Last Updated (August 1, 2019)
GIA values the privacy of your personal data. This Student Privacy Notice (“Notice”) describes GIA’s policies and practices regarding our collection, use, and handling of your personal data in connection with your relationship with GIA as an educational services applicant, student, or alumni.
If you use GIA websites other than as an educational services applicant, student, or alumni, your use of those other GIA websites and any information that you submit to us through those other GIA websites will be governed by the posted GIA website privacy notice.
Privacy Office and Data Controller
If you have any questions or concerns about this Notice or our use of your personal data, please contact GIA’s Privacy Office at:
Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, California 92008 USA
The entity which serves as your educational institution is a data controller for your personal data. For a complete list of data controllers, visit https://gia.secure.force.com/agreements/affiliatedEntities.
Interpretation and Translation
This Notice has been created, drafted, and prepared in the English language. Subsequently, the English versions have been translated in different languages for convenience. In case of any discrepancy, unless otherwise prohibited by law, the English language version of this Notice shall control over any translation of this Notice into any other language.
Personal Data Collection, Use and Processing
In connection with your relationship with GIA, GIA collects personal data about you (whether online, in-person, or through other means) from the following sources: directly from you; from our affiliated entities, including our subsidiaries and branch offices; from service providers; from alumni chapters; and automatically as you visit GIA websites.
We use your personal data for the purposes described in further detail below, including to facilitate your experience with GIA and to provide you with educational services and related products. We share your personal data with our GIA affiliated entities and others as described in this Notice.
Providing your personal data is voluntary. Please note, however, that without your personal data, we may be unable to provide you with the educational services and related products you request.
Types of Personal Data We Collect
In connection with your relationship with us, GIA collects the following categories of personal data, as permitted by applicable law:
General contact information (title, first name, last name, home address, mailing address, phone number(s), email address, date of birth, residency)
Business information (business name, doing business as (“DBA”), address, phone number(s), business email address, website address, principals, and company officers) (note, business information is only considered personal data to the extent it identifies an individual)
Government identifiers (driver’s license, passport, government-issued identification with photograph, tax identification number, business license number, business license document, GSTIN number with code (India only), voter registration card, permanent resident alien card, national identity card, vehicle license plate number (as applicable)) (note, business information is only considered personal data to the extent it identifies an individual)
Financial information (billing information, payment information, bank account number, banking institution, payment card information, third party payer information, financial and veteran information as needed to determine eligibility for student financial aid)
Application information (date of birth, residency and visa status, race and ethnicity (U.S. citizens and U.S. permanent residents only), criminal history (on campus programs and lab classes as applicable))
Education/Training (details about your enrollment such as fields of study, dates of enrollment, degrees, diplomas, certificates awarded, dates conferred, academic honors and awards received)
Images and recordings (call recording, electronic video and audio monitoring and surveillance, film, photographs))
Verification/background check services (We collect personal data from background check providers to verify your identity and credibility as well as creditworthiness)
Other information (emergency contact information, special accommodations, additional information for identity verification)
Purposes for Which We Use Personal Data
GIA may use your personal data for the following purposes:
Assist with quality assurance, training, respond to inquiries and provide customer service
Review and process an application
Provide you with educational courses, programs and related services
To deliver publications and subscriptions
Combine your personal data with other information that we obtain from third parties
Assist us in advertising our services, including on non-GIA websites or through other channels
Ensure compliance with applicable laws including sharing your data with law enforcement and service providers
Monitor compliance with our existing policies and procedures
Respond to formal or informal government requests
Ensure the integrity and security of GIA’s premises and processes
Help us understand your needs and interests
Better understand and improve our products and services
Direct marketing, for example, as permitted by applicable law, to send you news and newsletters, special offers and promotions, or to contact you about products or information we think may interest you in accordance with our opt in /opt out practices. We may send these communications through postal mail, electronic mail, SMS (available in some markets only) or other available channels.
Help us to determine what advertisements to direct to you, to place on websites and where to advertise our services
Deliver GIA Alumni Association information, products and services
As applicable based on your interaction with us, we use and share your personal data as follows:
Purpose: For recruitment and to review admissions applications
The personal data that is collected during the admissions process may be shared with GIA affiliated entities, and with legal or regulatory officials to ensure compliance with applicable laws and regulations and for the purpose of academic evaluation, planning, financial aid processing and student billing, scholarship awarding, visa processing and enrollment reporting/verification.
Office of the Dean
Purpose: To provide the support of academic activities and records of current and former students on behalf of GIA.
The personal data that the office of the dean collects may be shared with relevant GIA departments (e.g., academic departments, advising, admissions, financial aid, etc.), and other third parties as required by law or regulation.
Student Financial Services
Purpose: To provide financial aid and administration of your account.
The personal data that student financial services collects is used to process payments, refunds, credits and may be shared with non-affiliated collection agencies.
Admissions for the administration of scholarships and to complete admission criteria
Alumni relations for the administration of scholarships and fostering alumni and donor relationships
United States Department of Education for monitoring awarding and determining the eligibility of federal financial aid programs
Purpose: To provide students and alumni with online access to employers, job postings, events, resources and to maintain efficient appointment and event registration, and to comply with federal or state reporting requirements.
GIA Alumni Association
Purpose: To deliver the GIA Alumni Association information, products and services you request and connect you with your local alumni chapter.
When you have successfully completed a GIA on campus program or GIA Distance Education course you automatically become a member of the GIA Alumni Association. Unless you opt-out, you will be listed in the GIA Alumni Association Directory. You will also receive GIA Alumni-related communications, ePublications, and be connected with your local GIA alumni chapter. Local GIA alumni chapters may be operated by third parties who have their own privacy policies, for which GIA is not responsible. In certain cases, you may be asked to consent to receiving alumni-related marketing communications, which you can freely withdraw.
Purpose: To ensure the security and integrity of GIA premises and for the safety of our employees, clients, students, visitors and others; and for emergency security purposes.
Video and Audio Monitoring
Purpose: To ensure the integrity and security of GIA’s premises and processes.
GIA uses both video and audio monitoring in public and work spaces. Appropriate signs are displayed in all areas where video and audio monitoring are used.
Purpose: For quality assurance, training, responding to inquiries and providing customer service.
GIA may record inbound and outbound calls. A recorded or recited notice advises callers of call recording and by continuing the call, the caller consents to being recorded, as permitted by applicable law. Types of information we collect include without limitation: your name and other personal data you provide during the phone call.
Persons Under the Age of Majority
If you are under the age of majority in your country (a “minor”), please do not attempt to send any information about yourself to us. In the event that we learn that we have inadvertently collected personal data from a minor without verification of parental consent, we will promptly delete that information.
Automatically Collected Data
GIA controlled student websites (“GIA Student Sites”) collect certain information automatically and store it in log files. The information includes internet protocol (“IP”) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about your use of GIA Student Sites. We use this information to help us design our services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer GIA Student Sites, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Information About Our Use of Other Technologies (Web beacons, pixel tags and other technologies):
Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. Clear GIFs are small pieces of code embedded invisibly on web pages, not stored on your hard drive, which often work in conjunction with cookies. We may use clear GIFs in connection with GIA Student Sites to, among other things, track the activities of users, help us manage content and compile statistics about use of these sites. We and our service providers also use web beacons in HTML emails to you help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded.
Opting In and Out of Email and SMS Marketing Communications
In certain cases, when we obtain your contract information, we may send you marketing communications via direct mail, email or SMS (available in select markets only) or other available channels about GIA’s various products, services, newsletters or general updates of GIA and GIA affiliated entities. If you no longer wish to receive marketing and promotional communications from us, you may opt out by emailing our Privacy Office or as follows: for email: click the “unsubscribe” option; for SMS: text STOP in response to the text message. If you opt out of receiving marketing communications from us, please note that we will continue to communicate with you regarding your ongoing relationship with us and for customer service related purposes.
Retention of Personal Data
As a general matter, we do not retain personal data for longer than is required or appropriate for the purposes for which it was collected, unless a longer or shorter period is necessary for our legal obligations, or customs of the industry, or to defend a legal claim, or to comply with legal, accounting, regulatory or reporting requirements, and consistent with applicable law.
Security of Personal Data
We take reasonable steps to protect your personal data by using technical, physical and organizational measures that are designed to protect against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your personal data to those persons who need to have access to it for one of the purposes listed in this Notice.
Disclosure, Transfer and Storage of Personal Data
We share and jointly use your personal data (please see “Types of Personal Data We Collect” regarding the types of personal data we jointly use) with other GIA affiliated entities for the following purposes: to assist us in performing the services that you have requested; for billing and collections; to host your data; to assist us in our marketing efforts; to assist us in performing our legal compliance obligations; to protect our rights and property and the rights and property of others; and for any other purpose as set forth in this Notice and permitted by applicable law. The data controller will be responsible for your personal data jointly used with other GIA affiliated entities. We will rely on agreements based on the standard contractual clauses or another legally valid mechanism to validly transfer your personal data outside the European Economic Area.
To the extent permitted by law, we share your personal data with local GIA alumni chapters which may be operated by third parties.
We also share your personal data with non-affiliated vendors and suppliers that provide products and services to GIA or its affiliated entities (e.g., payment processing, transmission of marketing emails, web hosting, couriers). These entities do not use your information for their own purposes, including marketing purposes, but rather act on the instructions of GIA. As an example of our sharing with third party service providers, we may disclose certain information (such as your email address) with non-affiliated parties such as Facebook (more information on Facebook Custom Audience here or see above) so that we can better target ads and content to you, and others with similar interests on these non-affiliated parties’ platforms or networks (“Custom Audiences”). We may also work with ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. To opt out of being included in our Custom Audiences going forward, contact us.
We may also disclose your personal data to another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer. We may also disclose your personal data when we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of this Notice. GIA may also make personal data available to other parties such as legal and regulatory authorities and law enforcement upon their request and/or where we believe appropriate to do so. When transferring personal data to GIA affiliated entities and non-affiliated entities (which may be located outside the country in which your personal data was collected and may not guarantee the same level of protection) we have executed legally necessary contracts with the recipients of your data.
Updates to this NoticeGIA may amend this Notice from time to time as laws change; and as our organization, products and services change. The revisions will take effect on the publication date of the amended Notice, as stated, and supersede all previous Notices regarding our privacy practices.
Unless prohibited by applicable law, we reserve the right to amend the Notice at any time, for any reason, without notice to you, other than the posting of the amended Notice at this site.
Notification of Rights Under the Family Educational Rights and Privacy Act (“FERPA”)
The Family Educational Rights and Privacy Act (“FERPA”) affords eligible students (“student,” or “you”) certain rights with respect to their education records. (An “eligible student” under FERPA is a student who is 18 years of age or older or who attends a postsecondary institution at any age). GIA’s FERPA policy can be found at https://www.gia.edu/ferpa
RIGHTS OF CALIFORNIA RESIDENTS
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information regarding the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To see a copy of the information disclosure provided by GIA pursuant to Section 1798.83 of the California Civil Code, please contact GIA using one of the methods described in this Notice.
Additional Information for Residents of the European Union (“EU”), or where applicable and required by the laws of your jurisdiction
To the extent the GDPR or other law granting particular rights to data subjects applies to you, you have the following rights with regard to our processing of your personal data:
Right to access, correct and delete your personal data: GIA will use reasonable measures designed to ensure that all personal data is correct. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to GIA so that we can ensure that your personal data is up-to-date.
You have the right to request access to any of your personal data that GIA may hold and to request correction of any inaccurate personal data relating to you. You furthermore have the right to request deletion of personal data we hold about you.
Right to withdraw consent: In the event your personal data is processed on the basis of your consent, you have the right to withdraw consent at any time by contacting us, and specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
Data portability: To the extent that we use your personal data on the basis of consent or for the performance of a contract and that personal data is processed by automatic means, you have the right to receive all such personal data that you have provided to GIA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
Right to restrict personal data use: You have the right to restrict our use of your personal data where (i) you contest the accuracy of the personal data; (ii) the use is unlawful but you do not want us to erase the personal data; (iii) we no longer need the personal data for the relevant purposes, but you require it for the establishment, exercise or defense of legal claims; or (iv) you have objected to our personal data use justified on our legitimate interests pending verification as to whether GIA has indeed compelling interests to continue the relevant personal data use.
Right to object to processing justified on legitimate interest grounds: To the extent that we are relying upon legitimate interest to process data, then you have the right to object to such processing, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims. Normally, where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your personal data violates this Notice or applicable law.
Legal Bases We Rely on When Processing Your Personal Data
Where EU data protection law applies, and where applicable under other applicable data protection laws, we process your personal data under the following legal bases:
- Our Legitimate Interests.Our processing is necessary for our legitimate interests, including to protect the security of our services; to protect the health and safety of you or others; to establish, protect and defend our legal rights and interests; to prevent fraud and verify identity and authorization of clients; to understand and analyze usage trends; and to improve our products and services.
Our Contract With You.Our processing is necessary to perform our obligations under a contract with you or to perform steps requested by you prior to entering into a contract with you (e.g., to verify the information you have provided to us).
Legal Compliance.Where our processing is required to comply with applicable law (for example, to maintain your payment transaction history for tax reporting purposes): e.g., in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, or related to national security requests.
Your Consent. When we have your express consent as defined by applicable law.
Privacy Questions and Complaints
Please note that certain personal data may be exempt from the requests described above pursuant to applicable laws, and that certain rights may only be exercisable in certain jurisdictions, in accordance with applicable laws. If you have any questions or concerns about this Notice or our use of your personal data, please contact GIA’s Privacy Office or, if you are located in India, our Grievance Officer, at any time. In your local jurisdiction, you may also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal data violates applicable law.