Student Privacy Notice



Last updated September 25, 2023, v. 3.0

Introduction

GIA values the privacy of your personal data. This Student Privacy Notice (“Notice”) describes GIA’s policies and practices regarding our processing, including collection, use, and handling, of your personal data in connection with your relationship with GIA as an educational services applicant, student, or alumni.

If you use GIA websites other than as an educational services applicant, student, or alumni, your use of those other GIA websites and any information that you submit to us through those other GIA websites will be governed by the posted GIA website privacy notice.

Privacy Office and Data Controller

If you have any questions or concerns about this Notice or our use of your personal data, please contact GIA’s Privacy Office at:

Privacy Office
Gemological Institute of America, Inc.
The Robert Mouawad Campus
5345 Armada Drive
Carlsbad, California 92008 USA
privacy@gia.edu

The entity which serves as your educational institution is a data controller for your personal data. For a complete list of data controllers, visit GIA Affiliated Entities.

Interpretation and Translation

This Notice has been created, drafted, and prepared in the English language. Subsequently, the English versions have been translated into different languages for convenience. In case of any discrepancy, unless otherwise prohibited by law, the English language version of this Notice shall take precedence over any translation of this Notice into any other language.

Personal Data Collection, Use and Processing

In connection with your relationship with GIA, GIA collects personal data about you (whether online, in-person, or through other means) from the following sources: directly from you; from our affiliated entities, including our subsidiaries and branch offices; from service providers; from alumni chapters; and automatically as you visit GIA websites.

We use your personal data for the purposes described in further detail below, including to facilitate your experience with GIA and to provide you with educational services and related products. We share your personal data with our GIA affiliated entities and others as described in this Notice.
Providing your personal data is voluntary. Please note, however, that without your personal data, we may be unable to provide you with the educational services and related products you request.

Types of Personal Data We Collect

In connection with your relationship with us, GIA collects the following categories of personal data, as permitted by applicable law:

  • General contact information (title, first name, last name, home address, mailing address, phone number(s), email address, date of birth, residency)
  • Business information (business name, doing business as (“DBA”), address, phone number(s), business email address, website address, principals, and company officers) (note, business information is only considered personal data to the extent it identifies an individual, unless otherwise stipulated by applicable laws)
  • Government identifiers (driver’s license, passport, government-issued identification with photograph, tax identification number, business license number, business license document, GSTIN number with code (India only), voter registration card, permanent resident alien card, national identity card, vehicle license plate number (as applicable)) (note, business information is only considered personal data to the extent it identifies an individual, unless otherwise stipulated by applicable laws)
  • Financial information (billing information, payment information, bank account number, banking institution, payment card information, third party payer information, financial and veteran information as needed to determine eligibility for student financial aid)
  • Application information (date of birth, residency and visa status, race, and ethnicity (U.S. citizens and U.S. permanent residents only), criminal history (as applicable))
  • Education/Training (details about your enrollment such as fields of study, dates of enrollment, degrees, diplomas, certificates awarded, dates conferred, academic honors and awards received)
  • Images and recordings (call recording, electronic video and audio monitoring and surveillance, film, photographs)
  • Verification/background check services (We collect personal data from background check providers to verify your identity and credibility as well as creditworthiness)
  • Other information (emergency contact information, special accommodations, additional information for identity verification)

Purposes for Which We Use Personal Data

GIA may use your personal data for the following purposes:

 

  • Assist with quality assurance, training, respond to inquiries and provide customer service
  • ​Review and process applications for admission, financial aid and scholarships
  • Provide you with educational courses, programs, and related services
  • To deliver publications and subscriptions
  • Combine your personal data with other information that we obtain from third parties
  • Assist us in advertising our services, including on non-GIA websites or through other channels
  • Ensure compliance with applicable laws including sharing your data with law enforcement and service providers
  • Monitor compliance with our existing policies and procedures
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use, or this Notice, where we believe it is appropriate
  • Respond to formal or informal government or regulatory body requests
  • Ensure the integrity and security of GIA’s premises and processes
  • Help us understand your needs and interests
  • Better understand and improve our products and services
  • Direct marketing, for example, as permitted by applicable law, to send you news and newsletters, special offers and promotions, or to contact you about products or information we think may interest you in accordance with our opt in /opt out practices. We may send these communications through postal mail, electronic mail, SMS (available in some markets only) or other available channels
  • Help us to determine what advertisements to direct to you, to place on websites and where to advertise our services
  • Deliver GIA Alumni Association information, products, and services
As applicable based on your interaction with us, we use and share your personal data as follows:

 

Admissions

 

  • Purpose: For recruitment and to review admissions applications.
The personal data that is collected during the admissions process may be shared with GIA affiliated entities, and with legal or regulatory officials to ensure compliance with applicable laws and regulations and for the purpose of academic evaluation, planning, financial aid processing and student billing, scholarship awarding, support visa processing, and enrollment reporting / verification.

 

  • Purpose: Know Your Student and Due Diligence Screening Policy and Notice
To the extent permitted by law, the personal data that is collected during the admissions process will be used to conduct due diligence screenings and assessments on all prospective and current students and is performed by GIA’s ethics and compliance department. This is to ensure that GIA provides educational services to individuals who engage in ethical practices, are not sanctioned individuals, and who comply with all applicable laws and regulations.
The due diligence screenings and assessments may include any of the following searches, as allowable by local law and regulation:

 

  • Screenings for government sanctions, exclusions and other watch lists;
  • Sex offender registry;
  • Civil and criminal court records; and
  • Other background information obtained from any law enforcement agency, administrator, government agency, court, information service bureau, including, but not limited to, criminal history.
For more information, please view our Know Your Student and Due Diligence Screening Policy and Notice here.

Office of the Dean

  • Purpose: To provide the support of academic activities and records of current and former students on behalf of GIA.
The personal data that the office of the dean collects may be shared with relevant GIA departments (e.g., academic departments, advising, admissions, financial aid, etc.), and other third parties as required by law or regulation.

Student Financial Services

  • Purpose: To provide financial aid or scholarships and administration of those applications and your account.
  • The personal data that student financial services collects is used to process payments, refunds, and credits and may be shared with non-affiliated collection agencies
  • Scholarship application data is used to manage, facilitate and administer GIA scholarships.
    • We may also share your personal data with third parties that sponsor scholarships for which you apply. In these cases, when you apply for the third party sponsored scholarship, you are providing your consent for the sharing of your data with the relevant third party sponsors. The relevant third party sponsor will use and share your personal data to manage, facilitate and administer the scholarship program and as otherwise disclosed by the third party sponsor.
  • Relevant government authority for monitoring, awarding, and determining the eligibility of government financial aid programs.

Career Services

  • Purpose: To provide students and alumni with online access to employers, job postings, events, resources and to maintain efficient appointment and event registration, and to comply with federal, state, or local reporting requirements.

GIA Alumni Association

  • Purpose: To deliver the GIA Alumni Association information, products, and services you request and connect you with your global alumni network.
When you have successfully completed a GIA on campus program or GIA online course you automatically become a member of the GIA Alumni Association. You will also receive GIA alumni-related communications, ePublications, and be connected with your global alumni network. Local GIA alumni chapters may be operated by third parties who have their own privacy policies, for which GIA is not responsible. In certain cases, you may be asked to consent to receiving alumni-related marketing communications, which you can freely withdraw.

 

  • Administration of scholarships and awards through alumni and donor relationships

Security

  • Purpose: To ensure the security and integrity of GIA premises and for the safety of our employees, clients, students, visitors, and others; and for emergency security purposes.

Video and Audio Monitoring

  • Purpose: To ensure the integrity and security of GIA’s premises and processes.
GIA uses both video and audio monitoring in public and work spaces. Appropriate signs are displayed in all areas where video and audio monitoring are used.

Call Recording

  • Purpose: For quality assurance, training, responding to inquiries and providing customer service.
GIA may record inbound and outbound calls. A recorded or recited notice advises callers of call recording and by continuing the call, the caller consents to being recorded, as permitted by applicable law. Types of information we collect include without limitation: your name/s and other personal data you provide during the phone call.

Persons Under the Age of Majority

You represent, acknowledge, and agree that you are at least 16 years of age. If you are not yet 16 years of age, you may not submit information to GIA with respect to GIA’s educational services. Applicants to any GIA course or program in the United States must be at least 16 years of age. Applicants to GIA courses or programs in all other countries must be at least 18 years of age.

Automatically Collected Data

GIA controlled student websites (“GIA Student Sites”) collect certain information automatically and store it in log files. The information includes internet protocol (“IP”) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about your use of GIA Student Sites. We use this information to help us design our services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer GIA Student Sites, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Cookies and Other Technologies

We use cookies, web beacons (including clear GIFs), Flash Local Storage Objects (“Flash LSOs”) and similar technologies, including technologies designed for mobile applications, to track user activity and collect usage data about our Sites and App. We may combine this data with the personal data we have collected from you.

Cookies. Cookies allow a web server to transfer data to a computer for record keeping and other purposes. We and our service providers use “cookies” on our Sites and similar devices designed for mobile applications, to, among other things, better serve you with tailored information and facilitate your ongoing access to and use of the Site. For further information and details about the cookies used on the Services, please see our Cookie Policy.  To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Local Storage Objects. We may use Flash LSOs in order to store your Site preferences and to support individual applications. Flash LSOs are different from browser cookies because of the amount and type of data stored. In addition, you cannot control, delete or disable the acceptance of Flash LSOs through your browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash cookies, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently on your computer, choose “Website Storage Settings Panel” and follow the instructions to review and, if you choose, to delete any specific Flash LSO.

Web Beacons, Pixel Tags and Other Technologies. Our service providers use web beacons in HTML emails to our customers, to help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded.

Analytics. We work with service providers (including Google Analytics and Flurry) who conduct analytics to help us track and understand how visitors use our Sites and our App. If you prefer not to participate in Flurry, please follow the instructions provided at http://www.flurry.com. Google Analytics is a web analytics service provided by Google that uses cookies to help us analyze how users use our Sites and our App. The information generated by the cookies about your use of the services will be transmitted to and stored by Google on servers in the United States. If you access the Sites or our App through different devices, Google may associate your devices with one another. For more information about how Google Analytics uses cookies to measure user interactions, visit https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can prevent Google’s collection and use of the data it collects as defined in its policy by downloading and installing this browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB. For more information about Google Analytics cookies, please see Google’s help pages (https://support.google.com/analytics/answer/6004245), FAQ on how they use the data https://policies.google.com/technologies/partner-sites, and privacy policy (https://www.google.com/intl/en/policies/privacy/).

Google Maps. Our Sites may include Google Maps features and content. Google Maps features and content is subject to the then-current versions of Google Maps/Google Earth Additional Terms of Service at https://maps.google.com/help/terms_maps.html and Google Privacy Policy at https://www.google.com/policies/privacy/.


YouTube. Our Sites may use YouTube to make content in video format available to you. By accessing a part of the Sites where videos are available, watching an embedded video, or otherwise interacting with any content made available through YouTube, you signify your agreement with YouTube’s terms and conditions. YouTube collects and otherwise has access to usage data (e.g., what videos you accessed and watched) through videos embedded in the Services as further described in YouTube’s Privacy Policy. YouTube adheres to Google's privacy policies and principles, part of which allow you to control certain privacy settings and which data are collected. For more information, please visit https://www.youtube.com/howyoutubeworks/user-settings/privacy/.

Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may however disable certain tracking as discussed in our Cookie Policy.

Online Advertising

To display more relevant advertising with respect to our services, to manage our advertising on non-affiliated sites, mobile apps, and online services, and to measure and improve our ads and marketing efforts, we work with Facebook, Google and other non-affiliated ad companies, ad exchanges, channel partners, measurement services and ad networks. Please see the “Cookies and Other Tracking Technologies” section above or our Cookie Policy for more information. For more information and to exercise your choices please see Facebook’s privacy policy and ad preferences page and/or Google/DoubleClick’s privacy policy, ad settings, and ads help page.

You can also learn more about online advertising here and opt out of interest-based advertising from many participating ad companies at the ad industry websites, including:

 


Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings. For more information about how to change these settings for Apple, Android or Windows devices, see:

 

 

Please note that opting out of advertising network services does not mean that you will not receive any advertising while using our Services or other services, nor will it prevent the receipt of interest-based advertising from non-affiliated parties that do not participate in these programs.

Facebook. For certain Facebook advertising services, Facebook Ireland is a Joint Controller (as defined in the GDPR) and that information required under the GDPR related to such processing can be found at https://www.facebook.com/about/privacy. We work with Facebook and use their advertising services to measure and improve our ads and marketing efforts, as well as to display more relevant advertising to you. For further information on how Facebook Ireland processes your personal information, including the legal basis, and the ways to exercise your rights, please visit https://www.facebook.com/about/privacy.

Opting In and Out of Email and SMS Marketing Communications

In certain cases, when we obtain your contact information, we may send you marketing communications via direct mail, email, or SMS (available in select markets only) or other available channels about GIA’s various products, services, newsletters or general updates of GIA and GIA affiliated entities. If you no longer wish to receive marketing and promotional communications from us, you may opt out by emailing our Privacy Office or as follows: for email: click the “unsubscribe” option; for SMS: text STOP in response to the text message. If you opt out of receiving marketing communications from us, please note that we will continue to communicate with you regarding your ongoing relationship with us and for customer service related purposes.

Retention of Personal Data

As a general matter, we do not retain personal data for longer than is required or appropriate for the purposes for which it was collected, unless a longer or shorter period is necessary for our legal obligations, or customs of the industry, or to defend a legal claim, or to comply with legal, accounting, regulatory or reporting requirements, and consistent with applicable law.

Security of Personal Data

We have taken steps to help protect the personal data we collect. However, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your device and account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your login and password private.

Disclosure, Transfer and Storage of Personal Data

We share and jointly use your personal data (please see “Types of Personal Data We Collect” regarding the types of personal data we jointly use) with other GIA affiliated entities for the following purposes: to assist us in performing the services that you have requested; for billing and collections; to host your data; to assist us in our marketing efforts; to assist us in performing our legal compliance obligations; to protect our rights and property and the rights and property of others; and for any other purpose as set forth in this Notice and permitted by applicable law. The data controller will be responsible for your personal data jointly used with other GIA affiliated entities. We will rely on agreements based on the standard contractual clauses or another legally valid mechanism to validly transfer your personal data outside the European Economic Area.

We may also share your personal data with third parties that sponsor scholarships for which you apply. In these cases, when you apply for the third party sponsored scholarship, you are providing your consent for the sharing of your data with the relevant third party sponsors. The relevant third party sponsor will use and share your personal data to manage, facilitate and administer the scholarship program and as otherwise disclosed by the third party sponsor.

To the extent permitted by law, we share your personal data with local GIA alumni chapters which may be operated by third parties.

We also share your personal data with non-affiliated vendors and suppliers that provide products and services to GIA or its affiliated entities (e.g., payment processing, transmission of marketing emails, web hosting, couriers). These entities do not use your information for their own purposes, including marketing purposes, but rather act on the instructions of GIA. As an example of our sharing with third party service providers, we may disclose certain information (such as your email address) with non-affiliated parties such as Facebook (more information on Facebook Custom Audience here or see above) so that we can better target ads and content to you, and others with similar interests on these non-affiliated parties’ platforms or networks (“Custom Audiences”). We may also work with ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. To opt out of being included in our Custom Audiences going forward, email us at privacy@gia.edu.

We may also disclose your personal data to another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer. We may also disclose your personal data when we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of this Notice. GIA may also make personal data available to other parties such as legal and regulatory authorities and law enforcement upon their request and/or where we believe appropriate to do so. When transferring personal data to GIA affiliated entities and non-affiliated entities (which may be located outside the country in which your personal data was collected and may not guarantee the same level of protection) we have executed legally necessary contracts with the recipients of your data.

 

We disclose your data where necessary to the administration of our general business, accounting, record keeping and legal functions, to our tax advisors, legal counsel, and other professional services entities or agents.

We may share aggregate or anonymized information about use of our services with service providers for marketing, advertising, research, analytics, or other similar purposes. We also may publish reports in the aggregate about usage trends of our services.

Links

For your convenience, GIA may provide links to certain non-affiliated websites or referrals to certain non-GIA products or services. If you choose to visit these websites or to use such products or services, please be aware that the third party’s privacy policy, and not this Notice, will govern your activities and any information you disclose while interacting with these limited websites. We are not responsible for the information practices of such non-affiliated websites or applications.

Updates to this Notice

GIA may amend this Notice from time to time as laws change; and as our organization, products and services change. The revisions will take effect on the publication date of the amended Notice, as stated, and supersede all previous Notices regarding our privacy practices.

Unless prohibited by applicable law, we reserve the right to amend the Notice at any time, for any reason, without notice to you, other than the posting of the amended Notice at this site.

Notification of Rights Under the Family Educational Rights and Privacy Act (“FERPA”)

The Family Educational Rights and Privacy Act (“FERPA”) affords eligible students (“student,” or “you”) certain rights with respect to their education records. (An “eligible student” under FERPA is a student located in the United States who is 18 years of age or older or who attends a postsecondary institution located in the United States at any age). GIA’s FERPA policy can be found at https://www.gia.edu/ferpa.

Rights of California Residents

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information regarding the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To see a copy of the information disclosure provided by GIA pursuant to Section 1798.83 of the California Civil Code, please contact GIA using one of the methods described in this Notice.

California Automated License Plate Recognition (“ALPR”) Usage

GIA’s employees and contractors responsible for physical security use ALPR technology (the “ALPR Technology”) as vehicles enter and pass through the GIA campus in Carlsbad, California. The ALPR Technology enables automated detection of vehicle information, including license plate details.  The ALPR Technology and the data it collects (the “ALPR Data”) is accessed and used by GIA employees and contractors who are responsible for managing physical security at the GIA campus.  ALPR Technology and ALPR Data is used for purposes of restricting access to authorized vehicles and maintaining the safety and security of the GIA campus.  Relevant GIA employees and contractors are trained to use ALPR Technology and ALPR Data in a manner that complies with this Privacy Notice and applicable law.  ALPR Data may be shared with law enforcement.  ALPR Data is not sold by GIA.  Use of ALPR Technology and ALPR Data is monitored by GIA’s legal, information security, and compliance functions for purposes of security and compliance with applicable law.  GIA deploys security measures in alignment with its company security policies that are designed to maintain the accuracy of ALPR Data.  GIA will correct known errors in the ALPR Data.  ALPR Data will be retained by GIA in accordance with its record retention policies, and GIA will refer to applicable legal requirements in order to determine when to destroy retained ALPR Data.  The title of the official custodian of the ALPR Technology at GIA responsible for implementing this section of the Privacy Notice is the Sr. Manager, Security Operations.

Additional Information for Residents of the European Union ("EU"), or where applicable and required by the laws of your jurisdiction

To the extent the GDPR or other law granting particular rights to data subjects applies to you, you have the following rights with regard to our processing of your personal data:

 

  • Right to access, correct and delete your personal data: GIA will use reasonable measures designed to ensure that all personal data is correct. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to GIA so that we can ensure that your personal data is up-to-date.
You have the right to request access to any of your personal data that GIA may hold and to request correction of any inaccurate personal data relating to you. You furthermore have the right to request deletion of personal data we hold about you.

 

  • Right to withdraw consent: In the event your personal data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to Privacy Office specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Data portability: To the extent that we use your personal data on the basis of consent or for the performance of a contract and that personal data is processed by automatic means, you have the right to receive all such personal data that you have provided to GIA in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
  • Right to restrict personal data use: You have the right to restrict our use of your personal data where (i) you contest the accuracy of the personal data; (ii) the use is unlawful but you do not want us to erase the personal data; (iii) we no longer need the personal data for the relevant purposes, but you require it for the establishment, exercise or defense of legal claims; or (iv) you have objected to our personal data use justified on our legitimate interests pending verification as to whether GIA has indeed compelling interests to continue the relevant personal data use.
  • Right to object to processing justified on legitimate interest grounds: To the extent that we are relying upon legitimate interest to process data, then you have the right to object to such processing, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims. Normally, where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
  • Lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the collection and use of your personal data violates this Notice or applicable law.

Legal Bases We Rely on When Processing Your Personal Data

Where EU data protection law applies, and where applicable under other applicable data protection laws, we process your personal data under the following legal bases:

 

  • Our Contract With You. Our processing is necessary to perform our obligations under a contract with you or to perform steps requested by you prior to entering into a contract with you (e.g., to verify the information you have provided to us).
  • Our Legitimate Interests. Our processing is necessary for our legitimate interests, including to protect the security of our services; to protect the health and safety of you or others; to establish, protect and defend our legal rights and interests; to prevent fraud and verify identity and authorization of clients; to understand and analyze usage trends; and to improve our products and services.
  • Legal Compliance. Where our processing is required to comply with applicable law (for example, to maintain your payment transaction history for tax reporting purposes): e.g., in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, or related to national security requests.
  • Your Consent. When we have your express consent as defined by applicable law.

Privacy Questions and Complaints

Please note that certain personal data may be exempt from the requests described above pursuant to applicable laws, and that certain rights may only be exercisable in certain jurisdictions, in accordance with applicable laws. If you have any questions or concerns about this Notice or our use of your personal data, please contact GIA’s Privacy Office, at any time. In your local jurisdiction, you may also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal data violates applicable law.


Student Acknowledgment

► I agree to GIA’s Student Privacy Notice. I consent to GIA’s processing of my personal data and consent to the transfer of information about me outside my home country as described in the Notice. I understand that subsequent withdrawal of my consent may prevent GIA from providing certain products or services to me.

►I have received GIA’s Know Your Student and Due Diligence Screening Policy and Notice and by submitting my personal data to GIA for consideration, I agree that GIA may undertake any of the referenced searches.

___________________________________________________________________________________

Marketing Preferences

► I would like to receive marketing communications about our products, services, and news and events from GIA.