Privacy

GSMA Global Privacy Notice

Introduction

This GSMA Global Privacy Notice (“Privacy Notice”) describes how the GSMA (collectively referred to as “GSMA” “we”, “us” or “our”) collects, uses and shares Personal Information (as defined below) when you use our products, services, offers and promotions – for example, if you: (a) engage with us to register and attend our Events, including MWC in Barcelona, Shanghai, Las Vegas and Africa, the M360 series, the MWL Unwrapped digital event series, and webinars and sessions from Mobile World Live; (b) access and use our Membership,  Services, or Solutions and impact; (c) register, visit or use our GSMA-related websites that display this Privacy Notice, GSMA branded digital channels, Apps and social media properties; (d) engage with us for marketing and business development activities, business communications and other online and offline business interactions; and/or (e) are an applicant or candidate for a position at GSMA.

As a global company, GSMA fulfills many roles. Where GSMA acts a data controller under applicable data protection laws and collects information directly from an individual, the controller is the GSMA entity listed in the terms and conditions you sign when registering or signing up for the GSMA event, service, product or offer. Some GSMA companies and services may have different privacy notices which will be provided to you when you use them. Depending on the circumstances, we may also furnish you with supplemental privacy notices that provide additional information.

From time to time, we may update, change, modify or amend this Privacy Notice in order to comply with the applicable law or our changing business practices. Unless we are required by the applicable law to provide a prescribed form of notice and/or obtain consent, updated versions of this Privacy Notice may be posted on this website with additional communication. Please check this website and this Privacy Notice regularly for further updates.

“Personal Information” refers to information that (alone or when used in combination with other information) is capable of being associated with or could reasonably be associated with an individual. Personal Information, sometimes referred to as “personal data”, may also have specific meanings under different privacy laws. The Personal Information we collect varies depending on our relationship and interactions with you.

GSMA means GSMA Ltd with registered offices at 165 Ottley Drive, Suite 203. Atlanta, GA 30324, USA and the various affiliates that are directly or indirectly controlled by GSMA Ltd or its parent company GSM Association (Switzerland) through ownership.

About GSMA

The GSMA is a global organisation unifying the mobile ecosystem to discover, develop and deliver innovation foundational to positive business environments and societal change. Our vision is to unlock the full power of connectivity so that people, industry and society thrive. Representing mobile operators and organisations across the mobile ecosystem and adjacent industries, the GSMA delivers for its members across three broad pillars: Connectivity for Good,Industry Solutions and Events. For more information about GSMA please see the “About Us section of our website.

If you register and attend our Events
Categories of Personal Information we collect
  • Contact Information – this includes your name, username, job title, employer name, address, email address, telephone number, social medial information, along with other personal identifiers such as job functions, areas of interest, networking preferences and photographs of you. If you are a speaker, we may collect additional information such as your professional profile.
  • Government-issued Identification – this includes passport details, or other government issued documentation as may be needed for compliance with laws or the specific requirements of the business relationship. There are specific ID collection requirements for MWC Barcelona and MWC Shanghai. To read more about how and why we collect ID at MWC Barcelona, see these FAQs. For MWC Shanghai, please read the Supplementary Notes below.
  • Audio and Visual Information – this includes audio, electronic, visual, or similar information relating to your interactions with us, including photographs, video images, CCTV recordings, call center recordings, call monitoring records, and voicemails. These images may be used by GSMA in its promotional materials, including on its website and off-line materials (e.g. brochures, etc.) and broadcast on GSMA Mobile World Live or other media channels, including social media channels. Authorised third parties, such as exhibitors and sponsors, may also take images of you via their own on-site crews. Journalists will also be in attendance and appropriately identified. Where applicable and as disclosed to you at the time of registration and detailed in the terms and conditions of the relevant Event, we may also collect and store recordings of your image. Where such images or recordings are taken by an authorised third party, event sponsors, exhibitors, journalists, or the venue (or other security supplier) for security purposes, we require such third parties to provide you with a privacy notice relating to same and obtain any necessary consents. We recommend that you check the privacy notices of these third parties.
  • Biometric Data – where you provide your explicit consent, we undertake automatic ID photo matching to validate your ID document and/or verify your identity when you register to attend certain of our events. For information about biometric data processing at MWC Barcelona, see these FAQs. For information about biometric data processing for facial recognition purposes at MWC Shanghai, see below. If a different or supplemental privacy notice applies, this will be disclosed to you at the time of registration and detailed in the terms and conditions of the relevant Event.
Purposes of Processing

We process your Personal Information for:

  • Account administration and fulfilment of your Event registration;
  • Business administration and legal compliance;
  • ID validation and identity verification in order to maintain the security of the event, and in compliance with laws;
  • Badge Scanning and lead generation purposes – this may occur when you access or exit the venue, enter sessions or other restricted areas at the Event, or enter an enclosed space, meeting room or restaurant. This scanning may occur for the purposes of access control, analytics, event planning, logistics, health and safety, and data sharing with a third-party session provider if you have scanned your digital badge or registered to attend that third party’s session.
  • Where you provide your consent, to inform you of GSMA-related events, meetings, content, initiatives and other benefits or opportunities associated with GSMA or the industry. We may also use this information to help us understand your needs and interests to better tailor our products and services.
Minors

All events are subject to a Minimum Age Limit. Any additional age restrictions that may apply to specific Events or venues that are different to the Minimum Age Limit, will be stated on the applicable Event website and/or on an Event registration page(s). Any Attendees under the Minimum Age Limit shall be considered a minor (“Minor”) and will be subject to a specific approval process before entry to an Event.

Where a Minor is allowed entry to the Event, we may be required to collect and process Personal Information of Minors for Event access purposes, as well as provide it to law enforcement authorities in connection with the safety and security of the Event. This data includes, but is not limited to:

  • Name, age, and contact information of the responsible guardian (such as name, relationship with minor, company, telephone number, mobile number, email address, identification document).

Any failure to provide the Minor’s information will mean that we cannot register you and the Minor for the Event and/or permit you and the Minor to access the venue. In any case, we will make these requirements clear to you and advise you whether or not the provision of information is mandatory (as well as the possible consequences of failing to provide your information) at the time of registration or as detailed in the terms and conditions of the relevant Event.

If your employer is a Member (or a prospective Member) of the GSMA

GSMA Membership is only accessible by corporate entities and as such those instructors are not data subjects. However, in the course of Membership, we may process Personal Information of the nominated representatives, authorised contact person(s), officers or personnel of our Members/Prospective Members. This may happen for the purposes of membership related benefits and activities (including but not limited to onboarding, voting, events, training, working groups or forums) or accessing and managing the member account in the Member Gateway.

Categories of Personal Information we collect

Contact information – this includes (but not limited to) name, user name, job title, employer name, email address, telephone number, mobile number, along with other personal identifiers such as job functions, areas or topics of interest, information you provide to us for the purposes of attending meetings, voting, events, trainings, working groups or forums, other information that you provide to us as part of us providing the Membership services and benefits.

Business Member Data – This includes information about your role within your company, your authorisation and your authority; and other data you share with us in connection with the relationship.

If your employer is a customer in receipt of our Services

GSMA is primarily engaged by corporate entities in respect of the GSMA Services and as such those instructors are not data subjects. However, in the course of administering our Services, we may process Personal Information of the nominated representatives, authorised contact person(s), officers or personnel of our customers. This may happen for the purposes of contract related matters, customer onboarding, invoice management, access and use of the services and products (as applicable).

Categories of Personal Information we collect
  • Contact Information – this includes (but not limited to) name, user name, job title, employer name, email address, telephone number, mobile number, along with other personal identifiers such as job functions, areas or topics of interest,  other information that you provide to us as part of us providing the Services.
  • Business Customer Data – This includes information about your role within your company, your authorisation to use products or services, and your authority to place orders; and other data you share with us in connection with the relationship.
If you register for our GSMA Capacity Building programme and training courses
Categories of Personal Information and Purposes for Processing

GSMA Capacity Building and CE-Digital provide training courses (E-learning or face-to-face) to regulators, policymakers and non-profit organisations, and GSMA Advance provides training courses to mobile operators and other commercial organisations (“Training Courses”). These are primarily corporate entities and as such those instructors are not data subjects. However, as part of such instructions and engagement Personal Information may be provided to us (e.g. Personal Information relating to any of these corporate entities officers or personnel). This may happen, for instance if your employer (or entity by whom you are engaged as a contractor or temporary staff member) registers you for the Training Courses. This may include (but is not limited to):

  • Contact Information – your name, user name, job title, gender, employer name, address, email address, job functions, professional profile and areas of interest.
If you interact with us through our corporate sites, mobile applications
Corporate Sites

We collect information from you when you interact with us, participate or register  in our Connectivity for Good programmes and initiatives, sign up to receive newsletters or latest insight and updates, sign up for a competition or sweepstake,  download reports or papers, participate in surveys or working groups or forums, submit reviews, or otherwise provide feedback to us or through social media or our other digital channels.

Contact Information – this includes (but is not limited to) your name, user name, job title, employer name, address, country/region, email address, job functions, professional profile and areas of interest, certain demographic information that you choose to provide and where applicable *special categories of data (e.g age, gender, race or ethnicity).

Social Media Networks

If you access and become a follower of GSMA’s official social media pages, your personal data will be processed in accordance with this Privacy Notice, alongside the conditions of use, privacy policies and access regulations that belong to the applicable social network, which you would have previously accepted. We may process your personal data to properly manage your presence in the social network, inform you of our activities, products or services, or for other purposes that the regulations of social networks allow.

You can consult the privacy policies of the main social networks below:

 For China only:

GSMA Mobile Applications

We receive information about you when you use our mobile applications. Some information such as your device manufacturer, type and operating system version, are collected automatically, while other information is only collected if you choose to provide it and where permitted by applicable law, such as your precise geolocation information. It may sometimes be necessary to associate your geolocation information with your account to support your participation in a particular programme or feature that we may offer, but we do not otherwise retain your geolocation information in a way that identifies you as an individual. We use mobile analytics software to allow us to better understand the functionality of our mobile applications on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Additional or different privacy notices may apply. If a different or supplemental privacy notice applies, this will be disclosed to you at the time of registration and detailed in the terms and conditions of the relevant mobile application.

Event App (MWC App or other Apps made available for GSMA Events)

The MWC App collects the following information:

  • User Profile information. In order to offer personalized recommendations based both on your preferences and app activity, and to improve the event in further editions, we collect and process information about your mobile device, app activity and utilize already existing user profile information you shared at event sign-up. This data is minimized and pseudonymized.

Purposes for processing:

  • For technical support reasons: device type and model, operating system name and version, screen resolution, country and language, carrier name, app and SDK version;
  • For personalized recommendations: Pass Type, Biography, Photo Validation Status, Location, Networking Enabled, Interests, Company Name, Company Activity, Job Title, Job Function, Screens you open, Time you spent within a particular screen or content, Items and content you viewed or liked (sessions, exhibitors, companies, etc.);
  • Campaign Data information. We collect information about context aware communications you receive and open for statistical purposes and to improve future events.

If you would like to find out more about the MWC App you can find out more here (MWC App Terms and Conditions/End User License Agreement).

We also process your personal data to ensure compliance with the conditions set out in the Event app’s terms and conditions of use and to comply with applicable laws. This may include the development of tools and algorithms that help the app to ensure the confidentiality of the personal data it collects and to show your activities and preferences according to your interests at the time of registration and whilst using the app, in relation to your attendance/performance at the Event.

GSMA App

This section applies to the “GSMA Mobile” application (“GSMA App“) provided by GSMA for all products and services accessed via this App (which are provided by GSMA group companies or selected partners). You can download the App, on the Apple App Store and Google Play Store, on an iOS or Android device.

We receive information about you when you use our GSMA App. Some information such as your device manufacturer, type and operating system name and version, screen resolution, country and language, carrier name are collected automatically (for technical support reasons), while other information is only collected if you choose to provide it and where permitted by applicable law. The GSMA App collects the following information:

  • User Profile information. In order to offer personalized recommendations based both on your preferences and App activity, we collect and process information about your mobile device, app activity, time you spent within a particular screen or content, items and content you viewed or liked and utilize already existing user profile information you shared at sign-up. This data is minimized and pseudonymized;
  • If you choose to add an event to your calendar, access to your calendar; no information is taken from your calendar.

If you use our GSMA App, we also send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

We use mobile analytics software to allow us to better understand the functionality of our GSMA App on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Apple may collect limited data about your use of the GSMA App, if you have installed it on your mobile device. Apple may further share statistical and/or anonymised data with GSMA about the use of the GSMA App (eg number of downloads or errors encountered while using the GSMA App). Please refer to Apple’s privacy policy in this regard (available at www.apple.com/legal/privacy/).

The GSMA App contains (visually distinctive) hyperlinks, which will re-direct you to other websites. These websites are not covered by this Privacy Notice and are subject to their own separate data processing rules and privacy policies.

Our legal basis for collecting and using the Personal Information will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you on the following bases:

See More

Consent

We process your Personal Information where you have given us your consent. You can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

Explicit consent for biometric data processing: when registering for MWC Barcelona, with your explicit consent, we process biometric data when undertaking automatic photo matching for the purposes of ID document validation. 

Performance of a Contract

We process your Personal Information where we need this to perform a contract with you (e.g. to deliver a service).

Legitimate Interest

We process your Personal Information where the processing is in our legitimate interest and this is not overridden by your data protection interests or fundamental rights and freedoms. If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make those legitimate interests clear to you.

Legal Obligation

There may be circumstances where we are legally required to process your Personal Information. In these cases, we will make these requirements clear to you.

For example, in Shanghai, we are legally obliged to process your biometric data and passport/ID card data in order to grant you access to the Event. Any failure to provide this information will mean that we cannot register you for the Event and/or permit you to access the venue.

For example, in Las Vegas, we are legally obliged to provide personal data of attendees and vendor personnel (i.e. name, date of birth, nationality, document type and number and date of issue) to law enforcement authorities in connection with the safety and security of the Event. Any failure to provide this information will mean that we cannot register you for the Event and/or permit you to access the venue.

Public Interest and Protection of Vital Interests

In some cases, we may be required to process your Personal Information for reasons of public interest. We may also need to collect and use your Personal Information to protect your vital interests or those of another person, for example, in case of a medical emergency during the Event. If you have any questions or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the “Contact us” heading below.

Disclosure of Data to Third Parties
Categories of Third Parties

  • Our Affiliates, including but not limited to GSM Association, GSMA 4FYN Event Management S.L., GSMA (Shanghai) Co., Ltd., GSMC Event Project Management S.L., and GSM Conference Services Limited, for processing in accordance with this Privacy Notice;
  • Our agents, vendors or service providers who perform functions on our behalf or for the purposes of providing services to us; for example, service providers that provide registration, access control, lead retrieval, security and venue services for the Event or that support the delivery of, provide functionality on, or help to enhance the security of our Events website(s), our Event app, GSMA -branded website(s) or apps (as disclosed to you at the time of registration or detailed in the terms and conditions of the relevant Event or the Event website). In particular, the data collected by the Event app (where available) will be sent to Firebase and Big Query databases belonging to Google, for data query and reporting on the operation of the application and user behaviour within it. For more information, you can consult the Firebase and Google Cloud privacy notices: https://firebase.google.com/support/privacy?hl=es-419 ; https://cloud.google.com/terms/cloud-privacy-notice
  • Third parties. For example:
    • where you register for (or scan your digital badge to participate in) a speaking session, tour, webinar, forum, training course, programme, initiative or other event that is sponsored or hosted by a third party. We only share your data to enable that third party to: (i) contact you in respect of administering the event in question (including facilitating registration and attendance); and (ii) follow-up with any reasonable and proportionate post-event engagement. As part of this, the third party may contact you to see whether you would be interested in opting-in to direct marketing communications from them.
    • you opt-in to **enhanced networking offered at the Event (where applicable), your Contact Information will be shared with Sales Explorers in order to deliver the service. **Enhanced networking consists of a personalised, curated networking service which facilitates introductions between like-minded event attendees. You can opt-out of enhanced networking at any time. For more information, you can consult the Sales Explorers’ privacy notice here: https://salesexplorers.com/privacy-policy/ and read the FAQs on the relevant Event website.
    • you allow exhibitors, sponsors, partners or other third parties participating at the Event to scan your physical/digital badge to facilitate networking and business relationships at the Event or to contact you post-Event;
  • Government agencies and law enforcement in order to comply with the law, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others. This includes relevant law enforcement bodies for security purposes;
  • Recruiting agencies and your references (for professional and employment Information as detailed in the “Job Applicants” section of this Privacy Notice);
  • Your company and its affiliates; and
  • It is provided to any other person where you have consented to the disclosure of your Personal Information.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Events, services and products, programmes or initiatives as effectively as we can. We may also disclose Personal Information when required to do so by law, such as to law enforcement agencies, regulators, or courts, or as permitted by law, such as when we sell or transfer business assets, enforce our contracts, protect our property or the rights, property or safety of others, or as needed for audits, compliance, and corporate governance.

Sources of Personal Information

We may collect Personal Information about you from various sources, depending on our relationship and interaction with you.

Source of Personal Information
  • Directly from you, for example when you register for an Event or sign up to receive marketing communications;
  • From third parties, including data aggregators, social media companies, and other publicly available sources, entities or online channels;
  • Your employer or entity by whom you are engaged as a contractor or temporary staff member. This may happen, for instance if your employer is a member of GSMA and signs you up for an Event or if your employer (or entity by whom you are engaged a contractor or temporary staff member) provides services to GSMA and you are involved in the provision of these services. This may also occur when an authorised third party provides GSMA with access to information obtained from badge scanning (as part of an Event);
  • In addition, professional and employment information may be collected from your references and third parties that help us conduct background screenings; as detailed in the “Job Applicants” section of this Privacy Notice.
Information that we collect automatically

We also collect information about you when you use our services or products. For example, we may collect such information when you visit our websites or app, or view and interact with our ads and content. This information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, other information that is provided by the end user device and usage information about the use of the GSMA’s websites and web applications, including a history of the pages you view. We also use cookies and web beacons. You may view our Cookie Policy here.

Data Transfers

As we operate via a global network of corporate offices, booking and service centres, and data centres, it may be necessary to transfer your information internationally. 

See More

This means that Personal Information collected in connection with GSMA Events, Training Courses, programmes or when you interact with us through our corporate site, websites, emails or our other digital channels, or use our services and products may be transferred to a country outside of the country where it was originally collected or outside of your country of residence or nationality.

The information that you provide us during the course of Event registration or through the provision of any other services may be transferred to any of our affiliated entities around the world for the purposes of carrying out or facilitating these services. For the same reason, it may also be necessary to transfer this information to other entities, including, without limitation, our partners and our service providers.

Where we transfer information that originates in the European Union (“EU”), the United Kingdom (“UK”) or Switzerland to a country outside the EU, the UK or Switzerland, we will take steps to make sure such transfer is carefully managed to protect your privacy rights. We use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the EU Commission, to ensure your rights and protections travel with your data.

How We Secure Personal Information

We are committed to protecting the confidentiality and security of the information that you provide to us.

See More

To do this, technical, physical and organisational security measures are put in place to protect against any unauthorised access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.

Job Applicants

Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This section explains the type of information we process, why we are processing it and how that processing may affect you. This section focuses on individuals who are applying to work for us as an employee, contingent worker, a contractor, a consultant or work experience and the data that we process as part of that process. We have a separate Internal Privacy Policy that applies to our current and former employees.

Categories of Personal Information we Collect
  • Name;
  • Contact information including email address;
  • Curriculum vitae including your job title, your education, employment history, and similar matters and similar information that you may provide to us;
  • Your age and/or gender if you provide it to us, your education, employment history;
  • With your explicit consent, information about your race or ethnicity, religious beliefs, sexual orientation, disability and other ‘special category data’, for diversity and equal opportunities monitoring purposes;
  • With your explicit consent, information about your health, including any medical needs or conditions;
  • Evidence of your right to work in the country you are applying to work and immigration status; and
  • Other information relevant to potential recruitment at GSMA.
Sources of Personal Information

When you apply to work for us the initial data about you that we process is likely to come from you: for example, contact details and information on your immigration status and whether you can lawfully work. Where necessary and in accordance with this Privacy Notice, we will require references and information to carry out background checks. If you have concerns about this in a particular context, you should speak to your contact within our Recruitment team. Please note we may also receive data from former employers and people named by candidates as references, background check agencies, third party recruiters, agents and similar organisations as a part of the recruitment process, or as a referral from one of our employees or customers or Members.

Purposes of Processing

We use your Personal Information for the following recruitment purposes:

  • To assess your suitability for any position for which you may apply at GSMA whether such application has been received by us online, via email or by hard copy or an in-person application;
  • To contact you in order to send you notifications for vacancy roles or job alerts;
  • If you choose to provide us with your special category data (as described above and below), we process this data on a non-identifiable basis for diversity and equal opportunity purposes only. Where this information is published on GSMA’s external websites and/or disclosed to 3rd party organisations or to local governments in relation to external reporting (i.e. ethnicity pay reporting) such disclosure shall always be in aggregate and anonymised form.
Legal Basis for Processing

Where we use your Personal Information in connection with recruitment it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use Personal Information in such a way to ensure that we can make the best recruitment decisions for GSMA.

Disclosures of Personal Information

Internal use

Your personal data will be seen internally by members of the Recruitment team, and other HR team members, recruiting managers, and in some circumstances (if you join us) colleagues. We will also disclose this to other members of the GSMA where necessary for decision making regarding your application – this will depend on the type of role you are applying for.

External use

We will only disclose your personal data outside of GSMA if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you. We will disclose your data if it is necessary for our legitimate interests or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). Where necessary, we will also disclose your personal data if you consent, or where we are required to do so by law and in connection with criminal or regulatory investigations. Please note that when we disclose your data in such circumstances, where applicable, we will ensure that any necessary due diligence has been undertaken on the recipient and any necessary contractual documentation is in place to ensure the integrity and security of the data as required by law.

Specific circumstances in which your personal data may be disclosed include:

  • Disclosure to third party providers to carry out reference checks, credit checks and other pre-employment on-boarding activities if you accept an offer from us;
  • Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data. This would normally occur if you accept an offer from us and would be carried out as part of the on-boarding process; and
  • Disclosure to any regulator as necessary as part of the recruitment process.

In some jurisdictions, we also use a third party which stores your personal data for us once you have made an application in order to enable the relevant Recruiting manager and Recruiter to consider your application.

Retention of Data

Our general approach is to only retain your personal data for as long as is required to satisfy the purpose for which it was collected by us or provided by you. If you become employed by us we will keep your personal data for the duration of your employment and for a period afterwards.

If you are unsuccessful in gaining employment with us, we will keep your personal data for a short period after informing you that you were unsuccessful and in any event, for no longer than 2 years from your last contact with us. Your data may be kept on file and considered for other roles. You can contact us at any time to delete this data.

Automatic Decision Making

We may use automatic decision making within our processes in order to appropriately progress applications you make to us. Any automatic decisions made will be on the basis of online assessment results only and not on the basis of Personal Information.

Your Choices and Control

Many privacy laws provide individuals with certain rights and enable them to make meaningful choices about the use of their Personal Information.

UK and EU Data Subject Rights
  • Confirmation of processing – you can ask us to confirm if we are processing your Personal Information;
  • Access – you can ask us to provide a copy of the personal data that we hold about you;
  • Rectification – you can ask us to rectify the record of your personal data that we maintain;
  • Restrict or object to data processing – you can ask us to restrict the processing of your personal data or object to the processing of your personal data, including for marketing purposes and we will deal with such request in accordance with applicable law;
  • Deletion – you can ask us to delete some or all of the personal data that we hold about you; we will deal with such requests in accordance with applicable law;
  • Portability – in certain circumstances, you can ask GSMA to provide you a copy of your personal data in a structured, electronic format, or to transmit it directly to another data controller, where technically feasible.
Making a Data Subject Access Request

If you wish to exercise any of these rights, please contact us by filing out this DSAR form. We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual. To help us respond more quickly, we may ask you to provide more detail about what you want to receive or are concerned about. We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.

Marketing Choices

You can update your preferences and choices in relation to our marketing communications, including unsubscribing from newsletters, via our preference centre.

How to Contact Us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your Personal Information, or if you do not wish us to continue using your information as outlined above, you can do so by filling out this form, sending an email to [email protected] or writing to Data Privacy – Legal, GSMA Ltd., 1 Angel Lane, London, EC4R 3AB, United Kingdom.

Complaining to Supervisory Authorities

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how GSMA process personal data.

In the UK: If you have a complaint, you can also contact the Information Commissioner, who is an independent regulator set up to uphold information rights.

  • Contact details of the Information Commissioner’s Office:

In the EU, the GSMA` lead supervisory authority is the Spanish competent national supervisory authority is the Agencia Española de Protección de Datos (“AEPD”)

  • Contact details of the AEPD Address: C/Jorge Juan, 6 28001 Madrid, Spain
  • Phone: +34 901 100 099 / +34 91 266 35 17

Data Controller for the purposes of the EU AND UK DATA PROTECTION LAWS is: GSMA Ltd., registered with the Georgia Secretary of State with number 0638146 and  registered offices at 165 Ottley Drive, Suite 203. Atlanta, GA 30324, USA. Our Company is registered with the Georgia Secretary of State with the Control Number ; or the GSMA entity listed on the terms and conditions you sign when registering or signing up for GSMA service, product, or offer.

Data Retention

In general, GSMA retains personal data for the duration of the customer’s or member’s business relationship with the GSMA and where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements).

See More

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

For more information on where and how long your personal data is stored, please contact us by using the details set out in the Your Choices and Control – How to Contact Us section

Privacy Policies of Third Parties

Our Privacy Notice does not apply to services and products offered by other companies and individuals. We are not responsible for the privacy notices and practices of other websites, even if you access them using links or embedded content (e.g videos, images, advertisements, articles etc) from the GSMA-related websites.  Our websites and applications contain links to websites that are maintained and/or controlled by non-affiliated parties. In some instances these websites may be co-branded and display our logos or other trademarks. You can always tell whether you are on one of our websites by checking the uniform record locator (“URL”) on the page that you are visiting.

GSMA is not responsible for the privacy policies and practices of other websites, even if you access them through links from our websites or applications. We strongly recommend that you read the privacy notices and policies provided by these sites before your sign up and providing them your Personal Information, and contact its owner or operator if you have any concerns or questions.