Student Privacy Notice
Last updated (2 December 2022), v. 2.0
GIA values the privacy of your personal data. This Student Privacy Notice (“Notice”) describes GIA’s policies and practices regarding our processing, including collection, use and handling, of your personal data in connection with your relationship with GIA as an educational services applicant, student or alumnus.
If you use GIA websites other than as an educational services applicant, student or alumnus, your use of those other GIA websites and any information that you submit to us through those other GIA websites will be governed by the posted GIA website privacy notice.
Privacy Office and Data Controller
If you have any questions or concerns about this Notice or our use of your personal data, please contact GIA’s Privacy Office at:
Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, California 92008 USA
The entity which serves as your educational institution is a data controller for your personal data. For a complete list of data controllers, visit GIA Affiliated Entities.
Interpretation and Translation
This Notice has been created, drafted and prepared in the English language.Subsequently, the English versions have been translated in different languages for convenience. In case of any discrepancy, unless otherwise prohibited by law, the English language version of this Notice shall take precedence over any translation of this Notice into any other language.
Personal Data Collection, Use and Processing
In connection with your relationship with GIA, GIA collects personal data about you (whether online, in-person or through other means) from the following sources: directly from you; from our affiliated entities, including our subsidiaries and branch offices; from service providers; from alumni chapters; and automatically as you visit GIA websites.
We use your personal data for the purposes described in further detail below, including to facilitate your experience with GIA and to provide you with educational services and related products.We share your personal data with our GIA affiliated entities and others as described in this Notice.
Providing your personal data is voluntary.Please note, however, that without your personal data, we may be unable to provide you with the educational services and related products you request.
Types of Personal Data We Collect
In connection with your relationship with us, GIA collects the following categories of personal data, as permitted by applicable law:
- General contact information (title, first name, last name, home address, postal address, phone number(s), email address, date of birth, residency)
- Business information (business name, trading as (“TA”), address, phone number(s), business email address, website address, principals and company officers) (note, business information is only considered personal data to the extent it identifies an individual, unless otherwise stipulated by applicable laws)
- Government identifiers (driver’s licence, passport, government-issued identification with photograph, National Insurance number, business trading number, GSTIN number with code (India only), permanent resident alien card, vehicle licence plate number (as applicable)) (note, business information is only considered personal data to the extent it identifies an individual, unless otherwise stipulated by applicable laws)
- Financial information (billing information, payment information, bank account number, banking institution, payment card information, third-party payer information, financial and veteran information as needed to determine eligibility for student financial aid)
- Application information (date of birth, residency and visa status, race and ethnicity (US citizens and US permanent residents only), criminal history (as applicable))
- Education/Training (details about your enrolment such as fields of study, dates of enrolment, degrees, diplomas, certificates awarded, dates conferred, academic honours and awards received)
- Images and recordings (call recording, electronic video and audio monitoring and surveillance, film, photographs)
- Verification/background check services (We collect personal data from background check providers to verify your identity and credibility as well as creditworthiness)
- Other information (emergency contact information, special accommodations, additional information for identity verification)
Purposes for Which We Use Personal DataGIA may use your personal data for the following purposes:
- Assist with quality assurance and training, respond to enquiries and provide customer service
- Review and process applications for admission, financial aid and scholarships
- Provide you with educational courses, programmes and related services
- To deliver publications and subscriptions
- Combine your personal data with other information that we obtain from third parties
- Assist us in advertising our services, including on non-GIA websites or through other channels
- Ensure compliance with applicable laws including sharing your data with law enforcement and service providers
- Monitor compliance with our existing policies and procedures
- Respond to formal or informal government or regulatory body requests
- Ensure the integrity and security of GIA’s premises and processes
- To help us understand your needs and interests
- Better understand and improve our products and services
- Direct marketing, for example, as permitted by applicable law, to send you news and newsletters, special offers and promotions, or to contact you about products or information we think may interest you in accordance with our opt-in/opt-out practices. We may send these communications through postal mail, electronic mail, SMS (available in some markets only) or other available channels
- Help us to determine which advertisements to direct to you, to place on websites and where to advertise our services
- Deliver GIA Alumni Association information, products and services
- Purpose: For recruitment and to review admissions applications.
- Purpose: Know Your Student and Due Diligence Screening Policy and Notice
The due diligence screenings and assessments may include any of the following searches, as allowable by local law and regulation:
- Screenings for government sanctions, exclusions and other watch lists;
- Sex offender registry;
- Civil and criminal court records; and
- Other background information obtained from any law enforcement agency, administrator, government agency, court, information service bureau, including, but not limited to, criminal history.
Office of the Dean
- Purpose: To provide the support of academic activities and records of current and former students on behalf of GIA.
Student Financial Services
- Purpose: To provide financial aid or scholarships and administration of those applications and your account.
- The personal data that student financial services collects is used to process payments, refunds and credits and may be shared with non-affiliated collection agencies
- Scholarship application data is used to manage, facilitate and administer GIA scholarships.
- We may also share your personal data with third parties that sponsor scholarships for which you apply. In these cases, when you apply for the third-party sponsored scholarship, you are providing your consent for the sharing of your data with the relevant third-party sponsors. The relevant third-party sponsor will use and share your personal data to manage, facilitate and administer the scholarship programme and as otherwise disclosed by the third-party sponsor.
- Relevant government authority for monitoring, awarding and determining the eligibility of government financial aid programmes.
- Purpose: To provide students and alumni with online access to employers, job postings, events, resources and to maintain efficient appointment and event registration, and to comply with federal, state or local reporting requirements.
GIA Alumni Association
- Purpose: To deliver the GIA Alumni Association information, products and services you request and connect you with your global alumni network.
- Administration of scholarships and awards through alumni and donor relationships
- Purpose: To ensure the security and integrity of GIA premises and for the safety of our employees, clients, students, visitors and others; and for emergency security purposes.
Video and Audio Monitoring
- Purpose: To ensure the integrity and security of GIA’s premises and processes.
- Purpose: For quality assurance, training, responding to enquiries and providing customer service.
Persons Under the Age of MajorityYou represent, acknowledge and agree that you are at least 16 years of age. If you are not yet 16 years of age, you may not submit information to GIA with respect to GIA’s educational services. Applicants to any GIA course or programme in the United States must be at least 16 years of age. Applicants to GIA courses or programmes in all other countries must be at least 18 years of age.
Automatically Collected DataGIA controlled student websites (“GIA Student Sites”) collect certain information automatically and store it in log files.The information includes Internet protocol (“IP”) addresses, the region or general location where your computer or device is accessing the Internet, browser type, operating system and other usage information about your use of GIA Student Sites.We use this information to help us design our services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer GIA Student Sites, analyse trends, track visitor movements and gather broad demographic information that assists us in identifying visitor preferences.
Local Storage Objects.We may use Flash LSOs in order to store your Site preferences and to support individual applications.Flash LSOs are different from browser cookies because of the amount and type of data stored.In addition, you cannot control, delete or disable the acceptance of Flash LSOs through your browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash cookies, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.
Web Beacons, Pixel Tags and Other Technologies.Our service providers use web beacons in HTML emails to our customers, to help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded.
You can also find out more about online advertising here and opt out of interest-based advertising from many participating ad companies at the ad industry websites, including:
Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings.For more information about how to change these settings for Apple, Android or Windows devices, see:
Please note that opting out of advertising network services does not mean that you will not receive any advertising while using our Services or other services, nor will it prevent the receipt of interest-based advertising from non-affiliated parties that do not participate in these programmes.
Facebook. For certain Facebook advertising services, Facebook Ireland is a Joint Controller (as defined in the GDPR) and that information required under the GDPR related to such processing can be found at https://www.facebook.com/about/privacy. We work with Facebook and use their advertising services to measure and improve our ads and marketing efforts, as well as to display more relevant advertising to you. For further information on how Facebook Ireland processes your personal information, including the legal basis and the ways to exercise your rights, please visit https://www.facebook.com/about/privacy.
Opting In and Out of Email and Text Message Marketing CommunicationsIn certain cases, when we obtain your contact information, we may send you marketing communications via direct mail, email or SMS (available in selected markets only) or other available channels about GIA’s various products, services, newsletters or general updates about GIA and GIA affiliated entities. If you no longer wish to receive marketing and promotional communications from us, you may opt out by emailing our Privacy Office or as follows: for email: click the “unsubscribe” option; for SMS: text STOP in response to the text message. If you opt out of receiving marketing communications from us, please note that we will continue to communicate with you regarding your ongoing relationship with us and for customer-service-related purposes.
Retention of Personal DataAs a general matter, we do not retain personal data for longer than is required or appropriate for the purposes for which it was collected, unless a longer or shorter period is necessary for our legal obligations, or customs of the industry, or to defend a legal claim, or to comply with legal, accounting, regulatory or reporting requirements, and consistent with applicable law.
Security of Personal DataWe have taken steps to help protect the personal data we collect.However, no data security measures can guarantee 100% security.You should take steps to protect against unauthorised access to your device and account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your login and password private.
Disclosure, Transfer and Storage of Personal DataWe share and jointly use your personal data (please see “Types of Personal Data We Collect” regarding the types of personal data we jointly use) with other GIA-affiliated entities for the following purposes: to assist us in performing the services that you have requested; for billing and collections; to host your data; to assist us in our marketing efforts; to assist us in performing our legal compliance obligations; to protect our rights and property and the rights and property of others; and for any other purpose as set forth in this Notice and permitted by applicable law. The data controller will be responsible for your personal data jointly used with other GIA affiliated entities.We will rely on agreements based on the standard contractual clauses or another legally valid mechanism to validly transfer your personal data outside the European Economic Area.
We may also share your personal data with third parties that sponsor scholarships for which you apply. In these cases, when you apply for the third-party sponsored scholarship, you are providing your consent for the sharing of your data with the relevant third-party sponsors. The relevant third-party sponsor will use and share your personal data to manage, facilitate and administer the scholarship programme and as otherwise disclosed by the third-party sponsor.
To the extent permitted by law, we share your personal data with local GIA alumni chapters which may be operated by third parties.
We also share your personal data with non-affiliated vendors and suppliers that provide products and services to GIA or its affiliated entities (e.g. payment processing, transmission of marketing emails, web hosting, couriers). These entities do not use your information for their own purposes, including marketing purposes, but rather act on the instructions of GIA.As an example of our sharing with third-party service providers, we may disclose certain information (such as your email address) with non-affiliated parties such as Facebook (more information on Facebook Custom Audience here or see above) so that we can better target ads and content to you, and others with similar interests on these non-affiliated parties’ platforms or networks (“Custom Audiences”).We may also work with ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. To opt out of being included in our Custom Audiences in the future, email us at firstname.lastname@example.org.
We may also disclose your Personal Data to another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer. We may also disclose your personal data when we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of this Notice. GIA may also make personal data available to other parties such as legal and regulatory authorities and law enforcement upon their request and/or where we believe appropriate to do so. When transferring personal data to GIA affiliated entities and non-affiliated entities (which may be located outside the country in which your personal data was collected and may not guarantee the same level of protection) we have executed legally necessary contracts with the recipients of your data.
We disclose your data where necessary to the administration of our general business, accounting, record keeping and legal functions, to our tax advisors, legal counsel, and other professional services entities or agents.
We may share aggregate or anonymised information about use of our services with service providers for marketing, advertising, research, analytics or other similar purposes. We also may publish reports in the aggregate about usage trends of our services.
Updates to this NoticeGIA may amend this Notice from time to time as laws change, and as our organisation, products and services change.The revisions will take effect on the publication date of the amended Notice, as stated, and supersede all previous Notices regarding our privacy practices.
Unless prohibited by applicable law, we reserve the right to amend the Notice at any time, for any reason, without notice to you, other than the posting of the amended Notice at this site.
Notification of Rights Under the Family Educational Rights and Privacy Act (“FERPA”)The Family Educational Rights and Privacy Act (“FERPA”) affords eligible students (“student”, or “you”) certain rights with respect to their education records. (An “eligible student” under FERPA is a student located in the United States who is 18 years of age or older or who attends a post-secondary institution located in the United States at any age). GIA’s FERPA policy can be found at https://www.gia.edu/ferpa.
RIGHTS OF CALIFORNIA RESIDENTSPursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information regarding the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To see a copy of the information disclosure provided by GIA pursuant to Section 1798.83 of the California Civil Code, please contact GIA using one of the methods described in this Notice.
Additional Information for Residents of the European Union ("EU"), or where applicable and required by the laws of your jurisdiction
To the extent the GDPR or other law granting particular rights to data subjects applies to you, you have the following rights with regard to our processing of your personal data:
- Right to access, correct and delete your personal data: GIA will use reasonable measures designed to ensure that all personal data is correct.You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to GIA so that we can ensure that your personal data is up-to-date.
- Right to withdraw consent: In the event that your personal data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to the Privacy Office specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
- Data portability: To the extent that we use your personal data on the basis of consent or for the performance of a contract and that personal data is processed by automatic means, you have the right to receive all such personal data that you have provided to GIA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
- Right to restrict personal data use: You have the right to restrict our use of your personal data where (i) you contest the accuracy of the personal data; (ii) the use is unlawful but you do not want us to erase the personal data; (iii) we no longer need the personal data for the relevant purposes, but you require it for the establishment, exercise or defence of legal claims; or (iv) you have objected to our personal data use justified on our legitimate interests pending verification as to whether GIA indeed has compelling interests to continue the relevant personal data use.
- Right to object to processing justified on legitimate interest grounds: To the extent that we are relying upon legitimate interest to process data, then you have the right to object to such processing, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. Normally, where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
- Lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your personal data violates this Notice or applicable law.
Legal Bases We Rely on When Processing Your Personal DataWhere EU data protection law applies, and where applicable under other applicable data protection laws, we process your personal data on the following legal bases:
- Our Contract With You. Our processing is necessary to perform our obligations under a contract with you or to perform steps requested by you prior to entering into a contract with you (e.g. to verify the information you have provided to us).
- Our Legitimate Interests. Our processing is necessary for our legitimate interests, including to protect the security of our services; to protect the health and safety of you or others; to establish, protect and defend our legal rights and interests; to prevent fraud and verify identity and authorisation of clients; to understand and analyse usage trends; and to improve our products and services.
- Legal Compliance. Where our processing is required to comply with applicable law (for example, to maintain your payment transaction history for tax reporting purposes): e.g. in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, or related to national security requests.
- Your Consent.When we have your express consent as defined by applicable law.
Privacy Questions and Complaints
Please note that certain personal data may be exempt from the requests described above pursuant to applicable laws, and that certain rights may only be exercisable in certain jurisdictions, in accordance with applicable laws. If you have any questions or concerns about this Notice or our use of your personal data, please contact GIA’s Privacy Office, at any time.In your local jurisdiction, you may also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal data violates applicable law.