GIA Mobile Application Privacy Notice



Last Updated August 1, 2022

Gemological Institute of America, Inc. (“GIA,” “Institute,” “we,” “us,” or “our”) provides this Mobile Application (“Application,” or “App”) Privacy Notice (“Notice”) to describe the information we collect, store, use and share (“Process”) when you download or use the App.

Questions or concerns? Reading this Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our App. If you have questions or concerns, please contact us at privacy@gia.edu.

SUMMARY OF KEY POINTS

This summary provides key points from our Notice, but you may find more information about any of these topics by clicking the link following each key point, or by using our table of contents below to find the section you are looking for. You may also click here to go directly to our table of contents.

What personal information do we collect and Process? When you download, visit, use or navigate our App, we may process personal information about you depending on how you interact with GIA and the App, the choices you make, and the products and features you use. Click here to learn more.

Does the App process any sensitive personal information? The App does not process sensitive personal information.

Does the App receive any information from third parties? The App does not receive any information from third parties.

Why do you process my information? We process your information to provide, improve and administer our App, to communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. Additionally, we process your information only when we have a valid legal reason to do so. Click here to learn more.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Click here to learn more.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. As such, we cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Click here to learn more.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Click here to learn more.

How do I exercise my rights? To exercise your rights, contact us at privacy@gia.edu. We will consider and act upon any request in accordance with applicable data protection laws.

TABLE OF CONTENTS

  1. What information do we collect?
  2. For what purposes do we process your information?
  3. What legal bases do we rely on to process your personal information?
  4. When and with whom do we share your personal information?
  5. How do we handle your social logins?
  6. Is your information transferred internationally?
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Do we collect information from minors?
  10. What are your privacy rights?
  11. Controls for do-not-track features?
  12. Do we make updates to this notice?
  13. How can you contact us about this notice?

1. What information do we collect?

Personal information you disclose to us. We collect personal information that you voluntarily provide to us when you download, visit, use, or navigate our App, express an interest in obtaining information about us or our services, when you participate in activities on the App and when you contact us.
 
Personal information provided by you. The personal information that we collect depends on the context of your interactions with us and the App, the choices you make, and the services and features you use. The personal information we collect may include the following:

  • first name
  • last name
  • email address
  • country
  • company name
  • other information we may request from time to time
Sensitive information. We do not process sensitive information in relation to the App

Social media log in data. We may provide you with the option to register with us using your existing social media account details, such as Facebook, Twitter, or other social media accounts. If you choose to register in this way, we will collect the information described in Section 5, “How do we handle your social logins?” below.

Application data. If you use our App, we also may collect the following information, if you choose to provide us with access or permission:

 

  • Geolocation information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our App, to provide certain location-based services. If you wish to change your access or permissions, you may do so in your device’s setting.
  • Mobile device access. We may request access or permission to certain features from your mobile device, including your mobile device’s storage, Wi-Fi, camera, calendar, and other features. If you wish to change your access or permissions, you may do so in your device’s settings.
  • Mobile device data. We automatically collect device information (i.e., mobile device ID, model, and manufacturer, operating system, version information, system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet protocol (IP) address or proxy server). If you are using our App, we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our App you accessed.
  • Push notifications. We may request to send you push notifications regarding your account or certain features of the App. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.
This information is primarily needed to maintain the security and operation of our App, for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected.

The App also collects the following information automatically:

 

  • Log and usage data. Service-related, diagnostic, usage, and performance information our App automatically collects when you access or use our App and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the App (i.e., date/time stamps associated with your usage, pages, and files viewed, searches, and other actions you take such as which features you use), device event information (i.e., system activity, error reports, sometimes called “crash dumps”, and hardware settings).
  • Device data. Information about your computer, phone, tablet, or other device you use to access the App. Depending on the device used, this device data may include information such as your IP address, or proxy server, device and application ID numbers, location, browser type, hardware model, internet services provider and/or mobile carrier, operating system, and system configuration information.
  • Location data. Information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and setting of the device you use to access the App. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location, based on your IP address. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your location settings on your device. However, if you choose to opt out, you may not be able to use certain aspects of the App.
2. For what purposes do we process your information?

We process your information to provide, improve, and administer our App, communicate with you, for security and fraud prevention, and to comply with law.
 
We may also process your information for other purposes, depending on how you interact with our App, including:

 

  • to facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log into your account, as well as keep your account in working order.
  • to deliver and facilitate delivery of App to the user. We may process your information to provide you with requested service.
  • to respond to user inquires/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • to send information to you regarding products and services that may be of interest to you, including marketing communications.
  • to save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
3. What legal basis do we rely on to process your personal information?

We only process your personal information when we have a valid legal reason to do so under applicable law, to comply with law, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
 
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

 

  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Click here to learn more.
  • Performance of a contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our App at your request prior to entering into a contract with you.
  • Legitimate interest. We may process your personal information when the processing is necessary for the legitimate interests of GIA as the data controller.
  • Legal obligations. We may process your personal information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to safety of any person.
We are generally the “data controller” under European data protection laws of the personal information described in this Notice since we determine the means and/or purposes of the data processing we perform.

4. When and with whom do we share your personal information?

We may share information in specific situations described in this section and/or with the following categories of third parties.

Third Parties. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information.

We may also need to share your personal information in the following situations:

 

  • Business transfers. We may share or transfer your information in connection with, or during negotiations of any merger, sale of Institute assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Notice. Affiliates include our parent Institute and any subsidiaries, or other companies that we control or that are under common control with us.
  • Protecting Rights and Interests.
    • To protect the safety, rights, property, or security of GIA, the services, any service provider, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity that we consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Notice, or our Terms of Use; and
    • If you submit an article to GIA and do not disclose to GIA in writing at the time of submission that the article is unstable, laboratory grown or that it has been treated and GIA subsequently reasonably suspects or detects that an article is unstable, laboratory grown or has been treated, or (ii) If you breach, are alleged to have breached, or GIA reasonably suspects that you have breached any ethical standards or other policies of the World Federation of Diamond Bourses (the "WFDB"), the International Diamond Manufacturers Association ("IDMA"), any other trade organization, GIA, or any applicable governmental agency (collectively, "Interested Parties"); or (iii) If (1) GIA becomes aware of matters of interest to the diamond and gem industry, and other matters related to the mission of GIA, both now and in the future, or (2) GIA reasonably suspects that you have altered the service results in any format provided by GIA (collectively (i) – (iii) the "Matters"), then GIA may, in its discretion, undertake one or more of the following with respect to the Matters: (a) notify the Interested Parties as well as law enforcement agencies, and any local bourses (which agencies and bourses are also Interested Parties), and provide any related information, data and documents, including without limitation, the names and contact information of individuals that have submitted articles to or communicated with GIA on your behalf (collectively, the "Information") in GIA's possession, (b) make public, via GIA's website or otherwise, your name and address as well as the names of your owners, members, and shareholders, including without limitation the fact that GIA will no longer be providing services to you or those other persons, (c) retain and/or turn over the article at the request of the agency or organization for further investigation, and (d) immediately suspend or terminate your relationship with GIA. In such an event, your only recourse is with the government or trade organization in receipt of the notification and/or article. You hereby consent to and authorize GIA to provide to the Interested Parties the Information, and consent to and authorize the Interested Parties to provide the Information to their member organizations. You agree that, unless consented to by GIA in writing in each instance, (i) any decisions or conclusions of WFDB, IDMA or trade organizations shall not be binding on GIA, (ii) to the maximum extent permitted by applicable law, you will not reference, introduce into evidence or assert any of those decisions or conclusions in any arbitration or dispute resolution, and (iii) no arbitrator or court shall be bound by any such decision or conclusion and you will not make any arguments or take any position to the contrary. You further agree that GIA is not beholden to any trade organization and that GIA is independent of trade organizations dealing with diamonds and other gems.
  • Legal Compliance. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority. 
5. How do we handle your social logins?

If you choose to register or log in to our App using a social media account, we may have access to certain information about you.
 
Our App may offer you the ability to register and log in using your third-party social media account details (i.e., Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.
 
We will use the information we receive only for the purposes that are described in this Notice or that are otherwise made clear to you on the relevant App. Please note that we do not control, and are not responsible for other uses of your personal information by your third-party social media provider. We recommend that you review their privacy policy/notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

6. Is your information transferred internationally?

We may transfer, store, and process your information in countries other than your own.
 
Your personal data may be transferred, accessed, stored, and otherwise processed by us, other GIA entities, or service providers for the purposes described above, and subject to requests from law enforcement, including courts and tribunals in accordance with laws applicable in those jurisdictions, in jurisdictions outside of your home jurisdiction, and may not provide an equivalent level of data protection as your home jurisdiction. GIA take steps to protect your personal data, including, where required by law, through appropriate written data processing terms and/or data transfer agreements, for example, by signing relevant EU standard contractual clauses as approved by the European Commission.

7. How long do we keep your information?  

We will only keep your personal information for as long as it is necessary for the purposes set out in this Notice, unless a longer retention period is required or permitted by law (i.e., tax, accounting, or other legal requirements).

8. How do we keep your information safe?

We aim to protect your personal information through a system of organizational and technical security measures.
 
We have implemented reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise our guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our App is at your own risk.

9. Do we collect information from minors?

By using the App, you represent that you are at least the age of majority in your home jurisdiction. If we learn that personal information from users less than the age of majority has been collected, we will take reasonable measures to promptly delete such data from our records.

10. What are your privacy rights?

In some regions, such as the European Economic Area (EEA), and United Kingdom (UK) you have rights that allow you greater access to and control over your personal information.
 
In some regions (i.e., EEA, UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information; (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
 
We will consider and act upon any request in accordance with applicable data protection laws. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority.
 
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You may withdraw your consent by contacting privacy@gia.edu. However, please note that withdrawing consent will not affect the lawfulness of the processing before its withdrawal.
 
Opting out of marketing and promotional communications: You may unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying “STOP” or “UNSUBSCRIBE” to the SMS messages that we send, or by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below. You will then be removed from the marketing lists. However, we may still communicate with you, for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes. 

11. Controls for do-not-track features?

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (DNT) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this state no uniform technology standard for recognizing and implementing DNT signals have been finalized. As such we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in an updated version of this Notice.

12. Do we make updates to this notice? 

We may update this Notice from time to time. The updated version will be indicated by an “Updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Notice frequently to remain informed on how we are protecting your

13. How can you contact us about this notice?
 

If you have questions or comments about this Notice, you may email us at privacy@gia.edu or by post to:
 
UNITED STATES OF AMERICA
Gemological Institute of America, Inc.
c/o Cogency Global, Inc.
1325 J Street #1550
Sacramento, CA 95814