1. Introduction
At the International Gnostic Congress Spain 2026, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the European Union's General Data Protection Regulation (GDPR).
2. Data Controller
Legal name: IGLESIA GNOSTICA
Contact email: infocongreso@gnosis.is
Website: congreso.gnosis.is
3. Data We Collect
We collect the following types of personal data:
- Identification data: Full name, passport number, date of birth
- Contact data: Email, phone, country, city
- Spiritual data: Lumisial (gnostic name)
- Minor's data: Legal guardian email (for minors under 18)
- Technical data: IP address, session cookies, browsing data
4. Purpose of Processing
We use your personal data to:
- Manage your congress registration
- Process payments and issue confirmations
- Communicate relevant information about the event
- Comply with legal and tax obligations
- Improve our services and user experience
5. Legal Basis for Processing
The processing of your data is based on:
- Consent: You have explicitly accepted the processing of your data upon registration
- Contract execution: We need your data to manage your participation in the congress
- Legitimate interest: For event-related communications
- Legal obligation: To comply with tax and legal requirements
6. Sharing Data with Third Parties
We may share your data with:
- Service providers: Payment processors, email services, hosting
- Authorities: When required by law
We do not sell or share your data with third parties for marketing purposes.
7. Your GDPR Rights
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data (right to be forgotten)
- Portability: Receive your data in a structured, readable format
- Objection: Object to the processing of your data
- Restriction: Request restriction of processing
To exercise these rights, contact: privacy@gnosis.is
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. This includes SSL/TLS encryption, hashed passwords, and restricted access to sensitive data.
9. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this policy, generally up to 2 years after the event. After this period, your data will be anonymized or securely deleted.
10. Cookies and Similar Technologies
We use essential cookies to:
- Keep your session active
- Remember your language preferences
- Protect against bots (Google reCAPTCHA v3 - invisible)
We do not use tracking or advertising cookies.
11. Payment Processing
For processing payments for products and services, we use the secure payment gateway Redsys, operated by Banco Sabadell (through Paycomet/BSDEV). Regarding payments:
- Payment processor: Payments are managed through Redsys (Banco Sabadell), an authorized payment entity supervised by the Bank of Spain
- Shared data: Only the data strictly necessary to complete the transaction is shared with the gateway (amount, order reference)
- Card data: We never store or have access to your complete credit or debit card details. These are processed exclusively by Redsys in a PCI DSS certified secure environment
- Security: All transactions are conducted through Secure Electronic Commerce (CES) with 3DSecure authentication in compliance with the PSD2 directive
For more information on how Redsys processes your data, please refer to the privacy policy of Paycomet/Banco Sabadell.
12. Changes to this Policy
We may update this Privacy Policy occasionally. We will notify you of significant changes by email or through a prominent notice on our website.
13. Contact
If you have questions about this Privacy Policy or wish to exercise your GDPR rights, contact us:
Email: infocongreso@gnosis.is
Website: congreso.gnosis.is