu/subscribe. If you opt out of receiving marketing communications from us, please note that we will continue to communicate with you regarding your ongoing relationship and for customer-service-related purposes.

Retention of Personal Data

As a general matter, we do not retain Personal Data for longer than is required or appropriate for the purposes for which it was collected, unless a longer period is necessary for our legal obligations or to defend a legal claim, and always consistent with applicable law.

Security of Personal Data

We take reasonable steps to protect your Personal Data by using technical, physical and organisational measures that are designed to protect against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.

We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Notice.

Disclosure, Transfer and Storage of Personal Data

We share your Personal Data with the GIA Affiliated Entities listed at https://www.gia.edu/affiliated-entities and non-affiliated vendors and suppliers that provide products and services to GIA or its affiliated entities (e.g., payment processing, transmission of marketing emails, web hosting, couriers, your authorised representatives). We may also disclose your Personal Data to another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer. We may also disclose your Personal Data when we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of this Notice. GIA may also make Personal Data available to other parties such as legal and regulatory authorities and law enforcement upon their request and/or where we believe it is appropriate to do so. When transferring Personal Data to GIA affiliated entities and non-affiliated third parties (which may be located outside the country in which Your Personal Data was collected and may not guarantee the same level of protection) we have executed legally necessary contracts with the recipients of your data.

Updates to the Privacy Notice (“Notice”)

GIA may amend this Notice from time to time as data privacy laws and regulations change; and as our organisation, products and services change. The revisions will take effect on the publication date of the amended Notice, as stated, and supersede all previous Notices regarding our privacy practices.

We reserve the right to amend the Notice at any time, for any reason, without notice to you, other than the posting of the amended Notice on this site.

Your Rights

To the extent that the GDPR applies to you and subject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data:

Right to access, correct and delete your Personal Data: GIA will use reasonable measures designed to ensure that all Personal Data is correct. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to GIA so that we can ensure that your Personal Data is up to date.
You have the right to request access to any of your Personal Data that GIA may hold and to request correction of any inaccurate Personal Data relating to you. You furthermore have the right to request the deletion of Personal Data we hold about you.
Right to withdraw consent: In the event that your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to privacy@gia.edu specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
Data portability: To the extent that we use your Personal Data on the basis of consent for the performance of a contract and that Personal Data is processed by automatic means, you have the right to receive all such Personal Data that you have provided to GIA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
Right to restrict Personal Data use: You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful but you do not want us to erase the Personal Data; (iii) we no longer need the Personal Data for the relevant purposes, but you require it for the establishment, exercise or defence of legal claims; or (iv) you have objected to our Personal Data use justified on our legitimate interests pending verification as to whether GIA has indeed compelling interests to continue the relevant Personal Data use.
Lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your Personal Data infringes this Notice or applicable law.

Privacy Questions and Complaints

Please note that certain Personal Data may be exempt from the requests described above pursuant to applicable data protection laws and regulations, and that certain rights may only be exercisable in certain jurisdictions, in accordance with applicable laws. In your local jurisdiction, you may also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal data infringes regulation.