Effective date: 26 Februar 2026
This Datenschutzrichtlinie explains how your personal data is gathered, handled, and safeguarded when you interact with the SkinsFinder platform. We are committed to operating transparently and in full accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable European data protection legislation.
The data controller responsible for your personal information is:
NEXORA DIGITAL LTD
Company registration number: 16951944
Registrierened office: 5 Brayford Square, London, E1 0SG, United Kingdom
Kontakt email: info@skinsfinder.org
When this document refers to “we,” “us,” “our,” or “SkinsFinder,” it means NEXORA DIGITAL LTD acting in its capacity as data controller. References to “you” or “your” apply to any individual who visits, registers on, or transacts through our platform.
This Datenschutzrichtlinie governs the processing of personal data across the entire SkinsFinder ecosystem available at https://skinsfinder.org. Specifically, it covers:
External websites, services, or platforms that we may link to maintain their own privacy policies. We encourage you to review those documents independently, as they fall outside the scope of this policy.
We collect various categories of personal data depending on how you engage with SkinsFinder. The table below provides a structured overview, followed by additional detail on each category.
| Kategorie | Data Elements | Primary Source |
|---|---|---|
| Account & Steam Data | Steam ID, Steam display name, avatar, trade URL, email address, account preferences, language settings | Steam OpenID authentication, user input |
| Financial Records | Transaction history (purchases, sales, deposits, withdrawals), partial payment card details (last four digits, expiry), payout method details, balance history | Payment processors, platform activity |
| Identity Verification | Legal full name, date of birth, nationality, government-issued ID documents (passport, driving licence, national ID), selfie or video for liveness checks, proof of address documents, sanctions and PEP screening outcomes | User submissions, KYC/AML verification providers |
| Technical & Device Data | IP address, approximate geolocation (derived from IP), browser type and version, operating system, device identifiers, screen resolution, referring URLs, session duration, pages visited, click and scroll interactions | Automated collection via server logs, cookies, and analytics tools |
| Communications | Support ticket contents and attachments, email correspondence, live chat transcripts, feedback and survey responses | Direct communication with our team |
When you sign in through Steam, we receive your public Steam profile information, including your Steam ID and display name. You may also provide us with your trade URL to enable item transfers and an email address for account notifications. We store your platform preferences such as notification settings, currency display, and language choice.
We maintain a record of every transaction you conduct on SkinsFinder, including item purchases, sales, deposits, and withdrawals. When you pay by card, our payment processors handle the full card number directly — we never store complete card numbers on our servers. We retain only truncated card details (last four digits and expiry date) for your reference and dispute resolution. If you set up a payout method, we store the details necessary to remit funds to you.
Certain activities on our platform, such as high-value transactions or withdrawals, may trigger our Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures. In these cases, we may ask you to provide your legal name, date of birth, a copy of a government-issued identity document, a selfie or short video for biometric liveness verification, and proof of your residential address. We also run your details against sanctions lists and databases of politically exposed persons (PEPs). These checks may be carried out by specialised third-party verification providers acting on our behalf.
Our servers and analytics systems automatically record technical data each time you visit SkinsFinder. This includes your IP address (from which we derive an approximate geographic location), your browser and operating system details, screen resolution, the pages you view, how long you spend on each page, and how you arrived at our site. We use this information for performance monitoring, troubleshooting, and security analysis.
If you reach out to our support team — whether by email, live chat, or a support ticket — we retain a record of that exchange. This allows us to provide consistent help, track the resolution of issues, and identify recurring problems that warrant platform-level improvements.
We process your personal data for specific, defined purposes. Below we outline each purpose and the types of data involved.
Your account and Steam data enable us to authenticate your identity, facilitate item listings, execute trades, and manage your inventory on the platform. Financial records allow us to process payments, credit your account balance, and handle withdrawal requests.
Identity verification data is used to fulfil our obligations under anti-money laundering regulations, counter-terrorism financing rules, and sanctions legislation. We are legally required to verify the identity of users who exceed certain transaction thresholds and to report suspicious activity to the relevant authorities.
Technical data, transaction patterns, and behavioural signals are analysed — sometimes through automated systems — to detect and prevent fraud, unauthorised access, account takeovers, and other forms of abuse. This protects both you and the wider SkinsFinder community.
Aggregated and anonymised usage data helps us understand how people navigate SkinsFinder, which features are most valued, and where the user experience falls short. We use these insights to prioritise development work, fix bugs, and improve performance.
Where appropriate, we use your browsing history, preferences, and past transactions to present you with relevant item recommendations, tailored notifications, and a marketplace experience suited to your interests.
Communication records, combined with your account and transaction data, enable our support team to investigate issues, resolve disputes, process refund requests, and follow up on prior enquiries efficiently.
Under the UK GDPR, every instance of personal data processing must rest on a valid legal basis. We rely on the following grounds:
When you create an account and use our marketplace, you enter into a contractual relationship with us governed by our Terms of Service. Processing your account data, transaction records, and Steam information is necessary to perform that contract — for example, to execute a trade you have initiated or to pay out your balance.
We are required by law to carry out identity verification, maintain transaction records, screen against sanctions lists, and cooperate with regulators and law enforcement. Processing identity verification data and financial records for these purposes is mandated by anti-money laundering legislation and related regulations.
Certain processing activities — including fraud detection, security monitoring, platform analytics, and direct marketing to existing customers — are carried out on the basis of our legitimate business interests. We conduct balancing tests to ensure that these interests do not override your fundamental rights and freedoms. You have the right to object to processing carried out on this basis.
For certain non-essential activities, such as placing optional analytics or marketing cookies, or subscribing you to promotional communications, we rely on your freely given consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. Instructions for withdrawing consent are provided in the relevant sections of this policy and in our Cookie-Richtlinie.
We do not sell your personal data. We share it only where necessary to operate the platform, comply with the law, or protect legitimate interests. The categories of recipients are set out below.
Third-party payment service providers handle card transactions, bank transfers, and alternative payment methods on our behalf. They receive the financial data necessary to authorise and settle payments. These processors are PCI-DSS compliant and act as independent data controllers for the card data they process.
Specialised providers conduct document verification, biometric liveness checks, and sanctions screening. They receive your identity documents, selfie or video data, and personal details required to complete the verification. These providers act as data processors under our instruction.
Because SkinsFinder operates as a marketplace for virtual items associated with Steam, certain interactions require data exchange with Valve Corporation. Your Steam ID and trade URL are used to authenticate trades and transfer items. Valve’s own privacy policy governs its handling of your data.
Our website, databases, and backend systems are hosted on servers operated by third-party infrastructure providers. These providers have access to data stored on their systems but process it solely according to our instructions and under strict contractual obligations.
We use analytics tools to measure website traffic, user engagement, and conversion metrics. Data shared with analytics providers is typically pseudonymised or aggregated. Details of specific analytics cookies are available in our Cookie-Richtlinie.
We may disclose personal data to law enforcement agencies, courts, regulators, or government bodies when required by law, when served with a valid legal order, or when disclosure is necessary to protect our rights, your safety, or the safety of others.
Some of the third parties described above are located outside the United Kingdom and the European Economic Area. Where your personal data is transferred internationally, we ensure that appropriate safeguards are in place. These safeguards include Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office, adequacy decisions where available, and supplementary technical and organisational measures where required. You may request a copy of the relevant safeguards by contacting us at info@skinsfinder.org.
SkinsFinder employs automated systems that analyse transaction patterns, device fingerprints, behavioural signals, and other data points to detect and prevent fraudulent activity in real time. These systems carry out the following functions:
These automated processes can result in decisions that significantly affect you, such as blocking a transaction, restricting your account, or requiring additional verification. Under Article 22 of the UK GDPR, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Where such a decision is made, you may:
We will respond to such requests within 30 days and will ensure that a qualified member of our team reviews the case.
We retain personal data only as long as necessary for the purposes described in this policy, or as required by applicable law. Our general retention approach is as follows:
Your account information, Steam data, preferences, and associated records are retained for the duration of your account’s existence. If you request account deletion, we will erase or anonymise this data within 30 days, subject to the exceptions below.
Financial transaction records are retained for a minimum of six years following the date of the transaction, in accordance with UK tax, accounting, and financial reporting obligations.
Identity documents, selfie or video data, and the results of verification checks are retained for five years after the end of our business relationship with you, as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. In some circumstances, regulatory guidance may require us to retain these records for longer.
Server logs, access logs, and security event records are retained for up to 12 months and are then deleted or anonymised.
Customer support records are retained for three years after the resolution of the relevant enquiry, unless a longer retention period is required for ongoing legal matters or regulatory investigations.
You may request the deletion of your personal data at any time by contacting us at info@skinsfinder.org. Where deletion conflicts with a legal retention obligation, we will explain which data must be retained and for how long, and will delete the remainder.
As a data subject under the UK GDPR, you are entitled to the following rights. These rights are not absolute and may be subject to legal exceptions.
To exercise any of these rights, please send your request to info@skinsfinder.org. We may need to verify your identity before processing your request. We will respond within one month, though this period may be extended by a further two months where requests are complex or numerous, in which case we will inform you of the extension and the reasons for it.
SkinsFinder uses cookies and similar tracking technologies to operate the platform, remember your preferences, analyse traffic, and support certain third-party integrations. Cookies are small text files placed on your device that allow us to recognise you across sessions.
We use strictly necessary cookies (which are essential for platform functionality and cannot be disabled), as well as optional analytics and preference cookies that are activated only with your consent.
For a detailed breakdown of the specific cookies we use, their purposes, and instructions on how to manage your cookie preferences, please refer to our Cookie-Richtlinie, available as a separate page on our website.
We implement technical and organisational measures designed to protect your personal data against unauthorised access, loss, misuse, alteration, and destruction. These measures include:
While we take these precautions seriously, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to responding swiftly and effectively to any incident that arises.
SkinsFinder is not intended for individuals under the age of 18. We do not knowingly collect or solicit personal data from minors. If we become aware that a user is under 18, we will take prompt steps to terminate the account and delete all associated personal data. If you believe that a minor has provided us with personal information, please contact us immediately at info@skinsfinder.org so that we can take appropriate action.
We may revise this Datenschutzrichtlinie from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes, we will post the updated policy on this page with a revised effective date. For significant changes that materially affect how we process your personal data, we will also provide a prominent notice on the SkinsFinder website or send a direct notification to the email address associated with your account, at least 14 days before the changes take effect.
We encourage you to review this policy periodically to stay informed about how we protect your data.
If you have any questions about this Datenschutzrichtlinie, wish to exercise your data protection rights, or want to raise a concern about how your personal data is handled, you can contact us using the details below:
NEXORA DIGITAL LTD
5 Brayford Square, London, E1 0SG, United Kingdom
Company registration number: 16951944
Email: info@skinsfinder.org
Website: https://skinsfinder.org
We aim to respond to all enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk.
This Datenschutzrichtlinie was last updated on 26 Februar 2026.