Privacy policy


Crowdvillage S.r.l. hereinafter referred to as “Data Controller” or “Crowdvillage”) provides the following information to the Data Subject, the person to whom the personal data refers, pursuant to art. 13 of EU Regulation no. 2016/679 dated 27 April 2016 (hereinafter referred as GDPR), the information concerning the protection of personal data. This information notice is intended to describe the personal data processing details and the measures taken to protect the rights of data subjects.

The information is released on the Crowdvillage’s website (, hereinafter referred to as the Site) in the "Privacy Policy” section on the site’s Home Page.

Data Controller

The Data controller is Crowdvillage S.r.l., domiciled and headquartered in via Ciro Menotti n. 21 - 20129 - Milano (MI) - VAT 03960560922 - E-mail address:

Categories of Data

The Data Controller processes the following categories of data:

  • - Personal data
  • - Contact data
  • - Personal identification data (eg. ID card number)
  • - Data included in the business plan

Purposes for the Processing of the User’s personal data

The Data Controller processes Data Subject’s personal data for the following purpose:

  • a) Assessment of the project.

Data retention period

The Data Subject’s personal data, processed for the purpose of letter (a) shall be stored for a period of not more than 6 months if the project fails the assessment process.

Lawfullness of processing

Processing shall be lawful if:

  • - it is necessary to take steps at the request of the data subject prior to entering into a contract.

Processing methods

Personal data are processed to fulfill the Purposes set out in this Information Notice both in its electronic and paper format.

Mandatory or optional nature of the provision of personal data

The provision of data for the purpose of letter (a) is mandatory and the refusal to provide it will prevent the Data Controller from assessing the project.

Recipients of your Personal Information

The Data Subject’s personal data shall be processed by the following parties according to the principles of indispensability:

  • - The Data Controller’s personnel, who acts and processes data under the authority and instructions of the Data Controller, pursuant to art. 29 of the GDPR or of the employees appointed by the Data Controller, in accordance with art. 2 quaterdecies of Legislative Decree nr. 101/2018.
  • - Individual or legal entities whose right to access the personal information of the Data Subject is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, competent authorities and / or supervisory bodies for the fulfilment of legal obligations, and public administrations for their institutional purposes.
  • - Individual or legal entities resorted to by the Data Controller to perform activities that are instrumental to fulfil the Purposes (such as, for example, software suppliers, cloud partners, data centres, IT consultants). Third parties who access the information shall do so in compliance with the current legislation on the protection of personal data and the instructions given by the Data Controller and shall in any case be appointed Data Processors by the Data Controller.

A list of the Data Processors is available in the Data Controller’s headquarters.

Dissemination of Data

Data shall not be disseminated in any way.

Rights of the Data Subject

The GDPR awards the Data Subject specific rights. The Data subject can exercise the following rights for each data processing operation:

  • - The Right of access: You have the right to obtain a copy of your personal data in our possession subjected to processing.
  • - The Right to rectification: You have the right to ask for your personal data to be rectified if they are incorrect or incomplete.
  • - The Right to object to the processing of personal data for commercial purposes: you can ask the Data Controller to stop sending you commercial communications at any time.
  • - The Right to object to decisions based on exclusively automated processes: you can request not to be the recipient of decisions exclusively made on the basis of totally automated processes, including profiling activity.
  • - The Right to withdraw consent: you have the right to withdraw your consent at any time.
  • - The Right to contact the Guarantor for the protection of personal data: you have the right to contact the competent supervisory Authority directly. In Italy the “Garante per la Protezione dei Dati Personali” ( is the Data Protection Authority.

The Data Subject can also exercise the following rights under certain conditions:

  • - The Right to deletion: you have the right to obtain the erasure of your personal data if the purposes of the processing no longer exist and there are no legitimate interests or legal provisions that require data to be stored.
  • - The Right to object to processing: you have the right to object to certain types of processing (for example, when it is necessary for the purposes of the legitimate interests pursued by the Data Controller’s legitimate interests).
  • - The Right to restrict processing: You have the right to restrict the scope of the Data Controller’s processing of your personal data under certain conditions (for example, where the Data Controller no longer needs your Data, but the processing is still necessary for the establishment, exercise or defence of legal claims).
  • - The Right to data portability: You have the right, in certain situations, to receive a copy of your in a structured, commonly used and machine-readable format , which can be accessed by another data controller.

To exercise the aforesaid rights, the Data Subject can send an email or write to the following address, specifying his/her requests and providing the Data Controller with the information needed to correctly identify the sender (by also attaching thereto a copy of his/her ID document) to the following addresses:

  • - by mail: Crowdvillage S.r.l., via Ciro Menotti n. 21 - 20129 - Milano (MI).
  • - by e-mail:

Crowdvillage will reply within a month. In the event that the Data Controller is unable to respond, it shall provide a detailed explanation as to why the Data Subject’s request cannot be met.

Version 01 - July 2021