PRIVACY POLICY

Introduction and Overview

Thank you for visiting our website. This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform to purchase CS skins. It applies to users who interact with our website and services, including customer support channels.
This Privacy Policy is effective as of 23 September 2024 and supersedes all previous versions. It applies to all users, including residents of the European Union (EU). We may periodically update this policy to reflect changes in our practices, applicable laws, or regulatory requirements. Whenever updates are made, the "Last Updated" date will be revised.

GDPR Compliance

We are fully committed to complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We ensure that personal data is collected and processed in accordance with the key principles of GDPR, including:
• Lawful Basis: We process your personal data based on lawful bases, such as your consent, the performance of a contract, compliance with legal obligations, protection of vital interests, or our legitimate interests.
• Consent: We will always seek your informed and explicit consent before collecting or processing your personal data for purposes requiring consent. You may withdraw consent at any time without affecting the legality of processing based on prior consent.
• Data Subject Rights: You have rights regarding your personal data, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. We provide mechanisms to exercise these rights and respond promptly to requests.
• Accountability and Documentation: We maintain detailed records of our data processing activities, implement technical and organisational safeguards, and conduct regular assessments to mitigate risks to personal data.
• International Data Transfers: If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards (e.g., Standard Contractual Clauses or Binding Corporate Rules) are in place to protect your data.

Data Controller

[please provide], registered under the number + 2347035446499, with its office at 270 Murtala Muhammed Way Yaba, Lagos State Nigeria , is the data controller responsible for collecting, using, and protecting your personal data in compliance with applicable laws, including GDPR.

Information Collection

We collect personal data from you when you interact with our website or services, including:
• Contact Information: for example, email address, phone number, and address.
• User Account Information: for example, username, login information, account preferences, profile picture, steam ID, session data, activity logs, clickstream data, and usage-related data.
• Identity Information: for example, name, surname, government-issued or national ID number, date of birth and details of identification documents.
• Authentication and Identification Information (including biometrics): for example, data associated with multi-factor authentication, facial recognition, and fingerprints.
• Payment Information: for example, bank account details, payment card particulars, billing address, and information related to payment method.
• Financial InformationFinancial Information: for example, bank account details, transaction history, and current balance, among other relevant details.
• Transactions Information: for example, the history of orders and transactions with us, alongside the current balance.
•Legal Compliance Information: for example, all data necessary for legal and regulatory compliance, including Anti-Money-Laundering (“AML”) and Know-Your-Customer (“KYC”) related requirements (including proof of address, photographic evidence, occupation details, data from sanctions and watchlist screening, risk assessment information, etc.).
• On-Premises Video Surveillance Information: for example, data obtained from video surveillance conducted at our office premises.
• Claims and Disputes Information: for example, information linked to claims and disputes that may arise.
• Technical and Device Information: for example, information about your device, browser type, operating system, IP address, and other technical specifics.
• User Support and Communication Information: for example, all data related to communication with you (e.g., email exchanges, records of incoming and outgoing calls, chat history, user support events, surveys, etc.).
• Marketing Information: for example, data associated with your marketing choices and preferences.
We collect this data through forms, cookies, and direct interactions when you use our website or engage with customer support.

Use of Personal Information

Your personal data may be used for the following purposes:
• To process and fulfil your orders.
• To provide customer support and resolve inquiries.
• To communicate with you about your orders, updates, and promotional offers (subject to your preferences).
• To personalise your experience on our website.
• To improve our website, services, and products.
• To comply with legal obligations, such as tax and accounting requirements.
We process your personal data based on legal grounds such as the fulfilment of a contract, legal obligations, legitimate interests, and your consent when necessary (e.g., for marketing).

Sharing of Personal Information

Your personal data may be shared with third parties in the following instances:
• Service Providers: We share your data with trusted third-party providers who assist with website operations, payment processing, and order fulfilment. These providers are subject to strict data protection agreements.
• Legal Compliance: We may share your data with regulatory authorities or law enforcement when legally required or to protect our rights.
• With Your Consent: In situations where we need to share data for purposes beyond this policy, we will seek your explicit consent.
We do not sell or rent your personal data to third parties.

Retention of Data

We retain your personal data for the duration necessary to fulfil the purposes outlined in this Privacy Policy unless extended retention is mandated by applicable laws. For example, legal requirements, such as those related to Anti-Money Laundering (“AML”), accounting, taxation, and similar regulations, may prescribe specific retention periods. In cases where applicable laws do not specify a particular retention period, we establish it ourselves in accordance with the principles outlined by the GDPR. Once your personal data is no longer needed for the purposes defined in this document, we employ secure deletion or anonymization procedures to ensure the irreversible removal or anonymization of your information.
For instance:
• Order Information: Retained for the duration required for tax and financial record-keeping (typically 7 years).
• Account Data: Retained while your account is active or as long as needed for service delivery.
• Marketing Data: Retained until you opt out or withdraw consent.
When no longer needed, we will securely delete or anonymise your personal data.

Data Security

We implement strict security measures to protect your personal data from unauthorised access, alteration, or disclosure. These measures include encryption, secure storage systems, and restricted access to sensitive information. However, no method of data transmission or storage is entirely secure, and we cannot guarantee absolute security.
In the event of a security breach involving your personal data, we will notify you and relevant authorities in compliance with applicable law.

Cookies and Tracking Technologies

We use cookies and other tracking technologies to collect information about your browsing activities, preferences, and device details. Cookies allow us to enhance your experience by remembering your preferences and improving our website functionality.
For more detailed information on the types of cookies we use and how you can manage your preferences, please refer to our [Cookies Policy] .

Third-Party Links and Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We recommend reviewing the privacy policies of any third-party sites you visit before sharing your personal information.

Your Rights and Choices

Under GDPR, you have specific rights regarding your personal data, including:
• Right to Access: You can request a copy of the personal data we hold about you and information on how it is processed.
• Right to Rectification: If any personal data is inaccurate or incomplete, you have the right to request corrections.
• Right to Erasure: Under certain circumstances, you can request the deletion of your personal data.
• Right to Restriction of Processing: You can ask us to limit the processing of your personal data in specific situations.
• Right to Data PortabilityRight to Data Portability: You have the right to receive your personal data in a commonly used, machine-readable format or request that it be transferred to another organisation.
• Right to Object: You may object to the processing of your data for certain reasons, including direct marketing.
• Rights Related to Automated Decision-Making and Profiling: If applicable, you have the right not to be subject to automated decisions that have a significant legal or personal impact. You can exercise these rights by contacting us using the details provided in the "Contact Us" section.

International Data Transfers

As a company based in Cyprus and offering services to EU residents, your personal data may be transferred to countries outside the EEA for processing purposes. When such transfers occur, we ensure that appropriate safeguards are in place to comply with GDPR, including the use of Standard Contractual Clauses or other approved mechanisms.

Marketing Communications and Opt-Out

If you have provided consent to receive marketing communications, you may opt out at any time by clicking the "unsubscribe" link in any promotional email or contacting us directly. You may also manage your marketing preferences in your account settings.

Children’s Data

Our website and services are not intended for children under 16 years of age. We do not knowingly collect or process personal data from children. If we learn that we have inadvertently collected personal data from a child, we will take immediate steps to delete the information.

Breach Notification

In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities without undue delay, in accordance with GDPR requirements.

Complaints

If you have any concerns about how we process your personal data, we encourage you to contact us first. However, you also have the right to lodge a complaint with the relevant supervisory authority in your country if you believe that we have violated your data protection rights.

Updates to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most recent version will always be available on our website. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions, concerns, or would like to exercise your GDPR rights, please contact us:
270 Murtala Muhammed Way
Yaba, Lagos State
Nigeria
+ 2347035446499
finance@skinsng.com
Please provide relevant details to help us process your request effectively. We may need to verify your identity before proceeding with certain actions to protect your personal data.