GEMIA WORLD LTD
Effective date: 06 Aug 2025
Last updated:  13 Mar 2026

GEMIA WORLD LTD (“GEMIA”, “we”, “us” or “our”) is committed to protecting your privacy and handling your personal data in a lawful, fair and transparent manner.

This Privacy Policy explains how we collect, use, store, share and protect your personal data when you visit our website, create an account, purchase products, request services, contact us, subscribe to communications, or otherwise interact with us online.

This Privacy Policy is intended to reflect the requirements of the UK GDPR, the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations 2003 (PECR). 

GEMIA WORLD LTD
Registered office: 128, City Road, London, EC1V 2NX, UNITED KINGDOM
Email: careline@gemia.world
Privacy contact: privacy@@gemia.world
Telephone: +44 203 962 5743

For the purposes of UK data protection law, GEMIA WORLD LTD is the controller of the personal data processed through this website.

This Privacy Policy applies to personal data collected through:

• our website and any account registration process;
   
• online purchases, order management and customer support;
   
• newsletter subscriptions and promotional communications;
   
• bespoke consultations, appointment bookings and personalised service requests;
   
• social media interactions where you contact us or engage with our content; and
   
• other digital touchpoints linked to this website.
   

Depending on how you use our website and services, we may collect the following categories of personal data:

Name, title, username, customer ID and similar identifiers.

Billing address, delivery address, email address, telephone number and other contact information.

Order history, purchase details, payment status, delivery information, returns, refunds and related records.

Limited payment-related information such as transaction confirmations, payment references and billing verification information. Payment card details are generally processed by third-party payment service providers rather than stored in full by us.

IP address, browser type and version, device information, operating system, time zone setting, referral sources and server log data.

Information about how you use our website, including page views, session duration, navigation behaviour and interactions with website content.

Your marketing preferences, consent records, communication preferences and engagement with our campaigns.

Emails, messages, call notes, complaints, feedback, support requests and our records of those interactions.

Information you provide in relation to bespoke requests, design preferences, sizing, uploaded materials, appointment notes and related service details.

Information reasonably required to verify identity, prevent fraud, protect our business and customers, and comply with legal or regulatory obligations.

ICO guidance expects privacy notices to explain what personal data is collected, why it is collected, how long it is kept, and who it is shared with. 

We collect personal data:

• directly from you, when you fill in forms, place orders, create accounts, subscribe to communications, book consultations or contact us;
   
• automatically, through cookies, logs and similar technologies when you browse or use our website; and
   
• from third parties, including payment providers, delivery partners, fraud prevention providers, analytics providers and public sources, where lawful.
   

We use your personal data for the following purposes:

• to operate, manage and improve our website;
   
• to create and administer your account;
   
• to process orders, payments, delivery, returns and refunds;
   
• to provide customer service and respond to enquiries;
   
• to manage bespoke consultations and personalised services;
   
• to send service, transactional and administrative communications;
   
• to send marketing communications where permitted by law;
   
• to understand website performance and customer behaviour;
   
• to prevent fraud, misuse and security incidents; and
   
• to comply with legal, accounting, tax and regulatory obligations.
   

Under UK data protection law, we must have a lawful basis for processing personal data. The lawful bases most relevant to our website activities are:

Where processing is necessary to enter into or perform a contract with you, such as fulfilling an order or providing requested services.

Where processing is necessary to comply with a legal or regulatory obligation.

Where processing is necessary for our legitimate business interests, provided your rights and interests do not override those interests.

Where consent is required by law, particularly for certain electronic marketing and non-essential cookies or similar technologies.

The ICO states that the lawful bases most likely to apply to direct marketing are consent and legitimate interests, but where PECR requires consent, consent is also the appropriate UK GDPR lawful basis in practice. 

We may send you updates about GEMIA products, launches, services, events and brand communications where permitted by law.

You may opt out of marketing at any time by:

• clicking the unsubscribe link in any marketing email;
   
• adjusting your preferences in your account, where available; or
   
• contacting us at careline@gemia.world or privacy@@gemia.world.
   

We may still send non-marketing communications where necessary for orders, account administration, legal compliance or customer service.

For email and similar electronic marketing, PECR often requires consent unless a lawful exception applies. The ICO also says the best way to obtain valid consent is usually through a clear unticked opt-in box. 

Our website uses cookies and similar technologies for functionality, security, performance, analytics and, where applicable, personalisation or advertising.

These may include:

• strictly necessary technologies required for website operation and security;
   
• analytics technologies to understand how users interact with the site;
   
• functionality technologies to remember preferences; and
   
• marketing or targeting technologies where applicable.
   

PECR applies not only to cookies but also to similar technologies such as tracking pixels, device fingerprinting, scripts, tags and web storage. Non-essential technologies generally require consent before being set or used. 

Please also see our Cookie Policy below.

We may share personal data, where necessary and lawful, with:

• payment service providers;
   
• delivery, courier and fulfilment partners;
   
• IT, website hosting and cloud service providers;
   
• CRM, communications and customer support providers;
   
• analytics and marketing technology providers;
   
• fraud prevention and identity verification partners;
   
• legal, accounting, audit and insurance advisers;
   
• regulators, courts, law enforcement and public authorities; and
   
• prospective buyers, investors or transaction advisers in connection with a reorganisation, investment or sale.
   

Where third parties process personal data on our behalf, we require them to do so securely and only in accordance with appropriate instructions and contractual controls.

Some of our service providers may operate outside the United Kingdom or may access personal data from outside the United Kingdom.

Where personal data is transferred outside the UK and the transfer rules apply, we will use lawful transfer mechanisms and appropriate safeguards as required under UK data protection law.

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to meet legal, regulatory, tax, accounting, dispute resolution and record-keeping requirements.

Retention periods vary depending on the nature of the data and the purpose of processing. When personal data is no longer required, we will securely delete it or anonymise it where appropriate.

The ICO’s storage limitation guidance says organisations should not keep personal data for longer than they need it. 

We use appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised access, unauthorised disclosure and misuse.

These measures may include access controls, encryption, secure hosting, monitoring, vendor oversight and confidentiality obligations.

Subject to applicable law, you may have the right to:

• request access to your personal data;
   
• request correction of inaccurate or incomplete data;
   
• request erasure of your personal data in certain circumstances;
   
• request restriction of processing in certain circumstances;
   
• object to processing based on legitimate interests;
   
• object to direct marketing at any time;
   
• request portability of certain personal data where applicable; and
   
• withdraw consent where processing is based on consent.
   

The ICO says privacy notices should explain individuals’ information rights, including the right to withdraw consent where consent is relied upon. 

To exercise your rights, please contact:
privacy@@gemia.world
or
careline@gemia.world

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO).

Our website may contain links to third-party websites, plug-ins or services. Those third parties have their own privacy practices, and we are not responsible for their content or data handling.

Our website and services are not directed to children unless expressly stated otherwise. We do not knowingly collect personal data from children without an appropriate lawful basis.

We may update this Privacy Policy from time to time to reflect changes in law, business practices, technology or website functionality. The latest version will always be posted on this page with the revised date.

GEMIA WORLD LTD Cookie Policy
Effective date: 06 Aug 2025
Last updated:  13 Mar 2026

Cookies are small text files and related technologies placed on your device when you visit a website. They can help a website function properly, remember preferences, measure performance and understand how users interact with the site. PECR also applies to similar technologies such as tracking pixels, scripts, web storage and device fingerprinting. 

We may use the following categories of cookies and similar technologies:

These are required for core website functionality, security, fraud prevention, page navigation and checkout-related actions.

These help us understand website traffic, user journeys, page performance and service improvement opportunities.

These remember choices such as language, region or saved preferences.

These may be used to deliver more relevant content, measure campaign performance or understand engagement across digital channels.

We will ask for your consent before placing or using non-essential cookies or similar technologies on your device. Strictly necessary technologies do not require consent where they fall within the relevant exemption. 

You can manage your cookie preferences through:

• our cookie banner or preference centre;
   
• your browser settings; and
   
• device or platform privacy controls, where available.
   

Please note that disabling certain cookies may affect website functionality.

Some cookies or similar technologies may be placed by third-party services integrated into our website, such as analytics, payment, social media or embedded content providers. These providers may process information in accordance with their own privacy notices.

We may update this Cookie Policy from time to time. The current version will always be available on our website.

For questions about our use of cookies or similar technologies, please contact:
privacy@@gemia.world