1. Introduction
SKINS24 (“we”, “us”, “our”) runs www.skins24.co.uk, a marketplace dedicated to CS2 cosmetic items. This policy explains what information we gather when you use the service, what we do with it, who we share it with, and how we keep it safe. We handle your data in line with the General Data Protection Regulation (GDPR) and any other data protection laws that apply.
Using SKINS24 means you have read and understood this policy.
2. What We Collect
Profile data. Signing in through Steam OAuth gives us your Steam ID, display name, and avatar. Your Steam password is never shared with or stored by us.
Order data. We keep records of purchases, including the item bought, order value, and timestamps. Card details never touch our servers — they are handled directly by our PCI DSS certified payment processor.
Technical data. Server logs and analytics tools capture your IP address, browser and OS, device identifiers, referring pages, and which pages you viewed.
Support data. When you message our team, we store the content of the conversation together with anything you choose to share in it.
3. Why We Use It
Your data powers a specific set of activities: opening and running your account; processing orders and delivering items via Steam; handling support tickets; detecting and blocking fraud, money laundering, and policy abuse; meeting our legal obligations under EU tax and accounting rules; analysing usage to improve the product; and sending purely transactional notifications about your orders.
We do not use your data for behavioural advertising or profiling. Marketing emails only go out when you have opted in, and you can opt out at any time.
4. Legal Bases for Processing
Under the GDPR we rely on the following grounds:
Performance of a contract: operating your account, taking orders, and delivering items.
Legitimate interests: fraud prevention, security, and product improvement — weighed against your rights.
Legal obligations: AML, tax, and regulatory reporting requirements.
Consent: marketing emails and non-essential cookies. Consent is always revocable.
5. Who We Share Data With
We only pass data to the recipients below, and only when it is needed:
Steam / Valve: your Steam ID for authentication and trade execution.
BitSkins: order details required to source and fulfil items.
Payment processor: card and transaction information for authorisation and settlement.
Hosting and CDN providers: infrastructure that runs our site, bound by data-processing agreements.
Authorities: where the law or a valid legal request requires disclosure.
We never sell your personal data.
6. How Long We Keep It
We retain personal data only for as long as it serves the purposes above or as the law requires. Account records live for the lifetime of the account plus 6 years; order records are held for 7 years for tax and accounting; server and technical logs are kept for 90 days; and support conversations are kept for 3 years.
After the retention window closes, data is either securely deleted or permanently anonymised.
7. Security
We apply appropriate technical and organisational controls — TLS in transit, encryption at rest, role-based access, authentication, and periodic security reviews — to prevent unauthorised access, alteration, disclosure, or loss.
If a breach occurs that could put your rights and freedoms at risk, we will notify the competent supervisory authority within 72 hours and inform affected users without undue delay, as the GDPR requires.
8. Your Rights
The GDPR gives you the following rights over your personal data: access a copy; correct inaccuracies; request deletion (subject to legal hold periods); restrict processing in certain cases; receive your data in a portable format; object to processing based on legitimate interests; and withdraw consent where processing depends on it.
To exercise any of these rights, email legal@skins24.co.uk. We reply within 30 days.
9. Transfers Outside the EU
Your data is processed inside the European Union whenever possible. When a transfer is needed — for example, to Steam/Valve in the United States — we put appropriate safeguards in place, including the European Commission's Standard Contractual Clauses.
10. Minors
SKINS24 is not designed for users under 18 and we do not knowingly collect data from minors. If we learn that a minor has given us personal data, we remove it from our systems promptly.
11. Changes to This Policy
We may amend this policy to reflect changes in our practices or the law. Significant updates will be emailed to you or highlighted on the site. The “Last updated” line at the top of the page shows the latest revision date.
Contact
Questions about this policy? Write to legal@skins24.co.uk.