Privacy Policy

Effective Date: 01/12/ 2025

1. Purpose and Scope

1.1. This Privacy Policy (“Policy”) governs the collection, use, storage, disclosure, and other processing of personal data of users of the website https://ironskinz.r-one.dev (the “Website”, the “Service”, or the “Platform”), operated by DIGISKINS LTD (the “Company”, “we”, “us”, or “our”).

1.2. The Company acts as the data controller (“Data Controller”) within the meaning of:

  • the UK General Data Protection Regulation (“UK GDPR”);
  • the Data Protection Act 2018; and
  • Regulation (EU) 2016/679 (“EU GDPR”) for users located in the European Economic Area (“EEA”).

1.3. This Policy applies to all personal data processed by the Company through:

  • use of the Website and Service;
  • registration and account activity;
  • communication with customer support;
  • compliance with legal and regulatory obligations.

1.4. By accessing or using the Service, the User confirms that they have read, understood, and agreed to this Policy in full. If the User does not agree, they must immediately discontinue use of the Service.

2. Definitions

For the purposes of this Policy, terms shall have the meanings assigned under UK GDPR and EU GDPR, including but not limited to:

  • Personal Data – any information relating to an identified or identifiable natural person;
  • Processing – any operation performed on Personal Data;
  • User – any individual accessing or using the Service;
  • Data Controller – the entity determining the purposes and means of Processing;
  • Data Processor – a third party processing Personal Data on behalf of the Data Controller;
  • Payment Service Provider (PSP) – a licensed third party responsible for payment processing;
  • Virtual Items – digital items associated with Counter-Strike 2 (CS2) with no monetary value outside the Service.

3. Data Controller

3.1. The Data Controller for the purposes of applicable data protection laws is:

DIGISKINS LTD
Company Registration Number: 16883958
Registered Address: 167–169 Great Portland Street, Fifth Floor, London, United Kingdom, W1W 5PF
Email: [email protected]
Website: https://ironskinz.r-one.dev

3.2. The Company determines the purposes and means of Processing Personal Data and is responsible for compliance with all applicable data protection obligations.

3.3. Where the Company engages third parties (including PSPs, hosting providers, analytics services, or support tools), such third parties act solely as Data Processors under contractual obligations and documented instructions from the Company.

4. Age Restriction

4.1. The Service is intended solely for individuals who are 18 years of age or older.

4.2. By using the Service, the User represents and warrants that they are at least 18 years old and legally capable of entering into binding agreements.

4.3. The Company does not knowingly collect Personal Data from individuals under 18. Any such data identified will be promptly deleted.

5. Categories of Personal Data

5.1. Data Provided Directly by the User

  • Steam ID and associated Steam profile information;
  • username and avatar;
  • email address;
  • communications with customer support.

5.2. Data Collected Automatically

  • IP address;
  • session identifiers;
  • login and activity logs;
  • device, browser, and operating system information;
  • cookies and similar tracking technologies.

5.3. Payment and Financial Data

5.3.1. The Company does not collect, store, or process users’ payment card or wallet details.

5.3.2. All payments are processed exclusively by licensed Payment Service Providers (PSPs).

5.3.3. The Company may receive limited technical information such as transaction IDs and payment status for record-keeping and compliance purposes.

6. Purposes of Processing

Personal Data is processed strictly for the following purposes:

  • providing access to the Service and managing user accounts;
  • authentication via Steam;
  • execution of purchases, sales, and trades of CS2 virtual items;
  • interaction with Payment Service Providers;
  • fraud prevention and account security;
  • risk management and AML/CTF compliance;
  • compliance with financial, tax, and regulatory obligations;
  • monitoring, security, and operational integrity;
  • service improvement, analytics, and optimization;
  • sending mandatory service-related communications;
  • protection of the Company’s legal rights and legitimate interests.

7. Automated Processing and Profiling

7.1. The Company may use automated tools and systems to:

  • monitor transactions;
  • detect suspicious or fraudulent activity;
  • assess compliance-related risks;
  • protect the integrity of the Platform.

7.2. Such automated processing is conducted for security, regulatory, and legitimate interest purposes and does not result in decisions producing legal effects for the User, except where required by applicable law.

8. Legal Bases for Processing

Processing of Personal Data is carried out on one or more of the following legal grounds:

  • the User’s consent;
  • performance of a contract;
  • compliance with legal obligations;
  • legitimate interests of the Company, provided such interests do not override User rights.

9. Cookies and Tracking Technologies

The Service uses strictly necessary, functional, analytics, and marketing cookies (where consent is provided). Detailed information is available in the separate Cookie Policy.

10. Disclosure of Personal Data

Personal Data may be disclosed only where necessary and lawful, including to:

  • Payment Service Providers;
  • hosting and IT infrastructure providers;
  • legal, financial, and audit advisors;
  • competent governmental or regulatory authorities upon lawful request.

The Company does not sell Personal Data or disclose it for third-party marketing purposes.

11. Data Retention

Personal Data is retained only for as long as necessary:

Data Type

Retention Period

Account Data

Until account deletion

Transaction Records

Minimum 5 years

Security Logs

Up to 2 years

Support Communications

Up to 3 years

After expiry, data is securely deleted or anonymized.

12. User Rights

Subject to applicable law, Users have the right to:

  • access their Personal Data;
  • rectification of inaccurate data;
  • erasure (“right to be forgotten”);
  • restriction of processing;
  • data portability;
  • objection to processing;
  • withdrawal of consent.

Requests may be submitted to [email protected].

13. Data Security

The Company implements appropriate technical and organizational measures, including:

  • encrypted data transmission;
  • restricted access controls;
  • system monitoring and intrusion detection;
  • backups and recovery procedures;
  • incident response and breach notification mechanisms.

14. International Data Transfers

Where Personal Data is transferred outside the UK or EEA, the Company ensures the use of appropriate safeguards, including Standard Contractual Clauses (SCCs) or other legally approved mechanisms.

15. Contact Information

All data protection-related inquiries may be directed to:
[email protected]

16. Changes to This Policy

The Company reserves the right to amend this Policy at any time. The current version will always be published on the Website with the updated effective date.