This data protection policy governs the data processing carried out by the World Association of the Major Metropolises (Metropolis) via its website.

Metropolis complies strictly with current data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

1.- Identity of the data controller

The party in charge of processing any personal data collected is the World Association of the Major Metropolises (Metropolis), whose details are as follows:

  • The World Association of the Major Metropolises (Metropolis)
  • Tax Code: G65011652
  • Calle Avinyó nº 15, 3rd floor
  • 08002 Barcelona (Spain)
2.- Purpose of data processing

Data provided to Metropolis by different means (through records from conferences, presentations, contact forms, the newsletter, etc.) are gathered in accordance with current data protection legislation.

We inform users of the purpose of the data processing, and the length of time the data will be held, for each means by which data is collected.

Data is provided voluntarily at all times, and this guarantees that the personal data provided is true. We reserve the right to exclude any user who has provided false information from our services, without prejudice to any other actions that may be taken by law.

Under no circumstances will automated decisions be taken using your data.

The data provided will only be used for the purposes that the user has authorised and been duly informed of. Your data will not be transferred to third parties, unless you expressly authorise otherwise during data collection.

The legal basis for processing your data is the provision of the services you have requested and expressly authorised.

3.- Data processing by third parties

In order for Metropolis to carry out its activities and services, we make use of services (CRM, sending communications, etc.) that are stored on technology platforms run by specialist companies. This data is managed with the sole and exclusive purpose of guaranteeing the provision, security and availability of the services we offer, and with the guarantee that these technology companies will apply the measures and act in good practice in terms of information security.

All of our service providers are located within the European Economic Area, or otherwise in countries that guarantee the level of compliance required by legislation.

Your personal data will not be transferred outside the European Economic Area, or to countries that do not have a similar level of compliance, without your prior express authorisation.

On the other hand, Metropolis' activities may involve communicating data to third parties, especially in terms of managing conferences or presentations that you have registered for, carried out by Metropolis members or associated parties. You will be informed of this during the registration process for each activity.

4.- Your rights when you provide us with your data

You can request and obtain information on how we are processing your data, and what for, at any time.

You can:

  • Access your data: request what data we have and what we use it for, and even ask us for said data to provide it to another entity.
  • Rectify your data: request a modification or rectification of inaccurate data.
  • Delete your data: request for your data to be deleted and for it not to be processed, except any data we are legally required to store.
  • Object to data processing: so that we do not use your data for a specific purpose.

Metropolis is committed to maintaining the confidentiality of personal data in accordance with applicable legislations. Likewise, the association undertakes to process any data transfers securely, where they take place.

Metropolis adopts all the technical and organisational measures necessary to avoid the loss, misuse, alteration, unauthorised access to or theft of any personal data provided, via the website in this case, taking into account current technology, the nature of the data in question, and the risks to which it might be exposed.

Should you wish to exercise your rights, you can write a letter indicating which right you wish to exercise (Access, Rectification, Deletion, Objection or Transfer of your data), attaching a copy of your ID, and addressing your letter to the Secretariat General of the World Association of the Major Metropolises (Metropolis), Calle Avinyó, 15, 3.º, 08002 Barcelona (Spain), or send an email to

5.- Submission of complaints

The Spanish Data Protection Agency ( is the Supervisory Body that oversees compliance with data protection legislation in Spain. If you consider that Metropolis has failed to comply with any of the precepts established in this regulation, you may file a claim.