Get In Touch
What Type of Client Are You?
  • Crypto Project
  • Crypto Exchange
  • Crypto VC
  • CRYPTO OTC
  • Other
    • gradient

    Processing of Personal Data for KYC and AML Purposes

    Last updated: 26.02.2026

    1. Controller

    Gravity Trade Partners SA
Adress: c/o Accountify SA, Via Nassa 3a, 6900 Lugano, Switzerland
    Email: legal@gravityteam.co swissdesk@gravityteam.co
    Gravity Trade Partners SA (“Company”, “we”, “us”, “our”) acts as the controller of personal data processed for the purposes described in this Privacy Notice.

    2. Purpose and Scope

    2.1. This Privacy Notice explains how we process personal data for the purposes of:

    • Know Your Customer (KYC) identification and verification
    • Anti-Money Laundering (AML) compliance
    • Counter-Terrorist Financing (CTF) compliance
    • Sanctions and politically exposed person (PEP) screening
    • Fraud prevention
    • Ongoing monitoring required by law

    2.2. Because the jurisdiction of data subjects cannot always be determined in advance, the Company applies the standards of the EU General Data Protection Regulation (GDPR) where relevant to ensure a high and consistent level of data protection.

    2.3. Gravity Trade Partners SA will comply with applicable data protection laws in any jurisdiction where such laws apply to its processing activities.
    However, where multiple legal regimes apply, compliance will be subject to mandatory legal obligations, including statutory retention requirements, anti-money laundering regulations, and other regulatory or supervisory requirements to which the Company is subject.
    Where applicable laws conflict, the Company will comply with the laws that are binding upon it in its capacity as a Swiss regulated entity, including Swiss AML and data protection legislation. Certain data subject rights (such as the right to erasure or restriction of processing) may therefore be limited where processing or retention is required by mandatory legal obligations.

    3. Categories of Personal Data Processed

    For KYC and AML purposes, we may process the following categories of personal data:

    Identification Data, such as:

    • Full name
    • Date and place of birth
    • Nationality
    • Gender
    • Photograph
    • Signature

    Contact Information, such as:

    • Residential address
    • Email address
    • Telephone number

    Identity Documentation, such as:

    • Passport, national ID card, residence permit, or other government-issued identification
    • Document number, expiry date, issuing authority
    • Copies and images of identification documents

    Biometric Data, such as:

    • Facial recognition data derived from selfies or video identification procedures used to verify identity

    Financial and Economic Information, such as:

    • Source of funds
    • Source of wealth
    • Employment and professional information
    • Beneficial ownership information
    • Transaction-related information

    Compliance and Risk Data, such as:

    • Sanctions screening results
    • Politically Exposed Person (PEP) status
    • Adverse media findings
    • Risk classification or risk scoring

    Technical and Verification Data, such as:

    • IP address
    • Device information
    • Metadata generated during identity verification
    • We process only the data necessary to comply with our legal obligations.

    4. Legal Basis for Processing

    We process personal data as necessary to comply with legal obligations under:

    • The Swiss Anti-Money Laundering Act (AMLA)
    • Other applicable Swiss financial regulatory obligations

    KYC and AML processing is mandatory. It is not based on consent.

    5. Mandatory Provision of Data

    Provision of personal data for KYC and AML purposes is required by applicable law.
    If required information is not provided, we may be unable to:

    • Establish or continue a business relationship;
    • Execute transactions; or
    • Provide services.

    6. Use of Data Processor – Sumsub

    6.1. We engage Sumsub (Sum and Substance Ltd and its affiliates) as a data processor to assist in identity verification, AML screening, fraud prevention, and compliance checks.

    6.2. Sumsub processes personal data on our behalf and strictly in accordance with our instructions under a data processing agreement.

    6.3. Sumsub’s Privacy Notice (Service Privacy Notice) is available at:
https://sumsub.com/privacy-notice-service/

    7. Disclosure of Personal Data

    We may disclose personal data where required by law or regulatory obligation, including to:

    • Swiss financial regulators
    • Supervisory authorities
    • Law enforcement agencies
    • Courts or competent governmental authorities
    • Auditors and compliance advisors
    • Service providers or affiliates acting on our behalf under data processing agreements that contractually require them to implement an equivalent level of data protection and appropriate technical and organisational security measures.

    The Company does not sell personal data.

    8. International Data Transfers

    Personal data may be transferred outside Switzerland or the European Economic Area.
    Where such transfers occur, we ensure appropriate safeguards are in place, including:

    • Transfers to jurisdictions recognized as adequate;
    • Standard Contractual Clauses;
    • Other legally recognized transfer mechanisms under Swiss and EU law.

    9. Retention Period

    We retain personal data for as long as required to comply with statutory retention obligations under Swiss AMLA.

    After the applicable retention period expires, data is securely deleted or anonymized unless further retention is required by law.

    10. Data Subject Rights

    10.1. Subject to applicable law, individuals may have the right to:

    • Access their personal data;
    • Request rectification of inaccurate data;
    • Request erasure where legally permissible;
    • Request restriction of processing;
    • Request data portability (where applicable under GDPR);
    • Lodge a complaint with a supervisory authority.

    10.1. Under Swiss law, complaints may be lodged with:
    Federal Data Protection and Information Commissioner (FDPIC), Switzerland

    10.2. If GDPR applies, individuals may lodge a complaint with their competent EU supervisory authority.

    10.3. If other data protection laws apply based on the jurisdiction of the data subject, individuals may lodge a complaint with the competent data protection or supervisory authority in their country of residence or the jurisdiction where the alleged infringement occurred.

    10.4. Please note that certain rights may be restricted where necessary to comply with AML obligations or to prevent unlawful disclosure that could interfere with financial crime investigations.

    10.5. Requests may be submitted to:
legal@gravityteam.co

    11. Automated Processing

    11.1. We may use automated systems, including risk assessment tools provided by Sumsub, to evaluate AML and fraud risks.

    11.2. Where automated processing significantly affects individuals, they may request human review, where permitted by applicable law.

    12. Data Security

    We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.
    These measures include:

    • Access controls
    • Encryption
    • Secure data storage
    • Contractual safeguards with service providers

    13. Updates to this Notice

     

    We may update this Privacy Notice from time to time to reflect changes in legal, regulatory, or operational requirements. The latest version will be made available through appropriate channels.

     

    background icon
    What Type of Client Are You?
  • Crypto Project
  • Crypto Exchange
  • Crypto VC
  • CRYPTO OTC
  • Other