As a data subject, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request restriction of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Complain: Lodge a complaint with the data protection authority

Account Information:

• Steam ID and username
• Email address
• Profile avatar and display name
• Steam inventory data
• Trade URL

Transaction Data:

• Purchase and sale history
• Payment information
• Wallet balance and transaction logs
• Trading history and patterns

Technical Data:

• IP address and location data
• Browser type and version
• Device information
• Cookies and similar technologies
• Usage analytics

Communication Data:

• Support tickets and correspondence
• Chat messages (where applicable)
• Marketing preferences

We process your data on the following legal bases:

Contract Performance:

• Account creation and management
• Transaction processing
• Providing marketplace services
• Customer support

Legitimate Interests:

• Fraud prevention and security
• Service improvements
• Business analytics
• Direct marketing (with opt-out)

Legal Obligations:

• AML/KYC compliance
• Tax reporting obligations
• Cooperation with law enforcement
• Regulatory compliance

Consent:

• Marketing communications
• Non-essential cookies
• Newsletter subscriptions

We retain data for the following periods:

• Account data: Duration of the account + 6 years
• Transaction records: 7 years (legal requirement)
• AML/KYC documents: 5 years after the end of the business relationship
• Support tickets: 3 years
• Marketing data: Until consent is withdrawn
• Technical logs: 90 days
• Cookies: As per the Cookie Policy

Third-Party Recipients:

• Steam/Valve (authentication and trading)
• BitSkins API (market data)
• Cloudflare (CDN and security)
• AWS (hosting in EU regions)
• Vercel (platform hosting)
• Law enforcement agencies (where required by law)

International Transfers:

• Data is primarily processed within the EU
• Steam services may involve US transfers
• We use Standard Contractual Clauses where required
• Appropriate safeguards for all transfers

We implement appropriate technical and organisational measures:

• TLS 1.3 encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and authentication
• Data protection training for employees
• Incident response procedures
• Regular backups and disaster recovery
• ISO 27001 compliant practices

In the event of a personal data breach:

• We assess the risk to data subjects
• Report to the data protection authority within 72 hours where required
• Notify affected users without undue delay
• Internal documentation of all breaches
• Steps to prevent recurrence
• Cooperation with regulatory investigations

We use automated systems for:

• Fraud detection and prevention
• AML transaction monitoring
• Market price calculations
• AI-powered item analysis

You have the right to request human review of automated decisions that significantly affect you.

To exercise your GDPR rights:

• Email our DPO at dpo@skinmeister.pro
• Include proof of identity
• Specify which right(s) you wish to exercise
• We respond within 30 days
• No fee for most requests
• Complex requests may take up to 90 days

If you're dissatisfied with our data processing:

• Contact our DPO first at dpo@skinmeister.pro
• You may lodge a complaint with the data protection authority
• UK Information Commissioner's Office: ico.org.uk