鶹ӳ

Privacy Notice for MWC Barcelona and 4YFN attendees

(Last Updated 4 November 2025)

1.   Who we are and what is the purpose of this privacy notice?

We are: (i) GSMA Ltd LLC (“GSMA”, “we”, “us” or “our”), the organiser of MWC Barcelona (“MWC Barcelona”), with registered offices at 3445 Peachtree Road, Atlanta, Georgia 30326, United States of America; and (ii) GSMA 4YFN Event Management S.L. (“GSMA 4YFN“), the organiser of the 4YFN event (“4YFN”), co-located at MWC Barcelona, with registered offices at Fira Barcelona Montjuic, Side Entrance Hall 1, Avinguda de la Reina, Maria Cristina, 08004, Barcelona, Spain.

MWC Barcelona and 4YFN are individually referred to as the “Event” and collectively referred to as the “Events”.

This privacy notice (“Privacy Notice”) explains how GSMA and GSMA 4YFN collect and process your personal data in connection with your participation as an attendee at MWC Barcelona and/or 4YFN (“you”, “your” or “yours”).

If you are: (i) an exhibitor; (ii) a contractor engaged by MWC Barcelona or 4YFN exhibitors; or (iii) a member of their personnel, this Privacy Notice does not apply to you. Please refer instead to the Privacy Notice for MWC Barcelona and 4YFN exhibitors and contractors.

GSMA Ltd LLC is the controller of your personal data under the EU General Data Protection Regulation (“GDPR”). For certain processing activities outlined in section 3 below, GSMA 4YFN acts as a joint controller with GSMA Ltd LLC.

GSMA is the controller of your personal 鶹ӳ.

2.   What categories of personal data do we collect and process about you?

In this Privacy Notice, when we mention “personal data”, we mean any 鶹ӳ that is about you. 

We may process the following personal data about you:

  • Contact Data: full name, email address, gender, country/region, address, city, state/province, postcode/zip code, country code and mobile phone number.
  • Profile Data: company name, job title, job level, area of responsibility, company industry type, areas of interest, networking preferences and profile photo.
  • ID Data: 鶹ӳ from your passport or EU National Identity Card (“ID document“): full name, date of birth, nationality, type of ID document, ID document number, country issuing the ID document, expiry date of the ID document and ID portrait photo.
  • Photograph: photo of your face.
  • Billing Data: company name, full name, billing address, country / region, VAT number or tax ID, and PO number / reference.
  • Audiovisual Data: video and audio recordings, including photographs.
  • Biometric Data: personal data resulting from specific technical processing of your Photograph and ID portrait photo, which uniquely identify you.
  • Usage Data: device IDs, IP address, 鶹ӳ on your use of our website or mobile apps, and other usage data.
  • Login Credentials: username, email address and password for your GSMA Global Events Account.
  • Disability Status: your percentage (%) of disability from: (i) your Official Disability Accreditation Card recognized by an official body or administrative authority recognised in Spain; or (ii) equivalent accreditation.
  • VIP 鶹ӳ: If you have a VIP pass or you are a VIP guest, we may collect the following additional personal data about you:
  • Guest Data: full name, email address and guest title.
  • Flight Data: airline name, flight number, city of departure, arrival airport, arrival date, arrival time and number of pieces of luggage.
  • Hotel Data: hotel name and hotel address.

3.   For what purposes do we process your personal data?

We may process your personal data for the purposes described below. We also set out the categories of personal data that we process for each purpose and our lawful basis under GDPR for undertaking the processing purpose we have described.

3.1. Registration and GSMA Global Events Account creation

  • Description: We will collect your personal data to register you for the Event and create your GSMA Global Events Account. With your GSMA Global Events Account you may also register for other GSMA events.
  • Data categories: Contact data, ID Data, Photograph, Billing Data and Login Credentials.
  • Lawful basis: Performance of a contract.

3.2. Digital Access Pass

  • Description: We will use your personal data to grant you a Digital Access Pass that will be available for you in your GSMA Global Events Account and allow you to enter the Events area.
  • Data categories: Contact Data, Profile Data and Photograph.
  • Lawful basis: Performance of a contract.

3.3. ID Document Validation and Identity Verification (“Validate & Verify”)

  • Description: Further to the “validate and verify” registration and entry process requirements mandated by the MWC Barcelona Security Plan and delivered by the Catalan Police (Cos de Mossos d’Esquadra), GSMA is instructed to:
  1. Validate the authenticity of your ID document and verify your identity (“ID Validation”) to prevent fraudulent activities such as false representation or identity theft; and
  2. Re-verify your identity each time you access the venue to ensure that only authorised attendees with a previously validated ID document are granted access to the Events.

You may complete your ID Validation through one of the following options:

  • Option 1: Biometric: The Biometric option enables instant ID Validation. Our online registration system will collect the required 鶹ӳ from your ID document and undertake image analysis to compare your ID portrait photo with the Photograph (i.e. live selfie). Your biometric 鶹ӳ will be deleted immediately after the process is complete (i.e. within milliseconds).
  • Option 2: Non-Biometric: The Non-Biometric option does not offer instant ID Validation. Our registration system will collect the required 鶹ӳ from your ID document and a GSMA representative will then visually compare your ID portrait photo with the Photograph (i.e. live selfie or photo image file) to verify your identity. There is no Biometric Data involved in this option.
  • Option 3: Live Video: The Live Video option enables ID Validation through a video call with a GSMA representative. You will have to: (i) present your ID document to the GSMA representative; (ii) manually input the required 鶹ӳ from your ID document so that it can be entered into our registration system; and (iii) provide a Photograph (i.e. live selfie or photo image file). There is no Biometric Data involved in this option.

Please read our FAQs for more 鶹ӳ about our MWC Barcelona Validate & Verify process. We will also provide guidance on each step of the registration process.

  • Data categories: ID Data, Photograph and Biometric Data.
  • Lawful basis: (i) For Biometric: explicit consent; and (ii) For Non-Biometric and Live Video: consent (where you consent to the processing of your ID document); and (iii) legitimate interest (where you select to undertake the Live Video option).

3.4. 鶹ӳance at the Events

  • Description: We will process your personal data for the purpose of your attendance at the Events, including granting you access to the Events area, facilitating your participation in meetings, sessions and other activities at the Events and to communicate with you about the organisation, logistics and running of the Events.
  • Data categories: Contact Data, ID Data and Photograph.
  • Lawful basis: Performance of a contract.

3.5. Billing

  • Description: We will process your personal data for payment processing and billing purposes as well as for tax and accounting purposes.
  • Data categories: Contact Data and Billing Data.
  • Lawful basis: Performance of a contract and compliance with legal obligations.

3.6. MWC Networking

  • Description: Opting into networking allows you to connect and engage with attendees from a wide range of MWC and M360 events. You may use networking features either in the MWC Series App or a web-based version. You can easily opt-out from networking in the MWC Series App.
  • Data categories: Contact Data and Profile Data.
  • Lawful basis: Consent.

3.7. Enhanced Networking

  • Description: To maximise your experience at GSMA events, we offer personalised networking service that facilitates introductions between attendees, exhibitors and our sponsors. We will share your personal data with exhibitors and sponsors if you have signed up to Enhanced Networking for networking purposes. You can easily opt out of Enhanced Networking by clicking unsubscribe link in any email from us.
  • Data categories: Contact Data and Profile Data.
  • Lawful basis: Consent.

3.8. VIP Airport Meet & Assist / VIP Airport Transfer

  • Description: If you have bought a VIP pass and signed up for an Airport Meet & Assist Service and/or a VIP Airport Transfer, we will use your personal data to provide you with these Services.
  • Data categories: Contact Data, ID document, Company name, Flight Data and Hotel Data.
  • Lawful basis: Performance of a contract.

3.9. Information for VIP’s guests

  • Description: If you are a VIP’s guest, we may process your personal data to provide you with a transfer from the airport to your hotel. Your VIP (or designated VIP agent) will provide us with your personal data for this purpose.
  • Data categories: Guest Data, Flight Data and Hotel Data.
  • Lawful basis: Performance of a contract and legitimate interest.

3.10. Broadcasting

  • Description: During the Events we make video and audio recordings of the venue, sessions, meetings and attendees, or take photographs of you. These recordings, some of which may be found at our “Press Zone” may be used to promote the Events, broadcasted, published, streamed (live or later) on public television networks, TVs at the Events and on other media such as social media, radio, internet or our media partner’s own channels. Your image and voice may be recorded in the background of such recordings or as a direct contributor to such recordings, for example, where you are interviewed.
  • Data categories: Contact Data and Audiovisual Data.
  • Lawful basis: Performance of a contract or legitimate interest for promotion, marketing, raising awareness about the Events and attracting new attendees.

3.11. Speakers

  • Description: If you are a speaker at the Events, we may process 鶹ӳ from your professional profile, images or video of you, recordings of your voice and other 鶹ӳ about you that is included in the materials presented by you during the Events.

We will use this 鶹ӳ to promote the session and/or a meeting you are speaking at. We may also record the session and broadcast/publish/stream it (live or later) on various media, including public television networks, TVs at the Events and on other media such as social media, radio or the internet.

Your professional profile and image may be used by our AI chatbot service installed on our websites. The purpose of the chatbot is to inform attendees and website users about sessions, meetings and speakers at the Events.

  • Data categories: Contact Data, Profile Data, Audiovisual Data and Other Data relating to the session you are taking part in.
  • Lawful basis: Performance of a contract or legitimate interest for enabling the proper organisation and management of the session or meeting, promotion and marketing, raising awareness about the Events and attracting new attendees.

3.12. LinkedIn

  • Description: You may link your GSMA Global Events Account with your LinkedIn account or choose to use your LinkedIn account to log into your GSMA Global Events Account. This will allow you to share content related to MWC Barcelona on your LinkedIn profile. We will not share any content through your LinkedIn account without your consent. For more 鶹ӳ on how LinkedIn may use your personal data see
  • Data categories: Email address, LinkedIn ID and LinkedIn Token.
  • Lawful basis: Consent.

3.13. Lead Retrieval

  • Description: As part of networking at the Events, you may allow your networking badge to be scanned by exhibitors sponsors or GSMA through scanning devices operated by GSMA or its authorised third-party providers. When your networking badge is scanned by an exhibitor or sponsor, GSMA will share your contact details so they may contact you for direct marketing purposes in accordance with their own privacy notices. When your networking badge is scanned by GSMA (e.g. at a partner programme), the GSMA group (specifically GSMA Ltd LLC, GSMA 4YFN Event Management, S.L., GSM Association, GSMA Advisory Services Ltd and GSMA Services LLC) may contact you for direct marketing purposes. You can always tailor what you receive from us at any time, through our , or unsubscribe, should you wish.
  • Data categories: Contact Data.
  • Lawful basis: Consent.

3.14. Partner Programmes & Summit Sponsors Lead Generation

  • Description: Our partners may host a summit or conference at the Events. Your Digital Access Pass will be scanned upon entry to the summit or conference. You may also be able to participate in a partner summit or conference online. If you sign up to a summit or conference (whether it’s held onsite at the Events or online) we will share your personal data with our partners to facilitate the organisation of sessions which you attend, for communications related to that event as well as invitations to stay in touch with the partner who organised the summit or conference.
  • Data categories: Contact Data and Profile Data.
  • Lawful basis: Performance of a contract (with respect to the attendance in the partner event); and legitimate interest (for data sharing with our partners) to facilitate the organisations of sessions you attend and to allow our partners to contact you about the Events.

3.15. Accredited Media and Industry Analysts

  • Description: If you register as a member of the media and industry analyst community, we will include your contact details on a Media and Industry Analyst Registration List which is used for the communication of key industry announcements and activities. We will share that list including your personal data with exhibitors, sponsors and selected strategic third parties for contact purposes. If you do not wish for your personal data to be included in the Media and Industry Analyst Registration List, you may opt out at any time.
  • Data categories: fullname, job title, email address, company/organization name and country.
  • Lawful basis: Our legitimate interests, which involves sending you announcements and industry updates and sharing your data with exhibitors and our partners.

3.16. MWC Series App

  • Description: We will process your personal data, when you use the MWC Series App to access the Events via the Digital Access Pass, generated in the MWC Series App.
  • Data categories: Login Credentials, Contact Data, Profile Data, Photograph and Usage Data.
  • Lawful basis: For 鶹ӳ on the lawful basis we rely on when processing your personal data in connection with the App, please read the Privacy Notice for MWC Series App.

3.17. Direct Marketing

  • Description: We may send you marketing communications about the Events, services or products (e.g. via email) if you provide your consent or we have another lawful basis to do so. We may send you communications tailored to your interests and profile.
  • Data categories: Contact Data, Profile Data and Usage Data.
  • Lawful basis: Consent or legitimate interest involving processing your personal data for direct marketing purposes.

3.18. Profiling

  • Description: We may analyse your personal data for profiling purposes, to improve our marketing activities and create more relevant news and communications for our customers.
  • Data categories: Contact Data, Profile Data and Usage Data.
  • Lawful basis: Legitimate interest involving processing your personal data for marketing, including profiling purposes.

3.19. Surveys

  • Description: We may send you feedback surveys to learn more about your experience and to improve our services and organisation of the Events.
  • Data categories: Contact Data and Profile Data.
  • Lawful basis: Legitimate interest involving sending you surveys after the Event to improve the organisation and functioning of the Event.

3.20. Analytics

  • Description: We may use your personal data to help us better understand the demographics, backgrounds and interests of attendees at the Events. We will use this 鶹ӳ to create aggregated and statistical 鶹ӳ (which does not directly identify you) to support us with reporting on the outcomes of the Events and to improve future events.
  • Data categories: Contact Data, Profile Data, Billing Data and Usage Data.
  • Lawful basis: Legitimate interest involving processing your personal data for analytical purposes.

3.21. Incident/Accident Reporting & Security

  • Description: The owner of the venue (Fira) is primarily responsible for responding to incidents and accidents that happen during the Events and ensuring security at the Events. However, in some cases we may also be involved in responding to incidents and/or accidents at the Events and use your personal data for our own internal investigations.
  • Data categories: Contact Data, ID Data, Audiovisual Data and data relating to the incident/accident.
  • Lawful basis: Compliance with legal obligations and legitimate interest involving managing incidents and accident and ensuring security at the Events.

3.22. Data Subjects’ Requests and Enquiries

  • Description: We may process your personal data if you make a data subject request (e.g. access to data, erasure, etc.) or submit an enquiry/complaint.
  • Data categories: Contact Data and other data relevant to the data subject’s request.
  • Lawful basis: Compliance with legal obligations; for the establishment, exercise or defence of legal claims; or legitimate interest involving processing your request and/or responding to your enquiry.

3.23. Accommodation Services Offered by our Partner

  • Description: We may process your email address to check the status of your accommodation reservation or retrieve your booking from bnetwork. If you consent, we will share your Contact Data and user ID with bnetwork to facilitate your accommodation booking process.
  • Data categories: Contact Data, user ID, Hotel Data.
  • Lawful basis: Consent.

3.24. Accessibility – Companion Pass

  • Description: If you apply for a companion pass, we will process your disability status (i.e. your percentage (%) of disability) from: (i) your Official Disability Accreditation Card recognized by an official body or administrative authority recognised in Spain; or (ii) equivalent accreditation.

Please noteonly the disability percentage is required. There is no need to submit health certificates or any other medical documentation. If any such documents are submitted accidentally, we will delete them immediately to ensure your privacy.

Please also note that both the attendee and the companion must be registered for the event in accordance with our “Validate & Verify” registration and entry process (see our FAQs).

For more 鶹ӳ about our MWC Accessibility Program, please read here.

  • Data categories: Contact Data and Disability Status.
  • Lawful basis: We process your Disability Status in order to fulfil tasks within the public interest and to exercise your statutory rights pursuant to social security and social protection laws. The processing of your Contact Data is based on our legitimate interests, which involves processing your request for a companion pass.

GSMA and GSMA 4YFN are joint controllers of your personal data for the processing activities described in points 3.4, 3.5, 3.10, 3.13 – 3.15, 3.17 – 3.21 above. However, GSMA 4YFN acts as a joint controller only in relation to the personal data processed for the specific purposes associated with 4YFN. If you do not attend 4YFN, your personal data will not be processed by GSMA 4YFN.

Consent

Where we process your personal data based on consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted on other lawful processing grounds.

Legitimate Interest

If we collect and use your personal data based on our legitimate interest (or of a third party), you may object to such processing. In that case we will no longer process your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where we process your personal data for direct marketing purposes, you may object to such processing at any time.

4. Marketing

If you provide us with your consent or we have another lawful basis for sending marketing communications, we may process your personal data for direct marketing purposes using different communication channels such as MWC Series App or email.  

You can update your marketing communication preferences anytime in the preference centre on our website. You can access the via the unsubscribe link included in each email from us.

5. Automated processing

We will not use your personal data to make a decision about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for a contract between us and you, is permitted by law or you have provided us with your consent for such processing.

6. How do we collect your personal data?

  • Directly from you, for example when you register for the Event, create your GSMA Global Events Account, subscribe for our marketing communications, use our services or products, interact with our apps or websites, communicate with us via email or other means.
  • From third parties, for example from your employer or entity engaged with you on a professional basis, social media (e.g. LinkedIn), a person who bought a Pass for you and signed you up for the Event, or from other attendees.

7. Who has access to your personal data?

We may share your personal data with the following recipients:

  • Our agents, vendors, or service providers who perform functions on our behalf or provide services to us: for example, providers of registration, access control, security and venue services, IT service providers, accounting service providers or hosting service providers.
  • Authorities where we are required to do so by law, or have other lawful basis to do so, for example for security reasons, identity verification or in connection with criminal or regulatory investigations.
  • Outside advisors, including legal counsels for the purpose of defence of legal claims, or regulatory proceedings.
  • Our Affiliates for examplefor administrative purposes, group reporting, or provision of other services.
  • Social media, if you decide to pair your LinkedIn account with your GSMA Global Events Account or when you publish our content on your social media profiles.
  • Our partners and exhibitors, when you, for example sign up for our Enhanced Networking service or summits/conferences organised by our Event partners and sponsors, you provide your consent, or we otherwise have a lawful basis for sharing your personal data with them.
  • Payment processor, who handles payments for our services.
  • Our accommodation partner who provides accommodation services for attendees.
  • Other third parties as may be disclosed to you at the time of registration or detailed in the terms and conditions of the Event or MWC Series App.

Please note that this list is non-exhaustive, and we may need to share your personal data with other parties in connection with the Event or to effectively deliver our services.

8. International data transfers

As we operate via a global network of corporate offices, booking and service centres, and data centres, it may be necessary to transfer your personal data internationally, i.e. outside of the country where it was originally collected or outside of your country of residence.

Where we transfer personal data that originates in the European Union (“EU”), the United Kingdom (“UK”) or Switzerland to a country outside the EU, the UK or Switzerland, we will ensure such transfer is made in accordance with applicable laws. We use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the European Commission, to ensure your rights and protections travel with your data.

9. How long do we keep your personal data?

Your personal data will be deleted as follows:

  • Information relating to your GSMA Global Events Account (i.e. Contact Data, Profile Data, Photograph used for networking, Usage Data and Login Credentials) will be deleted if You (the GSMA Global Events Account holder) do not have at least one complete registration in the 12 months prior to the launch of the registration system for the next edition of MWC Barcelona happening November each year.
  • ID Data, Photograph used for Digital Access Pass, Guest Data, Flight Data and Hotel Data will be deleted 24 hours following the end of the event dismantle.
  • Biometric Data, if you select Biometric ID validation, will be deleted immediately (in fractions of a second) after the process has been completed.
  • Disability Status will be deleted immediately after the companion pass has been issued.

We may retain your other personal data for the duration of our legal relationship with you or to comply with applicable regulations (e.g. tax or accounting). You may contact us anytime if you want to know more about how long we will keep your personal data.

The time periods for the storage of the MWC Series App users’ data are included in the Privacy Notice for MWC Series App.

10. Your rights as a data subject

Below you will find descriptions of rights that you may be able to exercise in relation to the personal data we process about you.

  • Confirmation of processing – you can ask us to confirm if we are processing your personal data.
  • Access – you can ask us to provide a copy of the personal data that we hold about you.
  • Rectification – you can ask us to rectify the record of your personal data that we maintain.
  • Restrict – you can ask us to restrict the processing of your personal data in certain situations.
  • Object to processing – you can object to the processing of your personal data where we process your data based on our legitimate interests or for direct marketing purposes.
  • Deletion – you can ask us to delete some or all the personal data that we hold about you.
  • Portability – in certain circumstances, you can ask GSMA to provide you a copy of your personal data in a structured, electronic format, or to transmit it directly to another data controller, where technically feasible.

You have the right to contact the relevant data protection authority if you have concerns about how GSMA or GSMA 4YFN process personal data. Our lead data protection authority in the EU is the Agencia Española de Protección de Datos.

However, we encourage you to contact us directly in the first instance so that we can attempt to address your concerns directly. For additional questions or 鶹ӳ concerning the processing of your personal data or if you would like to exercise one of your rights, you can email us at dataprivacy@gsma.com

11. MWC Series App

MWC Series App can be downloaded by attendees to use the Digital Access Pass to access the venue and participate in the Events.

Through the MWC Series App you will also be able to network with other attendees as well as access an event agenda, exhibitor list, food and transport facilities, and a map of the Events venue. You can learn more about MWC Series App in the Privacy Notice for MWC Series App.

12. Biometric data processing

We may process your Biometric Data in order to verify your identity as part of the registration process. For this data processing, we will rely on your explicit consent.

If you choose Biometric ID validation, we will ask you to present your ID document and a Photograph during the registration process. As stated in section 3.3 (“ID Document Validation and Identity Verification“), our online registration system will collect the required 鶹ӳ from your ID document and undertake image analysis to compare your ID portrait photo with the Photograph (i.e. live selfie). Your biometric 鶹ӳ will be deleted immediately after the process is complete (i.e. within milliseconds).

Please read more about our biometric data processing and available ID Validation options in the GSMA’s 鶹ӳee Terms and Conditions for Events and FAQs.

13. Minors

The Event is subject to a minimum age limit, which means at least 16 years of age at the date of attending the Event. Any attendees under the minimum age limit shall be considered a minor (“Minor”). For more 鶹ӳ, please read our FAQs.

We may collect the following 鶹ӳ about Minors: full name, age as it will be at the start date of the Event and, where applicable, ID document. We will associate this with 鶹ӳ about the parent/guardian attending the Event with the Minor, (i.e. – guardian’s full name, guardian’s email address used for Event registration and guardian’s relationship to the Minor). Any failure to provide personal data about the Minor or a guardian/parent will mean that we cannot register the Minor for the Event and/or permit them to access the Event.

In case we process the data of a Minor, we will do so only with permission from their parent or guardian.

14. CCTV recordings

The Events premises are monitored by the venue owner, Fira, for security reasons. Fira may be asked by authorities to provide CCTV recordings for specific time periods as part of investigations regarding visitors, contractors or other personnel. We do not manage or keep these recordings. For more 鶹ӳ, you can check the details of this data processing on the Fira’s informative CCTV signs placed at the venue.

15. Contact us

You can contact us with any enquiry relating to your personal data by filling out , sending an email to dataprivacy@gsma.com or writing to:

Data Privacy – Legal

GSMA Ltd LLC, 1

 Angel Lane,

London, EC4R 3AB

United Kingdom