Legal · Privacy
GEMIA WORLD LTD explains how personal data is collected, used, stored, shared and protected across our website, communications, products and services.
GEMIA WORLD LTD ('GEMIA WORLD', 'we', 'us', or 'our') is a company registered in England and Wales.
Registered address: 128 City Road, London, EC1V 2NX, United Kingdom
Company registration number: 16632806
ICO registration number: To be confirmed
Privacy contact: privacy@gemia.world
Website: https://www.gemia.world
We are the data controller for the personal data we collect through our website and services. This means we determine how and why your personal data is used.
This Privacy Policy applies to all personal data collected by GEMIA WORLD LTD through:
Our website at https://www.gemia.world and any associated subdomains
Account registration and user profiles on our platform
Communications with us by email, telephone, or other means
Use of our products and services
This policy does not apply to third-party websites we link to. We encourage you to read the privacy policies of any third-party sites you visit.
We collect and process the following categories of personal data:
Full name
Email address
Telephone or mobile number
Account username or profile information
Payment card details (processed securely via Stripe — we do not store full card numbers)
Billing address and transaction history
Internet Protocol (IP) address
Browser type and version
Device type, operating system, and identifiers
Pages visited, time spent on pages, links clicked
Referring URLs and search terms
Crash reports and performance data
Marketing communication preferences
Survey responses and feedback
Communication history with us
We do not knowingly collect special category data (such as racial or ethnic origin, political opinions, health data, biometric data) or data from children under 13 years of age. If you believe we have inadvertently collected such data, please contact us immediately at privacy@gemia.world.
We collect personal data through the following means:
When you register for an account or create a user profile
When you make a purchase or enter into a transaction
When you contact us by email, telephone, or via our website forms
When you subscribe to our newsletter or marketing communications
When you participate in surveys, competitions, or promotions
Through cookies and similar tracking technologies when you visit our website (see Section 8)
Through server logs, analytics tools, and performance monitoring software
Through your browser and device when you access our services
From payment processors (Stripe) when you make a purchase
From analytics providers (Google Analytics) about your website usage
From email platforms (Mailchimp) about your email engagement
From advertising networks about your interactions with our advertisements
Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. The table below sets out our processing activities and their legal basis:
Purpose of processing
Providing our products and services — Lawful basis: Performance of a contract
Processing payments — Lawful basis: Performance of a contract
Creating and managing your account — Lawful basis: Performance of a contract
Sending transactional emails — Lawful basis: Performance of a contract
Marketing communications (where consented) — Lawful basis: Consent
Website analytics and performance monitoring — Lawful basis: Legitimate interests
Security, fraud prevention, and protecting our systems — Lawful basis: Legitimate interests
Complying with legal obligations — Lawful basis: Legal obligation
Improving our services and developing new features — Lawful basis: Legitimate interests
Where we rely on legitimate interests as our legal basis, we have assessed that our interests are not overridden by your rights and interests. You can request information about this assessment by contacting us.
Where we rely on your consent (for example, for marketing emails), you have the right to withdraw consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.
We use your personal data for the following purposes:
To create, manage, and maintain your account with us
To process and fulfil your orders, transactions, and purchases
To communicate with you about your account, orders, or queries
To send you marketing and promotional communications (where you have consented or where we have a legitimate interest to do so)
To personalise your experience on our website and within our services
To analyse how our website and services are used and to improve them
To detect, prevent, and investigate fraud, security breaches, and other prohibited activity
To comply with our legal and regulatory obligations
To enforce our terms and conditions and other agreements
To manage our business operations, including internal reporting and auditing
We do not sell your personal data. We may share your data with the following categories of third parties:
We share data with trusted third-party service providers who process data on our behalf under data processing agreements. These include:
Stripe Inc. — payment processing (https://stripe.com/gb/privacy)
Google LLC — website analytics via Google Analytics (https://policies.google.com/privacy)
The Rocket Science Group LLC (Mailchimp) — email marketing platform (https://www.intuit.com/privacy/statement/)
Cloud hosting and infrastructure providers (such as AWS or equivalent), to host our website and store data securely
Advertising network providers — to deliver and measure the performance of targeted advertisements
We may disclose your personal data where required by law, regulation, court order, or governmental authority, or where we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with applicable laws.
If GEMIA WORLD LTD is involved in a merger, acquisition, sale of assets, or restructuring, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We may share your data with third parties where you have given us explicit consent to do so.
Our website uses cookies and similar tracking technologies. A cookie is a small data file placed on your device when you visit a website.
Essential cookies — Required for our website to function. These cannot be disabled. Examples: session management, security, login state.
Analytics cookies — Help us understand how visitors use our website (e.g., Google Analytics). These are only set with your consent.
When you first visit our website, you will be presented with a cookie consent banner. You can choose to accept or decline non-essential cookies. You can also manage cookies through your browser settings:
Google Chrome: Settings > Privacy and security > Cookies
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies
Microsoft Edge: Settings > Cookies and site permissions
Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies, visit www.allaboutcookies.org.
We are based in the United Kingdom. Some of our service providers are located in the European Economic Area (EEA). Where we transfer personal data to the EEA, this is done in reliance on adequacy regulations or appropriate safeguards such as the EU Standard Contractual Clauses.
We do not transfer your personal data to countries outside the UK or EEA except as described above. If we need to do so in the future, we will put in place appropriate safeguards to protect your data and will update this policy accordingly.
For further information about international transfers and the safeguards we use, please contact us at privacy@gemia.world.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Account data — Retained for the duration of your account and up to 7 years after closure for legal and tax purposes
Transaction and payment data — Retained for 7 years to comply with HMRC requirements
Marketing preferences — Retained until you withdraw consent or for 3 years of inactivity
Website analytics data — Retained for up to 26 months (Google Analytics default)
Customer support communications — Retained for 3 years from last contact
After the applicable retention period, we will securely delete or anonymise your personal data. In some circumstances, we may anonymise your data for research or statistical purposes, in which case we may use this information indefinitely without further notice.
We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, use, alteration, or disclosure. These measures include:
Encryption of data in transit using TLS/SSL
Encrypted storage of sensitive data
Access controls limiting who can access your data
Regular security assessments and testing
Staff training on data protection
Incident response procedures
Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and will notify you where required by law.
Under UK GDPR, you have the following rights:
Right of access — You can request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification — You can ask us to correct inaccurate or incomplete personal data.
Right to erasure ('right to be forgotten') — You can ask us to delete your personal data in certain circumstances.
Right to restriction of processing — You can ask us to suspend processing of your data in certain circumstances.
Right to data portability — You can ask us to transfer your data to you or another provider in a machine-readable format.
Right to object — You can object to us processing your data where we rely on legitimate interests or for direct marketing purposes.
Rights related to automated decision-making and profiling — You can ask not to be subject to decisions based solely on automated processing that have a significant effect on you.
Right to withdraw consent — Where we process data based on consent, you can withdraw that consent at any time.
To exercise any of these rights, please contact us at privacy@gemia.world. We will respond to your request within one month. In complex or numerous cases, we may extend this by a further two months, and we will notify you if this is necessary.
We may need to verify your identity before processing your request. We will not charge a fee unless a request is manifestly unfounded or excessive.
Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@gemia.world and we will delete such information promptly.
If we discover that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information as soon as possible.
We may send you marketing communications by email where you have:
Provided your email address and opted in to receive marketing from us, or
Previously purchased or enquired about similar products or services, and have not opted out
You can opt out of marketing communications at any time by:
Clicking the 'unsubscribe' link in any marketing email
Emailing us at privacy@gemia.world with the subject 'Unsubscribe'
Updating your preferences in your account settings (if applicable)
Opting out of marketing will not affect transactional emails, such as order confirmations, account notifications, or responses to your enquiries.
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Update the 'Last updated' date at the top of this policy
Notify you by email (where we hold your email address), or
Display a prominent notice on our website
We encourage you to review this policy periodically. Your continued use of our website or services after changes become effective constitutes your acceptance of the updated policy.
If you have a concern about how we handle your personal data, we would appreciate the opportunity to address it. Please contact us in the first instance at:
Privacy Team
GEMIA WORLD LTD
128 City Road
London, EC1V 2NX
United Kingdom
Email: privacy@gemia.world
If you remain unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Website: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You also have the right to seek a judicial remedy. If you are based in the European Union, you may also lodge a complaint with your local data protection authority.
If you have any questions about this Privacy Policy or our data practices, please contact our privacy team:
GEMIA WORLD LTD — Privacy Team
128 City Road, London, EC1V 2NX, United Kingdom
Email: privacy@gemia.world
Website: https://www.gemia.world