Skip to content


This privacy policy has been compiled to better serve those who are concerned with how their Personal Data or ‘Personally Identifiable Information’ (PII) is being used online. Personal data is any information, which can identify you as a person directly or indirectly, according to the definitions of the European data protection legislation. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of what Personal data we collect, why we collect it, what we do with it and what rights you have in protecting your privacy, as well as how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

This Privacy Policy applies to your Personal Data when you visit or use our services through this Website or send us information through By using any of these channels you agree to have read and understood this Privacy Policy.

This Privacy Policy is applicable only to participants of the Visa Innovation Program Europe for the territory of Bulgaria, Greece, Cyprus, Malta, Italy, Spain and Portugal. For participants of the Visa Innovation Program Europe for the territory of Turkey the respective Privacy Policy available on the website of Hackquarters Innovation LTD shall be applicable.

The companies that process your personal data are:

Eleven Bulgaria AD, with seat and registered address at: Sofia, Bulgaria, 37 Benkovski Str., 1st floor,


Hackquarters Innovation LTD,with seat and registered address at: N1 7GX, 64 Cropley Street RAD Labs, London, United Kingdom

together hereinafter referred to as (“we”, “us”, “our”, the “joint controllers” or the “controller/-s”).

We, the aforementioned controllers, are jointly responsible for processing your personal data and have therefore concluded a specific and separate joint control agreement in accordance with art. 26 GDPR.

You can assert your rights mentioned below against each controller; we have set up the following central points of contact for your questions and suggestions:

Eleven Bulgaria AD,
address: Sofia, Bulgaria, 37 Benkovski Str., 1st floor. email:
Contact person: Diana Ruseva

Hackquarters Innovation LTD,
address: N1 7GX, 64 Cropley Street RAD Labs, London, United Kingdom email:
Contact person: Sabina Babayeva


We take your right to privacy seriously and work continuously to keep the data we process minimized. Nevertheless, in order to be able to develop our network effectively in your favour, we need to process some personal data. We are unable to include you in our network and keep our engagements towards you unless we process some of your personal data as described herein.

We may process your personal data for the following purposes:
1. Names, education, qualifications, work experience, skills, place of project development as well as any other information, which our candidates may choose to include in their application or accompanying documentation, such as diplomas, certificates, videos, pictures, etc. – this information is necessary for the review and evaluation of your product/solution and team (Pre-program phase), participation in our mentoring course and programs (Core program phase) and your selection to launch a pilot (Post-program engagement).
2. Email addresses, phone number, skype ID, LinkedIn, Google+ ID of our candidates – these are necessary for keeping in touch with you and for providing feedback, support, news and notifications on the development of your application.

As you are well aware, evaluation, developing, supporting and financing a project as well as developing the perfect network and environment is a time-consuming process, so we shall keep your data for a period of ten years.


We shall not use any personal data, unless it has been voluntarily provided, entered or uploaded by you personally. Our candidates are not allowed to enter third party personal data, including sign up a third party (partners, mentors, advisors, employees, etc.), without due authorization by such third party. It is the candidates’ sole responsibility to provide and guarantee that the processing of personal data activities performed and the provision of third party personal data are compliant with the requirements of the applicable data protection legislation.


Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential and that they are properly trained and authorized. We also take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing.


For providing effective communication we engage from time to time third party service providers – processors, carefully selected according to their capacity for personal data protection and processing in compliance with applicable data protection legislation. None of our processors has the right to use your personal information beyond what is necessary to assist us in making our work possible. When we cooperate with third parties and they process your personal data on our behalf, we make sure your personal data is being handled with the same integrity and security as we do. Some of our service providers might be based or their servers might be co-located in the United States of America (USA). After the Court of Justice of the EU abolished the EU-US Privacy Shield in July 2020, the USA are regarded as a third party not ensuring an adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients in non-adequate countries conclude the EU standard contractual clauses (EU SCC) with us or follow appropriate safeguards pursuant to art. 46 GDPR. EU SCC are now concluded with all above US-based subprocessors or recipients (such as Google, Mailchimp, Facebook, Microsoft). For communication purposes we use the platforms of MailChimp (USA) and Pipedrive (USA). For structuring project information, we use the platforms of Gust (USA), Typeform (SP) and F6S (USA). For email exchange and document storage we use the platform of Google (USA). We may replace our processors from time to time following the above rules of strict selection. Updated information about the list of current processors may be found at all times in our Privacy policy or we may inform you about such updates via email.


The Visa Innovation Program is a collaborative initiative inspired and backed with knowledge and expertise by Visa. Visa sponsors the Program and may be involved in selection of participants. However, the information we share with Visa is non-personally identifiable. To the extent we share any of your contact details with Visa as part of the selection process (or you have included any personal data in your project presentation deck as part of your Program application), these will be handled in accordance with Visa’s global privacy notice (

The information provided to Visa relates to the final assessment of the project in the Program selection process. For the avoidance of doubt, Visa accepts no responsibility for the operation of the website or The Visa Innovation Program Europe.

We do not share personal information with companies, organizations and individuals unless

one of the following circumstances applies:
1. At your instructions – as we are entrusted with the review, evaluation and funding of

projects, candidates’ contacts, such as names, phone number and email address may be provided to the respective mentors and investors, who may contribute.

  1. For making some services possible – to third party processors, as described above.

  2. For legal reasons – we will share personal information, if we have a good-faith belief

that access, use, preservation or disclosure of the information is reasonably necessary to:

a. meet any applicable law, regulation, legal process or enforceable governmental request.

  1. including investigation of potential violations.

  2. detect, prevent, or otherwise address fraud, security or technical issues.

  3. protect against harm to the rights, property or safety of our team, company or

affiliates, as required or permitted by law.

We also may share non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends about the general development of our activities.

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.


We allow our network to be used only by persons aged 18 and over. If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.


You have the right to request a copy of your personal details at any time, to check the accuracy of the information held and/or to correct or update this information. You may ask your personal information to be deleted completely, if no enquiry from you is in progress. You also have the right to complain when your personal data protection rights have been violated. We will make commercially reasonable efforts to provide you with reasonable access to any of your personal information we maintain or correct it within 30 days as of receipt of your request. We will comply with your instructions for deletion of personal data as soon as reasonably practicable and within a maximum period of 30 days, unless EU or Bulgarian or Turkish law requires further storage. Please, note that we may keep that information for legitimate business or legal purposes or be required (including by contract or GDPR) to keep certain of information and not delete it (or to keep this information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements). Please, note that after deleting your information, you shall not be able to use our network any more.

If you wish to access, delete (when applicable) or correct your personal information please, address your requests and complaints to any of the both joint controllers at the following addresses:
Sofia, Bulgaria, 37 Benkovski Str., 1st floor, email:, or

N1 7GX, 64 Cropley Street RAD Labs, London, United Kingdom email:

Please state clearly in the subject that your request concerns a privacy matter, and more specifically whether it is a request to access, correction, deletion or else. Bear in mind that we may ask for additional information to determine your identity.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.


If you think we have infringed your privacy rights, you can lodge a complaint with the respective supervisory authority: The Bulgarian Commission and UK Commision for personal data protection ( or the The ICO (

You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).

If at any time you would like to unsubscribe from receiving future emails, you can email us at and we will promptly remove you from correspondence, when applicable.

Apply now!

Apply here If you wish to enter the Program that is locally operated by Eleven Ventures in Bulgaria, Crowdpolicy in Greece or Hackquarters in Turkey.

We welcome fintechs from all over Europe!