Privacy

• Contact Information – this includes your name, username, job title, company name, address, email address, telephone number, social media information, along with other personal identifiers such as job functions, areas of interest, networking preferences and photographs of you. Also, if you are a speaker at an event, we may collect additional information such as your professional profile.
• Government-issued Identification – this includes passport details, or other government issued documentation as may be needed for compliance with applicable laws or specific requirements of the business. There are specific ID collection requirements for certain events, such as MWC Shanghai.
• Audiovisual Information – this includes audio, electronic, visual, or similar information relating to your interactions with us, including photographs, video images, call center recordings, call monitoring records, and voicemails. These images may be used by GSMA in its promotional materials, including on its website and off-line materials (e.g. brochures, etc.) and broadcast on GSMA Mobile World Live or other media channels, including social media channels. Authorised third parties, such as exhibitors and sponsors, may also take images of you via their own on-site crews. Journalists will also be in attendance and appropriately identified. Where applicable and as disclosed to you at the time of registration and detailed in the terms and conditions of the relevant Event, we may also collect and store recordings of your image. Where such images or recordings are taken by an authorised third party, event sponsors, exhibitors, journalists, the venue or other security supplier for security purposes (such as venue CCTV recordings), we require such third parties to provide you with a privacy notice relating to same and obtain any necessary consents. We recommend that you check the privacy notices of these third parties.
• Biometric Data – where you provide your explicit consent, we undertake automatic ID photo matching to validate your ID document and/or verify your identity when you register to attend certain of our events. For information about biometric data processing for facial recognition purposes at MWC Shanghai, see below.
  

We process your Personal Information for:

• Account administration and fulfilment of your Event registration;
• Business administration and legal compliance;
• ID validation and identity verification in order to maintain the security of the event, and in compliance with laws;
• Badge Scanning and lead generation purposes – this may occur when you access or exit the venue, enter sessions or other restricted areas at the Event, or enter an enclosed space, meeting room or restaurant. This scanning may occur for the purposes of access control, analytics, event planning, logistics, health and safety, and data sharing with a third-party session provider if you have scanned your digital badge or registered to attend that third party’s session.
• Where you provide your consent, to inform you of GSMA-related events, meetings, content, initiatives and other benefits or opportunities associated with GSMA or the industry. We may also use this information to help us understand your needs and interests to better tailor our products and services.
  

All events are subject to a Minimum Age Limit. Any additional age restrictions that may apply to specific events or venues that are different to the Minimum Age Limit, will be stated on the applicable event website and/or on an event registration page(s). Any Attendees under the Minimum Age Limit shall be considered a minor (“Minor”) and will be subject to a specific approval process before entry to an event.

Where a Minor is allowed entry to an event, we may be required to collect and process Personal Information of Minors for event access purposes, as well as provide it to law enforcement authorities in connection with the safety and security of the event. This data includes, but is not limited to:

• Full name, age as it will be at the start day of the event, ID document (where applicable), and contact information of the responsible guardian (i.e. full name, relationship to the minor and email address).

Any failure to provide the Minor’s information will mean that we cannot register you and the Minor for the event and/or permit you and the Minor to access the venue. In any case, we will make these requirements clear to you and advise you whether or not the provision of information is mandatory (as well as the possible consequences of failing to provide your information) at the time of registration or as detailed in the terms and conditions of the relevant event.

Contact information – this includes (but not limited to) name, username, job title, company name, email address, telephone number, mobile number, along with other personal identifiers such as job functions, areas or topics of interest, information you provide to us for the purposes of attending meetings, voting, events, trainings, working groups or forums, other information that you provide to us as part of us providing the Membership services and benefits.

Business Member Data – This includes information about your role within your company, your authorisation and your authority; and other data you share with us in connection with the relationship.

• Contact Information – this includes (but not limited to) name, username, job title, company name, email address, telephone number, mobile number, along with other personal identifiers such as job functions, areas or topics of interest,  other information that you provide to us as part of us providing the Services.
• Business Customer Data – This includes information about your role within your company, your authorisation to use products or services, and your authority to place orders; and other data you share with us in connection with the relationship.
  

GSMA Capacity Building and CE-Digital provide training courses (E-learning or face-to-face) to regulators, policymakers and non-profit organisations, and GSMA Advance provides training courses to mobile operators and other commercial organisations (“Training Courses”). These are primarily corporate entities and as such those instructors are not data subjects. However, as part of such instructions and engagement Personal Information may be provided to us (e.g. Personal Information relating to any of these corporate entities officers or personnel). This may happen, for instance if your employer (or entity by whom you are engaged as a contractor or temporary staff member) registers you for the Training Courses. This may include (but is not limited to):

• Contact Information – your name, username, job title, gender, company name, address, email address, job functions, professional profile and areas of interest.
  

We collect information from you when you interact with us, participate or register  in our Connectivity for Good programmes and initiatives, sign up to receive newsletters or latest insight and updates, sign up for a competition or sweepstake,  download reports or papers, participate in surveys or working groups or forums, submit reviews, or otherwise provide feedback to us or through social media or our other digital channels.

Contact Information – this includes (but is not limited to) your name, username, job title, company name, address, country/region, email address, job functions, professional profile and areas of interest, certain demographic information that you choose to provide and where applicable *special categories of data (e.g age, gender, race or ethnicity).

If you access and become a follower of GSMA’s official social media pages, your personal data will be processed in accordance with this Global Privacy Notice, privacy notices of such social media networks and the conditions of use and access regulations that belong to the applicable social network, which you would have previously accepted. We may process your Personal Information to properly manage your presence in the social network, inform you of our activities, products or services, or for other purposes that the regulations of social networks allow.

You can consult the privacy notices of the main social networks below:

• Twitter/X: https://twitter.com/en/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Instagram: https://privacycenter.instagram.com/policy

 For China only:

• WeChat: https://www.wechat.com/en/privacy_policy.html
• Weixin: https://weixin.qq.com/cgi-bin/readtemplate?lang=en_US&t=weixin_agreement&s=privacy&cc=CN

We receive information about you when you use our mobile applications. Some information such as your device manufacturer, type and operating system version, are collected automatically, while other information is only collected if you choose to provide it and where permitted by applicable law, such as your precise geolocation information. It may sometimes be necessary to associate your geolocation information with your GSMA Global Events Account to support your participation in a particular programme or feature that we may offer, but we do not otherwise retain your geolocation information in a way that identifies you as an individual. We use mobile analytics software to allow us to better understand the functionality of our mobile applications on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Additional or different privacy notices may apply. If a different or supplemental privacy notice applies, this will be disclosed to you at the time of registration and detailed in the terms and conditions of the relevant mobile application.

MWC Series App or other Apps made available for MWC and m360 series

When you install or use the MWC Series mobile application (“MWC Series App“), we will collect and process your Personal Information in accordance with our Privacy Notice for MWC Series App.

GSMA App

When you install or use the corporate GSMA mobile application (“GSMA App“), we will collect and process your personal information in accordance with our Privacy Notice for the GSMA App.

You can download the App on the Apple App Store the Google Play Store and the Huawei App Gallery on an iOS or Android device.

If you use our mobile apps, we may also send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

We may use mobile analytics software to allow us to better understand the functionality of our mobile apps on your phone. 

Apple may collect limited data about your use of the MWC Series App or GSMA App, if you have installed it on your mobile device. Apple may further share statistical and/or anonymised data with GSMA about the use of the GSMA App (eg number of downloads or errors encountered while using the GSMA App). Please refer to Apple’s privacy policy in this regard (available at www.apple.com/legal/privacy/).

Our mobile apps may contain (visually distinctive) hyperlinks, which will re-direct you to other websites. These websites are not covered by this Global Privacy Notice and are subject to their own separate data processing rules and privacy policies.

• Our Affiliates, including but not limited to GSM Association, GSMA 4FYN Event Management S.L., GSMA (Shanghai) Co., Ltd., GSMC Event Project Management S.L., and GSM Conference Services Limited, for processing in accordance with this Global Privacy Notice;
• Our agents, vendors or service providers who perform functions on our behalf or for the purposes of providing services to us; for example, service providers that provide registration, access control, lead retrieval, security and venue services for the event or that support the delivery of, provide functionality on, or help to enhance the security of our events website(s), our MWC Series App, GSMA -branded website(s) or mobile apps (as disclosed to you at the time of registration or detailed in the terms and conditions of the relevant event or the event website). In particular, the data collected by the Event app (where available) will be sent to Firebase and Big Query databases belonging to Google, for data query and reporting on the operation of the application and user behaviour within it. For more information, you can consult the Firebase and Google Cloud privacy notices: https://firebase.google.com/support/privacy?hl=es-419 ; https://cloud.google.com/terms/cloud-privacy-notice
• Third parties. For example:
  • where you register for (or scan your digital badge to participate in) a speaking session, tour, webinar, forum, training course, programme, initiative or other event that is sponsored or hosted by a third party. We only share your data to enable that third party to: (i) contact you in respect of administering the event in question (including facilitating registration and attendance); and (ii) follow-up with any reasonable and proportionate post-event engagement. As part of this, the third party may contact you to see whether you would be interested in opting-in to direct marketing communications from them.
  • you opt-in to **enhanced networking offered at an Event (where applicable), your Contact Information will be shared with Sales Explorers in order to deliver the service. **Enhanced networking consists of a personalised, curated networking service which facilitates introductions between like-minded event attendees. You can opt-out of enhanced networking at any time. For more information, you can consult the Sales Explorers’ privacy notice here: https://salesexplorers.com/privacy-policy/ and read the FAQs on the relevant event website.
  • you allow exhibitors, sponsors, partners or other third parties participating at the event to scan your physical/digital badge to facilitate networking and business relationships at the event or to contact you post-event;
• Government agencies and law enforcement in order to comply with the law, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others. This includes relevant law enforcement bodies for security purposes;
• Recruiting agencies and your references (for professional and employment Information as detailed in the “Job Applicants” section of this Global Privacy Notice);
• Your company and its affiliates; and
• It is provided to any other person where you have consented to the disclosure of your Personal Information.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to deliver the Events, services and products, programmes or initiatives as effectively as we can. We may also disclose Personal Information when required to do so by law, such as to law enforcement agencies, regulators, or courts, or as permitted by law, such as when we sell or transfer business assets, enforce our contracts, protect our property or the rights, property or safety of others, or as needed for audits, compliance, and corporate governance.

• Directly from you, for example when you register for an Event or sign up to receive marketing communications;
• From third parties, including data aggregators, social media companies, and other publicly available sources, entities or online channels;
• Your employer or entity by whom you are engaged as a contractor or temporary staff member. This may happen, for instance if your employer is a member of GSMA and signs you up for an event or if your employer (or entity by whom you are engaged as a contractor or temporary staff member) provides services to GSMA and you are involved in the provision of these services. This may also occur when an authorised third party provides GSMA with access to information obtained from badge scanning (as part of an Event);
• In addition, professional and employment information may be collected from your references and third parties that help us conduct background screenings; as detailed in the “Job Applicants” section of this Privacy Notice.
  

We also collect information about you when you use our services or products. For example, we may collect such information when you visit our websites or app, or view and interact with our ads and content. This information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, other information that is provided by the end user device and usage information about the use of the GSMA’s websites and web applications, including a history of the pages you view. We also use cookies and web beacons. You may view our Cookie Policy here.

This means that Personal Information collected in connection with GSMA Events, Training Courses, programmes or when you interact with us through our corporate site, websites, emails or our other digital channels, or use our services and products may be transferred to a country outside of the country where it was originally collected or outside of your country of residence or nationality.

The information that you provide us during the course of event registration or through the provision of any other services may be transferred to any of our affiliated entities around the world for the purposes of carrying out or facilitating these services. For the same reason, it may also be necessary to transfer this information to other entities, including, without limitation, our partners and our service providers.

Where we transfer information that originates in the European Union (“EU”), the United Kingdom (“UK”) or Switzerland to a country outside the EU, the UK or Switzerland, we will take steps to make sure such transfer is carefully managed to protect your privacy rights. We use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the EU Commission, to ensure your rights and protections travel with your data.

• Name;
• Contact information including email address;
• Curriculum vitae including your job title, your education, employment history, and similar matters and similar information that you may provide to us;
• Your age and/or gender if you provide it to us, your education, employment history;
• With your explicit consent, information about your race or ethnicity, religious beliefs, sexual orientation, disability and other ‘special category data’, for diversity and equal opportunities monitoring purposes;
• With your explicit consent, information about your health, including any medical needs or conditions;
• Evidence of your right to work in the country you are applying to work and immigration status; and
• Other information relevant to potential recruitment at GSMA.
  

When you apply to work for us the initial data about you that we process is likely to come from you: for example, contact details and information on your immigration status and whether you can lawfully work. Where necessary and in accordance with this Global Privacy Notice, we will require references and information to carry out background checks. If you have concerns about this in a particular context, you should speak to your contact within our Recruitment team. Please note we may also receive data from former employers and people named by candidates as references, background check agencies, third party recruiters, agents and similar organisations as a part of the recruitment process, or as a referral from one of our employees or customers or Members.

We use your Personal Information for the following recruitment purposes:

• To assess your suitability for any position for which you may apply at GSMA whether such application has been received by us online, via email or by hard copy or an in-person application;
• To contact you in order to send you notifications for vacancy roles or job alerts;
• If you choose to provide us with your special category data (as described above and below), we process this data on a non-identifiable basis for diversity and equal opportunity purposes only. Where this information is published on GSMA’s external websites and/or disclosed to 3rd party organisations or to local governments in relation to external reporting (i.e. ethnicity pay reporting) such disclosure shall always be in aggregate and anonymised form.
  

Where we use your Personal Information in connection with recruitment it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use Personal Information in such a way to ensure that we can make the best recruitment decisions for GSMA.

Internal use

Your personal data will be seen internally by members of the Recruitment team, and other HR team members, recruiting managers, and in some circumstances (if you join us) colleagues. We will also disclose this to other members of the GSMA where necessary for decision making regarding your application – this will depend on the type of role you are applying for.

External use

We will only disclose your personal data outside of GSMA if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you. We will disclose your data if it is necessary for our legitimate interests or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). Where necessary, we will also disclose your personal data if you consent, or where we are required to do so by law and in connection with criminal or regulatory investigations. Please note that when we disclose your data in such circumstances, where applicable, we will ensure that any necessary due diligence has been undertaken on the recipient and any necessary contractual documentation is in place to ensure the integrity and security of the data as required by law.

Specific circumstances in which your personal data may be disclosed include:

• Disclosure to third party providers to carry out reference checks, credit checks and other pre-employment on-boarding activities if you accept an offer from us;
• Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data. This would normally occur if you accept an offer from us and would be carried out as part of the on-boarding process; and
• Disclosure to any regulator as necessary as part of the recruitment process.

In some jurisdictions, we also use a third party which stores your personal data for us once you have made an application in order to enable the relevant Recruiting manager and Recruiter to consider your application.

Our general approach is to only retain your personal data for as long as is required to satisfy the purpose for which it was collected by us or provided by you. If you become employed by us we will keep your personal data for the duration of your employment and in any event for no longer than 6 years afterwards.

If you are unsuccessful in gaining employment with us, we will keep your personal data for a short period after informing you that you were unsuccessful and in any event, for no longer than 2 years from your last contact with us. Your data may be kept on file and considered for other roles. You can contact us at any time to delete this data.

We will not use your Personal Information to make a decision about you based solely on automated processing, including profiling, which produces legal effects concerning your or similarly significantly affects you, unless it is necessary for the performance of a contract between us and you, is permitted by law or you have provided us with your consent for such processing.

Your rights as data subject

Below you will find descriptions of rights that you may be able to exercise in relation to Personal Information we process about you.

• Confirmation of processing – you can ask us to confirm if we are processing your Personal Information;
• Access – you can ask us to provide a copy of the Personal Information that we hold about you;
• Rectification – you can ask us to rectify the record of your Personal Information that we maintain;
• Restrict – you can ask us to restrict the processing of your Personal Information in certain situations;
• Object to processing – you can object to the processing of your Personal Information where we process your data based on our legitimate interests or for direct marketing purposes;
• Deletion – you can ask us to delete some or all of the Personal Information that we hold about you;
• Portability – in certain circumstances, you can ask GSMA to provide you a copy of your Personal Information in a structured, electronic format, or to transmit it directly to another data controller, where technically feasible.
  

If you wish to exercise any of these rights, please contact us by filing out this DSAR form. We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about. We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.

You can update your preferences and choices in relation to our marketing communications, including unsubscribing from newsletters, via our preference centre.

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your Personal Information, or if you do not wish us to continue using your information as outlined above, you can do so by filling out this form, sending an email to [email protected] or writing to Data Privacy – Legal, GSMA Ltd., 1 Angel Lane, London, EC4R 3AB, United Kingdom.

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how GSMA process personal data.

In the UK: you can contact the Information Commissioner, who is an independent regulator set up to uphold information rights.

• Contact details of the Information Commissioner’s Office:
  • Email [email protected]
  • Phone 0303 123 1113

In the EU, the GSMA lead supervisory authority is the Spanish competent national supervisory authority is the “Agencia Española de Protección de Datos” (“AEPD”)

• Contact details of the AEPD: C/Jorge Juan, 6 28001 Madrid, Spain
• Phone: +34 901 100 099 / +34 91 266 35 17

Data Controller for the purposes of the EU AND UK DATA PROTECTION LAWS is: GSMA Ltd., registered with the Georgia Secretary of State with number 0638146 and  registered offices at 165 Ottley Drive, Suite 203. Atlanta, GA 30324, USA. Our Company is registered with the Georgia Secretary of State with the Control Number ; or the GSMA entity listed on the terms and conditions you sign when registering or signing up for GSMA service, product, or offer.

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

For more information on where and how long your personal data is stored, please contact us by using the details set out in the Your Choices and Control – How to Contact Us section