Privacy Policy

PRIVACY POLICY

1. Introduction

This Privacy Policy (the “Policy”) explains how ALUMNI GROUP LTD (the “Company”, “we”, “us”, or “our”) collects, uses, stores, and discloses personal data in connection with the Strike-Skins website and any associated software, tools, or functionalities made available through our services (collectively, the “Service”, the “Platform”, or the “Website”).

This Policy should be read together with our Terms of Use.

We process personal data in accordance with applicable data protection and privacy laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and, where applicable, the Data (Use and Access) Act 2025, together with any legislation amending or replacing the same from time to time.

We process personal data in order to provide the Service, operate the Platform, communicate with users, prevent fraud and abuse, comply with legal and regulatory requirements, and protect our legitimate business interests.

Where you choose not to provide certain personal data, or request that we restrict its processing, we may be unable to provide some or all of the Service. We may also retain and process personal data where required to comply with legal, regulatory, or legitimate business obligations.

2. Collection of personal data

We may collect and process the following categories of personal data:

Information You Provide Directly

We collect personal data that you voluntarily provide to us when using the Service, including, where applicable:

  • your name;
  • email address;
  • account credentials and profile information;
  • Steam trade link and related account information;
  • customer support communications and any information you choose to provide when contacting us.

We may also request additional information where reasonably necessary for fraud prevention, security, compliance, transaction verification, or dispute resolution purposes.

Information Collected Through Your Use of the Service

When you access or use the Platform, we may automatically collect certain information, including:

  • Log Data – such as IP address, browser type, access times, pages viewed, referring URLs, and general website usage information;
  • Device Data – such as device type, operating system, version, identifiers, and browser settings;
  • Platform Activity Data – such as account activity, Skin Coins balance activity, transactions within the Platform, trade status, and interactions with Platform features;
  • Location Data – approximate geolocation inferred from technical data such as IP address, where applicable;
  • Cookie and Tracking Data – information collected through cookies and similar technologies.

Information Received from Third Parties

We may receive limited personal data from third parties where necessary to operate the Service, including from:

  • payment processors;
  • fraud prevention, security, and risk-management providers;
  • analytics, infrastructure, and technical service providers;
  • legal, regulatory, or public authorities where required by law.

We do not collect or store full payment card details. Payment transactions and full payment data are handled directly by the relevant third-party Payment Processor in accordance with its own terms and applicable regulatory requirements. We may, however, receive limited transaction-related information such as payment status, transaction identifiers, amounts, currency, method type, and refund or verification status where necessary to provide the Service, prevent fraud, or handle disputes.

3. Cookie data

We use cookies and similar technologies to operate, secure, and improve the Platform.

Cookies may be used for purposes including:

  • enabling core Platform functionality;
  • maintaining user sessions and authentication;
  • remembering user preferences;
  • improving security and detecting misuse;
  • analyzing traffic and usage patterns;
  • supporting performance and functionality of the Service.

Some cookies may be strictly necessary for the operation of the Platform. Others may be optional, depending on the tools and features used on the Website.

You may configure your browser to reject or block cookies, or to notify you when cookies are being used. However, please note that disabling certain cookies may affect the availability or functionality of parts of the Service.

Where required, our use of cookies and similar technologies is carried out in accordance with applicable data protection and privacy laws, including the UK GDPR, the Data Protection Act 2018, and PECR.

4. Use of personal data

We may process personal data for the following purposes:

  • to create, maintain, and secure user accounts;
  • to provide, operate, and maintain the Platform and its features;
  • to process in-platform transactions, manage Skin Coins balance activity, and facilitate delivery of digital items through Steam;
  • to verify account activity and help prevent fraud, abuse, unauthorized access, and other harmful or unlawful activity;
  • to communicate with users regarding accounts, transactions, verification requests, customer support matters, technical notices, and service-related updates;
  • to monitor and improve the performance, usability, and security of the Platform;
  • to enforce our Terms of Use and other applicable policies;
  • to comply with legal, regulatory, tax, accounting, and law-enforcement obligations;
  • to establish, exercise, or defend legal claims;
  • to send marketing or promotional communications where permitted by applicable law or where the user has consented, where such consent is required.

5. Legal bases for processing

Where applicable under the UK GDPR, the Data Protection Act 2018, and other relevant data protection laws, we process personal data on one or more of the following legal bases: performance of a contract, legal obligation, legitimate interests, and consent, where required.

  • Performance of a contract – where processing is necessary to provide the Service, manage user accounts, support Platform activity, and fulfill our obligations to users;
  • Legal obligation – where processing is necessary to comply with applicable laws, regulations, legal processes, or requests from competent authorities;
  • Legitimate interests – where processing is necessary for fraud prevention, account security, service improvement, internal administration, customer support, business protection, and enforcement of our Terms, provided that such interests are not overridden by the user’s rights and freedoms;
  • Consent – where processing is based on consent, including, where applicable, certain marketing communications or non-essential cookies. Users may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

6. Disclosure of personal data

We do not sell or rent personal data.

We may disclose personal data to third parties only where necessary for legitimate business or legal purposes, including:

  • to third-party payment processors for payment handling, transaction verification, refunds, and related payment operations;
  • to hosting, infrastructure, analytics, security, fraud prevention, customer support, and technical service providers that support the operation of the Platform;
  • to professional advisers, auditors, insurers, legal counsel, and similar service providers where reasonably necessary;
  • to public authorities, regulators, law enforcement bodies, courts, or other competent entities where required by applicable law, legal process, or regulatory obligation;
  • in connection with a merger, acquisition, reorganization, sale of assets, or similar corporate transaction, subject where appropriate to confidentiality and lawful handling requirements.

Where personal data is shared with service providers acting on our behalf, such parties are authorized to process personal data only as necessary to provide the relevant services and subject to appropriate contractual or legal restrictions.

7. Data security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Such measures may include access controls, encryption in transit where appropriate, internal security procedures, and measures designed to reduce the risk of unauthorized access to systems and data.

However, no method of transmission or storage is completely secure. Accordingly, while we take reasonable steps to protect personal data, we cannot guarantee absolute security.

Users are responsible for maintaining the confidentiality of their account credentials and for taking reasonable steps to prevent unauthorized access to their accounts.

8. Minors

The Platform is not intended for minors.

We do not knowingly collect personal data from individuals who are not legally permitted to use the relevant features of the Service under applicable law. In particular, financial transactions on the Platform are not intended for individuals below the age of legal majority.

If we become aware that we have collected personal data from a child or other individual not legally permitted to use the relevant part of the Service, we may take steps to delete that data and, where appropriate, suspend or terminate the related account.

Parents or guardians who believe that personal data may have been provided to us inappropriately may contact us using the details below.

9. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including for:

  • providing the Service and maintaining user accounts;
  • keeping records of transactions, support requests, and Platform activity;
  • preventing fraud, misuse, and unauthorized activity;
  • complying with legal, regulatory, tax, accounting, and reporting obligations;
  • resolving disputes and enforcing agreements.

Retention periods may vary depending on the nature of the data and the reasons for processing. In some cases, we may retain certain data for longer periods where required or permitted by applicable law.

10. International data transfers

Personal data may be processed in jurisdictions outside the United Kingdom or the European Economic Area, including where we use third-party service providers or partners operating internationally.

Where personal data is transferred internationally, we take steps intended to ensure that such transfers are carried out in accordance with applicable data protection laws and subject to appropriate safeguards, where required.

11. User privacy rights

Depending on your location and applicable law, you may have certain rights in relation to your personal data, including the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to certain types of processing;
  • request portability of personal data, where applicable;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a competent supervisory authority.

These rights are not absolute and may be subject to legal limitations or conditions. To exercise your rights, please contact us using the details set out below.

If you believe that your personal data has been processed in breach of applicable law, you may also lodge a complaint with the Information Commissioner’s Office (ICO) or another competent supervisory authority, as applicable.

12. Third-party links

The Platform may contain links to third-party websites, services, or content. This Privacy Policy applies only to personal data collected through our Platform.

We are not responsible for the privacy practices, content, or policies of third-party services. Users should review the privacy policies of any third-party services they access.

13. Governing law and regulatory framework

This Privacy Policy, and any non-mandatory dispute or claim arising out of or in connection with it, shall be governed by and construed in accordance with the laws of England and Wales.

The Company’s processing of personal data is carried out in accordance with applicable United Kingdom data protection and privacy laws, including the UK GDPR, the Data Protection Act 2018, and, where applicable, the Privacy and Electronic Communications Regulations 2003 (PECR), as amended from time to time, including by the Data (Use and Access) Act 2025.

Nothing in this Privacy Policy is intended to limit any mandatory rights or remedies available to data subjects under applicable data protection law.

14. Changes to this Privacy Policy

We may amend or update this Privacy Policy from time to time.

Any updated version will be published on the Website, and the revised version will become effective as of the date indicated on the Website, unless otherwise stated.

Users are encouraged to review this Privacy Policy periodically to remain informed about how we process personal data.

15. Contact us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, you may contact us at:

ALUMNI GROUP LTD

Corner Chambers, 590a Kingsbury Road, Birmingham, United Kingdom, B24 9ND

Email: contact@strike-skins.com