Privacy and Data Protection policy

This data protection policy regulates the data processing carried out through the following websites: https://www.metropolis.org/, https://www.metrofutures.org/, owned by the World Association of the Major Metropolises (Metropolis).

Metropolis strictly complies with current European data protection legislation, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR).

1. Identity of the entity in charge of data processing

The personal data collected is responsibility of the World Association of the Major Metropolises (Metropolis), whose details are as follows:

  • World Association of the Major Metropolises (Metropolis)
  • Fiscal code: G65011652
  • Avinyó Street nº 15, 3rd floor.
  • 08002 Barcelona (Spain)

This data protection policy regulates the data processing carried out by Metropolis for the purpose of complying with current legislation on the protection of personal data, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR).

2. Purposes of processing and bases of legitimacy

The following purposes are carried out on the basis of the execution of the contractual relationship”. Art. 6.1.b) GDPR:

  • Manage the participation of members in the activities of the Association.
  • To provide information services to the members of the Association.
  • Use e-mails to send informative communications. At any time, you may object to receiving this type of communication.

The following purposes are carried out on the basis of specific consent. Art 6.1.a) RGPD.

  • Registration in the events organized by Metropolis or by any of its collaborators, such as conferences, lectures, presentations, conferences, networkings, workshops, etc., to manage the registration, coordination and monitoring of the attendance of the participants. Additionally, the data may be shared with all the entities that collaborate or work with Metropolis to carry out each activity.
  • Management of funds and participation in programs managed through Metropolis to contact participants and respond to requests for participation.
  • Response to requests for information or contact.
  • Sending of newsletters.

The following purposes are carried out based on the Legitimate Interest of the responsible party. Art. 6.1.f) RGPD:

  • Conduct quality and satisfaction surveys.
  • Sending information about the association.
  • To manage the security of our services and our activities.

In addition, we may process your data in order to comply with our legal obligations and to cooperate with the competent public authorities. Art. 6.1.c) RGPD

Recording and use of image and voice:

Metropolis may process the images and voice of interested persons who have given their express consent, collected from activities, interviews and events organized by Metropolis in order to be disseminated through Metropolis communication channels (newsletter, website and social networks) to promote the activities carried out by the entity, excluding any commercial purpose.

3. Retention of personal data

As a general rule, personal data provided by the person concerned or lawfully obtained by other means will be kept for the minimum time necessary to fulfill the purpose for which they were collected or until the person concerned revokes his/her consent, plus the legal term to cover liabilities,

Once the legal limitation period has expired, Metropolis will destroy, block or anonymize the personal data as far as possible for the purpose for which it was kept.

4. Data processing by third parties and international transfers

Metropolis may transfer your personal data to collaborating entities within the scope of responsibilities attributed to each of them. In particular in relation to the management of congresses or trainings to which you have registered, carried out by Metropolis or entities with which it collaborates. Your data will be communicated, with strict obligation to confidentiality and after the formalisation of the corresponding contract for the provision of services.

In order for Metropolis to carry out its activities and services, we use auxiliary services (CRM, sending communications, etc.) that are stored in technological platforms managed by specialized companies. These data are managed for the sole and exclusive purpose of guaranteeing the provision, security and availability of the services we offer, and with the guarantee that these technological companies will apply the measures and act in accordance with good practices in terms of information security.

All our service providers are located within the European Economic Area or in countries that guarantee the level of compliance required by law. In the event that any of them be located outside of this area, it must be in a country with appropriate levels of protection in accordance with the criteria of the European Commission.

Your personal data will not be transferred outside the European Economic Area, or to countries that do not have a similar level of compliance, without your prior express authorization.

5. Automated decisions and profiling

Metropolis does not make automated decisions or fully automatic individualized decisions, including personality profiling, that have a noticeable legal effect on the person concerned or significantly affect him or her in a similar way, i.e. by influencing his or her circumstances, behavior or preferences.

Likewise, Metropolis does not use the professional data provided by the data subject to make automated decisions and/or elaborate personality profiles according to his/her tastes or activities.

6. Your rights when you provide us with your data

You can request and obtain information about how we are processing your data and for what purpose at any time:

  • Access your data: request what data we have and what we use it for, and even ask us to provide such data to another entity.
  • Rectify your data: request the modification or rectification of inaccurate data.
  • Delete your data: request that your data be deleted and not be processed, except for those data that we are legally obliged to keep.
  • Opposition to data processing: so that we do not use your data for a specific purpose.
  • Limit your data, restrict the purposes of the processing of your personal data.

If you wish to exercise your rights, you can send a letter indicating which right you wish to exercise (Access, Rectification, Deletion, Opposition or Portability of your data), attaching a copy of your ID, and addressing your letter to the General Secretariat of the World Association of the Major Metropolises (Metropolis), Calle Avinyó, 15, 3.º, 08002 Barcelona (Spain), or send an e-mail to communication@metropolis.org.

The Spanish Data Protection Agency ([www.agpd.es](www.agpd.es)) is the supervisory Authority that ensures compliance with data protection legislation in Spain. If you consider that Metropolis has breached any of the precepts established in this regulation, you may file a complaint.

7. Security measures

Metropolis ensures the confidentiality of personal data in accordance with applicable legislation. Likewise, the Association undertakes to treat any transfer of data, when it occurs, in a secure manner.

Metropolis takes all necessary technical and organizational measures to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided, if any, through the website, taking into account the state of technology, the nature of the data in question and the risks to which they are exposed.