PRIVACY POLICY

Last updated: February 2, 2025

This Privacy Policy explains how [Company Name], operating the website https://cs2champs.com (“we”, “us”, “our”, or the “Company”), collects, uses, stores, and protects personal data when you access or use our services.

We are committed to protecting your privacy and handling your personal data responsibly and transparently, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using cs2champs.com, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

[Company Name]
Registered in: United Kingdom
Registered address:
Email: [email protected]

2. Scope of This Privacy Policy

This Privacy Policy applies to the processing of personal data in connection with your access to and use of https://cs2champs.com, including all services, features, and functionality made available through the Platform.

In particular, this Policy covers the processing of personal data relating to:

  • use of the website, including browsing, viewing available digital items, and interacting with Platform content;
  • user accounts created via Steam authentication, where public Steam profile data is used to enable account creation and item delivery, and where additional account information (such as an email address) is collected for communication and security purposes;
  • the purchase of digital cosmetic items (“skins”) offered directly by the Platform, including payment processing, order confirmation, and delivery of digital content through Steam;
  • internal balance functionality, where applicable, including optional balance top-ups and the withdrawal of unused funds, subject to verification and compliance checks;
  • customer support and communications, including inquiries submitted via email, support requests, and dispute resolution;
  • payment-related and compliance interactions, including fraud prevention measures, identity verification where required, and cooperation with payment service providers and regulatory authorities.

This Privacy Policy applies regardless of the device or technology used to access the Platform.

This Policy forms an integral part of, and should be read together with, our Terms & Conditions and Refund Policy, which set out additional information regarding the legal relationship between you and the Company, the nature of the services provided, and your rights and obligations when using the Platform.

Where there is any inconsistency between this Privacy Policy and other contractual documents, mandatory data protection laws shall prevail.

3. Who Can Use the Platform

The Platform is intended exclusively for individuals aged 18 years or older. By accessing or using cs2champs.com, you confirm that you meet this age requirement and have the legal capacity to use the Platform under applicable law.

We do not knowingly collect, use, or process personal data relating to minors. The services offered on the Platform, including account creation via Steam and the purchase of digital cosmetic items, are not designed for, and must not be used by, individuals under the age of 18.

If we become aware that personal data relating to a minor has been collected or processed, whether through misuse of the Platform or otherwise, we will take prompt and appropriate steps to delete such data and, where necessary, restrict or terminate the associated account.

This section is without prejudice to any additional measures required under applicable data protection or child protection laws.

4. Personal Data We Collect

4.1. Data Collected Automatically

When you visit or use the Platform, we may collect:

  • IP address and approximate location (country-level);
  • device type, operating system, browser information;
  • technical usage data (pages visited, session duration, interactions).

This data helps us operate, secure, and improve the Platform.

4.2. Account and Steam-Related Data

When you register via Steam, we may receive certain public Steam profile data, such as:

  • Steam ID;
  • username and avatar;
  • public inventory information (where relevant for delivery).

In addition, we collect:

  • your email address (required for account communication);
  • account activity records (purchases, balance usage, delivery status).

4.3. Payment and Transaction Data

Payments are processed by authorised third-party payment providers.

We do not store full card details.

We may receive limited transaction-related information, such as:

  • payment status;
  • transaction reference numbers;
  • billing address (where required for compliance).

4.4. Verification (KYC) Data (Where Applicable)

To prevent fraud or comply with legal obligations (for example, withdrawals of unused balance), we may request additional verification information, such as:

  • full name;
  • identity document details;
  • proof of address;
  • partial payment method verification.

Verification checks may be carried out by trusted third-party providers.

4.5. Communications and Support Data

If you contact us, we may collect:

  • your email address;
  • the content of your inquiry or support request;
  • related correspondence history.

5. Purposes and Legal Basis for Processing

We process personal data only where there is a lawful basis to do so and only to the extent necessary for the operation of the Platform and the provision of our services. Depending on the specific context, personal data may be processed for one or more of the following purposes and legal bases under the UK General Data Protection Regulation (UK GDPR):

Performance of a Contract

We process personal data where such processing is necessary for the performance of a contract to which you are a party. This includes, in particular:

  • creating and managing your user Account through Steam authentication;
  • enabling access to the Platform and its core functionality;
  • processing purchases of digital cosmetic items (“skins”);
  • delivering digital content via Steam;
  • managing your internal balance and related transactions.

Without this processing, we would be unable to provide the services requested by you.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided that such interests are not overridden by your rights and freedoms. Legitimate interests include, but are not limited to:

  • maintaining the security, integrity, and proper functioning of the Platform;
  • detecting, preventing, and investigating fraud, abuse, or unauthorised activity;
  • improving and optimising the Platform, its features, and user experience;
  • responding to support inquiries and resolving disputes.

Where processing is based on legitimate interests, we carry out an assessment to ensure that such processing is proportionate and respects your privacy rights.

Legal Obligations

We process personal data where it is necessary to comply with legal or regulatory obligations, including obligations relating to:

  • financial record-keeping and accounting;
  • fraud prevention and risk management;
  • responding to lawful requests from regulatory authorities, courts, or law enforcement agencies.

Consent

In certain limited circumstances, we process personal data based on your consent, for example:

  • where you opt in to receive non-essential communications;
  • where optional cookies or similar tracking technologies are used.

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Instructions on how to withdraw consent are provided on the Platform or in our Cookie Policy.

6. Use of Cookies

We use cookies and similar technologies to ensure the Platform functions properly and to improve user experience.

Essential cookies are required for:

  • login and account security;
  • session management.

Further details are provided in our Cookie Policy, available on the website.

7. Data Sharing

We may share personal data with trusted third-party service providers strictly to the extent necessary for the operation, security, and legal compliance of the Platform.

Such third parties may include:

  • Payment service providers, who process payments, balance top-ups, withdrawals, and related financial transactions on our behalf;
  • Identity verification and compliance providers, where verification checks are required to prevent fraud, comply with regulatory obligations, or process withdrawal requests;
  • IT, hosting, and security service providers, who support the infrastructure, performance, maintenance, and protection of the Platform and user data;
  • Legal, regulatory, or governmental authorities, where disclosure is required by applicable law, court order, or regulatory obligation.

We do not sell, rent, or trade personal data to third parties for marketing or commercial purposes.

All third parties with whom personal data is shared are required to:

  • process personal data only in accordance with our instructions or applicable legal obligations;
  • implement appropriate technical and organisational security measures;
  • comply with the UK GDPR, the Data Protection Act 2018, and other applicable data protection laws.

Where required, we enter into appropriate contractual arrangements to ensure that personal data is handled lawfully, securely, and confidentially.

8. International Data Transfers

Where personal data is transferred, stored, or otherwise processed outside the United Kingdom, we ensure that such transfers take place only in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

To protect personal data when it is transferred internationally, we apply appropriate safeguards, which may include:

  • the use of UK-approved Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs), as adopted or approved by the UK Information Commissioner’s Office (ICO);
  • reliance on adequacy decisions, where the UK government has formally recognised that a destination country provides an adequate level of data protection;
  • the implementation of data minimisation, encryption, and access control measures to ensure that only the minimum necessary personal data is transferred and that it remains protected throughout the transfer process.

We do not transfer personal data internationally without lawful protection measures in place. Where required, we conduct risk assessments to evaluate the level of protection afforded to personal data and take additional measures to address any identified risks.

9. Data Retention

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected and processed, and in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

In particular, personal data may be retained for the following purposes:

  • providing and maintaining our services, including account management, purchases of digital content, delivery of skins, and customer support;
  • complying with legal and regulatory obligations, such as financial record-keeping, accounting, tax, and anti-fraud requirements;
  • resolving disputes, enforcing our Terms & Conditions, and preventing fraud or misuse of the Platform.

Retention periods are determined based on a combination of factors, including:

  • the nature and purpose of the data processing;
  • statutory or regulatory retention requirements;
  • the risk of fraud, chargebacks, or disputes;
  • the need to protect the rights and security of the Company and its Users.

Where personal data is no longer required for these purposes, it is securely deleted or anonymised.

Verification and compliance-related data (such as identity verification information) is retained only for limited periods and solely where necessary to meet legal, regulatory, or fraud-prevention requirements. Once such purposes have been fulfilled, this data is deleted or irreversibly anonymised.

10. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have a number of rights in relation to your personal data. These rights are designed to give you greater control over how your data is used and protected.

Right of Access

You have the right to request confirmation as to whether we process your personal data and, where this is the case, to obtain a copy of such data together with information about how and why it is processed.

Right to Rectification

You have the right to request the correction of any personal data that is inaccurate, incomplete, or out of date. Where appropriate, you may also request that incomplete personal data be completed.

Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data where, for example:

  • the data is no longer necessary for the purposes for which it was collected;
  • processing is based on consent and you withdraw that consent;
  • you object to processing and there are no overriding legitimate grounds to continue;
  • the data has been processed unlawfully.

This right is subject to legal and regulatory limitations, including where retention is required to comply with legal obligations or to establish, exercise, or defend legal claims.

Right to Restrict Processing

You have the right to request a restriction on the processing of your personal data in certain circumstances, such as where the accuracy of the data is contested or where the processing is unlawful but you do not wish the data to be erased.

Right to Object

You have the right to object to the processing of your personal data where processing is based on our legitimate interests, including where personal data is processed for direct marketing purposes.

Right to Data Portability

Where processing is based on consent or performance of a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another data controller where technically feasible.

Right to Withdraw Consent

Where we process personal data based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe that your data protection rights have been infringed.

Exercising Your Rights

To exercise any of the rights described above, please contact us at [email protected].

For security purposes, we may request additional information to verify your identity before responding to your request. Requests will be handled within the timeframes required by applicable law.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on Users within the meaning of Article 22 of the UK General Data Protection Regulation (UK GDPR).

Any automated processing carried out on the Platform is limited to technical and operational purposes, such as fraud prevention, security monitoring, and service optimisation. These processes do not result in decisions that significantly affect Users without meaningful human involvement.

Where automated tools are used to support internal decision-making, appropriate safeguards are in place to ensure fairness, accuracy, and compliance with applicable data protection laws. Users are not subject to decisions based solely on automated processing that would affect their legal rights or have comparable significant effects.

12. Data Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure, in accordance with the UK General Data Protection Regulation and industry best practices.

These measures include, but are not limited to:

  • Encryption of data in transit, using secure communication protocols (such as SSL/TLS), to protect personal data transmitted between Users and our systems;
  • Access control mechanisms, ensuring that personal data is accessible only to authorised personnel who require such access for legitimate business purposes;
  • Continuous monitoring and logging, aimed at detecting unauthorised access, suspicious activity, or potential security incidents;
  • Secure payment processing, carried out exclusively through authorised third-party payment service providers that comply with applicable security standards, including PCI DSS where relevant;
  • Regular security assessments and reviews, including updates to systems, procedures, and safeguards to address emerging risks and vulnerabilities.

While we take reasonable and appropriate steps to safeguard personal data, Users acknowledge that no system of data transmission or storage can be guaranteed to be completely secure. We therefore cannot guarantee absolute security but remain committed to maintaining a level of protection appropriate to the risk involved.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via the Platform or by email.

Continued use of the Platform constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or your personal data, contact:

Email: [email protected]