Effective Date (September 1, 2018)
Gemological Institute of America, Inc. ("GIA," “we,” or “our”) values the privacy of applicants, students and alumni of its On Campus and Distance Education programs (“you” and “your”). This Student Privacy Notice (“Notice”) describes GIA’s policies and practices regarding its collection, use and handling of your Personal Data, and sets forth your privacy rights. Personal Data is defined as information relating to an identified or identifiable individual. We recognize that valuing your privacy is an ongoing responsibility, and so we may from time to time update this Notice as we adopt new privacy policies or undertake new Personal Data practices.
GIA’s headquarters is in Carlsbad, California. If you have any questions or concerns about GIA’s Personal Data policies or practices please contact GIA’s privacy office:
Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, California 92008 USA
Personal Data Collection, Use and Processing
GIA collects and uses Personal Data about you for a lawful purpose(s) in accordance with applicable data protection laws. This means that, where law requires a legal basis for our collection and use of Personal Data, we collect and use Personal Data only for one of the following legal basis: consent; contract performance; legal obligation; protect vital interests; public interest; and for legitimate interests pursued by GIA or by a third party, except where such legitimate interests are overridden by your interests or fundamental rights and freedoms.
We use your Personal Data for the purposes described in further detail below, including to facilitate your experience with GIA and provide you with educational courses, programs and related services. We may share your Personal Data with our GIA Affiliated Entities and others as described in this Notice.
Providing your Personal Data is voluntary. Please note, however, that without your Personal Data, we may be unable to provide you with the educational courses, programs and related services you request.
Rights of California Residents
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information regarding the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To see a copy of the information disclosure provided by GIA pursuant to Section 1798.83 of the California Civil Code, please contact GIA using one of the methods described in this Notice.
Types of Personal Data We Collect
Including without limitation, GIA may collect the following categories of Personal Data:
- General contact information (e.g., title, first name, last name, home address, mailing address, phone number(s), email address
- Business information (e.g., business name, address, phone number(s), email address, website)
- Government identifiers (e.g., driver’s license, passport, government-issued identification with photograph, tax identification number, vehicle license plate number (as applicable))
- Financial information (e.g., billing information, bank account number, banking institution, payment card information, third party payer information, financial and veteran information as needed to determine eligibility for student financial aid)
- Application information (e.g., date of birth, residency and visa status, race and ethnicity (U.S. citizens and U.S. permanent residents only), criminal history (on campus programs and lab classes as applicable)
- Education/Training (e.g., details about your enrollment such as fields of study, dates of enrollment, degrees, diplomas, certificates awarded, dates conferred, academic honors and awards received)
- Images and recordings (e.g., call recording, electronic video and audio monitoring and surveillance, film, photographs)
- Other information (e.g., emergency contact information, special accommodations)
Purposes for Which We Use Personal Data
GIA may use your Personal Data for the following purposes:
- Consider and process your application
- Provide you with educational courses, programs and related services
- Provide the products and services you request
- To deliver publications and subscriptions
- Quality assurance, training, respond to inquiries and provide customer service
- Help us understand your needs and interests
- Better understand how our products and services are used
- Improve or better tailor our products and services or the content that we may send or display to you
- Direct marketing, for example to send you news and newsletters, special offers and promotions, or to contact you about products or information we think may interest you
- Assist us in advertising our services on third party websites
- Combine your Personal Data with other information that we obtain from third parties
- Help us to determine what advertisements to direct to you, to place on our websites and where to advertise our services
- Deliver GIA Alumni Association information, products and services
- Monitor compliance with our existing policies and procedures
- Respond to formal or informal government requests
- Comply with applicable legal obligations
- Ensure the integrity and security of GIA’s premises and processes
By way of example only, we may use and share your Personal Data as follows:
- Purpose: For recruitment and to review admissions applications.
The Personal Data that Admissions collects may be shared with GIA offices and academic departments for the purpose of academic evaluation, planning, financial aid processing and student billing, scholarship awarding, visa processing and enrollment reporting/verification.
Office of the Dean
- Purpose: To provide the support of academic activities and records of current and former students on behalf of GIA.
The Personal Data that the Office of the Dean collects may be shared with relevant GIA departments (e.g., academic departments, advising, admissions, financial aid, etc.), and other third parties as required by law or regulation.
Student Financial Services
- Purpose: To provide financial aid and administration of your account.
The Personal Data that student financial services collects may be shared with:
- Admissions for the administration of scholarships and to complete admission criteria
- Alumni relations for the administration of scholarships and fostering alumni and donor relationships
- United States Department of Education for monitoring awarding and determining the eligibility of federal financial aid programs
- Purpose: To provide the students and alumni with online access to employers, job postings, events, and resources, to maintain efficient appointment and event registration, and to comply with federal or state reporting requirements.
GIA Alumni Association
- Purpose: To deliver the GIA Alumni Association information, products and services you request.
When you have successfully completed a GIA on campus program or GIA Distance Education course you automatically become a member of the GIA Alumni Association and have the option to be listed in the GIA Alumni Association Directory, to receive GIA Alumni-related communications and ePublications, and to be connected with your local GIA Alumni Chapter. With your permission, we will also share your Personal Data with local alumni chapters that are operated by third parties who have their own privacy policies.
- Purpose: To ensure the security and integrity of GIA premises and for the safety of our employees, clients, students, visitors and others; and for emergency security purposes.
Video and Audio Monitoring
- Purpose: To ensure the integrity and security of GIA’s premises and processes
GIA uses both video and audio monitoring in public and work spaces. Appropriate signs are displayed in all areas where video and audio monitoring are used. GIA records all inbound and outbound calls to and from certain GIA personnel. With regard to calls, a recorded or recited notice advises callers of call recording and by continuing the call, caller consents to being recorded.
Third Party Links
In addition to producing original content, GIA may provide news feeds produced by others, which we may link to from our websites. This means you may find yourself on one of GIA's websites reading a press release or article that may offer you a link to another organization’s website where you may find related content. At these times, you will be leaving the GIA website. GIA is not responsible or liable for content provided by these third party websites or the Personal Data they may happen to gather from you.
As is true of most other websites, GIA’s websites collect certain information automatically and store it in log files. The information may include internet protocol (“IP”) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of GIA’s website, including a history of the pages you view. We use this information to help us design our websites to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Information About Our Use of Technologies Similar to Cookies
Web beacons, pixel tags and other technologies that are similar to cookies: Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. Clear GIFs are small pieces of code embedded invisibly on web pages, not stored on your hard drive, which often work in conjunction with cookies. We may use clear GIFs in connection with our websites to, among other things, track the activities of users, help us manage content and compile statistics about website usage. We and our third party service providers also use web beacons in HTML emails to you help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded.
Analytics: We work with third party service providers (including Google Analytics and Flurry) who conduct website analytics to help us track and understand how visitors use our websites. If you prefer not to participate in Flurry, please follow the instructions provided at www.flurry.com to opt out. To prevent Google Analytics from using your data, you can download the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
User generated content: Certain portions of our websites may permit user generated content, such as blogs and forums. Any information that you post to a publicly facing blog or forum may be viewable by other visitors to websites. Information that you submit through our student/educational blogs, will be available by other registered users of those services, at a minimum. We are not responsible for the privacy of any information that you choose to post to our websites, or for the accuracy of any information contained in those postings. Any information that you disclose becomes public information.
Opting In and Out of Marketing Mailings
In certain cases, we may request that you opt in to receive marketing communications from us, including electronic communications about GIA’s various products, services, newsletters or general updates. You may opt out of these communications by clicking the “unsubscribe” option or by contacting us. If you opt out of receiving marketing communications from us, please note that we will continue to communicate with you regarding your ongoing relationship and for customer service related purposes.
Retention of Personal Data
As a general matter, we do not retain Personal Data for longer than is required or appropriate for the purposes for which it was collected, unless a longer period is necessary for our legal obligations or to defend a legal claim, and always consistent with applicable law.
Security of Personal Data
We take reasonable steps to protect your Personal Data by using technical, physical and organizational measures that are designed to protect against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Notice.
Disclosure, Transfer and Storage of Personal Data
We share your Personal Data with other GIA affiliated entities and non-affiliated vendors and suppliers that provide products and services to GIA (e.g., payment processing, transmission of marketing emails, web hosting, couriers, your authorized representatives). We may also disclose your Personal Data to another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer. We may also disclose your Personal Data when we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of this Notice. GIA may also make Personal Data available to other parties such as legal and regulatory authorities and law enforcement upon their request and/or where we believe appropriate to do so. When transferring Personal Data to GIA entities and non-affiliated third parties (which may be located outside the country in which Your Personal Data was collected and may not guarantee the same level of protection) we have executed legally necessary contracts with the recipients of your data.
Disclosures described in this section may be further restricted by the Family Educational Rights and Privacy Act (“FERPA”). Please refer to the Notification of Rights under the Family Educational Rights and Privacy Act for more information.
Those Under the Age of 18
GIA does not knowingly collect or solicit personal information from anyone under the age of 18, or knowingly allow such persons to register on our websites. If you are under 18, please do not attempt to register or to send any information about yourself to us. No one under age 18 may provide or post any Personal Data on any GIA websites. In the event that we learn that we have inadvertently collected Personal Data from a child under age 18 without verification of parental consent, we will promptly delete that information.
In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the "GDPR") became effective. To the extent the GDPR applies to you and subject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data:
- Right to access, correct and delete your Personal Data: GIA will use reasonable measures designed to ensure that all Personal Data is correct. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to GIA so that we can ensure that your Personal Data is up-to-date.
You have the right to request access to any of your Personal Data that GIA may hold and to request correction of any inaccurate Personal Data relating to you. You furthermore have the right to request deletion of Personal Data we hold about you.
- Right to withdraw consent: In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to firstname.lastname@example.org specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
- Data portability: To the extent that we use your Personal Data for the performance of the engagement contract and that Personal Data is processed by automatic means, you have the right to receive all such Personal Data that you have provided to GIA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
- Right to restrict Personal Data use: You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful but you do not want us to erase the Personal Data; (iii) we no longer need the Personal Data for the relevant purposes, but you require it for the establishment, exercise or defense of legal claims; or (iv) you have objected to our Personal Data use justified on our legitimate interests pending verification as to whether GIA has indeed compelling interests to continue the relevant Personal Data use.
- Lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your Personal Data infringes this Notice or applicable law.
In addition, GIA complies with the Family Educational Rights and Privacy Act (“FERPA”). FERPA provides students with certain rights with respect to their education records. Please refer to the Notification of Rights under the Family Educational Rights and Privacy Act ("FERPA") for more information.
The U.S. Family Educational Rights and Privacy Act (“FERPA”)
The U.S. Family Educational Rights and Privacy Act (“FERPA”) affords eligible students (“student,” or “you”) certain rights with respect to their education records (An “eligible student” under FERPA is a student who is 18 years of age or older or who attends a postsecondary institution at any age).
Student rights include:
1. The right to inspect and review your education records within 45 days after the day the Gemological Institute of America, Inc. (“GIA,” or the “Institute”) receives a request for access.
2. The right to request the amendment of your education records that you believe is inaccurate, misleading or otherwise in violation of your privacy rights under FERPA.
3. The right to provide written consent before GIA discloses personally identifiable information (“PII”) from your education records, except to the extent that FERPA authorizes disclosure without consent.
4. The right to file a complaint with the U.S. Department of Education concerning alleged failures by GIA to comply with the requirements of FERPA. The name and address of the office that administers FERPA is:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202
Disclosures that GIA May Make Without Student Consent:
FERPA permits the disclosure of PII from your education records, without your consent, if the disclosure meets certain conditions found in § 99.31 of the FERPA regulations. Except for disclosures to school officials, disclosures related to some judicial orders or lawfully issued subpoenas, disclosures of directory information, and disclosures to you, § 99.32 of FERPA regulations requires GIA to record the disclosure. You have a right to inspect and review the record of disclosures.
Please refer to the Notification of Rights under the Family Educational Rights and Privacy Act ("FERPA") for more information.
Privacy Questions and Complaints
Please note that certain Personal Data may be exempt from the requests described above pursuant to applicable data protection laws and regulations, and that certain rights may only be exercisable in certain jurisdictions, in accordance with applicable laws. In your local jurisdiction, you may also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal data infringes regulation.