Privacy Policy

Privacy Policy

GCLAM – COLLABORATIVE GROUP ON CUTANEOUS LYMPHOMAS, with its registered office in Bogotá, Colombia, email registros@gclam.com, in compliance with Law 1581 of 2012, Decree 1074 of 2015, and other relevant regulations, hereby adopts this Personal Data Processing Policy, in order to inform data subjects about how their personal data is collected, stored, used, circulated, transmitted, updated, deleted, and, in general, processed within the framework of activities related to the 1st Ibero-American Symposium on Cutaneous Lymphomas, including its registration processes, logistics, communications, and other associated activities.

1. Identification of the data controller

The data controller is:

Organization Name:GCLAM – Collaborative Group on Cutaneous Lymphomas
Address:Bogotá, Colombia
Contact email:registros@gclam.com

If a third party handles logistics, technology, registration, or communications on behalf of the data controller, that third party will act as a data processor, solely on the instructions of the data controller and within the scope of the purposes authorized by the data subject.

2. Definitions

For the purposes of this policy, “personal data” means any information related to or that can be associated with one or more identified or identifiable natural persons; “data subject” means the natural person whose personal data is being processed; “processing” means any operation or set of operations performed on personal data, such as collection, storage, use, dissemination, or deletion; “data controller” means the natural or legal person who determines the purposes and means of the processing; and “data processor” means the natural or legal person who processes the data on behalf of the data controller.

3. Scope

This policy applies to the processing of personal data collected through web forms, emails, digital records, registration platforms, websites, phone calls, messages, events, in-person or virtual activities, surveys, databases, and other channels used to interact with attendees, speakers, guests, partners, vendors, and other individuals associated with the activities of the event or the responsible organization.

4. Personal data subject to processing

The data controller may collect and process, as appropriate, data such as first name, last name, type and number of identification document (if applicable), email address, phone number, profession, specialty, city, institution, attendance format, registration codes, participation information, data related to logistical communications, responses to forms, as well as any other information that the data subject voluntarily provides in connection with registration for or participation in the event.

The data controller will not request sensitive data unless it is strictly necessary, legally permitted, and expressly authorized by the data subject where applicable. If sensitive data is collected, the data subject will be informed that providing such data is optional and of the specific purpose of its processing.

5. Purposes of the processing

Personal data will be processed for one or more of the following purposes:

a) manage the registration, validation, confirmation, and administration of event registrations;
b) assign registration codes, access codes, credentials, and entry controls;
c) send confirmation emails, the agenda, reminders, logistical information, participation instructions, and communications directly related to the event;
d) contact the data subject to address requests, questions, modifications, support, or updates related to their registration or participation;
e) organize the operational, academic, technical, administrative, and communication logistics of the event;
f) prepare attendee lists, internal reports, statistics, and participation metrics;
g) verify information provided by the data subject and keep the database up to date;
h) comply with legal, contractual, administrative, or security obligations;
i) retain records of registration, communications, and operational traceability of the event;
j) share information with data processors who support registration, operations, technical support, mailing, hosting, web management, or logistics processes, exclusively for authorized purposes;
k) send information about future activities, academic events, scientific conferences, or related content, provided that the data subject has given authorization or there is a legal basis permitting it.

6. Rights of the data subject

The data subject has the right to:

a) to access, update, and correct their personal data with the data controller or processor;
b) to request proof of the authorization granted, unless such proof is not legally required;
c) to be informed, upon request, regarding the use that has been made of their personal data;
d) file complaints with the Superintendency of Industry and Commerce regarding violations of the personal data protection regime, once the consultation or complaint process with the data controller has been exhausted;
e) revoke authorization and/or request the deletion of data when constitutional and legal principles, rights, and guarantees are not respected, provided there is no legal or contractual obligation to retain the information;
f) access, free of charge, their personal data that has been processed.

These rights may be exercised in accordance with the provisions of the Colombian Personal Data Protection Act.

7. Authorization by the account holder

The processing of personal data by the data controller requires the prior, express, and informed consent of the data subject, except where otherwise provided by law. Such consent may be obtained through physical, electronic, or digital means, including web forms, checkboxes, emails, signed documents, messages, or any other mechanism that allows for subsequent verification.

By completing registration forms, checking authorization boxes, submitting information through official channels, or voluntarily proceeding with the registration process, the data subject authorizes the processing of their personal data for the purposes set forth herein.

8. Privacy Notice

On data collection channels, a privacy notice or a visible reference to this policy will be made available to the data subject, providing, at a minimum, the identity of the data controller, the purposes of the processing, the data subject’s rights, and the channels for exercising those rights. The SIC has emphasized the importance of ensuring that the channels used to collect information include the policy, the notice, and authorization mechanisms.

9. Processing of data pertaining to minors

In principle, the event and its forms are not intended for minors. If, in exceptional cases, data regarding children or adolescents is processed, this will be done in compliance with applicable legal regulations, with respect for their best interests, and with the authorization of their legal guardian where applicable.

10. Data Transmission and Transfer

The organizer may transmit or share personal data with third-party service providers that support hosting services, forms, email delivery, storage, technical support, logistics operations, attendee services, and other processes necessary for the event’s execution, always under conditions of confidentiality and security and in accordance with the authorized purposes.

In the case of domestic or international transfers or disclosures, these will be carried out in accordance with applicable regulations and under the legal, technical, and organizational measures necessary to protect the information.

11. Information Security

The data controller will implement reasonable security measures—including administrative, technical, and human safeguards—to protect personal data against loss, misuse, unauthorized access, alteration, disclosure, or unauthorized processing. However, the data subject acknowledges that no platform or system is completely infallible and that the measures implemented will meet reasonable security standards based on the nature of the information and the associated risks.

12. Procedure for Inquiries and Complaints

Inquiries, requests, updates, corrections, revocations of consent, deletions, and complaints regarding personal data should be directed to registros@gclam.com or through the designated channel, including at a minimum the data subject’s name, contact information, a clear description of the request, and, if necessary, supporting documentation.

Requests will be addressed in accordance with applicable legal provisions. In the case of complaints, if the information provided is incomplete, the data subject may be asked to supplement the request. If the data controller lacks the authority to resolve the matter, it will forward the request to the appropriate party and notify the data subject accordingly, where applicable.

13. Validity of the information

Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, to meet legal, contractual, accounting, traceability, security, or legal defense obligations, and thereafter for the period required by law or for as long as there remains a legitimate purpose for retention.

14. Policy Effective Date

This Personal Data Processing Policy is effective as of April 15, 2026. The data controller may amend it at any time, in which case it will publish the updated version on its official channels or on the relevant website.

15. Contact channel

For inquiries, complaints, or requests regarding the protection of personal data, the data subject may write to:

Email:registros@gclam.com
Contact person / department:GCLAM Records Management