Privacy Policy
Effective Date: 23 July 2025
Last Updated: 23 July 2025
1. Introduction & Data Controller Identification
This Privacy Policy explains how Andromeda Pay, a company duly incorporated under the laws of Switzerland, hereinafter referred to as “we,” “us,” “Andromeda Pay,” or the “Controller,” collects, processes, and safeguards personal data. This policy applies to all data processing activities related to our website, andromeda-pay.com, our non-custodial trading platform, and over-the-counter (OTC) trading services (collectively, the “Services”). Our operations focus on facilitating digital asset transactions without assuming custody of client funds or providing private wallet infrastructure.
Data Controller:
Andromeda Pay
Data Protection Advisor:
For questions regarding this Privacy Policy, the exercise of your data protection rights, or any concerns about how your personal data is processed, please contact our designated Data Protection Advisor:
-
- Email: privacy@andromeda-pay.com
2. Commitment to Data Protection & Compliance
Andromeda Pay is deeply committed to the protection of your personal data and to ensuring that processing is lawful, fair, and transparent. As a Swiss financial intermediary, we are governed by FINMA and affiliated with a recognized Self-Regulatory Organisation (SRO). We are legally bound by the Swiss Federal Act on Combating Money Laundering and Terrorist Financing (AMLA), which mandates the collection and processing of certain categories of personal data to safeguard the integrity of financial markets and prevent illicit activity.
This Privacy Policy provides clear information about:
-
- The categories of personal data we process;
-
- The legal bases and purposes of processing;
- Your rights as a data subject under Swiss law (nFADP) and EU GDPR, where applicable.
3. Categories, Purposes, and Legal Bases of Personal Data Processing
Your personal data is collected and processed only for specific, explicit, and legitimate purposes. The main purposes include performing our contractual obligations, complying with regulatory requirements, and protecting our legitimate business interests.
| Purpose of Processing | Categories of Personal Data | Legal Basis (nFADP / GDPR) |
|---|---|---|
| Client Onboarding & CDD | Identification (name, date of birth, nationality, address), contact (email, phone), official documents (passport/ID, proof of address), biometric data (facial geometry for liveness checks), financial data (source of funds/wealth, bank account info), beneficial ownership info (UBOs). | Legal Obligation under AMLA (GDPR Art. 6(1)(c) & Art. 9(2)(g)) |
| Transaction Execution & Travel Rule Compliance | Transactional data (wallet addresses, TxIDs, timestamps), wallet ownership verification data, originator & beneficiary identity. | Legal Obligation (AMLA & FINMA Guidance 02/2019); Performance of a Contract (GDPR Art. 6(1)(b)/(c)) |
| AML/CFT Risk Management & Fraud Prevention | Risk profiling, transactional history, sanctions/PEP/adverse media screening data. | Legal Obligation (AMLA) (GDPR Art. 6(1)(c)) |
| Customer Support & Inquiries | Identity & contact data, correspondence content (emails, support tickets). | Legitimate Interest: Customer service (GDPR Art. 6(1)(f)) |
| Marketing Communications | Name, email address. | Consent (GDPR Art. 6(1)(a)) |
| Website Analytics & Security | IP address, browser/device info, OS, language preferences, screen resolution, clickstream and usage data. | Legitimate Interest (GDPR Art. 6(1)(f)) |
4. Methods of Personal Data Collection
We collect personal data through:
-
- Directly from You: Account registration, onboarding forms, document submission, or communications with our team
- Through Your Use of Our Services: Automated collection of transactional and technical data, including IP addresses and wallet activity.
- Third-Party Sources: Identity verification providers, sanctions/PEP/adverse media databases, and other sub-processors assisting with compliance obligations.
- Publicly Available Sources: Blockchain data to verify transactions and sources of funds for AML/CFT compliance.
5. Data Sharing & Disclosure
We do not sell your personal data. We only share data where necessary for legal compliance, contractual obligations, or with your consent. Recipients include:
-
- KYC/AML Service Providers: Identity verification and monitoring.
-
- Banking/Payment Partners: Processing fiat settlements.
-
- Technology & Security Providers: Platform maintenance and protection.
-
- Regulatory & Law Enforcement Authorities: FINMA, SROs, MROS, tax authorities, or courts.
- Professional Advisors: Legal, audit, and consulting services.
6. International Data Transfers
Your data may be processed outside Switzerland or the EEA. We ensure adequate protection through:
-
- Jurisdictions with an adequacy decision from competent authorities;
-
- Standard Contractual Clauses (SCCs) with any required Swiss Addendum;
- Comprehensive Transfer Impact Assessments to ensure effective protection.
7. Data Security Measures
We maintain robust technical and organizational measures (TOMs) to safeguard personal data:
-
- Encryption: In transit (TLS 1.2+) and at rest.
-
- Access Controls: Least privilege access, MFA, logging, and monitoring.
-
- Security Assessments: Regular penetration tests and vulnerability scans.
-
- Personnel Training: Recurring data protection and security training.
- Incident Response: Tested plans for managing potential breaches in accordance with legal obligations.
8. Data Retention
We retain personal data only as long as necessary:
-
- AML/CFT & Accounting Records: 10 years per Swiss law (Article 958f CO & AMLA).
-
- Marketing Data: Until consent withdrawal.
-
- Other Data: Duration of the underlying purpose plus reasonable archival or QA period.
After retention periods, data is securely deleted or anonymized.
9. Your Data Protection Rights
Subject to legal limitations (e.g., AMLA), you may exercise:
-
- Right to be informed
-
- Right of access
-
- Right to rectification
-
- Right to erasure (where not legally required to retain)
-
- Right to restrict processing
-
- Right to data portability
-
- Right to object (except where overridden by law)
-
- Right to withdraw consent
-
- Rights related to automated decision-making
To exercise your rights: Contact our Data Protection Advisor. You may also lodge complaints with the Swiss Federal Data Protection and Information Commissioner (FDPIC).
10. Profiling & Automated Decisions
For AML/CFT compliance, we use automated systems to assess risk:
-
- Methodology: Risk scores calculated from transactional patterns.
-
- Significance: May affect due diligence level, transaction approval, or trigger reporting obligations.
- Your Rights: Request manual review if automated decisions have significant legal effects.
11. Cookies
Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for details on types, purposes, and preference management.
12. Amendments & Contact
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. Updates will be posted with a revised effective date. For significant changes, direct notification may be provided.
Contact: info@andromeda-pay.com
Institutional OTC trading platform delivering secure, compliant and efficient execution for professional investors worldwide.
Andromeda Pay © 2025 All Rights Reserved