Privacy Policy

SKINS24 ("we," "us," or "our") operates www.skins24.co.uk, a marketplace for buying and selling CS2 cosmetic items. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our platform, you acknowledge that you have read and understood this Privacy Policy.

Account Information: When you sign in through Steam OAuth, we collect your Steam ID, display name, and profile avatar. We do not receive or store your Steam password.

Transaction Data: We collect records of purchases made on our platform, including order details, item information, transaction amounts, and timestamps. Payment card details are processed exclusively by EcommPay and are never stored on our servers.

Technical Data: We automatically collect your IP address, browser type and version, operating system, device identifiers, referring URLs, and pages visited. This data is gathered through server logs and analytics tools.

Communication Data: If you contact our support team, we retain the content of your communications along with any information you voluntarily provide.

We use your personal information for the following purposes: to create and manage your account; to process transactions and deliver purchased items via Steam trade offers; to provide customer support and respond to your enquiries; to detect and prevent fraud, money laundering, and other prohibited activities; to comply with legal obligations including EU tax and accounting regulations; to improve our platform, analyse usage patterns, and enhance user experience; and to send transactional notifications related to your purchases and account.

We do not use your personal information for targeted advertising or profiling. We will only send marketing communications if you have explicitly opted in, and you may withdraw this consent at any time.

We process your personal data under the following legal bases as defined by the GDPR:

Contract Performance: Processing necessary to fulfil our obligations when you purchase items or use our services.

Legitimate Interests: Processing for fraud prevention, platform security, and service improvements, where these interests are not overridden by your rights.

Legal Obligations: Processing required to comply with applicable laws, including anti-money laundering regulations and tax reporting requirements.

Consent: Processing based on your explicit consent, such as marketing communications and non-essential cookies.

We share your data only with the following categories of recipients and only to the extent necessary:

Steam / Valve Corporation: Your Steam ID is used to authenticate your account and process item trades.

BitSkins: Transaction data is shared to facilitate item purchases and delivery.

EcommPay: Payment information is transmitted directly to our payment processor for transaction authorisation and processing.

Infrastructure Providers: We use cloud hosting and content delivery services that may process data on our behalf under strict data processing agreements.

Legal Authorities: We may disclose information when required by law or in response to valid legal process.

We do not sell your personal information to any third party.

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law. Account data is retained for the duration of your account plus 6 years. Transaction records are retained for 7 years to comply with EU tax and accounting regulations. Technical logs are retained for 90 days. Support correspondence is retained for 3 years.

Upon account deletion or expiry of retention periods, your data is securely erased or anonymised.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include TLS encryption for all data in transit, encryption at rest for stored data, access controls and authentication mechanisms, and regular security assessments.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by the GDPR.

Under the GDPR, you have the following rights regarding your personal data: the right to access a copy of the data we hold about you; the right to rectification of inaccurate or incomplete data; the right to erasure of your data, subject to legal retention obligations; the right to restrict processing in certain circumstances; the right to data portability in a structured, machine-readable format; the right to object to processing based on legitimate interests; and the right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at legal@skins24.co.uk. We will respond within 30 days of receiving your request.

Your data is primarily processed within the European Union. Where transfers to countries outside the EU are necessary (for example, to Steam/Valve in the United States), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal information, we will take steps to delete that data promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top of this page indicates when this policy was last revised.