鶹ӳ

Privacy Notice for MWC Barcelona and 4YFN exhibitors and contractors

(Last Updated 4 November 2025)

1. Who we are and what is the purpose of this privacy notice?

We are GSMA Ltd LLC, (“GSMA”, “we”, “us” or “our”), the organiser of MWC Barcelona event (“MWC Barcelona”), with registered offices at 3445 Peachtree Road, Atlanta Georgia 30326 United Stats of America and GSMA 4YFN Event Management S.L., (“GSMA 4YFN”), the organiser of the 4YFN event (“4YFN“) co-located at the MWC Barcelona, with registered offices at Fira Barcelona Montjuic, Side Entrance Hall 1, Avinguda de la Reina, Maria Cristina, 08004, Barcelona, Spain.

MWC Barcelona and 4YFN are individually referred to as the “Event” and collectively referred to as the “Events”.

This privacy notice (“Privacy Notice”) explains how GSMA and GSMA 4YFN collect and process your personal data in connection with your participation as an exhibitor or contractor at the Events (or as a member of their personnel)(“you”, “your” or “yours”).

If you are an attendee, this Privacy Notice does not apply to you. Please refer instead to the Privacy Notice for MWC Barcelona and 4YFN attendees.

GSMA Ltd LLC and GSMA 4YFN Event Management S.L. are independent controllers of your personal data under the EU General Data Protection Regulation (“GDPR“).

2. What categories of personal data do we collect and process about you?

In this Privacy Notice, when we mention “personal data”, we mean any 鶹ӳ that is about you.

We may process the following personal data about you:

  1. Contact Data: full name, email address and mobile phone number.
  2. ID Data: data from your passport or EU National ID card (“ID document“), i.e. full name, nationality, type of ID document, ID document number, date of birth, date of expiry, issuing government, city of residence and country issuing the ID document.
  3. Company Data: your company name, job title and industry.
  4. Login Credentials: username, email address and password for the Online Event Manual.
  5. Billing Data: company name, full name, billing address, country / region, VAT number or tax ID and PO number / reference.

3. For what purposes do we process your personal data?

We may process your personal data for the purposes described below. We also set out the categories of personal data that we process for each purpose and our lawful basis under the GDPR for undertaking the processing purpose we have described. 

A) For MWC Barcelona and 4YFN exhibitors and their personnel

1. Contact form for sponsors or exhibitors

  • Description: We may process your personal data to respond to your interest in becoming a sponsor or exhibitor at the Event(s). We may have received your enquiry via email, phone, the contact form for exhibitors and sponsors on our website, or other channels.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for using your personal data for contact and business development purposes.

2. Contract performance

  • Description: We will process your personal data for the performance of the Standard Terms and Conditions for Exhibition, Advertising and Sponsorship between GSMA or GSMA 4YFN and exhibitor. These purposes include, among others, building and dismantling a stand, organisation of the Events and logistics, stand plan submission, provision of 鶹ӳ and instructions useful for exhibitors and sponsors.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for using your personal data for different purposes related to the performance of the contract with our exhibitor or sponsor.

3. Webinars and onsite meetings and conferences

  • Description: We may invite you to webinars, online trainings and/or onsite meetings and conferences related to organisation, logistics, promotion and running of the Events. If you register for an onsite meeting or conference held at a third-party venue, we will share your personal data with such third-party for security and access control. Your personal data will be processed in accordance with third-party privacy notice.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for conducting training(s) and onsite meetings for exhibitors and their personnel, within the coordination of the Events logistics, and functioning of the Events.

4. LinkedIn group

  • Description: We may invite you to join our LinkedIn group, created to share 鶹ӳ on the organisation, logistics and running of the Event. Your further use of LinkedIn group will be governed by
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for the creation of a LinkedIn group to ensure the delivery of important organisational 鶹ӳ for exhibitors, proper organisation and functioning of the Event.

5. Newsletters

  • Description: We may send you newsletters, guidelines and other 鶹ӳ to bring you the latest news and announcements about the Events and its organisation.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for sending you 鶹ӳ related to the organisation and functioning of the Events.

6. Surveys

  • Description: We may send you feedback surveys to learn more about your experience and to improve our services and organisation of the Event.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for sending you surveys after the Event to improve the organisation and functioning of the Event.

7. Analytics

  • Description: We may use your personal data to help us better understand the demographics, backgrounds and interests of our exhibitors at our Events. We will use this 鶹ӳ to create aggregated and statistical 鶹ӳ (which does not directly identify you) to support us with reporting on the outcomes of the Events and to improve future events. 
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest involving processing your personal data for analytical purposes.

8. Donation Room

  • Description: We may use your personal data to manage your participation in the “Donation Room” initiative (read for more 鶹ӳ).
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest in managing your participation in the Donation Room.

B) For contractors engaged by MWC Barcelona and 4YFN exhibitors and their personnel

1. Registration process for contractors at MWC Barcelona

  • Description: We will collect your personal data for registration purposes.
  • Data categories: Contact data, ID Data and Company Data.
  • Lawful basis: Legitimate interest involving identity checks of all individuals who enter the Event area.

2. Identity checks

  • Description: All individuals entering the venue are required to provide their ID document for an onsite identity check. ID documents may be also used by the police for background security checks.
  • Data categories: Contact data, ID Data and Company Data.
  • Lawful basis: Legitimate interest for performing identity checks of all individuals who enter the Event area.

3. VIP Car stickers

  • Description: We may process personal data of VIP car drivers and the personnel of VIP car service providers to provide them with a VIP Car sticker and grant them access to the “VIP Pick-Up & Drop-Off” area.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Legitimate interest for processing personal data of VIP car drivers and the personnel of VIP car service providers to provide them with a VIP Car sticker and grant them access to the “VIP Pick-Up & Drop-Off” area.

C) For MWC Barcelona and 4YN exhibitors, contractors, and their personnel

1. Direct Marketing

  • Description: We may send you marketing communications about our MWC events, services or products (e.g. via email) if you provide your consent or we have another lawful basis to do so.
  • Data categories: Contact data and Company Data.
  • Lawful basis: Consent and/or legitimate interest for processing your personal data for direct marketing purposes.

2. Online Event Manual

  • Description: MWC Barcelona and 4YFN exhibitors and contractors may be granted access to the Online Event Manual where we make available our Events’ rules and regulations, instructions, forms, manuals and other useful 鶹ӳ regarding the organisation of the Events.
  • Data categories: Contact data and Login Credentials.
  • Lawful basis: Legitimate interest for providing you with access to useful materials and 鶹ӳ regarding the organisation of the Events.

3. Data subjects’ requests and enquiries

  • Description: We may process your personal data if you make a data subject request (e.g. access to data, erasure, etc.) or submit an enquiry/complaint.
  • Data categories: Contact data and other data relevant to the Data Subject’s request.
  • Lawful basis: Compliance with legal obligations. For the establishment, exercise or defence of legal claims; and legitimate interest for processing your request and responding to your enquiry.

4. For technical support and security

  • Description: We may use your personal data to diagnose, troubleshoot, and fix issues with our website, Online Event Manual for exhibitors, Contractor Accreditation System for contractors, or other services and ensure the security of all our services.
  • Data categories: Data required for technical support & security purposes.
  • Lawful basis: Legitimate interest for diagnosing and fixing technical issues with our services, ensuring security and safety of our services, and detecting malicious activities.

5. Incident/Accident reporting & security

  • Description: The owner of the venue (Fira) is primarily responsible for responding to incidents and accidents that happen in the Event venue and ensuring security at the Event. However, in some cases we may also be involved in responding to incidents and/or accidents and use your personal data for our own internal investigations.
  • Data categories: Contact Data, ID Data, Data relating to the incident/accident.
  • Lawful basis: Compliance with legal obligations and our legitimate interest involving managing incidents and accidents and ensuring security at the Event.

6. Billing

  • Description: We may process your personal data for payment processing and billing purposes as well as for tax and accounting purposes.
  • Data categories: Contact Data and Billing Data.
  • Lawful basis: Performance of a contract and compliance with legal obligations.

GSMA 4YFN is an independent controller of your personal data for the processing activities described in points A. 1 – 3, 5, 7, B. 1 – 2, and C. 1, 5 above. If you do not participate in the GSMA 4YFN event, your personal data will not be processed by GSMA 4YFN.

Consent 

Where we process your personal data based on consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted on other lawful processing grounds. 

Legitimate Interest

If we collect and use your personal data based on our legitimate interests (or of a third party), you may object to such processing. In that case we will no longer process your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.

Where we process your personal data for direct marketing purposes, you may object to such processing at any time.

4. Marketing

If you provide us with your consent or we have another lawful basis for sending marketing communications, we may process your personal data for direct marketing purposes using different channels of communication (e.g. via email).  

You can update your marketing communication preferences anytime in the preference centre on our website. You can access the preference centre via unsubscribe link included in each email from us.

5. Automated processing

We will not use your personal data to make a decision about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for a contract between us and you, is permitted by law or you have provided us with your consent for such processing.

6. How do we collect your personal data?

We receive your personal data from an exhibitor, or a contractor engaged by the Event exhibitors.

If you are an exhibitor, contractor or a member of their personnel, we may receive your data via our Online Event Manual.

If you are a contractor or a member of their personnel, we may also collect your data via our Contractor Accreditation System which is used by MWC Barcelona exhibitors to register their contractors and allow contractors to provide their personnel’s personal data to GSMA.

We may also receive personal data directly from you, when you contact us or use one of our services.

7. Who has access to your personal data?

We may share your personal data with the following recipients:

  • Our agents, vendors, or service providers who perform functions on our behalf or provide services to us: for example, providers of registration, access control, security and venue services, IT service providers, accounting service providers or hosting service providers.
  • Our exhibitors and/or contractors for the performance of the services.
  • Authorities where we are required to do so by law for example for security reasons, identity verification or in connection with criminal or regulatory investigations.
  • Outside advisers, including legal counsels for the purpose of defence of legal claims, or regulatory proceedings.
  • Our Affiliates for examplefor administrative purposes, group reporting, or provision of other services.
  • Payment processor, who handles payments for our services.

Please note that this list is non-exhaustive, and we may need to share your personal data with other parties in connection with the Events or to effectively deliver our services.

8. International data transfers

As we operate via a global network of corporate offices, booking and service centres, and data centres, it may be necessary to transfer your personal data internationally, i.e. outside of the country where it was originally collected or outside of your country of residence.

Where we transfer personal data that originates in the European Union (“EU”), the United Kingdom (“UK”) or Switzerland to a country outside the EU, the UK or Switzerland, we will ensure such transfer is made in accordance with applicable laws. We use a variety of legal mechanisms, including Standard Contractual Clauses adopted by the European Commission, to ensure your rights and protections travel with your data.

9. How long do we keep your personal data?

If you are our contractor or a member of their personnel, we will retain your personal data for the duration of the Events.

If you are an exhibitor or a member their personnel, we will delete your personal data 24 hours following the end of the event dismantle unless a longer period is required to comply with applicable regulations (e.g. tax or accounting). However, we may retain some of your personal data after the Events for contact purposes and to maintain business relationship with exhibitor.

You may contact us anytime if you want to know more about how long we will keep your data.

10. Your rights as a data subject

Below you will find descriptions of rights that you may be able to exercise in relation to the personal data we process about you.

  • Confirmation of processing – you can ask us to confirm if we are processing your personal data;
  • Access – you can ask us to provide a copy of the personal data that we hold about you;
  • Rectification – you can ask us to rectify the record of your personal data that we maintain;
  • Restrict – you can ask us to restrict the processing of your personal data in certain situations;
  • Object to processing – you can object to the processing of your personal data, where we process your data based on our legitimate interests or for direct marketing purposes;
  • Deletion – you can ask us to delete some or all the personal data that we hold about you.

You have a right to contact the relevant data protection authority if you have concerns about how GSMA processes personal data. Our lead data protection authority in the EU is the Agencia Española de Protección de Datos. 

However, we encourage you to contact us directly in the first instance so that we can attempt to address your concerns directly. For additional questions or 鶹ӳ concerning processing of your personal data or if you would like to exercise one of your rights, you can email us at dataprivacy@gsma.com.

11. CCTV Recordings

The Event premises are monitored by the venue owner, Fira de Barcelona (“Fira”) for security reasons. Fira may be asked by authorities to provide CCTV recordings for specific time periods as part of investigations regarding visitors, contractors or other personnel. We do not manage or keep these recordings. For further 鶹ӳ, please refer to the data processing notices available on Fira’s CCTV 鶹ӳal signage located throughout the venue.

12. Contact us

You can contact us with any enquiry relating to your personal data by filling out , sending an email to dataprivacy@gsma.com or writing to:

Data Privacy – Legal

GSMA Ltd LLC

1 Angel Lane, London EC4R 3AB

United Kingdom