Marketing Licence Agreement

This MOBILE CONNECT Licence Agreement is entered into by and between GSM Association (“Licensor”), whose corporate headquarters are located at Floor 2, The Walbrook Building, 25 Walbrook, London EC4N 8AF, UK, and you (“Licensee”).

Licensor is the owner of the MOBILE CONNECT Mark;

Licensor has developed the MOBILE CONNECT Communication Guidelines and the MOBILE CONNECT Privacy Principles;

Licensee desires to use the MOBILE CONNECT Mark for the limited purposes set forth herein; and

Licensor and Licensee wish to enter into this Agreement which sets forth the terms and conditions under which Licensor grants to Licensee certain rights with respect to the MOBILE CONNECT Mark.

In consideration of the mutual covenants and agreements set forth herein, the parties agree as follows:

1. Definitions

For purposes hereof, the following terms shall have the respective meanings provided.

1.1 “Agreement” shall mean this MOBILE CONNECT Mark Licence Agreement, including all Annexes referred to herein (which are available on www.gsma.com/mobileconnect, and any and all amendments to the Agreement and/or such Annexes.

1.2 “Effective Date” shall mean the date on which this Agreement is accepted by Licensor.

1.3 “MOBILE CONNECT Mark” shall mean the MOBILE CONNECT mark, both standing alone and in combination with other terms and/or design elements, including but not limited to the logo mark set forth in Annex A (the “MOBILE CONNECT Logo Mark”), and including all registrations of, and applications to register the MOBILE CONNECT Mark either set forth in Annex C or set forth at www.gsma.com/mobileconnect used in connection with identity verification systems and mobile telecommunication.

1.4 “MOBILE CONNECT Communication Guidelines” shall mean communication guideline for proper use of the MOBILE CONNECT Mark set forth in Annex B, including any revisions as may be made thereto and provided to Licensee by written notice of at least thirty (30) days). Any revisions to the MOBILE CONNECT Communication Guidelines shall only become binding after the notice period has expired.

1.5 “MOBILE CONNECT Privacy Principles” shall mean the MOBILE CONNECT Privacy Principles set forth in Annex E, including any revisions as may be made thereto and provided to Licensee by written notice of at least thirty (30) days. Any revisions to the MOBILE CONNECT Privacy Principles shall only become binding after the notice period has expired.

2. MOBILE CONNECT Mark Licence

2.1 Subject to the terms and conditions and with the limitations and exceptions set forth in this Agreement, Licensor, as of the Effective Date, grants to Licensee a non-exclusive, non- transferable worldwide licence to use the MOBILE CONNECT Mark specifically to indicate that Licensee’s website is accessible through use of the MOBILE CONNECT service, for the term set forth in this Agreement. No sublicenses shall be permitted under this Agreement.

2.2 The MOBILE CONNECT Mark shall be used solely in strict compliance with (i) the MOBILE CONNECT Communication Guidelines; and (ii) the MOBILE CONNECT Privacy Principles. Licensee is strictly prohibited from using the MOBILE CONNECT Mark in any form or manner other than as specifically set forth in the MOBILE CONNECT Mark Communication Guidelines without the prior written permission of Licensor. Licensee is also strictly prohibited from using the MOBILE CONNECT Service Mark in any way that does not comply with the Mobile Connect Privacy Principles.

2.3 Other than as specifically permitted by the terms of this Agreement, Licensee shall not use or register any corporate or business name, trade name trade mark, service mark, domain name, logo, or other source identifier, with or without a design, in any combination of upper and lower case letters, with or without spacing or punctuation, incorporating the term “MOBILE CONNECT” or any other similar term, anywhere in the world (the “MOBILE CONNECT Sign”). This provision shall apply to any MOBILE CONNECT Sign used or registered in any language and any translation or transliteration thereof anywhere in the world. I f Licensor provides Licensee with written notice that Licensee is using a MOBILE CONNECT Sign in a manner other than as specifically permitted by the terms of this Agreement Licensee shall permanently cease all use immediately upon receiving written notice from Licensor.

2.4 If Licensor receives a cease and desist letter or similar third party communication that objects specifically to Licensee’s use of the MOBILE CONNECT Mark and/or demands that Licensee cease use of the MOBILE CONNECT Mark, Licensor shall send a copy of such communication to Licensee (“Cease and Desist Notification”). Immediately upon receipt of the Cease and Desist Notification by Licensee, Licensee shall cease all use of the MOBILE CONNECT Mark or, at Licensor’s sole option and direction, amend its use of the MOBILE CONNECT Mark in such manner as to obviate the third party objection and make the use non-infringing.

2.5 If the Licensee receives a Cease and Desist Notification relating to the MOBILE CONNECT Mark, Licensee shall forward the Cease and Desist Notification to the Licensor immediately.

2.6 Notwithstanding anything to the contrary in this Agreement, if Licensee does not comply with any provision set forth in Article 2.3 or Article 2.4 above, Licensor shall have the right, in its sole discretion, to immediately terminate Licensee’s rights under this Agreement.

3. Information

3.1 Licensee shall comply with Licensor’s reasonable request for cooperation in connection with Licensor’s efforts regarding the enforcement or protection of Licensor’s rights and interests in and to the MOBILE CONNECT Mark, to the extent commercially reasonably possible and legally permitted.

3.2 Licensee permits, acknowledges and agrees that Licensor may use the name and logo mark in connection with advertising, promoting or publicising in any way Licensee’s use of the MOBILE CONNECT Mark and/or the services provided under the MOBILE CONNECT Mark without Licensee’s prior written consent.

4. Ownership of the MOBILE CONNECT Mark

4.1 Licensee acknowledges that this Agreement does not transfer or convey to Licensee ownership of, or any rights in, the MOBILE CONNECT Mark, other than as expressly set forth herein. Use of the MOBILE CONNECT Mark by Licensee shall inure solely to the benefit of Licensor, as owner of all rights in and to the MOBILE CONNECT Mark. Upon termination of this Agreement, no monetary amounts shall be assigned as attributable to any goodwill associated with Licensee's use of the MOBILE CONNECT Mark.

4.2 Licensor hereby reserves all rights not expressly granted by this Agreement. Such reserved rights are the sole and exclusive property of Licensor.

5. Warranty and Disclaimer

5.1 LICENSOR MAKES NO REPRESENTATION OR WARRANTY AS TO THE VALUE OR UTILITY OF THE MOBILE CONNECT MARK AND THE INFORMATION TO BE SUPPLIED TO LICENSEE PURSUANT TO THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO THE MOBILE CONNECT COMMUNICATION GUIDELINES. LICENSOR DOES NOT WARRANT OR REPRESENT THAT USE OF THE MOBILE CONNECT MARK BY LICENSEE DOES NOT INFRINGE OR WILL NOT CAUSE INFRINGEMENT, DILUTE OR IS LIKELY TO CAUSE INFRINGEMENT OR DILUTION OF ANY TRADE MARK OR INTELLECTUAL PROPERTY RIGHT OWNED OR CONTROLLED BY A THIRD PARTY. LICENSOR DOES NOT WARRANT OR REPRESENT, EXPRESSLY OR IMPLIEDLY, PURSUANT TO STATUTE OR OTHERWISE, AND EXPRESSLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY EQUIVALENTS UNDER THE LAWS OF ANY JURISDICTION THAT MIGHT ARISE FROM ANY ACTIVITIES RELATING TO THIS AGREEMENT.

5.2 Nothing in this Agreement shall be construed as imposing on Licensor an obligation to take any action to protect its intellectual property rights or other interests in the MOBILE CONNECT Mark. Licensee expressly acknowledges that Licensor has no obligation to bring any actions for unauthorized use or infringement of the MOBILE CONNECT Mark. Notwithstanding the foregoing, Licensee shall notify Licensor immediately should it learn of any such unauthorized use or infringement by any entity

5.3 Licensee acknowledges and agrees that Licensor shall not be liable for the actions of any government official, agency or other authority with respect to the enforcement of any law or regulation applied or relating to MOBILE CONNECT products or services.

5.4 Other than as specifically set forth in this Agreement, neither party shall be liable to the other for loss of profits, goodwill, business opportunity, data or revenue or any type of special, indirect or consequential loss (including loss or damage suffered as a result of an action brought by a third party) arising from this Agreement even if such loss was reasonably foreseeable or the relevant party had been advised of the possibility of the other party incurring the same.

6. INDEMNITY

6.1 Licensee shall indemnify Licensor and its affiliates, and their respective officers, directors, employees, representatives, subcontractors and agents (collectively the “Indemnitees”) in full from and against any any claims, suits, losses, penalties, fines, judgments, damages, forfeitures, liabilities or expenses (including reasonable attorneys’ fees, expert witness fees, expenses and costs of settlement) (collectively, “Losses”) arising out of or related to this Agreement or Licensee’s use of the MOBILE CONNECT Mark in any manner other than in strict accordance with this Agreement, including but not limited to any failure by Licensee to immediately cease use of the MOBILE CONNECT Mark upon receipt of any Cease and Desist Notification.

6.2 Upon receiving notice of any third party claim covered by the indemnity obligations set forth in this Article 6, Licensor shall promptly notify Licensee. The right of indemnification hereunder shall not be adversely affected by a failure to give such notice, unless and only to the extent that Licensee is materially prejudiced thereby. Licensee may assume control of the defense of any such claim; however, Licensor may, at its own cost and expense, and in its sole discretion, participate through its attorneys or otherwise, in such investigation, trial and defense of such claim and any appeal arising therefrom. Licensee shall not settle any such claim without Licensor’s prior written consent, which consent shall not be unreasonably withheld or delayed. If Licensor does not assume full control over the defense of a claim pursuant to this Article 6, then Licensee may participate in such investigation, defense or trial, at its sole cost and expense, and Licensee shall have the right to defend or settle such claim in such manner as it may deem appropriate, solely at the cost and expense of Licensee, and to the extent Licensor’s rights in its MOBILE CONNECT Mark are unaffected.

7. Term and Termination

7.1 This Agreement shall become effective as of the Effective Date and shall continue in force for an indefinite term, unless terminated in writing as provided by this Agreement.

7.2 Licensor may terminate this Agreement immediately upon written notice to Licensee, in its sole discretion.

8. Notices

8.1 Wherever provision is made in this Agreement for the giving of any notice or communication, such notice or communication shall be in writing and shall be deemed to have been duly provided if sent by courier addressed to the party entitled to receive the same or personally delivered to such party, or sent by email transmission, in each case to the attention of the individual acting on behalf of such party specified below:

If to Licensor:

Mobile Connect Administrator, GSMA, Floor 2, The Walbrook Building, 25 Walbrook, London, EC4N 8AF, Tel. No: +44 (0) 207 356 0600, Fax No.: + 44 (0) 207 356 0601, Email: mclicence@gsma.com

With a copy to:

General Counsel, GSMA, Floor 2, The Walbrook Building, 25 Walbrook, London EC4N 8AF

If to Licensee:

To the person named by the Licensee using the physical address or email address provided by Licensee in the registration process required to enter into this Agreement at https://developer.mobileconnect.io

8.2 Except in the case of updates to the MOBILE CONNECT Marketing Communication Guidelines or the MOBILE CONNECT Privacy Principles, notice shall be deemed to have been given on the day that it is so delivered personally or sent by successful email transmission or, if sent by courier, shall be deemed to have been given immediately upon delivery by the courier company.

9. Miscellaneous

9.1 Licensor represents and warrants that it has the right to enter into this Agreement and to grant a licence to Licensee pursuant to the terms contained herein. Licensee represents and warrants that it has the right and authority to enter into this Agreement and to comply with all terms set forth in this Agreement.

9.2 This Agreement and the rights granted hereunder shall be personal to Licensee and shall not be assigned, transferred, sold, pledged, divided or made subject to any lien, charge, security interest or encumbrance of any kind. Licensee shall not have the right to sublicense any rights granted hereunder.

9.3 Licensor shall have the right to assign this Agreement, at any time during the term hereof, to any other entity that succeeds Licensor in its function as the licensor of the MOBILE CONNECT Mark.

9.4 This Agreement shall be governed and construed, and any matters relating to this Agreement shall be decided according to the law of England and Wales.

9.5 Licensee agrees and acknowledges that all disputes between the parties hereto arising out of or in connection with the interpretation or execution of this Agreement shall be finally settled by the courts of England and Wales and each party to this Agreement hereby irrevocably consents to the exclusive jurisdiction of such courts.

9.6 This Agreement and its Annexes sets forth the entire agreement and understanding between the parties as to the subject matter hereof and merges all prior discussions between. Neither of the parties shall be bound by any conditions, definitions, warranties, waivers, releases or representations (either expressed or implied) with respect to the subject matter of this Agreement, other than those expressly set forth herein (including those in the Annexes hereto), or as set forth in writing signed by a duly authorized representative of the party to be bound thereby.

9.7 This Agreement shall not be varied, modified, amended or nullified by any means except (i) in writing signed by a duly authorized representative of each party or (ii) pursuant to the definitions set forth in Articles 1.4 and 1.5 of this Agreement.

9.8 This Agreement may be accepted by clicking the “Accept” button in the Organisation section in My Account. If you do not agree to the terms in this Agreement, do not click “Accept” and do not download or use the MOBILE CONNECT Mark.

 

Privacy Principles

Introduction

Mobile phones and other connected devices are increasingly the main way through which people access the digital world and engage in the digital economy. Mobile identity services play a key role in helping individuals authenticate and manage their digital identities online. Key to realising the potential economic and social benefits of mobile identity services is establishing good privacy practices that foster trust and confidence.

These Principles are intended to guide the use of personal information in Mobile Connect branded services (see www.mobileconnect.io). Mobile Connect enables verified authentication, authorization, identity and attribute solutions from pseudonymous log-in, to consent based attribute verification or validation supporting ‘know your customer’ purposes, through to helping prevent fraud, and identity theft and account takeover.

The principles are not intended to replace or supersede applicable law or company privacy policies that apply to other non-Mobile Connect practices. The Principles are based on recognised and internationally accepted principles on data protection and privacy and reflect baseline standards expected of organisations that provide Mobile Connect branded services. They broadly describe the privacy outcomes individuals should experience.

Who the Principles apply to

The Principles apply to Mobile Operators and 3rd Party Online Service Providers (‘Participating Organisations’) that use personal information in Mobile Connect branded services.

Principle 1. Transparency and Notice

Participating Organisations will be transparent with individuals about what personal information
is needed and how it will be used in Mobile Connect-enabled services.

Organisations will provide individuals with contextually appropriate and timely Privacy Notices that help users make genuinely informed choices, and that are clear and simple and as a minimum provide individuals with the following information:

  • the identity of the Participating Organisation (if it’s not obvious)
  • the main purpose(s) for which the individual’s personal information will be used (if it is
    not obvious)
  • to the extent personal information will be shared, who it will be shared with and why (if
    it is not obvious)
  • what choices the individual has about the use of their personal information (see
    Principle 3)

The Privacy Notice will also provide a hyperlink to a more detailed Privacy Policy that describes:

  • how Mobile Connect works
  • how long personal information will be kept and why?
  • name and physical address of the organisation and how individuals can contact it
  • electronically or by telephone with enquiries or concerns about the use of their
    personal information

  • the rights of individuals with regard to the use of their personal information and how
    they can exercise such rights (See Principle 6)

Principle 2. Purpose and Use Limitations

Participating Organisations will limit the use of personal information to what is necessary to provide Mobile Connect services consistent with Privacy Notices provided to individuals.

Personal information collected for Mobile Connect services may only be used for secondary purposes by providing individuals with clear notice and obtaining their Active Consent (or as otherwise required by law). See also Principle 3 on ‘consent’.

Principle 3. User Choice and Control

Participating Organisations will provide individuals with opportunities to exercise appropriate choice, and control over the collection and use of their personal information in connection with Mobile Connect services

Unless obvious from the context clearly explain whether consent is for a specific transaction or whether it will endure for a specific period of time, or until revoked. Explain how individuals can revoke consent once given and provide an easy means for them to do so.

Where feasible, or where required by local law, Participating Organisations should record and retain evidence of active consents given by individuals, and be able to demonstrate such evidence.

Principle 4. Data Minimisation and Retention

Collect and keep the minimum of personal information necessary to provide and support Mobile Connect services (and consistent with Privacy Notices). If you keep an individual’s personal information you may be required to provide a copy to the individual on request. See Principle 6 on user rights.

When personal information is no longer required, delete it or render it anonymous.

Principle 5. Data Quality

Participating Organisations will adopt measures to help ensure personal information used for Mobile Connect services is accurate and where appropriate, kept up to date.

Participating Organisations will provide individuals the means to update personal information used in Mobile Connect services (free of charge and in a simple manner).

Principle 6. Respect User Rights – Individual Participation

Trust is key. Be open with and accountable to individuals. Provide them with information about their rights over the use of their personal information and make it easy to exercise such rights. These include:

  • how to obtain a copy of any personal information held about them, within a reasonable timescale
  • how to have personal information that is inaccurate, or no longer justified, corrected or erased
  • how to report and have complaints resolved regarding the use of their personal information

Principle 7. Security

Participating Organisations will adopt appropriate security measures commensurate to the potential for harm to individuals and risks such as the loss, unauthorised access, destruction, use, modification, and disclosure of personal information.

A key aspect of the Mobile Connect service, is that an individual’s mobile will be replaced with a unique identifier such as a Pseudonymous Customer Reference (PCR - identifier) in order to protect the privacy of an individual seeking to authenticate and access the services of a 3rd party service provider. Efforts to re-identify an individual’s MSISDN or share their personal information may only take place under the following exceptions:

  1. with an individual’s Active Consent
  2. to provide a service requested by an individual, for the performance of a contract or to assist in the resolution of customer enquiries
  3. where required by law (e.g. a court order or other mandatory obligation)

Principle 8. Education

Provide information about how Mobile Connect identity and attribute services work and ways for individuals to manage and protect their privacy.

Establish internal programmes to educate employees on data protection and privacy requirements and to foster a culture of privacy.

Principle 9. Children and Adolescents

Children and young people may lack the maturity to fully understand the implications of revealing their personal information or allowing others to collect and use it.

When Mobile Connect services are directed at, or intended for, children and young people Participating Organisations will:

  • use language and style that helps children and young people easily understand what is being asked and that helps them make informed decisions about the use of their personal information.
  • comply with applicable national laws and any special legal requirements, including age verification laws.

Principle 10. Accountability

To generate confidence and trust in the effectiveness of these principles, Participating Organisations will, as a minimum:

  • establish policies, procedures and practices to help ensure compliance with the Principles
  • where a Participating Organisation relies on another Participating Organisation to collect consent to verify, validate or otherwise disclose identity attributes it holds about an individual, both organisations will establish transparency, notice and consent standards, and contractually bind each other to meet such requirements in a ‘trusted service provider relationship’
  • establish mechanisms for individuals to report complaints and incidents regards the use of their personal information and that aid the investigation and remediation of such complaints

Definitions and terms:

Active Consent: means an individual is given a clear and prominent opportunity to agree a specific and notified use of their personal information.

Personal Information: includes, but is not limited to data that could be used to identify, locate or contact an individual. Personal Information may include:

  • data collected directly from an individual (e.g. entered by the user via an application’s user interface and which may include name and address, email address, passport details, credit card details)
  • data obtained indirectly (e.g. mobile phone number, gender, birth date, location data, IP address, IMEI, unique phone ID)
  • about an individual’s behaviour (e.g. location data, service and product use data, website visits)
  • held on an individual’s device (call logs, messages, user-generated images, contact lists or address books, notes, and security credentials)

Pseudonymous Customer Reference (PCR)1: is a unique identifier that replaces an individual’s mobile phone number and that may be used to distinguish one individual from another. Participating Organisations may only re-identify or capture an individual’s mobile phone number under the exceptions listed in Principle 7.

 

1. A PCR is used during Step 1 of Mobile Connect to uniquely authenticate an individual and map them to specific service provider accounts without revealing their identity and without individual’s being required to disclose personal information. The PCR allows individuals to remain anonymous to participating organisations until such time that specific actions are taken to directly identify individuals by association to the PCR. In simple terms, the PCR is assigned and used to recognise but not identify individual users.

GSMA Mobile Connect Developer Portal Marketing Licence – November 2017