PRIVACY AND PERSONAL DATA PROTECTION POLICY

PANLAR

1. IDENTIFICATION AND DATA CONTROLLER

The Pan American League of Associations for Rheumatology (PANLAR), in its capacity as an international scientific organization that brings together rheumatology associations across the American continent, recognizes the protection of personal data as a fundamental right and as an essential element to ensure the trust, transparency, and legitimacy of its institutional, academic, and scientific activities.

During its activities, PANLAR acts as the data controller of the personal data it collects, stores, uses, transmits, or transfers, determining the purposes and means of processing in accordance with the applicable regulations in the different jurisdictions in which it operates.

In this regard, PANLAR adopts this Privacy Policy with the purpose of clearly, sufficiently, and transparently informing all data subjects about the processing of their personal data, as well as ensuring that such processing is carried out under the highest standards of security, confidentiality, integrity, and legality, in accordance with the regulatory provisions in force in each of the member countries.

2. SCOPE OF APPLICATION AND TERRITORIAL SCOPE

This Privacy Policy applies to all personal data processing carried out within the framework of PANLAR’s activities, regardless of the means, channel, or technology used for its collection or processing.

This policy applies to information collected through institutional websites, digital platforms for registration and enrollment in academic events, physical and electronic forms, academic management systems, institutional communications, as well as any other mechanism through which personal information of members, participants, researchers, strategic partners, suppliers, or any other interested party is obtained.

Given the multinational nature of PANLAR, this policy applies to data subjects located in the following countries: Mexico, United States, Canada, Costa Rica, Nicaragua, El Salvador, Cuba, Guatemala, Honduras, Panama, Dominican Republic, Peru, Bolivia, Colombia, Ecuador, Venezuela, Paraguay, Chile, Uruguay, Argentina, and Brazil.

Likewise, it shall apply to any data processing that, even if carried out outside these territories, is directly or indirectly related to PANLAR’s institutional activities or to data subjects located in such jurisdictions, ensuring in all cases an adequate and homogeneous level of protection.

3. MULTI-REGULATORY APPROACH AND LEGAL FRAMEWORK

PANLAR, in consideration of its international nature, adopts a multi-regulatory compliance approach, recognizing and respecting the different personal data protection laws in force in the countries where it operates.

In this context, personal data processing is carried out in accordance with regulatory frameworks such as the Federal Law on Protection of Personal Data Held by Private Parties (Mexico), sectoral and state privacy provisions in the United States, including those related to health data such as HIPAA when applicable, the Personal Information Protection and Electronic Documents Act – PIPEDA in Canada, Law 8968 on the Protection of the Person regarding the Processing of Personal Data in Costa Rica, Law 81 on Personal Data Protection in Panama, Law 172-13 of the Dominican Republic, Law 29733 of Peru, Law 1581 of 2012 in Colombia, the Organic Law on Personal Data Protection in Ecuador, Law 19.628 in Chile, Law 18.331 in Uruguay, Law 25.326 in Argentina, and the General Data Protection Law – LGPD in Brazil, among other complementary regulations on privacy, habeas data, and access to information in the remaining member countries.

By virtue of the above, when the same personal data processing is subject to more than one applicable legislation, PANLAR shall apply the principle of greater protection, adopting the regulatory provision that most broadly and favorably guarantees the rights of the data subject, as well as the most stringent available internal controls.

4. PERSONAL DATA PROCESSED

During its activities, PANLAR may collect and process various categories of personal data, depending on the relationship that the data subject maintains with the organization.

Such data may include identification information such as names, surnames, identity documents, and nationality; contact data such as email addresses, telephone numbers, and physical addresses; professional and academic information related to medical specialties, institutional affiliations, scientific background, and participation in events; as well as transactional data associated with payments, registrations, and contracted services.

Additionally, in certain cases and within the framework of specific scientific or academic activities, PANLAR may process sensitive data, including information related to health or clinical research, which will be managed under enhanced security, confidentiality, and restricted access measures, always ensuring compliance with applicable legal requirements and obtaining the explicit consent of the data subject when required.

5. PURPOSES OF PROCESSING

The personal data collected by PANLAR will be used exclusively for the development of its institutional, academic, and scientific purposes, including event and congress management, administration of participation records and memberships, dissemination of academic, scientific, and administrative information, execution of research activities, compliance with legal and contractual obligations, as well as statistical analysis and continuous improvement of the services offered.

PANLAR undertakes not to use personal data for purposes other than those described herein, nor for purposes incompatible with those for which they were initially collected, always guaranteeing respect for the purpose communicated to the data subject.

6. DATA TRANSFER AND SHARING

During its activities, PANLAR may share personal data with third parties such as event organizers, technology providers, academic management platforms, and strategic partners, when necessary for the proper execution of its institutional functions.

In all cases, PANLAR shall ensure that such third parties are subject to contractual obligations of confidentiality, limited use of information, and adoption of security measures equivalent to those implemented by the organization.

Likewise, due to its international nature, PANLAR may carry out international transfers of personal data among the countries in which it operates, always ensuring that such transfers are conducted under adequate protection standards, evaluating the legal conditions of the recipient country and adopting contractual, technical, and organizational safeguards that guarantee information security.

7. DATA RETENTION AND DELETION

Personal data shall be retained only for the time necessary to fulfill the purposes for which they were collected, as well as to comply with legal, contractual, or regulatory obligations.

In certain cases, data may be retained for longer periods for historical, scientific, or statistical purposes, provided that appropriate measures such as anonymization or pseudonymization of the information are adopted.

Once the purpose of processing has been fulfilled or the applicable retention periods have expired, the data shall be securely deleted, ensuring that they cannot be recovered or subsequently used.

8. DATA SUBJECT RIGHTS

Data subjects have the right to know, access, update, rectify, and delete their information, as well as to revoke the consent granted and to object to processing in cases permitted by law.

PANLAR guarantees the exercise of these rights through accessible, free, and effective mechanisms, ensuring a timely response within the timeframes established by the applicable regulations in each jurisdiction.

9. INFORMATION SECURITY

PANLAR implements technical, administrative, and organizational measures aimed at protecting personal data against loss, unauthorized access, misuse, alteration, or disclosure.

These measures are aligned with international information security standards, including practices based on ISO 27001, and are continuously evaluated and updated based on identified risks.

10. RESPONSIBILITY AND LIMITATIONS

PANLAR adopts all reasonable measures to ensure information security; however, it shall not be responsible for the improper use of personal data when such use results from actions attributable to the data subject, unauthorized third parties, or situations beyond the reasonable control of the organization, without prejudice to the actions taken to mitigate risks and protect information.

11. POLICY MODIFICATIONS

PANLAR reserves the right to modify this Privacy Policy at any time, in order to adapt it to regulatory changes, institutional improvements, or new activities.

Any modification shall be duly published on the official website.

12. CONTACT

For inquiries, requests, or exercise of rights related to personal data protection, data subjects may contact PANLAR through the following official channels:

secretaria@panlar.org
https://www.panlar.org/