GROUP PRIVACY POLICY

Gem Diamonds Limited and its subsidiaries (“Group”) respect the privacy of how personal information is used and shared and is committed to help protect personal information. This Privacy Policy (“Policy”) addresses the information that is collected for and/or using our website (“Website”) and/or our online tender platform (“Tender Platform”).

By using our Website and/or Tender Platform, you agree that your personal information will be used and/or shared as set out in this Policy. Your use of our Website and/or Tender Platform is understood by you to be in accordance with the terms of this Policy and/or the Terms and Conditions of the Tender Platform.

  1. What information is collected about you

    This Policy sets out how the Group collects and manages personal information. In order to allow access to our Tender Platform to participate in our rough diamond tenders, it is necessary for us to process personal information including addresses, email addresses, phone numbers, passport information, invoice details, bank references and certain other relevant personal information that we may request from you ("know-your-client information").

    Although this information may be requested, it is only processed by us when voluntarily submitted by you. Additionally, personal information required for registration on our Tender Platform and/or participation in any diamond tender can be shared with any of our service providers and/or employees who are involved in the sale process, in particular information required by us to fulfil our contractual and/or legal obligations relating to the sale of any diamond.

    We also collect data about your use of our Website automatically according to our Cookie Policy that is published on our Website at www.gemdiamonds.com/cookies.php.

  2. How your information is used

    Information about our clients is an integral part of our business and we respect and will protect the privacy thereof in terms of this Policy. Your personal information is used for the following purposes:

      2.1 Client management
      In order to provide an optimal client service, personal information is used to communicate with you, to respond to your enquiries, manage your account and maintain our relationship with you, with the objective of providing a professional client experience.

      2.2 Providing our product
      It is necessary for us to process certain personal information including, but not limited to, identification and financial data in order to provide the rough or polished diamonds that you, or the organisation that you represent, may purchase from us. In the context of collection or delivery of the diamonds, invoicing thereof, as well as client management, it is necessary for us to process certain personal information for the performance of our contract with you.

      2.3 Marketing and advertising
      We may occasionally contact you, as permitted by applicable laws, by email (or other electronic communication channels) or telephone, with information about product offerings.

      2.4 Compliance to applicable legislation
      In order to comply with our "know-your-client" obligations under the applicable Anti-Money Laundering legislation, we process personal information including, but not limited to, identification and financial data. We carry out the processing of such personal data on the basis of our legal obligation to verify your identity before engaging in a business relationship with you in accordance with the applicable legal, regulatory and/or internal compliance requirements.

  3. When we disclose your information

    Your personal information will not be sold to a third party. Your information may however be shared as follows:

      3.1 Group companies
      As permitted by applicable law, your information may be shared with other companies in the Group. All companies in the Group are governed by this Policy.

      3.2 Service providers
      Your personal information may be shared with third party service providers who are engaged to provide banking services, data processing activities (such as general IT, network hosting, Tender Platform development and maintenance, and management information system development and maintenance); facilities and security management primarily for the purpose of allowing physical access to our premises, and/or secure courier services.

      3.3 Business Transfers
      If any company within the Group, or the entire Group is acquired or merged with another company, or if substantially all assets of the Group are transferred to another company, your personal information may be transferred to such other company.

      3.4 Legal processes
      We may share your personal information in order to comply with the law, a judicial proceeding, court order or other legal process, such as in response to a search warrant, court order and/or a subpoena.

      3.5 Protection
      We may share your personal information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving the potential threat to the safety of any person, violations of this Policy, or as evidence in litigation in which we are involved.

      3.6 Aggregate and anonymous information
      We may share your personal information on an aggregated or anonymous basis for statistics, research, statutory or similar purposes.

      3.7 Public authorities
      We may share your personal information with Public Authorities in any of the territories that the Group operates in on request of these Public Authorities.

      3.8 Legal purposes
      We may share your personal information for certain legal purposes, including the enforcement of the Tender Platform Terms and Conditions, to protect the security of our Tender Platform or when we believe disclosure is necessary to protect our rights

  4. Legal basis for processing

    We have a legal basis to collect, use and share your information. You also have choices about our use of your personal information as set out below.

    Your personal information will only be collected and processed where there is a legal basis to do so. Such legal basis includes consent by you, contractual obligations on us and/or any other legitimate interest.

    If you have any questions about the legal basis we use to process your information, please contact us on dataprotection@gemdiamonds.com.

    The following paragraphs describe the purposes of collecting personal data and the applicable legal grounds for the processing and retention thereof.

  5. Data retention

    Your personal information will be processed to the extent legally permitted and retained based on our legal obligations (e.g. in relation to document retention) or legitimate interests (e.g. in retaining your data for the purposes of responding to possible disputes or complaints, legal or regulatory requirements). As a result, not all of your data will be deleted when you deregister from our Tender Platform, but we limit the processing and/or sharing thereof to what we reasonably believe is absolutely necessary.

  6. Commitment to data security

    In order to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect online or otherwise.

    You should however be aware that the transmission of information via the Internet is never completely secure. You should also take the necessary steps to protect against unauthorised access to your passwords and all devices that can link to the Internet or contain password related information. We are not responsible for any lost, stolen, or compromised password or for any unauthorized password activity.

  7. Data transfer

    In the event of transfer of your personal information to a country outside of the European Economic Area, the Group shall apply an adequate level of protection of such personal information by means of appropriate and applicable data protection measures.

  8. Your rights as a data subject

    Under EU data protection legislation, you may benefit from various rights as a data subject, which are listed below:

      8.1 Access right and data portability
      You have the right to request access to your personal information processed by us, as well as the portability of data you have provided to us to the extent applicable.

      8.2 Data accuracy: right of rectification and right to erasure
      At all times, you have the right to request the rectification or erasure of your personal information, provided that the applicable legal requirements are met. The right to erasure is nevertheless subject to various exceptions, notably as regards to personal information whose processing is necessary to support litigation, for compliance with statutory retention requirements or performance obligations in terms of a contract that we might have with you. In such a case, however, we process such data only to the extent necessary, even without your request.

      8.3 Limits to processing: right to restriction, right to object & consent withdrawal:
      You have the right, if applicable legal provisions are met, to object to the processing of your personal information albeit that such processing is based on our legitimate interests and/or to otherwise obtain the restriction of certain forms of processing in specific circumstances. In particular, in relation to the processing of personal information for marketing purposes, you have the right to object at any time thereto. Where any processing is based on consent, you have the right to withdraw such consent by written request at any time (without affecting the lawfulness of processing prior to the consent withdrawal). We will in each case consider your request and confirm whether you meet the requirements for the processing to be stopped or limited in any particular way.

      8.4 Right to lodge a complaint with the supervisory authorities:
      You have the right to lodge a complaint with your local data protection authority. Users of the Tender Platform may also contact the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/) and users of the Website may contact the UK Information Commissioner’s office (https://ico.org.uk/make-a-complaint/).

  9. Contact information

    You may exercise any of the rights listed in point 8 above by submitting your request by email to dataprotection@gemdiamonds.com. Please include your personal details as well as verification of your identity. Please note that we may reject requests that are excessive or a misuse of the relevant right. Furthermore, your rights may be affected by any and all Anti-Bribery and Corruption and Anti-Money Laundering laws and regulations by which the Group is bound in the context of our legal obligation to identify you through a request and retention of certain personal information when establishing a business relationship.

  10. Changes to this Policy

    We may update and change this Policy from time to time as we may find necessary and at all times in accordance with the prevailing laws and regulations to which we are subject. While we will do our best to bring updates to your attention, it is your responsibility to keep track of such updates. Your continuing use of the Website and Tender Platform constitutes an acknowledgement of and agreement to any changes to this Policy.

    If you have any questions in relation to this Policy, please get in touch with us at Gem Diamonds Limited, 2 Eaton Gate, London SW1 W9BJ, United Kingdom, by telephone: +44 203 043 0280 or by email at dataprotection@gemdiamonds.com.