GDPR Compliance

Last updated: 2026-02-20

1. Data Controller

Haugset IT acts as the Data Controller for all personal data collected via CSSkill.com (the Platform) in accordance with:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Applicable national data protection laws

Contact: support@csskill.com

2. Data We Collect

We may collect:

Account Data

  • Email address
  • Username
  • Steam ID
  • Faceit ID
  • Authentication tokens (via Auth0)

Usage Data

  • Match statistics
  • Engagement activity
  • Prediction participation
  • IP address
  • Device/browser metadata

Payment Data

  • Transaction confirmations
  • Purchase records

We do not store raw payment card information. Payments are processed via third-party providers.

3. Legal Basis for Processing

We process personal data under:

  • Contractual necessity (Article 6(1)(b))
  • Legitimate interest (Article 6(1)(f))
  • Consent (Article 6(1)(a)) where required

Legitimate interests include:

  • Platform security
  • Abuse prevention
  • Service improvement
  • Analytics
  • Fraud detection

4. Data Retention

We retain personal data only as long as necessary for:

  • Providing services
  • Compliance with legal obligations
  • Resolving disputes
  • Preventing fraud

Users may request deletion of their data at any time.

5. User Rights Under GDPR

Users have the right to:

  • Access their data
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time

Requests may be submitted to: support@csskill.com

We will respond within one (1) month as required by GDPR.

6. Data Security

We implement appropriate technical and organizational measures including:

  • Encrypted transmission (HTTPS)
  • Secure authentication (Auth0)
  • Access controls
  • Monitoring for abuse

No system is completely secure; users acknowledge inherent risks of internet use.

7. Third-Party Processors

We may use:

  • Authentication providers (Auth0)
  • Hosting providers
  • Payment processors
  • Analytics tools
  • API integrations (Steam, Faceit, HLTV-related services)

These processors are bound by Data Processing Agreements (DPAs) where required.

8. International Transfers

Where data is transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) will be implemented.

9. Cookies

The Platform may use cookies for:

  • Authentication
  • Analytics
  • Security
  • Session management

A separate Cookie Policy should detail this.

10. Complaints

Users have the right to lodge a complaint with their local Data Protection Authority (DPA).

Questions? Contact us at support@csskill.com.