Privacy Policy

GSI Diamond Certification-usa

GEMOLOGICAL SCIENCE INTERNATIONAL

PRIVACY NOTICE

Last Updated:  July 6, 2021

Gem Experience, LLC, doing business as Gemological Science International (“GSI”, the “Company”, “we”, “us” or “our”) provides this notice (this “Privacy Notice”) to help you make informed decisions when using any of our services, including lab services, reports, testing, examining, laser inscribing, photography, engraving, repair and all other related services (collectively, the “Services”) and when visiting our website (our “Website”).

This Privacy Notice describes how and why we collect, use, store, share, transfer or otherwise process any personal data that we collect, and describes your rights in respect of our processing of personal data.

WHEN WE COLLECT PERSONAL DATA

We collect and process personal data by expressly obtaining it from you, including when you request or obtain any of the Company’s Services, and when you use our Website.

With respect to the personal data we collect and process, we will typically be the data controller.  In some cases, we may be a data processor.

WHAT TYPES OF PERSONAL DATA AND TECHNICAL DO WE COLLECT?

We may collect the following personal data from our customers and from others who interact with the Company:

  • Your full name;
  • Your telephone number(s);
  • Your e-mail address(es);
  • Your mailing address;
  • Technical data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, geolocation information, and other technology on the devices you use to access our Website;
  • Information about your use of our Website features and how frequently you use them; and
  • Your preferences in receiving marketing from us and from third parties, as well as your communication preferences; and
  • Any information you choose to provide to us.

If you do not provide personal data to us when requested, we may not be able to provide Services to you.  We may also not be able to perform any contract we have (or are trying to enter into) with you.

Our Website uses commonly-used automated information gathering tools. While you are using our Website, we automatically log your IP address (a number assigned to your computer when you use the Internet), general data (including your domain name and the name of the web page from which you entered our Website) and your activity while accessing and using our Website.

Additionally, to personalize and enhance your experience, we may also collect information through “cookies.” Cookies are small strings of text that are sent by our Website to your browser and then stored by your browser on your computer’s hard drive. We use cookies to help diagnose problems with our servers and to administer our Website. We also use cookies to gather broad demographic information and to help identify you (by certain personally identifiable information) in respect to visits to our Website, so that we may improve your user experience, and to determine whether you visited our Website from a particular Internet link or advertisement.

We may also use small bits of code called “one-pixel gifs,” “clear gifs,” or “web beacons” embedded in web pages to gather certain web site information. Information may also be collected passively in the form of log files that record website activity, including how many “hits” a particular web page is getting (a.k.a., “click-through data”). For example, log file entries are generated every time a user visits a particular page or clicks an image on our website. These entries enable us to track a particular user’s visits to a web page, assess overall Site activity, track user interest in portions of our Website, troubleshoot technical concerns, and identify the type of browser you are using. We may also use the log file entries for our internal marketing and demographic studies, so we can constantly improve our Website.

By visiting our Website, you consent to the placement of cookies and beacons in your browser and HTML-based emails. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies.  If you disable cookies, some features of our Website may become disabled, and some aspects of our Website may not function properly.  Deleting cookies does not necessarily delete Flash objects. You can learn more about Flash objects – including how to control and disable them – through the Adobe interface.  If you choose to delete Flash objects from our Website, then you may not be able to access and use all or part of our Website or benefit from the information and services offered.

HOW WE USE YOUR PERSONAL DATA AND TECHNICAL DATA

We process personal data to operate our business, to provide Services, and to operate our Website.  Specific purposes for processing personal data include, but are not limited to:

  • To provide you with our Services;
  • To correspond with you regarding the Company or matters arising under our agreements with you;
  • To assess your suitability for any position for which you may apply to work at the Company;
  • To inform you of developments about the Company or with our Services that we believe may be of interest to you;
  • To personalize your use of our Services and the Website;
  • To conduct research and development for the improvement of our Website to provide you and other users with a better experience and drive user growth and engagement;
  • To monitor Website usage and other activity;
  • For our internal operations, including troubleshooting and diagnosing problems with our computer servers;
  • For identification and security purposes;
  • To comply with applicable laws, regulations, or legal processes and requests;
  • To enforce our agreements with you; and
  • To protect the rights, property, or safety of ourselves, our clients and others.

PARTIES WITH WHOM WE MAY SHARE PERSONAL DATA AND TECHNICAL DATA

We may share your personal data with contractors providing services on our behalf and otherwise to help us operate the Website.  In addition, we may from time to time share information with our affiliated companies for use in connection with their businesses.  In addition, we use third party service providers (our “Service Providers”) to assist us in operating our business.  Service Providers provide a wide range of services to us, including legal and compliance, accountancy, investment banking, marketing, data analytics, telecommunications (including telephone and video conferencing), website administration, information technology, courier, human resources and security services.  We require our Service Providers to limit their use and disclosure of your information to uses and disclosures that are consistent with this Privacy Notice.  However, we cannot guarantee their compliance.

We may also share personal data about you with others if:

  • We have received your permission to do so;
  • It is necessary to carry out your instructions to us;
  • We have given you notice, such as by telling you about it in this Privacy Notice;
  • We have removed your name or any other personally identifying information from it;
  • To provide the features and functionality of our Website.
  • To protect and defend our rights, property, or safety or those of our clients or others;
  • To enforce the terms that govern this Website or our provision of the Services;
  • To issue requests for employment verification or references to those to whom you have directed us;
  • When we believe it is appropriate to investigate, prevent or take action regarding illegal or suspected illegal activities;
  • When required to do so by law or regulation, or in response to legal process (for example, a court order, search warrant or subpoena) or a request from a law enforcement or governmental agency or authority, and in other circumstances in which we have a good faith belief that a crime has been or is being committed by you or another user or that an emergency exists; and
  • With our affiliates and third parties providing services on our behalf.

We may also share anonymous or aggregated information with third parties, including our affiliates and our Service Providers, to facilitate our business operations.

“DO NOT TRACK” SIGNALS

We do not collect personal data about your online activities over time and across third party websites or online services.  Accordingly, we do not currently process or comply with any web browser’s “do not track” signal or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personal data about your online activities over time and across third party websites.

From time to time, we may allow third party companies to collect certain anonymous information when you visit our Website.  These companies may collect and use data during your visits to this and other websites in order to provide advertisements on other sites about goods and services likely to be of greater interest to you. These companies typically use a cookie or a third party web beacon to collect this information.

DATA RETENTION

We retain your personal data as needed to provide Services to you.  We may retain your personal data after our Services are completed, if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between us and any third party, resolve any disputes between users, prevent fraud and abuse, or enforce this Privacy Notice or our agreements with you, and for as long as is necessary to provide support-related reporting and trend analysis.  We may also retain personal data if requested by law enforcement or as required under applicable law, regulation or legal process.  Any removed information may persist in our backup files but will not be generally available to users.  We will not endeavor to delete any information that is stored in our backup files.

MODIFICATIONS TO INFORMATION

We strive to maintain the accuracy of any personal data that may be collected from you, and will use reasonable efforts to respond promptly to update your personal data in our possession when you tell us that such information is not accurate.

CHILDREN

We do not intend for children under 18 years of age to use our Website or our Services.  The Company does not knowingly collect or solicit personal information from anyone under the age of 18.  If you are under 18 years of age, please do not send any information about yourself to us. By using our Services and our Website, you represent that you are at least 18 years of age.

THIRD PARTY WEBSITES, ADVERTISERS AND APPLICATIONS

GSI may reference or include links to third party websites.  GSI does not control and is not responsible for the third-party websites or for the privacy policies or information practices of third parties or their websites. You should review the privacy policies applicable to such third party services, applications, websites and advertisers. Moreover, GSI does not have access to, or control of, the cookies that may be placed by such third parties.

PROTECTING YOUR PERSONAL DATA

We use reasonable efforts to ensure the security of our systems. The Company employs reasonable physical, electronic and administrative safeguards to protect the information we receive from you from unauthorized disclosure.  Internet data transmission is not always secure and we cannot warrant that information you transmit utilizing the Website is secure.

BUSINESS TRANSFERS OF PERSONAL DATA

We may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personal data and technical information may be disclosed to any potential or actual third party purchasers of such assets and/or may be among those assets transferred.  We may also share or transfer personal data and technical information in connection with a merger, divestiture, reorganization or other disposition (whether of assets, stock or otherwise), or in the event of our bankruptcy or other insolvency proceeding.

INFORMATION FOR CALIFORNIA RESIDENTS ONLY

If you are a California resident, California law provides you with additional rights regarding our use of your personal data. To learn more about your California privacy rights, please see our Privacy Notice Supplement for California Residents Only.

California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our Users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes.

INFORMATION FOR NEVADA RESIDENTS ONLY

We currently do not sell data triggering the opt-out requirements of Nevada Revised Statutes Chapter 603A.  This means that we do not exchange personal data of Nevada residents for monetary consideration to a recipient, for that recipient to license or sell such covered personal data to third parties.

USERS IN THE EUROPEAN ECONOMIC AREA

This section applies ONLY to individuals in the European Economic Area.

Under the General Data Protection Regulation (the “GDPR”), individuals in the European Economic Area (“EEA Individuals”) have certain rights in relation to their personal data, which are summarized below.  These rights are subject to your exercising them in good faith and are subject to our legitimate interests or other valid basis to continue processing your personal data, in accordance with our policies and applicable law.

Our lawful basis for processing your personal data are: (a) performance of any contract we are about to enter into or have entered into with you, (b) it is necessary for our legitimate interests, (c) we must comply with applicable legal or regulatory obligations, or (d) we have received your consent.

EEA Individuals who wish to exercise any of the rights they have under the GDPR should contact us in writing by email.  Our email address is shown at the end of this Privacy Notice.  We may need to request specific information to help us confirm your identity, so that your personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request.

Generally, EEA Individuals do not have to pay a fee to exercise the rights described below.  However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

EEA Individuals may lodge a complaint with the appropriate regulatory body or supervisory authority in the country where they reside, where they work, or in the place of the alleged infringement of the law.

  • Access

If asked by an EEA Individual and if we are obligated to do so under applicable law, we will inform that individual about whether we are processing his/her personal data.  If we are processing such EEA Individual’s personal data, we will provide access to the personal data that we have about that individual.  If you request additional copies of your personal data, we may charge you a reasonable fee.

  • Rectification (e., Correction)

If the personal data we hold about an EEA Individual is inaccurate or incomplete, that individual may ask us to have it corrected.

  • Erasure

EEA Individuals may request that we erase (i.e., delete or remove) their personal data in certain circumstances.  If you are legally entitled to erasure, and if we have shared such personal data with third parties, we will take reasonable steps (taking into account available technology and the cost of implementation) to inform such third parties of your request, to the extent we are required to do so by applicable law.

  • Restriction of Processing

EEA Individuals have the right to restrict the processing of their personal data in certain circumstances, such as if they contest the accuracy of that personal data, if the processing of the personal data is unlawful, or if we no longer need the personal data for our business purposes.  If you are legally entitled to restriction, and if we have shared your personal data with others, we will use reasonable efforts to inform such third parties of your request, if we are required to do so.

  • Data Portability

EEA Individuals may ask to receive their personal data from us, where the legal basis of our processing is their consent, and where we carry out the processing of their personal data by automated means.  If EEA Individuals so request, we may transmit their personal information directly to another organization if it would be technically feasible to do so.

  • Objection to Processing

EEA Individuals may object to the processing of their personal data where we are relying on a legitimate interest (or those of a third party).  As noted above, you also have the right to object (i.e., opt out of) our processing of your personal data for direct marketing purposes.

  • Automated Decision-Making and Profiling

EEA Individuals have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.  We do not engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects an individual.

  • Processing of Special Categories of Personal Data and of Personal Data Relating to Criminal Convictions and Offenses

There are certain types of personal data that require a higher level of protection, known as “special categories” of personal data under the GDPR.  We do not process special categories of personal data unless (a) we have obtained such individuals’ explicit consent or (b) we are otherwise legally permitted to do so.  We do not collect personal data about criminal convictions and offenses, unless revealed by due diligence conducted to comply with a legal or regulatory obligation or unless we are authorized to do so under applicable law.

  • Withdrawing Consent

In certain circumstances, EEA Individuals have the right to withdraw their consent to our processing of their personal data.  However, withdrawal of consent will not affect the lawfulness of any processing that had been carried out before consent is withdrawn.  Moreover, if we rely on another legal basis (e.g., performance of a contract or legitimate interest) to process your personal data, we may continue to process your personal data in accordance with such other legal basis even after you withdraw your consent.  If you decide to withdraw your consent, we may not be able to provide our Services to you.

INTERNATIONAL DATA TRANSFERS

We are based in the United States and our computer servers are located in the United States.  Accordingly, all personal data in our possession and control is collected and processed by us in the United States.  Any party that provides personal data to us is thereby transferring such data to the United States and is consenting to the transfer of their personal data to the United States.  Individuals who access the Website from outside the United States do so on their own initiative and are responsible for compliance with local laws, rules and regulations.

UPDATES TO THIS PRIVACY NOTICE

We reserve the right, at any time, to modify or update this Privacy Notice.  Any such modifications or updates will be effective upon posting.  You are responsible for checking the Website for any updates to this Privacy Notice.  If we modify this Privacy Notice, your continued use of the Website will signify your acceptance of the modified Privacy Notice.

QUESTIONS OR CONCERNS

We will happily address any questions or concerns about our Privacy Notice or about our processing of your personal data. Contact us at info@gemscience.net.  Our mailing address is below:

Gemological Science International
581 Fifth Avenue
New York, New York 10017

 

PRIVACY NOTICE SUPPLEMENT FOR CALIFORNIA RESIDENTS ONLY

Last Updated:  July 6, 2021

This Privacy Notice Supplement for California Residents Only (this “Supplement”) supplements the Privacy Notice (the “General Privacy Notice”) of Gem Experience, LLC, doing business as Gemological Science International (the “Company”, “we”, “us” or “our”), and applies solely to individuals who are residents of the State of California (such individuals, ”Consumers” or “you”). This Supplement addresses your rights under the California Consumer Privacy Act of 2018 (“CCPA”).  This Supplement does not apply to individuals who are not residents of the State of California.  Capitalized terms used but not otherwise defined in this Supplement have the meanings given to them in the General Privacy Notice.

I.      Personal Information We Collect and Use

The CCPA defines “personal information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  The table below states whether or not we have collected the following categories of such “personal information” from consumers within the last twelve months: 

Category Examples Collected? If Collected, Business or Commercial Purpose for Collection
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Yes (A) it is necessary for our legitimate interests;  (B) we need to comply with legal or regulatory obligations; and (C) performance of any contract we are about to enter into or have entered into with you.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Some personal information included in this category may overlap with other categories. Yes (A) it is necessary for our legitimate interests;  (B) we need to comply with legal or regulatory obligations; and (C) performance of any contract we are about to enter into or have entered into with you.
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No  
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No  
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Yes (A) it is necessary for our legitimate interests;  and (B) we need to comply with legal or regulatory obligations.
G. Geolocation data. Physical location or movements. Yes  
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. No  
I. Professional or employment-related information. Current or past job history or performance evaluations. No  
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. No  
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes. No  

We obtain the categories of personal information from the following categories of sources:

  • Directly from you, including through in-person or telephonic interactions, or through our Website.
  • Indirectly from you (for example, from observing your actions on our Website).

II.      Collection and Use of Personal Information

‌We may collect and use the personal information we collect about you for the following purposes:

  • To provide our Services;
  • To correspond with you regarding the Company or matters arising under our agreements with you;
  • To assess your suitability for any position for which you may apply to work at the Company;
  • To inform you of developments about the Company or with our Services that we believe may be of interest to you;
  • To personalize your use of our Services and the Website;
  • To conduct research and development for the improvement of our Website to provide you and other users with a better experience and drive user growth and engagement;
  • To monitor Website usage and other activity;
  • For our internal operations, including troubleshooting and diagnosing problems with our computer servers;
  • For identification and security purposes;
  • To comply with applicable laws, regulations, or legal processes and requests;
  • To enforce our agreements with you; and
  • To protect the rights, property, or safety of ourselves, our clients and others.

In addition to the above, we may collect or use your personal information for other purposes for which either we or our client(s) will provide notice to you at the time of collection, or as otherwise permitted under the CCPA or other applicable law.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated or incompatible purposes without providing you notice.

III.      Sharing of Personal Information for a Business Purpose

We share your personal information with third parties when it is necessary for a business purpose.  When we share personal information to third parties for a business purpose, we require that the recipient not further collect, retain, sell or use such personal information except as necessary for the business purpose or except as otherwise permitted under the CCPA.

We share your personal information with the following categories of third parties:

  • Our affiliates;
  • Our Service Providers; and

During the preceding twelve months, we have shared the following categories of personal information to third parties for a business purpose:

            [Category A: Identifiers.]

            [Category F: Internet or other similar network activity.]

            [Category G: Geolocation data.]

IV.      “Selling” Personal Information[1]

During the preceding twelve months, we have shared the following categories of personal information to third parties for a business purpose:

            [Category A: Identifiers.]

            [Category B: California Customer Records personal information categories.]

            [Category D: Commercial information.]

            [Category F: Internet or other similar network activity.]

            [Category G: Geolocation data.]

 

We do not sell the personal information of minors under 16 years of age without affirmative authorization.

V.      Your Rights Under the CCPA

‌The CCPA provides California residents with certain rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

A.          Requests to Know

Through a verifiable consumer request, you may request disclosure of:

  • The categories of personal information that we have collected about you.
  • The categories of sources from which the personal information about you is collected.
  • The business or commercial purpose for collecting or selling personal information.
  • The categories of third parties with whom we share personal information.
  • The specific pieces of personal information that we have collected about you.
  • Categories of personal information that we “sold” or disclosed for a business purpose about you.
  • Categories of third parties to whom the personal information was sold or disclosed for a business purpose.

You may only submit a request to know twice within a 12-month period.

B.          Requests to Delete

Through a verifiable consumer request, you may request that we delete your personal information that we have collected and retained, subject to certain exceptions.  Once we receive and confirm such a verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us, our affiliates or our Service Provider(s) to:

  • Complete a transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Enable internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which it has been provided to us.

C.          Right to Opt Out of Our “Selling” of Your Personal Information

If we “sell” your personal information to third parties, you have the right, at any time, to direct us not to sell your personal information.  This right may be referred to as the right to opt out.  If you so direct us, we will refrain from selling personal information that we collect about you, unless you subsequently provide us express authorization for the sale of your personal information.

The CCPA provides that the following acts do not constitute “selling” personal information, meaning that you will not have the right to opt out of our sharing or disclosing your personal information in the following ways:

  • If you direct us to intentionally disclose personal information, or you use us to intentionally interact with a third party (provided that the third party does not also sell the personal information, unless that disclosure would be consistent with the CCPA).
  • We use or share an identifier about you after you opt out of the sale of your personal information, for the purposes of alerting third parties that you have opted out of the sale of your personal information.
  • We use or share with a service provider personal information that is necessary to perform a business purpose, if both of the following conditions are met:
    • we have provided notice of the information being used or shared; and
    • the service provider does not further collect, sell, or use the personal information except as necessary to perform the business purpose.
  • We transfer to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business, provided that information is used or shared consistently with relevant provisions of the CCPA.

D.          Submitting Your Requests to Know and Requests to Delete [and Right to Opt Out]

To submit a request to know or a request to delete [or a right to opt out] to us, you must submit a “verifiable consumer request” (as defined below) to us by writing us at the mailing address below, calling us at the toll-free number below, or sending an email to us at the email address below.

Gemological Science International
581 Fifth Avenue
New York, New York 10017

Toll-Free Telephone Number:  1-800-720-2018

Email:  info@gemscience.net

Under the CCPA, a “verifiable consumer request” means a request that is made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a natural person or a person registered with the Secretary of State, authorized by the consumer to act on the consumer’s behalf, and that we can reasonably verify, to be the consumer about whom we have collected personal information.

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

In addition to the list above, we may need additional information from you, if we reasonably determine that additional information is needed to properly verify your identity.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.  You may make a verifiable consumer request on behalf of your minor child.  We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  To verify your identity or authority to make the request, we may match data points you provide with your request, with data points that we maintain,

If you choose to use an authorized agent to submit a request to know or a request to delete to us, we will require that you (i) provide us with a copy of the written permission you gave the authorized agent to submit the request to us; and (ii) verify your own identity directly with us.  We may deny a request from an agent that does not submit proof that such agent has been authorized by you to act on your behalf.

If you submit a request in a manner that is not one of the designated methods of submission described above, or if your request is deficient in some manner unrelated to the verification process, we will either: (i) treat the request as if it had been submitted in accordance with our designated manner, or (ii) provide you with specific directions on how to submit the request or remedy any deficiencies with the request, if applicable.

Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

E.          Response Timing and Format

Upon receiving a verifiable consumer request, we will confirm receipt of it within 10 days and provide information about whether and how we will process the request.

We will deliver our written response either by mail or electronically. We will endeavor to respond to a verifiable consumer request within forty-five days of its receipt.  If we require more time (up to 90 additional days), we will inform you of the reason and extension period in writing.

Any information we deliver in response to your request may be delivered by mail or electronically.  If it is provided electronically, we will take reasonable steps to provide that the information will be portable and, to the extent technically feasible, in a readily useable format that would allow you to transmit the information to another entity without hindrance.

Any disclosures we provide will only cover the 12-month period preceding the date we received the verifiable consumer request.

We do not charge a fee to process or respond to your verifiable consumer request unless the verifiable consumer request is excessive, repetitive, or manifestly unfounded.  If we determine that the verifiable consumer request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

VI.      Non-Discrimination

‌We will not discriminate against you for exercising any of your CCPA rights.  Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

The CCPA permits us to charge consumers a different price or rate, and to provide a different level or quality of goods or services to you, if that difference is reasonably related to the value that your data provides to us.

We may also offer financial incentives, including payments to consumers as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. We may also offer a different price, rate, level or quality of goods or services to the consumer if that price or difference is directly related to the value provided to the business by your data.  We will not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.

If we offer any financial incentives, we shall notify you of those financial incentives.  We will enter you into a financial incentive program only if you give us prior opt-in consent, which may be revoked by the consumer at any time.

VII.      Changes to This Supplement

‌We reserve the right to amend this Supplement at our discretion and at any time.  When we make changes to this Supplement, we will post the updated notice on the Website and update the Supplement’s effective date.  Your continued use of our Services and our Website after the posting of changes constitutes your acceptance of such changes.

VIII.      Our Contact Information

‌If you have any questions or concerns regarding this Supplement, please contact us at:

Gemological Science International
581 Fifth Avenue
New York, New York 10017

Toll-Free Telephone Number:  1-800-720-2018

Email:  info@gemscience.net

Version 1:  Adopted July 6, 2021


HOW TO REPORT A CONCERN


If you are a GSI Employee:
1. Talk with your manager
2. Talk to HR, Legal, Compliance, or other management personnel
3. Email your concern to compliance@gemscience.net

If you are a GSI customer, vendor, or member of the general public:
4. Email your concern to compliance@gemscience.net

CONFIDENTIALITY

All reports will be handled as promptly and discreetly as possible, with facts made available only to those requiring the information in order to investigate and resolve the matter. GSI is committed to safeguarding the confidentiality of individuals who submit reports. However, due to the nature of certain claims, GSI’s available options and actions may be limited if the individual does not wish to make his or her identity known.

NO RETALIATION

GSI policy prohibits retaliation against anyone for reporting or inquiring about potential breaches of GSI policies or for seeking guidance on how to handle suspected breaches.

WHEN TO EXPECT A RESPONSE

All reports will be carefully reviewed by GSI. You should expect reply within 1 to 2 weeks.


NOTE


[1]Under the CCPA, the term “sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

[A number of businesses are currently wrestling with the question of what constitutes “other valuable consideration,” since the law does not define that term. Under the CCPA, the term “sell” is defined broadly to include many actions that your business may not have regarded as sales. For example, placement of a third-party cookie on your website to enable advertising could fall within scope. Allowing vendors to analyze data for their own purposes might also be considered a sale.] A business does not “sell” personal information when: (A) A consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party, provided the third party does not also sell the personal information, unless that disclosure would be consistent with the provisions of this title. An intentional interaction occurs when the consumer intends to interact with the third party, via one or more deliberate interactions. Hovering over, muting, pausing, or closing a given piece of content does not constitute a consumer’s intent to interact with a third party. (B) The business uses or shares an identifier for a consumer who has opted out of the sale of the consumer’s personal information for the purposes of alerting third parties that the consumer has opted out of the sale of the consumer’s personal information. (C) The business uses or shares with a service provider personal information of a consumer that is necessary to perform a business purpose if both of the following conditions are met: (i) The business has provided notice of that information being used or shared in its terms and conditions consistent with Section 1798.135. (ii) The service provider does not further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose. (D) The business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business, provided that information is used or shared consistently with Sections 1798.110 and 1798.115. If a third party materially alters how it uses or shares the personal information of a consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the consumer. The notice shall be sufficiently prominent and robust to ensure that existing consumers can easily exercise their choices consistently with Section 1798.120. This subparagraph does not authorize a business to make material, retroactive privacy policy changes or make other changes in their privacy policy in a manner that would violate the Unfair and Deceptive Practices Act (Chapter 5 (commencing with Section 17200) of Part 2 of Division 7 of the Business and Professions Code).to include many actions that your business may not have regarded as sales. For example, placement of a third-party cookie on your website to enable advertising could fall within scope. Allowing vendors to analyze data for their own purposes might also be considered a sale.]

A business does not “sell” personal information when:

(A) A consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party, provided the third party does not also sell the personal information, unless that disclosure would be consistent with the provisions of this title. An intentional interaction occurs when the consumer intends to interact with the third party, via one or more deliberate interactions. Hovering over, muting, pausing, or closing a given piece of content does not constitute a consumer’s intent to interact with a third party.

(B) The business uses or shares an identifier for a consumer who has opted out of the sale of the consumer’s personal information for the purposes of alerting third parties that the consumer has opted out of the sale of the consumer’s personal information.

(C) The business uses or shares with a service provider personal information of a consumer that is necessary to perform a business purpose if both of the following conditions are met:

(i) The business has provided notice of that information being used or shared in its terms and conditions consistent with Section 1798.135.

(ii) The service provider does not further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose.

((D) The business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business, provided that information is used or shared consistently with Sections 1798.110 and 1798.115. If a third party materially alters how it uses or shares the personal information of a consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the consumer. The notice shall be sufficiently prominent and robust to ensure that existing consumers can easily exercise their choices consistently with Section 1798.120. This subparagraph does not authorize a business to make material, retroactive privacy policy changes or make other changes in their privacy policy in a manner that would violate the Unfair and Deceptive Practices Act (Chapter 5 (commencing with Section 17200) of Part 2 of Division 7 of the Business and Professions Code).

Select your currency