Privacy Policy

Last updated: 15 January 2026

At gravion, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and protect the data we collect from users of our online marketplace platform and related services.

gravion S.A., registered in Belgium (Registration Number: 739185206), acts as the data controller for the personal information we collect and process. We are committed to compliance with the General Data Protection Regulation (GDPR) and all applicable European data protection laws.

Data We Collect

The data we collect is essential for providing our marketplace services and ensuring a secure, personalised experience. We collect information in several ways:

Information You Provide

  • Account registration details (name, email address, phone number)
  • Business information (company name, VAT number, business address)
  • Payment information (billing address, payment method details)
  • Communications with our support team
  • Product listings and descriptions
  • Reviews and feedback

Information We Collect Automatically

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, click patterns)
  • Location data (general geographic location based on IP address)
  • Cookies and similar tracking technologies

Information from Third Parties

  • Payment processors for transaction verification
  • Shipping partners for delivery tracking
  • Identity verification services for fraud prevention
  • Analytics providers for website performance insights

How We Use Your Information

We use of your data is governed by specific legal bases under GDPR and is limited to the purposes outlined below. How we use your information depends on the services you use and your relationship with gravion:

Service Provision

  • Creating and managing your account
  • Processing transactions and payments
  • Facilitating communication between buyers and sellers
  • Providing customer support and technical assistance
  • Delivering products and services

Platform Security and Compliance

  • Fraud detection and prevention
  • Compliance with legal obligations
  • Enforcing our terms of service
  • Protecting the safety and security of our users

Improvement and Personalisation

  • Analysing usage patterns to improve our services
  • Personalising your experience on our platform
  • Developing new features and services
  • Conducting research and analytics

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contractual necessity: To provide our marketplace services and fulfil our contractual obligations
  • Legitimate interests: For fraud prevention, security, and service improvement
  • Legal compliance: To comply with applicable laws and regulations
  • Consent: For marketing communications and optional features (where applicable)

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our platform, including payment processors, hosting providers, customer support tools, and analytics services. These providers are contractually bound to protect your data and use it only for the specified purposes.

Legal Requirements

We may disclose your information when required by law, such as in response to court orders, legal processes, or to comply with regulatory requirements.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy and to comply with legal obligations. Our data retention practices include:

  • Account data: Retained whilst your account is active and for up to 7 years after account closure for legal compliance
  • Transaction data: Retained for 10 years to comply with financial and tax regulations
  • Communications: Retained for 3 years for customer service and dispute resolution purposes
  • Marketing data: Retained until you withdraw consent or for 3 years from last interaction
  • Analytics data: Aggregated and anonymised data may be retained indefinitely for business insights

Your Rights

Under GDPR and applicable data protection laws, your rights regarding your personal data include:

Right of Access

You have the right to request a copy of the personal data we hold about you.

Right of Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right of Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability

You can request that we transfer your data to another service provider in a structured format.

Right to Object

You can object to certain types of processing, including direct marketing.

International Data Transfers

While gravion primarily operates within the European Economic Area (EEA), some of our service providers may be located outside the EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Certification schemes and codes of conduct
  • Binding Corporate Rules where applicable

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform. For detailed information about our use of cookies, including how to manage your preferences, please refer to our Cookie Policy.

Data Security

We implement robust technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication systems
  • Employee training on data protection
  • Incident response procedures

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the following details:

Data Protection Officer

gravion S.A.

Lippenslaan 31, 3062 Leuven, Belgium

Email: privacy@gravion.world

Phone: +32 497 50 27 16


You also have the right to lodge a complaint with the Belgian Data Protection Authority or your local supervisory authority if you believe we have not adequately addressed your concerns.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by sending you a notification. The "Last updated" date at the top of this policy indicates when the most recent changes were made.