(Last Updated 8 November 2024)
1. Who we are and what is the purpose of this privacy notice?
We are GSMA Ltd., (“GSMA”, “we”, “us” or “our”), the organiser of MWC Barcelona (“Event”), with registered offices at 165 Ottley Drive, Suite 203, Atlanta, GA 30324, United States of America.
This privacy notice (“Privacy Notice”) describes how we collect, use, and share personal information of individuals who attend or participate in the Event (“you”, “your” or “yours”).
If you are an exhibitor, a contractor engaged by MWC Barcelona exhibitors, or a member of their personnel, this Privacy Notice does not apply to you. Please read the Privacy Notice for MWC Barcelona Exhibitors and Contractors instead.
GSMA is the controller of your personal information.
2. What types of personal information do we collect about you?
In this Privacy Notice, when we mention “Personal Information”, we mean your personal data, which refers to any information or data that is about you.
We may process the following Personal Information about you:
| Data category | Personal Information |
| Contact Data | your first name, last name, email address, gender (optionally), country/region, address, city, state/province, postcode/zip code, country code, mobile phone number. |
| Profile Data | company name, job title, job level, area of responsibility, company industry type, areas of interest, networking preferences, profile photo. |
| ID Data | data from your identification document issued by one of the EU Member States or your passport (“ID document“), i.e. scan of your ID document, nationality, document number, issuing government, first name, last name, date of birth, expiration date. |
| Photograph | photo of your face |
| Billing Data | your firm/company name, first name, last name, billing address, country / region, VAT number or tax ID, PO number / reference. |
| Audiovisual Data | video and audio recordings, including photographs. |
| Biometric Data | biometric information from your Photograph and from your ID portrait photo. |
| Usage Data | device IDs, IP address, information on your use of our website or mobile apps, or other usage data. |
If you have a VIP pass or if you are a VIP’s guest, we may collect the following additional Personal Information about you:
| Data category | Personal Information |
| Guest Data | first name, last name, email address, guest title. |
| Flight Data | airline name, flight number, city of departure, arrival airport, arrival date, arrival time, number of pieces of luggage. |
| Hotel Data | hotel name, hotel address. |
3. What do we use your personal information for?
We may process your Personal Information for the purposes described in the table below. We also set out the data categories that we process for each purpose and our lawful basis under the European Union’s General Data Protection Regulation for undertaking the processing purpose we have described.
| Purpose | Data category | Lawful basis |
| Registration and GSMA Global Events Account creation We will collect your Personal Information to register you for the Event and create your GSMA Global Events Account. With your GSMA Global Events Account you may also register for other GSMA events. | Contact data ID Data Photograph Billing Data | – Performance of a contract |
| Digital Access Pass We will use your Personal Information to grant you a Digital Access Pass that will be available for you in your GSMA Global Events Account and allow you to enter the Event area. | Contact Data Profile Data Photograph | – Performance of a contract |
| ID Validation All attendees are required to have their identity verified as part of the registration process. You may select: Automatic ID validation, orManual ID validation. If you select Automatic ID validation, we will use your Biometric Data for ID validation. Manual ID validation does not include the processing of your Biometric Data. | ID Data Photograph Biometric Data | For Automatic ID Validation: explicit consent For Manual ID validation: consent (where you consent to the scanning of your ID document)legitimate interests (where you select to undertake a video identification call) Our legitimate interest includes validating your ID document to certify your identity and prevent fraudulent |
| Additional information about ID validation and our use of your Personal Information for that purpose can be found in the FAQs. | activities such as false representation or identity theft and security risks. | |
| Attendance at the Event We will process your Personal Information for the purpose of your attendance at the Event, including granting you access to the Event area, facilitating your participation in meetings, sessions and other activities at the Event and to communicate with you about the organisation, logistics and running of the Event. | Contact Data ID Data Photograph | – Performance of a contract |
| Billing purposes We will process your Personal Information for payment processing and billing purposes as well as for tax and accounting purposes. | Contact Data Billing Data | Performance of a contractCompliance with legal obligations |
| MWC Networking Opting into networking allows you to connect and engage with attendees from a wide range of MWC and M360 Events. You may use networking features either in the MWC Series App or a web-based version. You can easily opt-out from networking in the MWC Series App. | Contact Data Profile Data | – Consent |
| Enhanced Networking To maximise your experience at GSMA events, we offer personalised networking service that facilitates introductions between attendees, exhibitors and our sponsors. We will share your Personal Information with exhibitors and sponsors if you have signed up to Enhanced Networking for networking purposes. You can easily opt out of Enhanced Networking by clicking unsubscribe link in any email from us. | Contact Data Profile Data | – Consent |
| VIP Airport Meet & Assist / VIP Airport Transfer If you have bought a VIP pass and signed up for an Airport Meet & Assist Service and/or a VIP Airport Transfer, we will use your Personal Information to provide you with these Services. | Contact Data ID document Company name Flight Data Hotel Data | – Performance of a contract |
| Information for VIPs’ guests If you are a VIP’s guest, we may process your Personal Information to provide you with a transfer from the airport to your hotel. Your VIP (or designated VIP agent) will provide us | Guest Data Flight Data Hotel Data | Performance of a contractLegitimate interests |
| with your Personal Information for this purpose. | Our legitimate interest includes providing you with a transfer from the airport to the hotel. | |
| Broadcasting During the Event we make video and audio recordings of the venue, sessions, meetings and attendees. These recordings may be broadcast/ published/ streamed (live or later) on public television networks, TVs at the Event and on other media such as social media, radio or the internet. We use these recordings to promote the Event. Your image and voice may be recorded in the background of such recordings or as a direct contributor to such recordings, for example, where you are interviewed. | Contact Data Audiovisual Data | Performance of a contractLegitimate interests Our legitimate interest includes promotion, marketing, raising awareness about the Event and attracting new attendees. |
| Speakers If you are a speaker at the Event, we may process information from your professional profile, images or video of you, recordings of your voice and other information about you that is included in the materials presented by you during the Event. We will use this information to promote the session and/or a meeting you are speaking at. We may also record the session and broadcast/publish/stream it (live or later) on various media, including public television networks, TVs at the Event and on other media such as social media, radio or the internet. Your professional profile and image may be used by our AI chatbot service installed on our websites. The purpose of the chatbot is to inform attendees and website users about sessions, meetings and speakers at the Event. | Contact Data Profile Data Audiovisual Data Other data relating to the session you are taking part in | Performance of a contractLegitimate interests Our legitimate interest includes enabling the proper organisation and management of the session or meeting, promotion and marketing, raising awareness about the Event and attracting new attendees. |
| LinkedIn You may link your GSMA Global Events Account with your LinkedIn account or choose to use your LinkedIn account to log into your GSMA Global Events Account. This will allow you to share content related to the Event on your LinkedIn profile. We will not share any content through your LinkedIn account without your consent. For more information on how LinkedIn may use your Personal Information see LinkedIn privacy notice. | Email LinkedIn ID LinkedIn Token | – Consent |
| Lead Retrieval As part of networking at the Event, you may allow your Digital Access Pass to be scanned by exhibitors. This will allow GSMA to share your Personal Information with the exhibitor you engaged with for contact and business purposes. As part of this process your data will be scanned by dedicated scanners operated by third-party providers (i.e. Stova and Fira de Barcelona) | Contact Data | – Consent |
| Partner Programmes & Summit Sponsors Lead Generation Our partners may host a summit/conference at the Event. Your badge will be scanned on entry to that summit/ conference. You may also be able to participate in a partner summit/conference online. If you sign up to a summit/conference (whether it takes place on site at the Event or online) we will share your Personal Information with our partners so that you can enter such event, receive communications related to that event as well as invitation to stay in touch with the partner who organised the summit/ conference. | Contact Data Profile Data | Performance of a contract – with respect to the attendance in the partner event.Legitimate interests – for data sharing with our partners. Our legitimate interest includes sharing your Personal Information with our partners to facilitate the organisation of sessions you take part in and to allow them to contact you about the event. |
| MWC Series App We will process your Personal Information, when you use the MWC Series App to access the Event via the Digital Access Pass, generated in the MWC Series App. | Contact Data Profile Data Photograph Usage Data | For information on the lawful basis we rely on when processing your Personal Information in connection with the App, please read the Privacy Notice for MWC Series App. |
| Direct Marketing We may send you marketing communications about our MWC events, services or products (e.g. via email) if you provide your consent or we have another lawful basis to do so. We may send you communications tailored to your interests and profile. | Contact Data Profile Data Usage Data | ConsentLegitimate interests Our legitimate interest includes processing your Personal Information for direct marketing purposes. |
| Profiling We may analyse your Personal Information for profiling purposes, to improve our marketing activities and create more relevant news and communications for our customers. | Contact Data Profile Data Usage Data | – Legitimate interests Our legitimate interest includes processing your Personal Information for marketing, including profiling purposes. |
| Analytics We may use your Personal Information to help us better understand the demographics, | Contact Data Profile Data | – Legitimate interests Our legitimate interest includes processing your |
| backgrounds and interests of attendees at our events. We will use this information to create aggregated and statistical information (which does not directly identify you) to support us with reporting on the outcomes of the Event and to improve future events. | Billing Data Usage Data | Personal Information for analytical purposes. |
| Incident/Accident Reporting & Security The owner of the venue (Fira) is primarily responsible for responding to incidents and accidents that happen during the Event and ensuring security at the Event. However, in some cases we may also be involved in responding to incidents and/or accidents at the Event and use your Personal Information for our own internal investigations. | Contact Data ID Data Audiovisual Data Data relating to the incident/accident | Compliance with legal obligationsLegitimate interests Our legitimate interest includes responding to incidents and accidents, ensuring security at the Event, and maintaining an audit trail of all incidents & accidents to prevent similar incidents or accidents from occurring in the future. |
| – For the establishment, exercise or defence of legal claims. | ||
| Data subjects’ requests and enquiries We may process your Personal Information if you make a data subject request (e.g. access to data, erasure, etc.) or submit an enquiry/complaint. | Contact Data Other data relevant to the data subject’s request | Compliance with legal obligationsFor the establishment, exercise or defence of legal claims |
| – Legitimate interests | ||
| Our legitimate interest includes processing your request and/or responding to your enquiry. |
Consent
Where we process your Personal Information based on consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted on other lawful processing grounds.
Legitimate Interests
If we collect and use your Personal Information based on our legitimate interests (or of a third party), you may object to such processing. In that case we will no longer process your Personal Information unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where we process your Personal Information for direct marketing purposes, you may object to such processing at any time.
4. Marketing
If you provide us with your consent or we have another lawful basis for sending marketing communications, we may process your Personal Information for direct marketing purposes using different channels of communication (e.g. via MWC Series App or email).
You can update your preferences and choices in relation to the marketing communications from us anytime via the preference centre on our website. You can access the preference centre via unsubscribe link included in each email from us.
5. Automated processing
We will not use your Personal Information to make a decision about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for a contract between us and you, is permitted by law or you have provided us with your consent for such processing.
6. How do we collect your personal information?
- Directly from you, for example when you register for the Event, create your GSMA Global Events Account, subscribe for our marketing communications, use our services or products, interact with our apps or websites, communicate with us via email or other means.
- From third parties, for example from your employer or entity engaged with you on a professional basis, social media (e.g. LinkedIn), a person who bought a Pass for you and signed you up for the Event, or from other attendees.
7. Who has access to your personal information?
We may share your Personal Information with the following recipients:
- Our agents, vendors, or service providers who perform functions on our behalf or provide services to us: for example, providers of registration, access control, security and venue services, IT service providers, accounting service providers or archiving service providers.
- Authorities where we are required to do so by law, or have other lawful basis to do so, for example for security reasons, identity verification or in connection with criminal or regulatory investigations.
- Outside advisers, including legal counsels for the purpose of defence of legal claims, or regulatory proceedings.
- Our Affiliates for example for administrative purposes, group reporting, or provision of other services.
- Social media, if you decide to link your LinkedIn account with your profile or when you publish our content on your social media profiles
- Our partners and exhibitors when you, for example sign up for our Enhanced Networking service or summits/conferences organised by our Event partners and
sponsors, you provide your consent, or we otherwise have a lawful basis for sharing your Personal Information with them.
- Other third parties as may be disclosed to you at the time of registration or detailed in the terms and conditions of the Event or MWC Series App.
Please note that this list is non-exhaustive, and we may need to share your Personal Information with other parties in connection with the Event or to effectively deliver our services.
8. International data transfers
As we operate via a global network of corporate offices, booking and service centres, and data centres, it may be necessary to transfer your Personal Information internationally, i.e. outside of the country where it was originally collected or outside of your country of residence.
Where we transfer Personal Information that originates in the European Union (“EU”), the United Kingdom (“UK”) or Switzerland to a country outside the EU, the UK or Switzerland, we will ensure such transfer is made in accordance with applicable laws. We use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the European Commission, to ensure your rights and protections travel with your data.
9. How long do we keep your personal information?
Your Personal Information will be deleted as follows:
- Data relating to your GSMA Global Events Account (i.e. Contact Data, Profile Data, Photograph used for networking purposes, Usage Data) will be deleted after 12 months from the last time you logged in / accessed your GSMA Global Events Account.
- ID Data and Photograph used for Digital Access Pass will be deleted 24 hours following the end of the event dismantle.
- Biometric Data, where you have chosen to register via Automatic ID Validation, will be deleted immediately (in fractions of a second) after the process has been completed.
We may retain your other Personal Information for the duration of our legal relationship with you or to comply with applicable regulations (e.g. tax or accounting). You may contact us anytime if I you want to know more about how long we will keep your data.
The time periods for the storage of the MWC Series App users’ data are included in the Privacy Notice for MWC Series App.
10. Your rights as a data subject
Below you will find descriptions of rights that you may be able to exercise in relation to the Personal Information we process about you.
- Confirmation of processing – you can ask us to confirm if we are processing your Personal Information.
- Access – you can ask us to provide a copy of the Personal Information that we hold about you.
- Rectification – you can ask us to rectify the record of your Personal Information that we maintain.
- Restrict – you can ask us to restrict the processing of your Personal Information in certain situations.
- Object to processing – you can object to the processing of your Personal Information where we process your data based on our legitimate interests or for direct marketing purposes.
- Deletion – you can ask us to delete some or all of the Personal Information that we hold about you.
- Portability – in certain circumstances, you can ask GSMA to provide you a copy of your Personal Information in a structured, electronic format, or to transmit it directly to another data controller, where technically feasible.
You have the right to contact the relevant data protection authority if you have concerns about how GSMA processes Personal Information. Our lead data protection authority in the EU is the Agencia Española de Protección de Datos.
However, we encourage you to contact us directly in the first instance so that we can attempt to address your concerns directly.
For additional questions or information concerning the processing of your Personal Information or if you would like to exercise one of your rights, you can email us at [email protected].
11. MWC Series App
MWC Series App can be downloaded by attendees to use the Digital Access Pass to access the venue and participate in the Event.
Through the MWC Series App you will also be able to network with other attendees as well as access an event agenda, exhibitor list, food and transport facilities, and a map of the Event venue. You can learn more about MWC Series App in the Privacy Notice for MWC Series App.
12. Biometric data processing – ID Validation and Digital Access Pass
We may process your Biometric Data in order to validate your ID document as part of the sign-up process and before you can physically attend the Event.
If you choose Automatic ID validation, we will ask you to provide a scan of your valid ID document and a Photograph during the registration process. Our online registration system will automatically scan your ID portrait photo and Photograph and create a biometric template of your ID portrait photo and Photograph. We will then compare these two templates to validate your ID document. Please read more about our biometric data processing and available ID document validation options in the GSMA’s Attendee Terms and Conditions for Events and FAQs.
We will rely on your explicit consent for processing your Biometric Data in this way.
You may also choose other ID document validation options, which do not involve the processing of your Biometric Data. If you want to learn more, see our FAQs (ID Validation
> How do you validate my ID document?).
13. Minors
The Event is subject to a minimum age limit, which means at least 16 years of age at the date of attending the Event. Any attendees under the minimum age limit shall be considered a minor (“Minor”) and will be subject to a specific approval process before entry to the Event according to the procedure in the GSMA’s Attendee Terms and Conditions for Events.
We may collect the following information about Minors: full name, age as it will be at the start date of the Event and, where applicable ID document. We will associate this with information about the parent/guardian attending the Event with the Minor, i.e. – guardian’s full name, guardian’s email address used for Event registration and guardian’s relationship to the Minor. Any failure to provide Personal Information about the Minor or a guardian/parent will mean that we cannot register the Minor for the Event and/or permit them to access the Event.
In case we process the data of a Minor, we will do so only with permission from their parent or guardian.
14. CCTV Recordings
The Event premises are monitored by the venue owner, Fira de Barcelona (“Fira”) for security reasons. Fira may be asked by authorities to provide CCTV recordings for specific time periods as part of investigations regarding visitors, contractors or other personnel. We do not manage or keep these recordings. For more information, you can consult the details of this data processing on the Fira’s informative CCTV signs placed at the venue.
15. Contact us
You can contact us with any enquiry relating to your Personal Information by filling out this form, sending an email to [email protected] or writing to:
Data Privacy – Legal GSMA Ltd., 1 Angel Lane, London, EC4R 3AB United Kingdom