Privacy Policy

Last updated: March 2026

1. Introduction

Clavestra Orbital GmbH (“Clavestra,” “we,” “us,” or “our”), registered in Lugano, Switzerland, is committed to protecting the privacy and personal data of our clients, partners, and website visitors.

This policy describes how we collect, use, store, and protect personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller

Clavestra Orbital GmbH

Lugano, Switzerland

privacy@clavestra.ch

3. Data We Collect

Client Onboarding (KYC/AML)

  • • Legal entity name, registration number, and registered address
  • • Identity documents of directors and beneficial owners
  • • Source of funds documentation
  • • Regulatory license information

Legal basis: Legal obligation (Swiss AMLA, AML/CFT compliance)

Website Visitors

  • • Email address (if voluntarily submitted via contact form)
  • • Basic server logs (IP address, browser type, access time)

Legal basis: Legitimate interest (security, service improvement)

Transaction Data

  • • Deposit and withdrawal records
  • • Transaction timestamps and amounts
  • • Blockchain addresses associated with client accounts

Legal basis: Legal obligation (record retention under Swiss AMLA, minimum 10 years)

4. How We Use Your Data

  • Verifying client identity and conducting due diligence (KYC/AML)
  • Processing custody transactions (deposits, transfers, withdrawals)
  • Monitoring transactions for suspicious activity (sanctions screening, SAR filing)
  • Complying with regulatory reporting obligations
  • Responding to inquiries and providing client support
  • Maintaining security and integrity of the federation

5. Data Sharing

We do not sell personal data. We may share data with:

  • Regulatory authorities: When required by law (e.g., MROS for suspicious activity reports)
  • SRO supervisory body (VQF): As part of compliance oversight and audit
  • Independent auditors: For annual AML compliance audits
  • Law enforcement: When required by valid legal process

6. Data Retention

KYC/AML records and transaction data are retained for a minimum of 10 years from the termination of the business relationship, as required by the Swiss Anti-Money Laundering Act (AMLA).

Website visitor data (server logs) is retained for a maximum of 90 days unless required for security incident investigation.

7. Your Rights

Under the Swiss FADP and, where applicable, the GDPR, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention obligations)
  • Object to data processing based on legitimate interest
  • Request data portability

Note: Certain rights may be limited where we are required to retain data for AML/CFT compliance.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data at rest and in transit
  • Access controls limited to authorized personnel
  • Multi-jurisdictional infrastructure with no single point of failure
  • Regular security assessments

9. Cookies

This website uses only essential cookies required for basic functionality (such as theme preference). We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. Contact

For privacy-related inquiries or to exercise your data rights, contact us at:

privacy@clavestra.ch