Privacy Notice

Last update: 31 May 2023

Introduction

The GSMA is a global organisation unifying the mobile ecosystem to discover, develop and deliver innovation foundational to positive business environments and societal change. Our vision is to unlock the full power of connectivity so that people, industry, and society thrive. Representing mobile operators and organisations across the mobile ecosystem and adjacent industries, the GSMA delivers for its members across three broad pillars: Connectivity for Good, Industry Services and Solutions, and Outreach. This activity includes advancing policy, tackling today’s biggest societal challenges, underpinning the technology and interoperability that make mobile work, and providing the world’s largest platform to convene the mobile ecosystem at the MWC and M360 series of events. We invite you to find out more at www.gsma.com.

At the GSMA, we take privacy and data protection seriously. The MWC Privacy Notice (“Privacy Notice”) describes the GSMA’s policies and practices regarding the collection, use, sharing, and otherwise processing of your personal data, and sets out your privacy rights.

We recommend that you read this Privacy Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant links below to jump to that section.

Quick links:

1. When this Privacy Notice applies
2. Updates to this Privacy Notice
3. Information that you provide voluntarily
4. Information that we collect automatically
5. Information that we obtain from third party sources
6. Sharing of Information
7. Legal basis for processing personal information
8. Third Party Use of Data
9. Transferring Your Information Outside of the European Economic Area (EEA), UK and Switzerland
10. Data retention
11. Your choices and control
12. Security
13. Minors
14. Contact Us

This Privacy Notice applies to the processing of personal data of participants of MWC Las Vegas 2023 (the “Event”), including attendees, exhibitors, sponsors, speakers, partners, third party personnel and other individuals taking part in the event. This includes personal data obtained via the attendee registration system, the Event app, the partner programme registration system, the exhibitor and partner registration system, digital and/or printed badge and/or facial recognition scanning (at access points, for sessions or for participation in enclosed meeting spaces) at the Event, and the contractor bulk upload system.

Our Privacy Notice does not apply to services and products offered under other GSMA websites or by other companies and individuals. We are not responsible for the privacy policies and practices of other websites, even if you access them using links from GSMA websites. We strongly recommend that you check the privacy notices of each site you visit, and contact its owner or operator if you have any concerns or questions.

We will update the Privacy Notice when necessary to reflect changes in our products and services. If there are material changes to the Privacy Notice or in how GSMA will use your personal data, we will notify you either by prominently posting a notice of the change(s) before they take effect or by directly sending you a notification, and you will have a choice as to whether or not we use your information in this new manner. We encourage you to periodically review the Privacy Notice to learn how GSMA is protecting your information.

If you have any queries about the Notice, please get in touch with us using the contact details set out at Contact Us link below.

3.1 Account Creation and Registration

We collect information you give us when you create an account with us; register for the Event; require a service; download one of our publications or apps, such as our Event app, which will help you navigate the event, facilitate networking and plan your schedule; or subscribe to our publications or newsletter. The information collected includes (but is not limited to) your name, job title, employer name, address, work email, telephone number, job functions, areas of interest, and photograph. If you are a speaker, we may collect additional information such as your professional profile.

By registering for a MWC or M360 Event and opting in to the networking feature, you unlock the opportunity to leverage the networking capabilities within our App for a period of nine (9) months, starting from the last day of the GSMA Event you attended. This extended duration

empowers you to connect and engage with fellow attendees from a wide range of MWC and M360 Events, fostering valuable connections and collaborations.

You may also opt-in to our enhanced networking service when registering for the event. This is a curated networking service which proactively facilitates introductions between like-minded event attendees. If you opt-in, we may use your professional profile, job function, job title, employer name, and areas of interest to match you with an organisation who has expressed an interest in meeting people with a profile similar to yours. We only process your data in this way when choose to opt-in to this service, and we do not share your details with any interested organisation without your express consent. You can opt-out at any time.

We also process your personal data to ensure compliance with the conditions set out in the Event app’s terms and conditions of use and to comply with applicable laws. This may include the development of tools and algorithms that help the app to ensure the confidentiality of the personal data it collects and to show your activities and preferences according to your interests at the time of registration and whilst using the app, in relation to your attendance/performance at the Event.

3.2 Image, Voice and Other Recordings

We, or authorised third parties attending the Event, may also make and store recordings of your image, voice and likeness in certain instances. These images may be used by GSMA in its promotional materials, including on its website and off-line materials (e.g. brochures, etc.) and broadcast on Mobile World Live or other media channels, including social media channels. Authorised third parties, such as exhibitors and sponsors, may also take images of you via their own on-site crews. Journalists will also be in attendance and appropriately identified. As stated in this Privacy Notice, we may also collect and store recordings of your image for facial recognition purposes when you have signed up for that for access control.

Where such images or recordings are taken by an authorised third party, event sponsors, exhibitors, journalists, or the venue (or other security supplier) for security purposes, we require such third parties to provide you with a Privacy Notice relating to same and obtain any necessary consents. We recommend that you check the Privacy Notices of these third parties.

3.3 Badge Scanning

We, or authorised third parties participating in the Event (including exhibitors and sponsors), may collect your personal data by scanning your digital badge. This may occur when you access or exit the venue, enter sessions or other restricted areas at the Event, or enter an enclosed space, meeting room or restaurant. This scanning may occur for the purposes of access control, analytics, event planning, logistics, health and safety, and data sharing with a third party session provider if you have scanned your digital badge or registered to attend that third party's session.

3.4 Social Media Networks

If you access and become a follower of GSMA’s official social media pages, your personal data will be processed in accordance with this section of the Privacy Notice, alongside the

conditions of use, privacy policies and access regulations that belong to the applicable social network, which you would have previously accepted.

You can consult the privacy policies of the main social networks in these links:

• Twitter: https://twitter.com/es/privacy
• LinkedIn: https://es.linkedin.com/legal/privacy-policy
• Instagram: https://privacycenter.instagram.com/policy/

We may process your personal data to properly manage your presence in the social network, inform you of our activities, products or services, or for other purposes that the regulations of social networks allow.

We also collect information about you when you use our services or products. For example, we may collect such information when you visit our websites or app, or view and interact with our ads and content. This information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, other information that is provided by the end user device and usage information about the use of the GSMA’s websites and web applications, including a history of the pages you view. We also use cookies and web beacons. You may view our Cookie Policy here.

From time to time, GSMA receives personal information about individuals from third parties. This may happen, for instance if your employer is a member of GSMA and signs you up for an event or training or if your employer (or entity by whom you are engaged as a contractor or temporary staff member) provides services to GSMA and you are involved in the provision of these services.

Additionally, this may occur when an authorised third party provides GSMA with access to information obtained from badge scanning. We will check that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

We process your personal information for account administration, to deliver the products and services you require, and, where you provide the applicable consent, to inform you of GSMA-related events, meetings, content, initiatives and other benefits or opportunities associated with GSMA or the industry. We may also use this information to help us understand your needs and interests to better tailor our products and services.

We may contact you by any means of communication that you have authorised, including e-mail, telephone, and post. You can tailor and modify what you receive from us at any time by using our preference centre. You can also unsubscribe at any time via the unsubscribe button present in all of our electronic messages or by using the Contact Us section below.

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect

your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

We do not sell personal information to anyone and do not otherwise reveal your personal data to third-parties for their independent use unless:

• you request or authorise it, for instance by registering for a summit or a partner programme;
• you register for (or scan your digital badge to participate in) a speaking session, tour or other event that is sponsored or hosted by a third party in which case GSMA may subsequently share your personal data with the third party, who may contact you in connection with the selected speaking session, tour or other event (as applicable). We may also share your personal data with such parties for direct marketing purposes (with your consent);
• it is required in connection with the delivery of GSMA events;
• it is provided to any competent law enforcement body, regulatory, government agency, court or other third party in order to comply with the law, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others. This includes relevant law enforcement bodies for security purposes;
• it is provided to GSMA affiliated companies, including GSM Association, GSMA 4FYN Event Management S.L., GSMA (Shanghai) Co., Ltd., GSMC Event Project Management S.L., and GSM Conference Services Limited, for processing in accordance with this Privacy Notice;
• it is provided to our agents, vendors or service providers who perform functions on our behalf, including, for example, service providers that provide registration, access control, lead retrieval, security and venue services for the Event or that support the delivery of, provide functionality on, or help to enhance the security of our Website and our Event app.

In particular, the data collected by the Event app will be sent to Firebase and Big Query databases belonging to Google, for data query and reporting on the operation of the application and user behaviour within it. For more information, you can consult the Firebase and Google Cloud privacy notices:

• https://firebase.google.com/support/privacy?hl=es-419;
• https://cloud.google.com/terms/cloud-privacy-notice

If you choose to opt-in to enhanced networking offered at the Event, your data (i.e. your name, contact details, professional profile and interests) will be shared with Sales Explorers in order to deliver the service. Enhanced networking consists of a personalised, curated networking service which facilitates introductions between like-minded event attendees. You can opt-out of enhanced networking at any time.

For more information, you can consult the Sales Explorers privacy notice here: https://salesexplorers.com/privacy-policy/ and read the FAQs here.

• it is provided to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
• it is provided to any other person where you have consented to the disclosure.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you on the following bases:

7.1 Consent

We process your personal information where you have given us your consent. You can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

7.2 Performance of a Contract

We process your personal information where we need this to perform a contract with you (e.g. terms of service). If we rely on this legal basis, we will make this clear to you and advise you whether the provision of this information is mandatory (as well as the possible consequences of failing to provide this information).

7.3 Legitimate Interests

We process your information where the processing is in our legitimate interests and this is not overridden by your data protection interests or fundamental rights and freedoms. If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make those legitimate interests clear to you and/or they will be our legitimate interests in organising the Event in compliance with applicable laws and our contractual obligations.

7.4 Legal Obligation

There may be circumstances where we are legally required to process your personal information. In these cases, we will make these requirements clear to you and advise you whether or not the provision of information is mandatory (as well as the possible consequences of failing to provide your information).

For example, we are legally obliged to provide personal data of attendees and vendor personnel (i.e. name, date of birth, nationality, document type and number and date of issue) to law enforcement authorities in connection with the safety and security of the Event. Any failure to provide this information will mean that we cannot register you for the Event and/or permit you to access the venue).

7.5 Public Interest & Protection of Vital Interests

In some cases, we may be required to process your personal information for reasons of public interest. We may also need to collect and use your personal information to protect your vital interests or those of another person, for example, in case of a medical emergency during the Event.

If you have any questions or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact us” heading below.

Exhibitors, sponsors, partners or other third parties participating at the Event may wish to scan your physical/digital badge to facilitate networking and business relationships at the Event or to contact you post-Event. You understand that your physical/digital badge holds secure data related to you, including your name, mobile number, email, address, company, job title, job function and areas of interest. If you allow your attendee digital badge to be scanned, you are explicitly consenting to the exhibitor, sponsor, partner or other third party collecting and using your personal data contained in the digital badge. If you wish to withdraw consent or to exercise any data protection rights with regard to how such recipients process and use your personal data, you must do so directly with such recipients.

Additionally, our website and Event app include embedded content from other websites (e.g. videos, images, advertisements, articles etc.). This embedded content from other websites behaves in exactly the same way as if you had visited that other website. In this regard, these websites may collect data about you, use cookies, embed additional third-party tracking code, and monitor your interaction. GSMA is not responsible for the privacy policies and practices of other websites, even if you access them through links from our websites or applications.

We recommend that you check the privacy notices and policies of these third parties before providing them with your personal information.

GSMA Ltd is based in the US. Therefore, your information may be collected, transferred to, or otherwise processed by us, our affiliated or associated companies, or third parties (disclosed above) who are based in countries outside of the EEA, UK and Switzerland.

Where we transfer personal data from the EEA, UK and Switzerland to other countries we use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the EU Commission, to ensure your rights and protections travel with your data.

In general, GSMA retains personal data for the duration of the customer’s or member’s business relationship with the GSMA and where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

For more information on where and how long your personal data is stored, please contact us by using the details set out at the “Contact Us” section below.

Many privacy laws provide individuals with certain rights and enable them to make meaningful choices about the use of their personal information.

If you are located in a European Union member state, or certain other countries, you can exercise the following data subject rights:

• Confirmation of processing – you can ask us to confirm if we are processing your personal information;
• Access – you can ask us to provide a copy of the personal data that we hold about you
• Rectification – you can ask us to rectify the record of your personal data that we maintain;
• Restrict or object to data processing – you can ask us to restrict the processing of your personal data or object to the processing of your personal data, including for marketing purposes and we will deal with such request in accordance with applicable law;
• Deletion – you can ask us to delete some or all of the personal data that we hold about you; we will deal with such requests in accordance with applicable law;
• Portability – in certain circumstances, you can ask GSMA to provide you a copy of your personal data in a structured, electronic format, or to transmit it directly to another data controller, where technically feasible.

We also provide many choices in relation to our marketing communications via our preference centre.

If you wish to exercise any of these rights, please contact us by filing out this DSAR form.

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how GSMA processes your personal data.

We are committed to protecting the security of your personal information. We have implemented appropriate physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to employees on a need-to-know basis in order to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

The Event environment may not be suitable for an individual younger than 18 years of age (“Minor”). However, we acknowledge that there may be circumstances in which a guardian needs to bring a Minor to the Event in the absence of adequate childcare. In these cases, we are committed to providing the Minor with a safe experience. Therefore, we may be required to process the Minor’s personal information for Event access purposes and provide it to the US enforcement authorities in connection with the safety and security of the Event. Therefore, we may be required to process the Minor’s personal information for Event access purposes and provide it to law enforcement authorities in connection with the safety and security of the Event. Any failure to provide the Minor’s information will mean that we cannot register you and the Minor for the Event and/or permit you and the Minor to access the venue).

In any case, we will make these requirements clear to you and advise you whether or not the provision of information is mandatory (as well as the possible consequences of failing to provide your information).

We are GSMA Ltd., with registered offices at 165 Ottley Drive, Suite 203. Atlanta, GA 30324, USA. Our Company is registered with the Georgia Secretary of State with the Control Number 0638146.

We are the Data Controller for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679)).

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, or if you do not wish us to continue using your information as outlined above, you can do so by sending an e-mail to [email protected] or write to Data Privacy – Legal, GSMA Ltd., 1 Angel Lane, London, EC4R 3AB, United Kingdom.