GIA Mobile Application Privacy Notice


Last Updated October 19, 2023, v. 2.0

Gemological Institute of America, Inc. (“GIA,” “Institute,” “we,” “us,” or “our”) provides this Mobile Application (“Application,” or “App”) Privacy Notice (“Notice”) to describe the information we collect, store, use and share (“Process”) when you download or use the App.

Questions or concerns? Reading this Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our App. If you have questions or concerns, please contact us at privacy@gia.edu.

SUMMARY OF KEY POINTS
This summary provides key points from our Notice, with more information by clicking the link following a key point, or by using our table of contents below to find the section you are looking for. You may also click here to go directly to our table of contents.

What personal data do we collect and process? When you download, visit, use or navigate our App, we may process personal data about you depending on how you interact with GIA and the App, the choices you make, and the products and features you use. Click here to learn more.

Does the App receive any information from third parties? The App does not receive any information from third parties.

Why do we process your information? We process your information to provide, improve and administer our App, to communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes depending on how you interact with our App. Click here to learn more.

In what situations and with which types of parties do we share personal data? We may share information in specific situations and with specific categories of third parties. Click here to learn more.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal data. Click here to learn more.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal data. Click here to learn more.

How do I exercise my rights? To exercise your rights, contact us at privacy@gia.edu. We will consider and act upon any request in accordance with applicable data protection laws.

TABLE OF CONTENTS

  1. What information do we collect?
  2. For what purposes do we process your information?
  3. What legal bases do we rely on to process your personal data?
  4. When and with whom do we share your personal data?
  5. How do we handle your social logins?
  6. Is your information transferred internationally?
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Do we collect information from minors?
  10. What are your privacy rights?
  11. Controls for do-not-track features?
  12. Do we make updates to this notice?
  13. How can you contact us about this notice?

 

1. WHAT INFORMATION DO WE COLLECT

Personal data you disclose to us. We collect personal data that you voluntarily provide to us when you download, visit, use, or navigate our App, express an interest in obtaining information about us or our services, when you participate in activities on the App and when you contact us.

Personal data provided by you. The personal data that we collect depends on the context of your interactions with us and the App, the choices you make, and the services and features you use. Examples of the personal data we may collect include the following:

  • first name
  • last name
  • email address
  • password
  • country
  • company name
  • other information we may request from time to time

 

Log in data. We may provide you with the option to login with email and password, as a guest, or by using your existing social media account details as described in Section 5, “HOW DO WE HANDLE YOUR SOCIAL LOGINS?” below.

Application data. If you use our App, we also may collect the following information, if you choose to provide us with access or permission:

 

  • Location data. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our App, to provide certain location-based services. If you wish to change your access or permissions, you may do so in your device’s setting. However, if you choose to opt out, you may not be able to use certain aspects of the App.
  • Mobile device access. We may request access or permission to certain features from your mobile device, including your mobile device’s storage, Wi-Fi, camera, calendar, and other features. If you wish to change your access or permissions, you may do so in your device’s settings.
  • Push notifications. We may request to send you push notifications regarding your account or certain features of the App. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.

This information is primarily needed to maintain the security and operation of our App, for troubleshooting, and for our internal analytics and reporting purposes.

Information automatically collected.

The App also collects the following information automatically:

  • Log and usage data. Service-related, diagnostic, usage, and performance information our App automatically collects when you access or use our App and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the App (i.e., date/time stamps associated with your usage, pages, and files viewed, searches, and other actions you take such as which features you use), device event information (i.e., system activity, error reports, sometimes called “crash dumps”, and hardware settings).
  • Device data. Information about your computer, phone, tablet, or other device you use to access the App. Depending on the device used, this device data may include information such as your IP address, or proxy server, device and application ID numbers, location, browser type, hardware model, internet services provider and/or mobile carrier, operating system, and system configuration information.

 

2. FOR WHAT PURPOSES DO WE PROCESS YOUR INFORMATION?

We process your information to provide, improve, and administer our App, communicate with you, for security and fraud prevention, and to comply with law.

We may also process your information for other purposes, depending on how you interact with our App, including:

  • to facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log into your account, as well as keep your account in working order.
  • to deliver and facilitate delivery of App to the user. We may process your information to provide you with requested service.
  • to respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • to send marketing communications we think may interest you in accordance with your communication preferences and applicable law.to save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

 

3. WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL DATA?

We process your personal data when we have a valid legal reason to do so under applicable law, to comply with law, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal data. As such, we may rely on the following legal bases to process your personal data:

  • Consent. We may process your information if you have given us consent to use your personal data for a specific purpose. You can withdraw your consent at any time. Click here to learn more.
  • Performance of a contract. We may process your personal data when we believe it is necessary to fulfill our contractual obligations to you, including providing our App at your request prior to entering into a contract with you.
  • Legitimate interest. We may process your personal data when the processing is necessary for the legitimate interests of GIA as the data controller.
  • Legal obligations. We may process your personal data where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to safety of any person.

 

We are generally the “data controller” under European data protection laws of the personal data described in this Notice since we determine the means and/or purposes of the data processing we perform.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We may share information in specific situations described in this section and/or with the following categories of third parties.

Third Parties. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal data.

We may also need to share your personal data in the following situations:

  • Business transfers. We may share or transfer your information in connection with, or during negotiations of any merger, sale of Institute assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with GIA Affiliated Entities, in which case we will require those affiliates to honor this Notice. Affiliates include our parent Institute and any subsidiaries, or other companies that we control or that are under common control with us.
  • Protecting Rights and Interests. To protect the safety, rights, property, or security of GIA, the services, any service provider, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity that we consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Notice, or our Terms of Use.
  • Legal Compliance. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.

 

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

If you choose to register or log in to our App using a social media account, we may have access to certain information about you.

Our App may offer you the ability to register and log in using your third-party social media account details. Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this Notice or that are otherwise made clear to you on the relevant App. Please note that we do not control and are not responsible for other uses of your personal data by your third-party social media provider.

6. IS YOUR INFORMATION TRASFERRED INTERNATIONALLY?

We may transfer, store, and process your information in countries other than your own.

Your personal data may be transferred, accessed, stored, and otherwise processed by us, other GIA Affiliated Entities, or service providers for the purposes described above, and subject to requests from law enforcement, including courts and tribunals in accordance with laws applicable in those jurisdictions, in jurisdictions outside of your home jurisdiction, and may not provide an equivalent level of data protection as your home jurisdiction. GIA take steps to protect your personal data, including, where required by law, through appropriate written data processing terms and/or data transfer agreements, for example, by signing relevant EU standard contractual clauses as approved by the European Commission.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal data for as long as it is necessary for the purposes set out in this Notice, unless a longer retention period is required or permitted by law (i.e., tax, accounting, or other legal requirements).

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented reasonable technical and organizational security measures designed to protect the security of any personal data we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise our guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal data to and from our App is at your own risk.

9. DO WE COLLECT INFORMATION FROM MINORS? 

By using the App, you represent that you are at least the age of majority in your home jurisdiction. If we learn that personal data from users less than the age of majority has been collected, we will take reasonable measures to promptly delete such data from our records.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In some regions, such as the European Economic Area (EEA), and United Kingdom (UK) you have rights that allow you greater access to and control over your personal data.

In some regions (i.e., EEA, UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal data; (ii) to request rectification or erasure; (iii) to restrict the processing of your personal data; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal data. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.

We will consider and act upon any request in accordance with applicable data protection laws. If you are located in the EEA or UK and you believe we are unlawfully processing your personal data, you also have the right to complain to your local data protection supervisory authority.

Withdrawing your consent: If we are relying on your consent to process your personal data, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You may withdraw your consent by contacting privacy@gia.edu. However, please note that withdrawing consent will not affect the lawfulness of the processing before its withdrawal.

Opting out of marketing and promotional communications: You may unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in emails, replying “STOP” or “UNSUBSCRIBE” to SMS messages, or by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.. However, we may still communicate with you, for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

11. CONTROLS FOR DO-NOT-TRACK FEATURES?

We do not currently respond to Do Not Track (DNT) browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in an updated version of this Notice.

12. DO WE MAKE UPDATES TO THIS NOTICE? 

We may update this Notice from time to time. The updated version will be indicated by an “Updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Notice frequently to remain informed on how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this Notice, you may email us at privacy@gia.edu or by post to:

UNITED STATES OF AMERICA
Gemological Institute of America, Inc.
c/o Cogency Global, Inc.
1325 J Street #1550
Sacramento, CA 95814