VALID AS OF 25.05.2018

Gravitas Finance LLC (hereinafter referred to as “we”, “us”, “our”, or “the Company”) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case.
The present privacy notice:

Through this privacy notice, your data may be called either “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
For the purposes of this notice, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address and identification number.

  1. Consent to Process Data

When you create an account with the Company, you are requested to agree with the terms listed in the given Notice. You confirm acceptance of these terms by ticking the box on the account opening form. If you do not choose to tick the box, then it is considered that you are not giving your consent and the Company cannot collect and process your data neither provide any additional services to you.
If you have given us your specific consent for processing (other than for the reasons set out below) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
We are furthermore obligated to collect such personal data not only for the commencement and execution of a business relationship with you but also for the performance of our contractual, regulatory, statutory and legal obligations.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.

  1. Personal data we collect

The Company must receive or collect your information to create your account with us and set you as a client of the Company. Further we collect data to operate, provide, improve, understand, customise and support our services in relation to your account. We also have the right and the duty by virtue of its area of activity to check the accuracy of the client data contained in the databases by periodically asking you to update and/or correct or confirm the accuracy of the client data provided. We ask and collect from our clients, prior to using our services, the personal data information below:

We may also collect and process personal data which we lawfully obtain not only from you but also from other third parties, e.g. companies that introduce you to us.

  1. Reasons as to why we process your personal data and on what legal basis

As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the local data protection law for one or more of the following reasons:

3.1 For the performance of a contract

We process personal data in order to offer financial services based on contracts with you but also to be able to complete our acceptance procedure so as to enter into a business relationship with prospective customers. The purpose of processing personal data depends on whether the customer is a natural or legal entity, depends on the classification/categorisation of the client (i.e. retail, professional) and to the requirements for each service.

3.2 For Identity Verification purposes

The Company needs to perform its due diligence measures and apply the principles of KYC (Know-Your-Client) before entering a client relationship in order to prevent actions, such as money laundering or terrorist financing, and also to perform other duties imposed by law. Therefore, we collect from our clients’ identity verification information (such as images of your government issued national ID card or International Passport, or driving licence or other governmental proof of identification, as permitted by applicable laws) or other authentication information. We are also requesting our clients to provide us with a recent Utility Bill in order to verify their address. Further to this, the Company can use third parties which carry out identity checks on its behalf.

3.3 For compliance with a legal obligation

There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements. There are also various supervisory authorities whose laws and regulations we are subject to.
Such obligations and requirements impose on us necessary personal data processing activities for identity verification, tax law or other reporting obligations and anti-money laundering controls.
These include amongst others transaction reporting requirements, assessment of the clients’ knowledge and experience, FATCA and CRS reporting.

3.4 For the purposes of safeguarding legitimate interests

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
- Initiating court proceedings and preparing our defence in litigation procedures,
- Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures,
- Measures to manage business and for further developing products and services,
- The transfer, assignment (whether outright or as security for obligations) and/or sale to one or more persons and/or charge and/or encumbrance over, any or all of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company.

3.5 For Marketing Purposes

The Company may use client data, such as location or trading history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. You always have the right to change your option if you no longer wish to receive such communications.

  1. Who receives your personal data

In the course of the performance of our contractual and statutory obligations, your personal data may be provided to various departments within the Company. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent.

Under the circumstances referred to above, recipients of personal data may be:

  1. How we treat your personal data for marketing activities and whether profiling is used for such activities

We may process your personal data to inform you about products, services and offers that may be of interest to you. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so – by clicking on the tick box during the account opening form – or in certain cases, if we consider that it is in our legitimate interest to do so.
Further, you have the option to choose whether you wish to receive marketing related emails to your provided email address by clicking the relevant tick box during the account opening form.
You have the right to object at any time to the processing of your personal data for marketing purposes or unsubscribe to the provision of marketing related emails by the Company, by contacting at any time our customer support department via the following ways:

a) By Email:
b) By post or in person at the Company’s Headquarters at: Gravitas Finance LLC, Second Floor, Office 2DE, Nautica Commercial Centre 90622, Royal Road, Black River, Mauritius.

  1. Period of keeping your personal information

The Company will keep your personal data for as long as a business relationship exists with you, either as an individual or in respect of our dealings with a legal entity you are authorised to represent or are beneficial owner. Once the business relationship with you has ended, we are required to keep your data for a maximum period of seven years to meet our regulatory and legal requirements.
When we no longer need personal data, we securely delete or destroy it.

  1.  Your Rights

You have the following rights in terms of your personal data we hold about you:

    1. Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
    2. Request rectification/correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may request additional information and documentation required to validate the need for the requested change of data.
    3. Request erasure of your personal information. You can ask us to erase your personal data, exercising your right “to be forgotten”, where there is no good reason for us continuing to process it. This request to erase your personal data will result in the closure of your account and termination of the client relationship. However, the Company is required to maintain the client’s personal data to comply with its legal and regulatory requirements, as well as in accordance with internal compliance requirements in relation to the maintenance of records. We shall preserve data for at least seven years following the termination of the client relationship, unless other terms for the preservation of data or documents are prescribed by law.
    4. Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or processing is required for the establishment, exercise or defence of legal claims.
    5. You also have the right to object to your personal data being processed for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing. If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
    6. Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name (“right to data portability”).
  1. Automated decision-making

In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you for data assessments (including on payment transactions) which are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.

  1. Geographical Area of Processing

When you give us your personal data you agree that in some cases it is transferred to and processed in countries outside Mauritius and the EU/EEA. This exception applies to the transfer of client data when it is required by law, e.g. reporting obligation under tax law and other tax treaties. (FATCA and CRS).
Upon request, the client may receive further details on client data transfers to countries outside Mauritus or the EU/EEA.

  1. Other related information

We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features in an attempt to prevent unauthorised access.
When you email the Company (via the “Contact Us” page), you may be requested to provide some additional personal data. Such data will be used to respond to their query and verify their identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.

  1. Your right to lodge a complaint

If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by sending an email to You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Instructions as to how to submit a complaint can be found in their website:

  1. Changes to this privacy notice

The Company reserves the right to modify or amend this Privacy Notice unilaterally at any time in accordance with this provision.
If any changes are made to this privacy notice, we shall notify you accordingly. The revision date shown on at the end of this page will also be amended. We do however encourage you to review this privacy notice occasionally so as to always be informed about how we are processing and protecting your personal information.

  1. Contact Details

For any questions you may have or if you want more details about how we use your personal information, you can contact our Data Protection Officer, located at Gravitas Finance LLC, Nautica Complex, 90622 Black River, Mauritius, email:


Sign up to our newsletter to get exclusive offers and news direct to your inbox.


© Copyright GRAVITAS FINANCE LLC • 2023