COMPLETING YOUR PROFILE / CASH-OUT OPERATIONS / FINANCING
Crowdvillage S.r.l. hereinafter referred to as “Data Controller” or “Crowdvillage”) provides the following information to the Data Subject, the person to whom the personal data refers, pursuant to art. 13 of EU Regulation no. 2016/679 dated 27 April 2016 (hereinafter referred as GDPR), the information concerning the protection of personal data. This information notice is intended to describe the personal data processing details and the measures taken to protect the rights of data subjects.
The information is released on the Crowdvillage’s website (www.itslending.it, hereinafter referred to as the Site) in the "Privacy Policy” section on the site’s Home Page.
Data Controller
The Data controller is Crowdvillage S.r.l., domiciled and headquartered in via Ciro Menotti n. 21 - 20129 - Milano (MI) - VAT 03960560922 - E-mail address: privacy@itslending.it
Categories of Data
The Data Controller processes the following categories of data:
- - Personal data
- - Contact data
- - Personal identification data (eg. ID card number)
- - Banking data
Purposes for the Processing of the Data Subject’s personal data
The Data Controller processes Data Subject’s personal data for the following purposes:
- a) Allowing the Data Subject to register as a lender to participate in the financing.
- b) Allowing the Data Subject to open a checking account (digital wallet) with a payment institution, to whom the Data Controller will communicate the Data Subject’s personal data.
- c) Allowing the Data Subject to carry out cash-out transactions.
- d) Allowing the Data Subject to make a loan to the project proponent, to whom the Data Controller will communicate the Data Subject’s personal data.
Data retention period
The Data Subject’s personal data, processed for the purpose of letter (a) shall be stored for a period of not more than 24 months from the date the profile was completed, provided that the "digital wallet" is not opened.
The Data Subject’s personal data, processed for the purposes of letters (b) (c) shall be stored as long as the “digital wallet” of the Data Subjects is operational.
The Data Subject’s personal data, processed for the purpose of letter (d) shall be stored for 10 years, that is the time required to comply with anti-money laundering and fiscal retention regulations. In the event of litigation, the Data Subject’s personal data shall be stored until it is settled.
Lawfulness of processing
Processing shall be lawful if:
- - It is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract.
- - It is necessary for compliance with a legal obligation to which the Data Controller is subject.
Processing methods
Personal data are processed to fulfil the Purpose indicated in this information notice both in its electronic and paper format.
Mandatory or optional nature of the provision of personal data
The provision of data for the purpose of letter (a) is mandatory and the refusal to provide it will make it impossible for the Data Controller to register the Data Subject as lender on the platform.
The provision of data for the purpose of letter (b) is mandatory and the refusal to provide it will make it impossible for the Data Subject to open the “digital wallet”.
The provision of data for the purpose of letter (c) is mandatory and the refusal to provide it will make it impossible for the Data Controller to carry out "cash-out" transactions in favour of the Data Subject.
The provision of data for the purpose of letter (d) is mandatory and the refusal to provide it will make it impossible for the Data Subject to make a loan.
Recipients of your Personal data
The Data Subject’s personal data will be processed by the following parties according to the principles of indispensability:
- - The Data Controller’s personnel, who acts and processes data under the authority and instructions of the Data Controller, pursuant to art. 29 of the GDPR or of the employees appointed by the Data Controller, in accordance with art. 2 quaterdecies of Legislative Decree nr. 101/2018.
- - Individual or legal entities whose right to access the personal information of the Data Subject is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, competent authorities and / or supervisory bodies for the fulfilment of legal obligations, and public administrations for their institutional purposes.
- - Individual or legal entities resorted to by the Data Controller to perform activities that are instrumental to fulfil the Purposes (such as, for example, software suppliers, cloud partners, data centres, IT consultants). Third parties who access the information shall do so in compliance with the current legislation on the protection of personal data and according to the instructions given by the Data Controller, and shall in any case be appointed Data Processors by the Data Controller.
A list of the Data Processors is available in the Data Controller’s headquarters.
Categories of subjects to whom personal data must be transferred under the contract
In performance of the contract, and in particular to allow for the opening of the checking account (digital wallet) and to perfect the loan, the Data Controller, in compliance with the principles of indispensability, shall communicate the Data Subject’s personal data to the following subjects:
- - Lemonway SAS Payment Institute with registered office in Rue du Sentier n. 8 - 75002 - Paris - France, as an independent Data Controller.
- - The project proponent, to be identified on a case-by-case basis, as an independent Data Controller.
Dissemination of Data
Data shall not be disseminated in any way.
Rights of the Data Subject
The GDPR awards the Data Subject specific rights. The Data subject can exercise the following rights for each data processing operation:
- - The Right of access: You have the right to obtain a copy of your personal data in our possession subjected to processing.
- - The Right to rectification: You have the right to ask for your personal data to be rectified if they are incorrect or incomplete.
- - The Right to object to the processing of personal data for commercial purposes: you can ask the Data Controller to stop sending you commercial communications at any time.
- - The Right to object to decisions based on exclusively automated processes: you can request not to be the recipient of decisions exclusively made on the basis of totally automated processes, including profiling activity.
- - The Right to withdraw consent: you have the right to withdraw your consent at any time.
- - The Right to contact the Guarantor for the protection of personal data: you have the right to contact the competent supervisory Authority directly. In Italy the “Garante per la Protezione dei Dati Personali” (https://www.garanteprivacy.it/) is the Data Protection Authority.
The Data Subject can also exercise the following rights under certain conditions:
- - The Right to deletion: you have the right to obtain the erasure of your personal data if the purposes of the processing no longer exist and there are no legitimate interests or legal provisions that require data to be stored.
- - The Right to object to processing: you have the right to object to certain types of processing (for example, when it is necessary for the purposes of the legitimate interests pursued by the Data Controller’s legitimate interests).
- - The Right to restrict processing: You have the right to restrict the scope of the Data Controller’s processing of your personal data under certain conditions (for example, where the Data Controller no longer needs your Data, but the processing is still necessary for the establishment, exercise or defence of legal claims).
- - The Right to data portability: You have the right, in certain situations, to receive a copy of your in a structured, commonly used and machine-readable format , which can be accessed by another data controller.
To exercise the aforesaid rights, the Data Subject can send an email or write to the following address, specifying his/her requests and providing the Data Controller with the information needed to correctly identify the sender (by also attaching thereto a copy of his/her ID document) to the following addresses:
- - by mail: Crowdvillage S.r.l., via Ciro Menotti n. 21 - 20129 - Milano (MI).
- - by e-mail: privacy@itslending.it
Crowdvillage will reply within a month. In the event that the Data Controller is unable to respond, it shall provide a detailed explanation as to why the Data Subject’s request cannot be met.
Version 01 - July 2021