Privacy policy


Crowdvillage S.r.l. hereinafter referred to as “Data Controller” or “Crowdvillage”) provides the following information to the Data Subject, the person to whom the personal data refers, pursuant to art. 13 of EU Regulation no. 2016/679 dated 27 April 2016 (hereinafter referred as GDPR), the information concerning the protection of personal data. This information notice is intended to describe the personal data processing details and the measures taken to protect the rights of data subjects.

The information is released on the Crowdvillage’s website (, hereinafter referred to as the Site) in the "Privacy Policy” section on the site’s Home Page.

Data Controller

The Data controller is Crowdvillage S.r.l., domiciled and headquartered in via Ciro Menotti n. 21 - 20129 - Milano (MI) - VAT 03960560922 - E-mail address:

Categories of Data

The Data Controller processes the following categories of data:

  • - Personal data
  • - Contact data
  • - Employment data
  • - Education data
  • - Images

The Controller pocesses also the Data Subject’s professional history as outlined in his or her Curriculum Vitae and or cover letter.
Processing shall be performed only on the collected regular data, therefore the Candidate shall not be requested to provide other categories of data, such as health data.
In any case, the Data Controller shall only process the relevant and strictly essential data for the establishment of an employment relationship.
If the job position offered by the Data Controller is adddressed to protected categories and / or the spontaneous application is submitted by an individual belonging to a protected category, the Data Controller shall process the Candidate’s data belonging to special categories only and exclusive in view of establishing a working relationship. Any specific personal, which the Data Subject has spontaneously communicated either through his/her CV and / or during the interview shall be processed only and exclusively if necessary for the purposes of establishing an employment relationship.

Purposes for the Processing of the Data Subject’s personal data

The Data Controller processes Data Subject’s personal data for the following purposes:

  • a) Assess the candidacy
  • b) Set up a working relationship

Data retention period

The data processed for the Purposes of letters (a), (b) shall be stored only until the Purpose is fulfilled.
However, the Data Controller can keep the Data Subject’s personal data in case there is the need to fulfil other Puroses related to personnel search and selection as in the case of:

  • - Spontaneous applications. The Data Subject’s personal data will be stored for 12 months from the date when the CV was received. Data will be erased by the end of the 12-month period;
  • - Response to specific personnel search and selection announcements published by the Data Controller and / or on his/her behalf by third parties. Personal data shall be stored until the job offer remains open. After six months form the closing of the position, the Data Subject’s personal data shall be erased.

Lawfullness of processing

Processing shall be lawful if:

  • - It is necessary to take steps at the request of the data subject prior to entering into a contract.

Processing methods

Personal data are processed to fulfill the Purposes set out in this Information Notice both in its electronic and paper format.

Mandatory or optional nature regarding the provision of personal information

The provision of data for the purposes of letter (a) (b) is optional and the refusal to provide it will prevent the Data Controller from assessing the candidacy and therefore starting a potential working relationship.

Recipients of your Personal Information

The Data Subject’s personal data shall be processed by the following parties according to the principles of indispensability:

  • - The Data Controller’s personnel, who acts and processes data under the authority and instructions of the Data Controller, pursuant to art. 29 of the GDPR or of the employees appointed by the Data Controller, in accordance with art. 2 quaterdecies of Legislative Decree nr. 101/2018.
  • - Individual or legal entities whose right to access the personal information of the Data Subject is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, competent authorities and / or supervisory bodies for the fulfilment of legal obligations, and public administrations for their institutional purposes.
  • - Individual or legal entities resorted to by the Data Controller to perform activities that are instrumental to fulfil the Purposes (such as, for example, software suppliers, cloud partners, data centres, IT consultants). Third parties who access the information shall do so in compliance with the current legislation on the protection of personal data and the instructions given by the Data Controller and shall in any case be appointed Data Processors by the Data Controller.

A list of the Data Processors is available in the Data Controller’s headquarters.

Dissemination of Data

Data shall not be disseminated in any way.

Rights of the Data Subject

The GDPR awards the Data Subject specific rights. The Data subject can exercise the following rights for each data processing operation:

  • - The Right of access: You have the right to obtain a copy of your personal data in our possession subjected to processing.
  • - The Right to rectification: You have the right to ask for your personal data to be rectified if they are incorrect or incomplete.
  • - The Right to object to the processing of personal data for commercial purposes: you can ask the Data Controller to stop sending you commercial communications at any time.
  • - The Right to object to decisions based on exclusively automated processes: you can request not to be the recipient of decisions exclusively made on the basis of totally automated processes, including profiling activity.
  • - The Right to withdraw consent: you have the right to withdraw your consent at any time.
  • - The Right to contact the Guarantor for the protection of personal data: you have the right to contact the competent supervisory Authority directly. In Italy the “Garante per la Protezione dei Dati Personali” ( is the Data Protection Authority.

The Data Subject can also exercise the following rights under certain conditions:

  • - The Right to deletion: you have the right to obtain the erasure of your personal data if the purposes of the processing no longer exist and there are no legitimate interests or legal provisions that require data to be stored.
  • - The Right to object to processing: you have the right to object to certain types of processing (for example, when it is necessary for the purposes of the legitimate interests pursued by the Data Controller’s legitimate interests).
  • - The Right to restrict processing: You have the right to restrict the scope of the Data Controller’s processing of your personal data under certain conditions (for example, where the Data Controller no longer needs your Data, but the processing is still necessary for the establishment, exercise or defence of legal claims).
  • - The Right to data portability: You have the right, in certain situations, to receive a copy of your in a structured, commonly used and machine-readable format , which can be accessed by another data controller.

To exercise the aforesaid rights, the Data Subject can send an email or write to the following address, specifying his/her requests and providing the Data Controller with the information needed to correctly identify the sender (by also attaching thereto a copy of his/her ID document) to the following addresses:

  • - by mail: Crowdvillage S.r.l., via Ciro Menotti n. 21 - 20129 - Milano (MI).
  • - by e-mail:

Crowdvillage will reply within a month. In the event that the Data Controller is unable to respond, it shall provide a detailed explanation as to why the Data Subject’s request cannot be met.

Version 01 - July 2021