Click here to book your Covid-19 test in advance by downloading our app.

Privacy Policy

18 March 2021

IntroductionLast updated 18 March 2021

The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with over 350 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies – as well as organisations in adjacent industry sectors. The GSMA also produces the industry-leading MWC events held annually in Barcelona, Los Angeles and Shanghai, and the Mobile 360 Series of regional conferences.

At the GSMA, we take privacy and data protection seriously. This Privacy Statement describes the GSMA’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights.

Quick links

When this Privacy Policy applies

This Privacy Policy applies to the processing of personal data of participants of MWC Barcelona, including attendees, exhibitors, sponsors, speakers, partners, third party personnel and other individuals taking part in the event. This includes in relation to the personal data obtained via the attendee registration system, the Event app, the partner programme registration system, the exhibitor and partner registration system, digital and/or printed badge and/or facial recognition scanning (at access points, for sessions or for participation in enclosed meeting spaces) at the Event, and the contractor bulk upload system.

Our Privacy Policy does not apply to services and products offered by other companies and individuals. We are not responsible for the privacy policies and practices of other websites, even if you access them using links from GSMA websites. We strongly recommend that you check the Privacy Policy of each site you visit, and contact its owner or operator if you have any concerns or questions.

Updates to this Privacy Policy

We will update the Privacy Policy when necessary to reflect changes in our products and services. If there are material changes to the policy or in how GSMA will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification, and you will have a choice as to whether or not we use your information in this new manner. We encourage you to periodically review the Privacy Policy to learn how GSMA is protecting your information.

If you have any queries about the Policy, please get in touch with us using the contact details set out at Contact Us link below.

Information that you provide voluntarily

Account Creation and Registration

We collect information you give us, for example, when you create an account with us; register for the Event; require a service; download one of our publications or apps, such as our Event app, which will help you navigate the event, facilitate networking and plan your schedule; or subscribe to our publications or newsletter. The information collected includes (but is not limited to) your name, job title, employer name, address, work email, telephone number, job functions, areas of interest, and photograph. If you are a speaker, we may collect additional information such as your professional profile.

Automatic ID Validation (Facial Recognition)

With your consent, if you chose to register for MWC Barcelona via Automatic ID Validation, we may also process your biometric data (in particular, by using facial recognition technology) during the online registration process and when you attend the Event, strictly for the limited purposes of verifying your identity. If you use this process during registration, we will use facial recognition technology to match automatically the image you provide to us against the photograph in your passport / EU national ID card. This facial recognition technology analyses your facial features by taking measurements of data points that make up the face. These data points include the distance between your eyes and the distance from forehead to chin, etc. The technology processes a number of data points to create a real-time map of your face. This is converted into a secure data pattern using a complex algorithm to create your biometric token. For security purposes at venue access, we will automatically match the image taken at the access point against your biometric token (i.e. your facial map). As explained in the Your Choices and Control section below, you may withdraw your consent for the use of your biometric data at any time. If you do, we will delete your biometric token and carry out manual ID validation, as required (although consent withdrawal will not affect the lawfulness of the processing of your biometric data that has already taken place at registration stage). Click here for further information about how we use facial recognition technologies for ID verification purposes.

Image, Voice and Other Recordings

We, or authorised third parties attending the Event, may also make and store recordings of your image, voice and likeness in certain instances. These images may be used by GSMA in its promotional materials, including on its website and off-line materials (e.g. brochures, etc.) and broadcast on Mobile World Live or other media channels, including social media channels. Authorised third parties, such as exhibitors and sponsors, may also take images of you via their own on-site crews. Journalists will also be in attendance and appropriately identified. As discussed elsewhere in this Privacy Policy, we may also make and store recording of your image for facial recognition purposes when you have signed up for that for access control.

Where such images or recordings are taken by an authorised third party, event sponsors, exhibitors, journalists, or the venue (or other security supplier) for security purposes, we require such third parties to provide you with a Privacy Notice relating to same and obtain any necessary consents. We recommend that you check the Privacy Notices of these third parties.

Badge Scanning

We, or authorised third parties participating in the Event (including exhibitors and sponsors), may collect your personal data by scanning your digital badge. This may occur when you access or exit the venue, enter sessions or other restricted areas at the Event, or enter an enclosed space, meeting room or restaurant. This scanning may occur for the purposes of access control, analytics, event planning, logistics, health and safety (including for the prevention of the spread of diseases and contract tracing purposes), and sharing with a third party session provider if you have scanned your digital badge or registered to attend that third party's session.

Covid-19 Testing

As set out in our Committed Community plan, you will be required to undergo Covid-19 tests at regular intervals during the Event. Information about your tests results will be processed for the sole purpose of access control and Covid-19 tracking and tracing as required by local health authorities and relevant events regulations and protocols.

Information that we collect automatically

We also collect information about you when you use our services or products. For example, we may collect such information when you visit our websites or app, or view and interact with our ads and content. This information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, other information that is provided by the end user device and usage information about the use of the GSMA’s websites and web applications, including a history of the pages you view. We also use cookies and web beacons. You may view our Cookie Policy here.

Information that we obtain from third party sources

From time to time, GSMA receives personal information about individuals from third parties. This may happen, for instance if your employer is a member of GSMA and signs you up for an event or training or if your employer (or entity by whom you are engaged as a contractor or temporary staff member) provides services to GSMA and you are involved in the provision of these services. Additionally, this may occur when an authorized third party provides GSMA with access information obtained from badge scanning for purposes of complying with a Covid-19 tracking and tracing requirement from the health authorities and relevant regulations and protocols. We will check that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

We process your personal information for account administration, to deliver the products and services you require, and to inform you of GSMA-related events, meetings, content, initiatives and other benefits or opportunities associated with GSMA or the industry. GSMA may also use this information to help GSMA understand your needs and interests to better tailor our products and services to meet your needs.

We may contact you by any means of communication for which you have given us contact details and authorised, including e-mail, telephone, and post. You can tailor and modify what you receive from us at any time by using our preference centre. You can also unsubscribe at any time via the unsubscribe button present in all of our electronic messages or by using the Contact Us section below.

We process your personal information for the purposes of ensuring the security of the Event and for health and safety purposes, including for the purposes of preventing the spread of diseases such as Covid-19, and in line with regulatory, legal and/or contractual requirements to which we are subject for such purposes. This may sometimes require that we process information about your health, for example, if you have experienced symptoms of, or have other indications of, Covid-19. This may further require that we provide your information (including information obtained via badge scanning by GSMA or an authorized third party) to the relevant health authorities in response to a request for Covid-19 contact tracing information.

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Policy or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

Sharing of Information

We do not sell personal information to anyone and do not otherwise reveal your personal data to third-parties for their independent use unless:

  • you request or authorise it, for instance by registering for a summit or a partner programme
  • you register for (or scan your digital badge to participate in) a speaking session, tour or other event that is sponsored or hosted by a third party in which case GSMA may subsequently share your personal data with the third party, who may contact you in connection with the selected speaking session, tour or other event (as applicable). We may also share your personal data with such parties for direct marketing purposes (with your consent)
  • it is in connection with GSMA events
  • you have consented to your biometric data obtained via facial recognition technologies during event registration and venue access being accessed by third parties (click these FAQs for further information about who these third parties are)
  • it is provided to any competent law enforcement body, regulatory, government agency, court or other third party in order to comply with the law, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others. This includes relevant law enforcement bodies for security purposes and health authorities, as required to prevent the spread of diseases, including Covid-19 (for example, for contact tracing purposes)
  • it is provided to GSMA affiliated companies, including GSM Association, GSMA 4FYN Event Management S.L., GSMA (Shanghai) Co., Ltd., GSMC Event Project Management S.L., and GSM Conference Services Limited, for processing in accordance with this Privacy Policy
  • it is provided to our agents, vendors or service providers who perform functions on our behalf, including, for example, service providers that provide registration, access control, lead retrieval, contact tracing, health and safety (including covid-19 testing providers), security and venue services for the Event or that support the delivery of, provide functionality on, or help to enhance the security of our Website
  • it is provided to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy
  • it is provided to any other person with your consent to the disclosure

Legal basis for processing personal information

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you, may be required to do so for reasons of public interest or may otherwise need the personal information to protect your vital interests or those of another person, for example, in case of a medical emergency during the Event. This may also be the case when we obtain personal information about your health, in particular covid-19 symptoms or your covid-19 test results.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). We are legally obliged to provide personal data of attendees and vendor personnel (i.e. name, date of birth, nationality, document type and number and date of issue) to law enforcement authorities in connection with Event security. Any failure to provide this information will mean that we cannot register you for the Event and/or permit you to access the venue.

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make those legitimate interests clear to you and/or they will be our legitimate interests in organising the event in compliance with applicable laws and our contractual obligations.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact us” heading below.

Third Party Use of Data

While our Privacy Policy does not apply to services and products offered by other companies and individuals, it is important to note that exhibitors, sponsors, partners or other third parties participating at the Event may wish to scan your digital badge to facilitate networking and business relationships at the Event or to contact you post-Event. You understand that your attendee digital badge holds secure data related to you including your name, mobile number, email, address, company, job title, job function and areas of interest. If you allow your attendee digital badge to be scanned, you are explicitly consenting to the exhibitor, sponsor, partner or other third party collecting and using your personal data contained in the digital badge. If you wish to withdraw consent or to exercise any data protection rights with regard to how such recipients process and use your personal data, you must do so directly with such recipients. We recommend that you check the Privacy Policy of these third parties before providing them with your personal information.

Transferring Your Information Outside of the European Economic Area (EEA), UK and Switzerland

GSMA Ltd is based in the US. Consequently, in using your information as set out in this Privacy Policy, it may be transferred to countries outside the EEA, UK and Switzerland. By way of example, this may also happen if one of our associated companies or our service providers is located in a country outside the EEA, UK or Switzerland. When we transfer personal data from the EEA, UK and Switzerland to other countries we use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the EU Commission, to ensure your rights and protections travel with your data.

Data retention

In general, GSMA retains personal data for the duration of the customer’s or member’s business relationship with the GSMA and where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Where you have consented to Automatic ID Validation, we will delete your biometric token (your facial map) within 28 days of the final day of the Event.

For more information on where and how long your personal data is stored, please contact us by using the details set out at the Contact Us section below.

Your choices and control

Under privacy laws, data subjects have certain rights. This Privacy Policy is intended to give transparency about what personal data GSMA collects and how it is used, enabling you to make meaningful choices.

If you wish to confirm that GSMA is processing your personal data, or to have access to the personal data GSMA may have about you, please contact us by using the details set out at the Contact Us section below.

You also have a right to rectify the record of your personal data maintained by GSMA if it is inaccurate or out of date. You may request that GSMA erases that data or cease processing it, subject to certain exceptions. You may ask us to restrict processing of your personal data or object to the processing of your personal data, including for marketing purposes and we will deal with such request in accordance with applicable law. We provide many choices in relation to our marketing communications via our preference centre, but you may also request that GSMA cease using your data for direct marketing purposes by using the details set out at the Contact Us section below. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how GSMA processes your personal data. You may request portability of your personal data and, where applicable, GSMA will provide your personal data to you or transmit it directly to another controller where technically feasible.

Similarly, if we have collected and process your personal information on the basis of your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

When we process your personal data automatically, for instance, when carrying out the Automatic ID Validation, you have the right to contest a decision to deny you entry to the Event based solely on this Automatic ID Validation to the extent that such decision has a legal or similarly significantly effect on you. In such circumstances, you have a right to express your point of view and to require a human review of the decision. You can exercise this right by contacting the contact centre prior to the Event, in which case there may be a need for manual ID validation and/or to undertake other appropriate security checks.

Security

We are committed to protecting the security of your personal information. We have implemented appropriate physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Children

The nature of the Event and the Services are not designed to appeal to minors. GSMA does not knowingly attempt to solicit or receive any information from children with respect to the Event.

Contact Us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, or if you do not wish us to continue using your information as outlined above, you can do so by sending an e-mail to [email protected] or write to Data Privacy – Legal, GSMA Ltd., The Walbrook Building, 25 Walbrook, London EC4N 8AF, United Kingdom.