Huawei Technologies Dusseldorf GmbH has detailed the framework for handling attendee information for its upcoming HUAWEI CONNECT 2025 MADRID. The company, headquartered in Düsseldorf, Germany, has released a comprehensive Privacy Statement to outline how personal data will be collected, processed, and stored for participants of the event and its specialized sub-sessions.
The Privacy Statement about HUAWEI CONNECT 2025 MADRID serves as a legal roadmap for attendees, ensuring that the processing of personal information aligns with the General Data Protection Regulation (GDPR). This is particularly critical as the event incorporates diverse demographics, ranging from corporate partners to university students, each with different data processing requirements.
Among the primary components of the gathering are the European Partner Convention 2025—dedicated to mainstream partners across engineering, production, and procurement—and the DigitALL Night 2025, a specific track designed for university students who have reached the age of 18. While these sessions have distinct registration paths, participants in these segments are permitted to attend other general sessions of the broader Madrid event.
The company utilizes the Congress Information Management System (CIMS) to facilitate registration and onsite logistics. By anchoring its operations in Germany and storing the bulk of its data in Ireland, Huawei aims to maintain a standardized security posture across the European Union and European Economic Area (EU/EEA).
Data Processing and Legal Frameworks
The collection of data for the event is not uniform; it is segmented by the specific role of the participant and the legal basis required under the GDPR. For general event management, Huawei relies on the explicit consent of the user (Article 6(1)(a) GDPR) to process names, emails, job titles, and company affiliations.
However, for those registering for DigitALL Night 2025 or the European Partner Convention 2025, the legal basis shifts. Because this information is essential for the delivery of the specific event sessions, the processing is based on the performance of a contract (Article 6(1)(b) GDPR). For students, this includes academic details such as field of study, institution, and graduation timeline, while partner participants provide procurement categories and industry data.
Beyond registration, the company identifies “legitimate interests” (Article 6(1)(f) GDPR) as the basis for several operational activities. This includes the use of attendee badges for onsite security and identity verification via PDA scans, as well as the analysis of event organization to improve future iterations of the conference. Participants may also opt into onsite surveys via QR codes to provide feedback on the experience.
The Role of Media and Event Promotion
Visual documentation is a central part of the event’s promotional strategy. Huawei intends to use photographs and video recordings across its official websites and social media channels. The rules for this are bifurcated based on the visibility of the individual:
- Speakers: Processing of image and voice is strictly contingent upon prior consent and the signing of an Authorization Letter. Speakers retain the right to withdraw this consent at any time.
- General Attendees: General venue photography may capture images of participants unintentionally. In such cases, the company processes this data based on legitimate interests, though attendees can contact the company to object to the use of their image.
Cross-Border Data Flows and Storage
While the primary storage hub for the event’s personal data is located in Ireland, certain activities necessitate the transfer of information outside the EU/EEA. This is most prominent in the “Talent Pool for Students,” where data is processed through a recruitment system deployed in the People’s Republic of China.
To bridge the gap between EU privacy laws and non-EU processing, Huawei employs Standard Contractual Clauses (SCCs) with supplementary measures to ensure adequate safeguards are in place. This mechanism is also used when third-party suppliers in China remotely access data to manage the registration process.
The duration of data retention is tiered based on the purpose of the collection. While some data is purged shortly after the event, other records are kept for several years to facilitate long-term recruitment or event analysis.
| Processing Scenario | Retention Period |
|---|---|
| Event Management & Travel Support | 30 days after Event |
| Event Improvement & Surveys | 2 years after Event (or until objection) |
| Student Talent Pool | 2 years after Event (or until consent withdrawal) |
| EDM (Marketing) | Until consent is withdrawn |
Attendee Rights and Recourse
Participants are granted a suite of rights under the GDPR to maintain control over their digital footprint. These include the right of access, rectification, and erasure (the “right to be forgotten”), as well as the right to restrict or object to processing. For those who wish to move their data to another service, the right of portability is available, provided the processing is not based on legal obligations or legitimate interests.
To exercise these rights, Huawei has established a Data Subject Request Portal. Users are instructed to select the “Others” category in the Requestor Type field to ensure their request is routed correctly to the Data Protection Officer (DPO).
For those who believe their data is being handled improperly, the company acknowledges the right to lodge a complaint with a supervisory authority. A comprehensive list of these authorities is maintained by the European Data Protection Board (EDPB).
Disclaimer: This article is for informational purposes only and does not constitute legal advice. For specific legal concerns regarding data privacy, please consult a qualified legal professional.
As the event approaches, the company encourages participants to regularly review the Privacy Statement, as it may be updated to cover new scenarios. The latest version was updated in August 2025. The next significant phase for attendees will be the official opening of the online registration portals for the specialized student and partner sessions.
We welcome your thoughts on how global tech events are balancing large-scale logistics with stringent EU privacy laws. Share your perspective in the comments below.
