top of page

Privacy Policy (GDPR)

At IdeaBoosterLab, accessible at ideaboosterlab.nl, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by ideaboosterlab.nl and the information related to the whole training program.

​

Privacy Notice

​

With the following privacy policy, the Università Commerciale Luigi Bocconi (hereinafter “University”) and [Partner] inform you that - pursuant to and for the purposes of the provisions of Article 13 of the European Regulation 2016/679 on the protection of personal data (“GDPR”) - your personal data will be processed by electronic and manual means, in Italy and abroad.

​

This information is drafted on the basis of the principle of transparency and all the elements required by the GDPR and is divided into individual sections in order to make reading faster and easier to understand.

​

1. Joint Controllers

The Joint Data Controllers, pursuant to the Article 26 of the GDPR, are Università Commerciale Luigi Bocconi, with registered office at Via Roberto Sarfatti, 25, 20100 Milan and Erasmus University Rotterdam (hereinafter jointly referred to as “Joint Data Controllers”).

The Joint Data Controllers have entered into an agreement whereby they have committed to:

  • jointly determine how Your personal data will be processed for the purposes set forth below;

  • jointly determine, in a clear and transparent manner, the procedures for providing you feedback on the exercising of your rights, as provided in the GDPR;

  • jointly define the information in the parts of common interest, indicating all the information required by the GDPR.

 

2. Purposes of the processing

Your personal data will be processed for the purposes of analysis, study and research as part of the project called “Scientific Approach to Innovation Management” (hereinafter the “Project”), conducted by the Joint Data Controllers. The objective of this study is to observe what decisions entrepreneurs make in the early stages of the process of creating a new company with the aim of understanding what practices help to assess the feasibility of new business ideas.

 

3. Personal Data

The Joint Data Controllers, upon your form completion on the platform https://ideaboosterlab.nl. (hereinafter the “Platform”), will process the following personal data:

  • name, surname and email address used in submitting the application form

 

4. Lawfulness of processing

For the pursuit of the purposes indicated it is necessary, according to art. 6 letter. a) of the GDPR, to collect your free consent.

You have the right to revoke your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

​

5.Compulsory or optional nature of the conferment of data and consequences of a possible refusal to provide data.

The provision of your personal data is necessary for the achievement of the purposes mentioned above.

Failure to provide your personal data, or providing partial or incorrect data, will make it impossible for you to participate in the Project.

​

6. Communication of personal data

Your personal data will be processed exclusively by persons authorized to process them pursuant to art. 29 of the GDPR and by legal and natural persons appointed pursuant to art. 28 of the GDPR as Data Processors, in compliance with the GDPR regulations, in order to carry out all processing activities necessary to pursue the purposes detailed. Personal data may be communicated to public bodies or judicial authorities, where required by law or to prevent or repress the commission of a crime.

 

7. Data Retention

Your personal data, in accordance with the principles of purpose limitation and storage limitation, will be kept for the period strictly necessary for the pursuit of the purposes indicated. In particular:

  • for the estimated time of duration of the Project (5 years);

  • for a further period (of up to 5 years), limited to research purposes identified in the Project and not achieved by the estimated time of duration.

 

8. Area of the Processing

Your personal data will be processed by the Joint Data Controllers within the territory of the European Union.

Should it become necessary to process data outside the European Union, the subjects that process your data for the purposes pursued by the University will be appointed as Data Processors and the transfer of personal data to such subjects, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of the GDPR.

All necessary precautions will be taken in order to ensure the full protection of personal data basing such transfer on the evaluation of appropriate safeguards including, by way of example, adequacy decisions of third country recipients expressed by the European Commission; appropriate safeguards expressed by the third party recipient pursuant to Article 46 of the GDPR.

In any case, you may request further details from the Data Controllers if your personal data has been processed outside the European Union, requesting evidence of the specific guarantees adopted.

 

9. Data Subect's Rights

Pursuant to Art. 15 et seq. of the GDPR you may, at any time, exercise the rights expressly granted to the data subject and in particular obtain

  • confirmation that there is a processing of personal data concerning You and to obtain access to the data and the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be communicated, storage period);

  • the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data, also by providing a supplementary declaration;

  • the cancellation of personal data, in the cases provided for by the GDPR;

  • the limitation of processing in the cases provided for by the privacy legislation in force;

  • the portability of the data concerning you and/or request the direct transmission of your data to another data controller;

  • the opposition to the processing at any time, for reasons related to your particular situation, to the processing of personal data concerning you in full compliance with the privacy legislation in force, as well as for purposes related to marketing and profiling;

  • the revocation of the consent given. In any case, the revocation of consent does not affect the lawfulness of processing based on the consent before revocation.

 

You may exercise your rights by contacting the following e-mail address, attaching a copy of your identity document: dpo@unibocconi.it.

In any case, you will always have the right to complain to the competent control authority, pursuant to art. 77 GDPR, if you believe that the processing of your data is contrary to the privacy legislation in force.

​

bottom of page