Privacy policy

Data Controller
We at European Startup Festival take your privacy seriously. This policy covers the collection, processing and other use of personal data under the General Data Protection Regulation, named as GDPR (Reg. UE 2016/679), for which purpose the Data Controller is European Startup Association, based in Turin (Italy), Corso Regio Parco 15, 10152.
The contact person is the legal representative of the Association:
Adriano Travaglia (
This Privacy Policy governs the manner in which we collect, use, maintain and disclose information collected from the attendees at the European Startup Festival, specially at the registration desk.

Scope of communication and dissemination of Data
For the pursuit of the purposes of processing and within the limits of what is strictly necessary, the Data may be brought to the attention of employees or collaborators of the Data Controller in reason and within the limits of the tasks and tasks assigned to them. They may also be aware of the Data subjects who perform activities related and instrumental to the activities carried out by the Data Controller and to whom the latter could apply – after appointment as processor – for the pursuit of the purposes of processing and within the limits of what strictly necessary. The data may be disclosed to third parties who are connected to the Data Controller by virtue of service contracts or even commercial partnership agreements.

Information we collect
We will collect personal data if it is directly provided to us by attendees at events or by Users would have signed up for the newsletter service, e.g. e-mail address, name, home or work address, telephone number, and other data directly related to the creation of the community on line and off line, e.g. job position, type of interest in the start-up sector or in the community platform.

Purposes of the processing
The personal data provided (hereinafter, the “Data”) will be processed in compliance with the indications in this statement and in compliance with the provisions of the General Data Protection Regulation. The processing of the data has general information and promotional purposes to create a community of stakeholder interested in the start-up ecosystems and:
a) to promote any future initiatives and events, including training courses or other unrelated goods and services (e.g. consulting and co-working services services) which we consider may be of interest to participants, carried out by the Association or by third parties, by sending electronic communications (e.g. email, SMS or MMS);
b) to detect the degree of satisfaction of participants and the preferences granted to services and at improving services procided by European Startup Association or third parties;
c) profile of participants with the aim of improving the service offered, offering new and even different services, to ensure the IT security of the platform.

Processing of Data
The Data will be:
– collected through and / or after the registration procedure at European Startup Festival;
– transferred in digital format at cloud servers in the availability of the Data Controller;
– used for the collection, registration, storage, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, dissemination, blocking, cancellation and / or destruction of the Data;
– processed, in automated mode, for sending and receiving e-mails;
– used for their protection against risks of destruction, modification, deletion and unauthorized access through efficient physical, logical and organizational security measures;
– further processed by the Data Controller, or by subjects delegated by the same, using paper methods.
Data will be kept for a period of time no longer than necessary for the purposes for which they were collected or subsequently processed.
It should be noted that the processing of data for the purpose of storing information relating to participants tends to be perpetual due to the purposes of the European Startup Association. We could transfer, share, sell, rent or lease your personal data to third parties, included partners and sponsors of the Festival and other subjects as accountants, legal consultants and service providers.
As part of the services offered to participants, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we could use services which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work one of our suppliers or work for us when temporarily outside of the EEA. A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store participants’ personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the GDPR.
If a participant uses our service while he is outside the EEA, his personal data may be transferred outside the EEA in order to provide participant with these services.

Mandatory or optional nature of providing data
The provision of Data is not mandatory, excepted for the Data needed for managing the organisational  aspects for the participation of the data subject at the European Startup Festival or other connected events. If the data required for the provision of a service are not communicated to the Data Controller, it is possible that the requested service can not be provided.

Rights of the data subject
The data subject can exercise all the rights recognized by the General Data Protection Regulation, named as GDPR (Reg. UE 2016/679) and, in particular:
a) the right of access, or to obtain confirmation of the existence or otherwise of the processing of personal data;
b) the right to rectification, or to obtain from the Data Controller the correction and / or integration of inaccurate personal data concerning him without undue delay;
c) the right to erasure (right to be forgotten), or to obtain from the Data Controller the deletion of personal data concerning him / her if the specific circumstances provided for by the GDPR occur;
d) the right to restriction of processing, or to obtain from the Data Controller the limitation of processing if the specific circumstances required by the GDPR occur;
e) the right to the data portability, or to receive in a structured, commonly used and automatically readable form the personal data concerning him provided to the Data Controller and to transmit such data to another Data Controller without impediments;
f) the right to object, or to oppose at any time, for reasons connected with its particular situation, to the processing of personal data;
g) the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person.
The data subject may exercise the rights set out in the GDPR contacting the European Startup Association through ordinary mail addressed to: European Startup Association, based in Turin (Italy), Corso Regio Parco 15 10152, or by e-mail sent to the following e-mail address: The Data Controller will answer to the requests to exercise the rights by the data subject according to the terms and methods provided for by GDPR.

The processing of the subject’s Data is necessary for managing the organisational aspects of one’s participation at the European Startup Festival or other connected events and for using the on line community platform and its services.
In any case the Data Controller will collect the consent of each participant at the registration desk of the event and the consent of each User when he would have signed up for getting the newsletter service or for using the on line community platform and its services.