Privacy and Cookie Policy

Gem-A and its Subsidiaries Privacy Notice

Who we are

The Gemmological Association of Great Britain (herein referred to as Gem-A) is the world’s longest-running provider of gem and jewellery education. A UK charity, we can trace our lineage back to 1908 — that’s over 110 years of experience and expertise. It’s our mission to advance the understanding of gemstones through education, membership, engaging events and a community-driven approach to best practise. We also have a subsidiary company: Gemmological Instruments Ltd (herein known as Gem-A Instruments) that provide gemmological equipment for the trade.

As a data controller, we collect and use information about students, members and other customers in accordance with the General Data Protection Regulation (GDPR) 2018.

This privacy notice applies to Gem-A and Gem-A Instruments’ customers. The notice outlines how Gem-A and its subsidiary process your personal data.

Collection of your personal data

Gem-A collects data directly from you (e.g. from application forms, change of details forms, at events and via our website) and will create some data internally (e.g. when we assign you a student or membership ID or determine examination results). We may also collect some data from external sources. For example:

• Employers and accredited teaching providers (ATCs, GAPPs) may provide Gem-A with relevant information about members and students employed by or training with them, such as details of course registration or tutor membership
• Gem-A’s service providers (e.g. examiners or invigilators) will send Gem-A information relevant to the service they are providing
• The general public may provide information to Gem-A in relation to complaints or investigations
• Online activities: If you visit Gem-A website or online campus, we collect information about cookies and Internet Protocol (IP) addresses of your device used to access the site which is used in monitoring the level of activity and services we provide. For more information, please see our website notice.

The reasons for collecting your personal data

Gem-A will process personal data only if it has a legal basis to do so. The lawful basis (or bases if applicable) for processing data is dependent on the purpose of collecting your data.

Gem-A uses the following lawful bases in its data processing activities:

Public Interest

Gem-A is a membership body and has a public duty to protect the interests of its members and members of general public. This includes, and is not limited to, the maintenance and publication of Members directory, Regulatory activities, Member investigations and Disciplinary actions.

Contract

If you enter or wish to enter into contractual relationship with Gem-A, (e.g. by enrolling on one of our courses), the company will collect your, and any third parties’, personal data to facilitate the provision of services or products. Gem-A will only collect the data that is necessary for the performance of a contract.

This includes, and is not limited to, Gem-A membership, course enrolments, examinations, career services, event attendance and other subscriptions.

Legal Obligation

Gem-A collects and processes your personal data, which is required to adhere to legal obligations. This includes, and is not limited to, providing information to personal law enforcement agencies, regulators, and statutory bodies.

Legitimate interest

Gem-A collects your data and processes it to satisfy its legitimate interest. Gem-A will contact you if you expressed interest in any of our services, such as educational course, membership subscription or if you have attended an event. Gem-A will also contact you to provide support, training or employment.

Consent

Some types of data will be processed if you requested Gem-A to process it for a specific purpose or provided Gem-A with your explicit consent, for example if you subscribe to one of our mailing lists.

Information Gem-A collects about you

From the time you first engage with Gem-A, we will collect, process and hold data about you.

1. Upon enrolment or enquiry we will collect your:

• Name, address, contact details, date of birth, gender
• Unique Learner Number (ULN for UK students only)
• Data that will enable us to assess your suitability for the course such as (but not limited to) language test results, previous academic records.
• Details of enrolments, courses
• Financial information collected for the purpose of administering fees and charges; if you are not paying for your course yourself we will also collect data of the person who will pay your fee on your behalf
• Passport and visa details if you are studying at London headquarters, collected to comply with Home Office regulations for international students
• Your next of kin details to contact in case of emergency (On-site students only)
• Gem-A collects data directly from the student, or in some circumstances from the Accredited Teaching Centre or GAPPs where the student has enrolled.

2. During your studies we will also collect the following data:

• Your assessment and examination results
• Attendance records, complaints
• Sensitive data such as health and medical data which you share with us in order to support your mitigating circumstances or to help us facilitate any additional support needs you may have. For example: medical reports, disability and Specific Learning Difficulties reports, death reports
• Information which will help us prevent and detect crime and ensure safety and security of Gem-A staff and students, including, but not limited to, CCTV recording and data relating to breaches of Gem-A’s rules and regulations
• Data collected for the purpose of equal opportunities monitoring
• Information relating to the provision of advice, support and welfare, such as data relating to your use of the services offered by the Student Support Service
• While studying, you will be using our online learning platform which collects your IP and location data
• Employment details

3. Information Gem-A collects about its members/students:

• Personal details (name, membership ID number, nationality, date of birth, dates of affiliation, details of exam sessions including course results, payments, queries, complaints)
• Contact details and preferences
• Payment details
• Financial details
• Education and employment details

4. Information collected from event attendees:

• Name, email, address, financial information, telephone number

5. Information collected from other customers:

• Name , address, contact details, financial information, details of any disputes or complaints

The ways in which Gem-A uses your information:

Gem-A processes personal data in order to:

• Administer and undertake teaching, examinations and research, timetables, including use of online campus and anti-plagiarism service
• Administer and facilitate your use of Gem-A’s services (e.g. events, library, IT, Careers)
• Evaluate and monitor student experience and performance
• Monitor the effectiveness and efficiency of Gem-A courses, both internally and as against other establishments teaching gemmology worldwide
• Fulfil statutory reporting requirements
• Ensure the health, safety and well-being of students
• Enable you to access Gem-A’s premises and resources, using your access card
• Monitor compliance with Gem-A’s regulations and investigate any indications of breaches
• Notify you of services and events related to your studies (in accordance with your rights under the Privacy and Electronic Communications Regulations PECR)
• Respond to requests for information made under GDPR 2018

Gem-A also aggregates much of the data collected within its in-house data warehouse to allow reporting on student data:

• Provide membership services, including publications and newsletters
• Provide you with any other services or products
• Administer AGMs, EGMs, Elections registers and any other necessary lists

Access to your personal data

Gem-A takes the safety of your data very seriously. We will use your data to answer and assist you with your enquiries, investigations or complaints that involve Gem-A’s members and students. Such matters may be sensitive in nature and Gem-A restricts internal access to information to those teams responsible for investigating and resolving the relevant matters. However, please be aware that disciplinary hearings and outcomes may be made public.

Sharing of your personal data

Gem-A shares your personal data with its subsidiaries and other third parties to fulfil its legal, public or contractual obligations. For example, Gem-A may share your data with the courier or delivery companies who will deliver Gem-A’s products to you, or with exam centres who administer your exams, Gem-A’s accredited teaching centres and Gem-A GAPP centres who provide you with teaching services, or other third party service providers or Gem-A’s processors. Certain information, such as your name and examination results, may be shared with your teaching providers (Accredited Teaching Centres and GAPPs), subject to obtaining your consent. Gem-A is required to publish customer information in its members’ directory and a register relating to gemmology accreditations. We may also include information of our graduates and members and affiliates (including names and the country that they are located in) on Gem-A’s website and within lists to be published within appropriate publications, such as The Journal of Gemmology or Gems and Jewellery, and similar overseas publications. Gem-A will share some of your information with Gem-A Instruments, its subsidiary, to enable you to receive discounts on your purchases. In addition, disciplinary hearings and outcomes may be made public. We may provide confirmation of your academic achievements with us to recruitment agencies, employers and educational or professional bodies to assist you in finding appropriate employment once qualified. Gem-A may provide data relating to verification of membership subscriptions, training undertaken and qualification details. Gem-A may need to disclose information it holds about you to legal authorities, professional advisers, other professional bodies, regulators or other third parties. The information will be disclosed in order to investigate complaints and disciplinary matters, to exercise or defend its legal rights or otherwise, where required by law.

Retention of your personal data

Gem-A retains your personal data for as long as necessary for the relevant purposes listed in the section ‘The way in which Gem-A uses your information’ in the section above.

We may also retain certain records for other legitimate purposes (and after your relationship with Gem-A has concluded), for the purpose of resolving any potential disputes, cross-checking future membership applications, and to comply with other retention and reporting obligations. The retention schedule is available at the bottom of this policy.

Communications and marketing

Communications to fulfil contractual obligations:

Gem-A will contact you during the course of your studies, and until your graduation, to keep you updated about the progress of your studies, our products, services or qualifications.

If you are a member you will receive regular updates and newsletters from Gem-A. You will also receive renewal notifications which will remind you about renewing your membership.

Communications on the basis of legitimate interest:

You will be contacted by the admin or membership team if you enquire about our courses, membership, or other products or services. If you are a prospective student Gem-A may contact you to send you application forms, information packs, prospectuses or recruitment materials. If you attended any of our events or studied with us, we may ask you to complete surveys and questionnaires, and send you invitations to Gem-A’s open day and other events. Gem-A will strive to keep you informed about its current affairs and will notify you of any changes to Gem-A’s products and services.

Communications for which we need your consent:

We will ask you to subscribe to one of our mailing lists, and give us consent to contact you for purposes of marketing. You can withdraw consent any time by unsubscribing from the mailing list. The button to unsubscribe is located at the bottom of every email you receive from us.

We will not pass your information on to third party marketers and we will not sell your information to any third party. We may use named third-party service providers to process and store user data.

Third-party service providers used by Gem-A for marketing purposes:

MailChimp is a marketing automation platform and an email service provider. We use this platform to communicate with our members and students, and to send newsletters to those that have signed up to receive them. We will collect your name, email address, membership/student number if necessary and, where possible, the country in which you are based. The country is used as a segmentation tool so that you can receive news and updates within your specific country. As a marketing tool, MailChimp will let us know if you have opened an email or if you have followed specific links through it.

You can unsubscribe from newsletter communications at any time.

Eventbrite is a ticketing and registration platform. The Eventbrite platform is used by Gem-A to register anyone that plans to attend Gem-A events.

By registering for a paid event you will provide financial information. We will also request information to identify you, such as your name and membership/student number. The information is stored within Eventbrite.

Website

Our website, like most, uses cookies to improve delivery and to follow your preferences. You can choose not to use cookies. They do not in any way identify you, or give access to your computer or mobile device. The cookie is used to indicate to other websites that “This person visited a particular page, so show them ads relating to that page.”

Google Analytics provides us with marketing analytics for our website. It creates a Gem-A cookie to collect data.

Google AdWords uses cookies to identify you and serve you adverts based on your browsing history.  We use Google AdWords Remarketing to advertise Gem-A across the Internet, in particular on the Google Display Network. AdWords remarketing will display ads to you based on what parts of the Gem-A website you have viewed.

Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

Hotjar is a technology service that helps us to better understand our users experience with our website (how much time they spend on our pages, which links they choose to click, what users do and don’t like). Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This information is captured and stored in an anonymised form. Neither Hotjar nor Gem-A can use this information to identify individual users, nor to match it with further data on an individual user.

You can opt-out of the creation of a user profile, Hotjar’s storing of data about your usage of our site, and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

You can access Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy

View MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/

View Eventbrite’s privacy policy here: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_UK

View Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy

Publications

Gem-A will use your information in order to manage subscriptions to Gem-A’s publications The Journal of Gemmology and Gems and Jewellery. Members can contact Gem-A if they wish to change the format in which they receive such publications.

Events

We may also use information that you explicitly provide to us when participating in Gem-A events, within internal and external publications to promote Gem-A in the public and for advertisement purposes. Gem-A will inform you when participating in public campaigns and will seek your explicit consent prior to using your information. Examples of these are campaign programmes or interviews undertaken during public events. Your image may also be captured incidentally when you attend Gem-A functions and we reserve the right to use these images in our marketing materials or campaigns.

Storage of your personal data

Gem-A’s main information systems are located within the European Economic Area (EEA) and are accessed by Gem-A’s administration team, which is located in London, United Kingdom. We process personal data within the EEA, but as part of our operations and service delivery, Gem-A may transfer data outside of EEA to its suppliers.

Other teams within Gem-A may need to access, use and store your data in certain circumstances for the purposes listed above, e.g. to notify you with updates to training or examinations, or to investigate incidents or complaints. If you are an overseas member or student, your information may be accessed by Gem-A’s national office in your country and records may be maintained locally (subject to local legislation).

Some of Gem-A’s processors, including service providers and technology vendors, may pass personal data outside of the EEA into jurisdictions where obligations and rights under privacy laws may vary. If this happens, we will always ensure that appropriate assurance checks and measures are put in place to protect your personal data. Our contracts with these service providers include industry standard assurances over the interaction with our data.

Keeping your data accurate and up to date

It is your responsibility to notify us of any change to your personal data, such as contact details, during your affiliation with Gem-A. You can always contact us to update your information.

Policy Review

From time to time, we will review this document when we make substantial changes to our processes or procedures and systems, or if laws and regulations change. We will endeavour to keep this notice up-to-date, and make reasonable efforts to contact and update those affected if the changes are substantial in nature.

Is Gem-A subject to the Freedom of Information Act 2000?

For the purposes of the Freedom of Information Act 2000 (FOIA) Gem-A is not listed as a ‘public body’ and therefore is not under a duty to comply with the provisions of the FOIA.

Individual rights

Individual’s rights included are listed below. Different rights are applicable in different circumstances.

• the right of access (obtain a copy of their information)
• the right to rectification (correction or updating)
• the right to complain (to both the Gem-A and the regulator ICO www.ico.org.uk)
• the right to restrict processing (block or put on hold processing)
• the right to erasure (right to be forgotten)
• the right of data portability to another provider
• the right to be compensated for damage or distress
• rights related to automated decision making (machine based judgements)

If you want to exercise one of these rights please get in touch at:

Data Protection Officer
The Gemmological Association of Great Britain
21 Ely Place
London EC1N 6TD
United Kingdom

Email: privacy@gem-a.com
Call: +44(0)20 7404 3334