GIA Website Privacy Notice



Last Updated (7 March 2019)

1. Introduction

Gemological Institute of America, Inc. and our related entities (“GIA”, “GIA Entities”, “we”, “us”, or “our”) respect your privacy. GIA provides this website privacy notice (“Notice”) to describe how we collect, use, disclose or otherwise process the data, including personal data, that we collect about you through our website, https://www.gia.edu and other GIA websites on which this Notice is posted (collectively, the “Sites”), our mobile application(s) (the “App(s)”), offline (such as at tradeshows or at GIA locations), and the services available through our Sites, App and offline (collectively, the Sites, the App and GIA services offered offline are referred to as our “Services”). We collect data directly from you, automatically as you use our Services, from vendors, and from other individuals, as set forth below.

Depending on your relationship with GIA, other privacy notices also may apply to you. For example, if you are accessing the Client Portal or My Laboratory as a client of GIA, then our collection of your personal data is governed by the Client Privacy Notice, not this Notice. If you are a student, then please review the Student Privacy Notice.

GIA provides its Services around the world. The data controller for any data submitted through our Services is Gemological Institute of America, Inc. at the address set forth below and, where relevant, other applicable GIA Entities.

Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, CA 92008
United States

Please see GIA-Affiliated Entities and GIA Data Controllers for complete listings.

2. Information We Collect About You

We collect information, including personal data, about you directly from you, from vendors, from other parties and automatically through your use of our Services. We combine the information we collect from these various sources. The type of personal data that we collect from you varies based on your particular interaction with our Services as set out below.

  • Account and Registration: Your full name, email address, home and postal address, telephone number, mobile number and, where applicable, payment information. You may also provide additional, voluntary information, where relevant.

  • Communications: When you communicate with us, provide information through our surveys, in the context of a trade show or otherwise, for example, if you participate in one of our seminars.

  • Request That Your Establishment Be Listed on GIA’s Site: Information about your store and business contact information for a representative of the store. (Note: in this context, someone other than you may provide us with your information if you are listed as the representative of that store).

  • Seek to Find a Store Near You: With your permission, your location information (through the collection of your IP address) in order to locate a store near you.

  • Purchase Items From Our Store: Your full name, contact information, items purchased, billing and shipping information, and payment data.

  • Your Usage of Our Services: Your submission history, enquiries that you submit to us, records of purchases and other interactions with us.

  • At Trade Shows and Other Events: We collect information from or about you at trade shows and other events, including at trade shows or other events that we may host or at stands that we may operate.

  • User Content: You may post to the blogs and forums available within our Services. Any information that you post to a publicly facing blog or forum may be viewable by any other visitor to our Sites or App. We are not responsible for the privacy of any information that you choose to post to our Sites or App, or for the accuracy of any information contained in those postings. We cannot prevent such information from being used in a manner that may violate this Notice, the law or your personal privacy.

3. Information We Collect Automatically

  • Device and Online Usage: We collect information about your computer, browser, mobile or other device that you use to access the Services. We may use cookies, pixels, log files and other techniques to collect such information, including IP address, device identifiers and other unique identifiers, browser type, browser language, operating system name and version, device name and model, version, referral and exit pages, dates and times you access our Services, the length of time that you are logged in to or using our Services, the links you click on or features you use, software crash reports and session identification number. Please see the “Cookies and Other Tracking Technologies” section below or our Cookie Policy for more information.

  • Analytics: Using service providers, we compile and analyse information derived from the use of our Services, such as aggregate usage patterns, user preferences and other usage information.

Please see the “Cookies and Other Tracking Technologies” section below or our Cookie Policy for additional information about our use of cookies.

4. Our Use of Your Information

We use your information, including your personal data, for the following purposes:

  • Providing and Improving Our Services: To provide you with our Services, to improve our Services to enhance your experience of using the Services; to respond to your enquiries; to develop new features, products or services; to authenticate you; to perform technical operations, such as updating software; as well as for other customer service and support purposes;

  • Marketing and Similar Communications: For marketing and advertising purposes, such as, to the extent permitted by applicable law, to send you emails and SMS about products, services and events that we believe would be of interest to you; to send our newsletter to you;

  • To Solicit Donations;

  • Personalising Content and Ads: To assist us in determining relevant advertising (i) on our Sites and App; (ii) on non-GIA websites and mobile applications; and (iii) through other media;

  • Research and Analytics: To better understand how users access and use our Services, both on an aggregated and on an individualised basis, including monitoring, evaluating and analysing which features and portions of our Site and our Apps are most popular; for troubleshooting; for statistical purposes including identifying geographic regions of visitors to our Services; for evaluating frequently asked questions from visitors and for other statistical purposes;

  • Protecting Rights and Interests: To protect the safety, rights, property or security of GIA, the Services, any service provider or the general public; to detect, prevent or otherwise address fraud, security or technical issues; to prevent or stop activity that we consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity; to use as evidence in litigation; and to enforce this Notice or our Terms of Use; and

  • Legal Compliance: To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.

GIA may also enhance or merge your personal data with the data that we obtain from the analytics providers referenced above. We will use this information to assist us in our marketing efforts and for the purposes described in this Notice.

5. Disclosing Your Information

We will not disclose your personal data to non-GIA Entities for their own marketing purposes. We will, however, disclose your information, including personal data, to entities as described below:

  • GIA Entities: Where permitted by law and unless you request otherwise, we will share your information with GIA Entities, so that they may contact you about our Services (marketing) or respond to your customer service enquiries.

  • Service Providers: We disclose your personal data to our service providers, contractors, professional advisers, agents or others who perform functions on our behalf.  These service providers include vendors who assist us with sending out email correspondence, SMS messages, payment processors and other providers consistent with completing your request to GIA.

  • Social Networking Companies: We disclose your email address to Facebook to assist us in determining relevant advertising on Facebook and through other media. See Online Advertising below.

  • Other Users: As stated above, you may choose to submit information on a blog or in a forum. Any information that you submit will be available to other users of our Services.

  • General Business Operations: We disclose personal data where necessary for the administration of our general business, accounting, record keeping and legal functions to our tax advisers, legal counsel and other professional services entities or agents.

  • Business Transfers: If we are acquired by or merge with another entity, if some or all of our assets are transferred to another company, or are part of a bankruptcy proceeding, we may transfer the information we have collected from you to the acquiring entity. We also may transfer certain of your personal information to another company in the course of evaluating a prospective transfer, where permitted by law.

  • In Response to Legal Process: We disclose your personal data to comply with the law, a judicial proceeding, court order or other legal process, such as in response to a subpoena or warrant.

  • To Protect Us and Others: We disclose your information where we believe it is necessary to investigate, prevent or take action regarding illegal activities; suspected fraud; situations involving potential threats to the safety rights, property, or security of GIA, the Services, or of any person; or violations of our Terms of Service or this Notice.

  • Aggregate and Anonymised Information: We may share aggregate or anonymised information about use of the Services with service providers for marketing, advertising, research, analytics or other similar purposes. We may also publish reports in the aggregate about the usage trends of our Services.

6. Cookies and Other Tracking Technologies

We use cookies, web beacons (including clear GIFs), Flash Local Storage Objects (“Flash LSOs”) and similar technologies, including technologies designed for mobile applications, to track user activity and collect usage data about our Sites and App. We may combine this data with the personal data we have collected from you.

Cookies. Cookies allow a web server to transfer data to a computer for record keeping and other purposes. We and our service providers use “cookies” on our Sites and similar devices designed for mobile applications to, among other things, better provide you with tailored information and facilitate your ongoing access to and use of the Site. There are two types of cookies: session-based and persistent cookies.

  • Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged in to the Site (and the Apps). This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Sites and App.

  • Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity, which may be combined with other user information.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Sites who disable their web browsers’ ability to accept cookies will be able to browse the Sites; however, certain site features, such as the shopping basket or the ability to find the location of a lab, may not function if you disable cookies.
Local Storage Objects. We may use Flash LSOs in order to store your Site preferences and to support individual applications. Flash LSOs are different from browser cookies because of the amount and type of data stored. In addition, you cannot control, delete or disable the acceptance of Flash LSOs through your browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash cookies, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.

Web Beacons, Pixel Tags and Other Technologies. Our service providers use web beacons in HTML emails to our customers, to help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded.

Analytics. We work with service providers (including Google Analytics and Flurry) who conduct analytics to help us track and understand how visitors use our Sites and our App. If you would prefer not to participate in Flurry, please follow the instructions provided at http://www.flurry.com/. Google Analytics is a web analytics service provided by Google that uses cookies to help us analyse how users use our Sites and our App. The information generated by the cookies about your use of the services will be transmitted to and stored by Google on servers in the United States. If you access the Sites or our App through different devices, Google may associate your devices with one another. Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can prevent Google’s collection and use of the data it collects as defined in its policy by downloading and installing this browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB. For more information about Google Analytics cookies, please see Google’s help pages (https://support.google.com/analytics/answer/6004245) and privacy policy (https://www.google.com/intl/en/policies/privacy/).

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

7. Online Advertising

To display more relevant advertising on our Services; to manage our advertising on non-affiliated sites, mobile apps and online services; and to measure and improve our ads and marketing efforts we work with Facebook, Google and other non-affiliated ad companies, ad exchanges, channel partners, measurement services and ad networks. Please see the “Cookies and Other Tracking Technologies” section below or our Cookie Policy for more information. For more information and to exercise your choices please see Facebook’s privacy policy and ad preferences page and/or Google/DoubleClick’s privacy policy and ads help page).
You can also find out more about online advertising here and opt out of interest-based advertising from many participating ad companies at the ad industry websites, including:

Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings. For more information about how to change these settings for Apple, Android or Windows devices, see:

Please note that opting out of advertising network services does not mean that you will not receive any advertising while using our Services or other services, nor will it prevent the receipt of interest-based advertising from non-affiliated parties that do not participate in these programmes.
Custom Audiences and Matching. We may disclose certain information (such as your email address) to non-affiliated parties such as Facebook (more information on Facebook Custom Audience here or see above) so that we can better target ads and content to you, and others with similar interests on these non-affiliated parties’ platforms or networks (“Custom Audiences”).  We may also work with ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. To opt out of being included in our Custom Audiences in the future, email us at privacy@gia.edu.
Do Not Track. Your browser or device may include “Do Not Track” settings or functionality. Currently, our systems do not recognise browser "Do Not Track" requests. However, you may disable certain tracking on our Sites, as discussed above (e.g. by disabling cookies), and you may opt out of certain ad networks as described in this Notice. For more information about Do Not Track signals, please click here.

8. Marketing Choices

To the extent permitted by applicable law, we periodically send you electronic communications about GIA’s various products, services or newsletters via email, and in selected markets also via SMS. You may opt out of the receipt of marketing communications by clicking the “unsubscribe” options, by sending an opt-out request to privacy@gia.edu, or where applicable, texting us STOP from the number on which you received the SMS. If you opt out of receiving marketing communications from us, please note that we may still send you emails regarding your account, or for any Services you have requested or received from us (e.g. to notify you about the status of a purchase that you have made with us).

9. Links

For your convenience, GIA may provide links to certain non-affiliated websites or referrals to certain non-GIA products or services. If you choose to visit these websites or to use such products or services, please be aware that the third party’s privacy policy, and not this Notice, will govern your activities and any information you disclose while interacting with these limited websites. We are not responsible for the information practices of such non-affiliated websites or applications.

10. Children’s Privacy

Aside from the GemKids area of the Site, our Services do not target users under the age of 18 (“minors”).  We do not knowingly collect personal data from minors. If we become aware that a minor has submitted personal data to us through the Services, we will take reasonable steps in order to delete such personal data.

11. Security

We have taken steps to help protect the personal data we collect. However, no data security measures can guarantee 100% security. You should take steps to protect against unauthorised access to your device and account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your login and password private.

12. Special Notice for Visitors to GIA India

You may apply for employment at certain GIA locations, including GIA India, through websites operated by those entities. If you submit an application for employment online through GIA India, GIA India will request the following minimum information on the job application form: full name, email, mobile number, gender, date of birth, nationality (i.e. resident/non-resident of India), country, qualification (i.e. degree), years of experience, resume (file upload), source (i.e. how you learned of the job opportunity). Your information will be used for the purposes of processing your employment application, for any legal purposes (including to protect our rights and interest and the rights and interests of others), and as described during the application process.

13. Transfer of Your Personal Data

 Depending upon your particular interaction with us, your personal data may be transferred, accessed, stored and otherwise processed by us, other GIA entities or service providers for the purposes described above, and subject to requests from law enforcement (including courts and tribunals in accordance with the laws applicable in those jurisdictions), in jurisdictions outside of your home jurisdiction, including the United States and India, and may not provide an equivalent level of data protection as provided in your home jurisdiction. GIA take steps to protect personal data, including, where required by law, through appropriate written data processing terms and/or data transfer agreements, for example, by signing the relevant EU standard contractual clauses as approved by the European Commission (the form for these clauses can be found here). Subject to applicable law, you have the right to obtain details about the mechanism under which your personal data is transferred cross-border. For more information about these transfer mechanisms, please contact us as set out in the “Contact” section below.

14. Additional Information for EEA Individuals or Where Applicable and Required by the Laws of Your Jurisdiction

To the extent the GDPR or other law granting particular rights to data subjects applies to you, you have the following rights with regard to our processing of your personal data:

  • Right to Access, Correct and Delete Your Personal Data: GIA will take reasonable measures to ensure that all personal data is accurate and up to date. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to GIA so that we can ensure that your personal data is up-to-date.

You have the right to request access to any of your personal data that GIA may hold and to request correction of any inaccurate personal data relating to you. Furthermore you have the right to request the deletion of personal data we hold about you.

  • Right to Withdraw Consent: In the event your personal data is processed on the basis of your consent, you have the right to withdraw consent at any time with effect for the future.

  • Data Portability: To the extent that we use your personal data on the basis of consent for the performance of a contract and that personal data is processed by automatic means, you have the right to receive all such personal data that you have provided to GIA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.

  • Right to Restrict Personal Data Use and Right to Object: You have the right to restrict our use of your personal data where (i) you contest the accuracy of the personal data; (ii) the use is unlawful but you do not want us to erase the personal data; (iii) we no longer need the personal data for the relevant purposes, but you require it for the establishment, exercise or defence of legal claims; or (iv) you have objected to our personal data use justified on our legitimate interests pending verification as to whether GIA has indeed compelling interests to continue the relevant personal data use.

  • Lodge a Complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your personal data violates this Notice or applicable law.


 
Legal Bases We Rely on When Processing Your Personal Data
Where EU data protection law applies, and where applicable under other data protection laws, we process your personal data for the purposes set out in Appendix A, under the following legal bases:

  • Our Contract With You: Our processing is necessary to perform our obligations under a contract with you or to perform steps requested by you prior to entering into a contract with you (e.g. to verify the information you have provided to us).

  • Our Legitimate Interests: Our processing is necessary for our legitimate interests, including to protect the security of our services; to protect the health and safety of you or others; to establish, protect and defend our legal rights and interests; to prevent fraud and verify the identity and authorisation of clients; to understand and analyse usage trends; and to improve our products and services.

  • Legal Compliance: Where our processing is required to comply with applicable law (for example, to maintain your payment transaction history for tax reporting purposes): e.g. in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, or related to national security requests.

  • Your Consent: When we have your express consent as defined by applicable law.

15. Changes to This Notice

GIA reserves the right to modify this Notice as it deems appropriate from time to time. If we make a material change to the Notice, you will be provided with appropriate notice, in accordance with applicable legal requirements, for example via email or prominent notice on our Sites. You may find the most current version of the Notice by visiting the Sites. Your continued use of our Sites will be subject to the then-current Notice.

16. Contact

If you would like to contact us regarding our privacy practices or to exercise your rights, please contact us at:
Attn: Privacy Office – MS 20
Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, CA 92008
United States
or via email at privacy@gia.edu.


Thank you for visiting GIA.

 

Appendix A: Our Purposes and Legal Bases for Processing Personal Data
of Individuals Located in the European Union and Where Applicable Under Other Data Protection Laws

 

Our Processing Purpose(s)

Our Legal Bases in the EU and Where Applicable Under Other Data Protection Laws

Providing Support and Services

  • Review and process an account sign-up and registration

  • Process and administer your gem submission

  • Assist with quality assurance, training, respond to enquiries, complaints and provide customer service

  • Manage troubleshooting and technical customer service and support

  • Provide you or your employer with laboratory services and products

  • Deliver publications and subscriptions

  • Process and administer payments, refunds and credits

To perform our contract with you or take steps to enter into a contract with you
Our Legitimate Interest

Communicate with You

  • Communicate with you about your account or transactions with us (including Services-related announcements) or your comments to a blog post or forum

  • Communicate with you about changes to our Notice

To perform our contract with you or take steps to enter into a contract with you
Our Legitimate Interest
Legal Obligation

Verification

  • To verify the identity of users with whom we interact

  • To confirm authorisation of users of our Services

To perform our contract with you or take steps to enter into a contract with you
Our Legitimate Interest

Personalise Services and Ads

  • Assist us in advertising our Services on non-GIA Sites and Services or through other channels

  • Help us to determine what advertisements to direct to you, to place on our Services and where to advertise our products and services

Our Legitimate Interest
Your Consent (for online advertising)

Marketing and Promotions

  • Deliver publications and subscriptions

  • Direct marketing, for example, as permitted by applicable law, to send you news and newsletters, special offers and promotions, or to contact you about products or information we think may interest you, including via postal mail and email and where applicable in accordance with our opt-in/opt-out practices.

  • To send you promotional SMS messages if you opt in.

Our Legitimate Interest
Your Consent (where you have opted-in)

Legal Compliance

  • Ensure compliance with applicable laws including sharing your data with law enforcement (disclosures described below)

  • Monitor compliance with our existing policies and procedures

  • Respond to formal or informal government requests, (e.g. in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, or related to national security requests)

Comply with Law
Our Legitimate Interests

Protect Legal Rights and Prevent Misuse

  • Monitor compliance with our existing policies and procedures

  • Ensure the integrity and security of GIA’s premises and processes

  • Investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use, this Notice or our Client Agreement where we believe it is appropriate

Our Legitimate Interests
To perform our contract with you or take steps to enter into a contract with you
Legal Obligation

General Business Operations

  • To administer our general business, accounting, record-keeping and legal functions

  • Routine business administration, (e.g. employee training, compliance auditing and similar internal activities)

Our Legitimate Interests
Legal Obligation