Privacy policy

Welcome to TRINITY SKINS! Your privacy is of utmost importance to us, and we are committed to handling your personal information in compliance with the General Data Protection Regulation (“GDPR”) and other applicable data protection laws.

This Privacy Policy (hereinafter also “Policy”) outlines how we collect, use, process, and protect your personal data when you interact with TRINITY SKINS. We encourage you to read this document carefully and reach out to us if you have any questions or concerns about how we handle your personal information.

This Privacy Policy applies to all persons who access or use TRINITY SKINS for purchasing gaming skins and related services. By using our website and/or services, you acknowledge and agree to the provisions stipulated in this document. If you disagree with the provisions of this Privacy Policy, you are kindly requested to discontinue the use of TRINITY SKINS.

Webstorm OU,  registration number: 16079877, Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Tööstuse tn 48a-219, 10416, Estonia (within this document also referred to as the “Company”, “TRINITY SKINS” or “we”) is the controller of personal data, who is responsible for determining the means and purposes of personal data processing, as well as ensuring compliance of processing activities with applicable personal data protection laws, including the GDPR.

If you have any questions about this Privacy Policy or our personal data processing practices, please contact us at -

For the purposes outlined in this Policy we collect and further process personal data that falls under the following categories:
  • Contact Information: for example, email address, phone number, and address.
  • User Account Information: for example, username, login information, account preferences, profile picture, steam ID, session data, activity logs, clickstream data, and usage-related data.
  • Identity Information: for example, name, surname, government-issued or national ID number, date of birth and details of identification documents.
  • Authentication and Identification Information (including biometrics): for example, data associated with multi-factor authentication, facial recognition, and fingerprints.
  • Payment Information: for example, bank account details, payment card particulars, billing address, and information related to payment method.
  • Financial Information: for example, bank account details, transaction history, and current balance, among other relevant details.
  • Transactions Information: for example, the history of orders and transactions with us, alongside the current balance.
  • Legal Compliance Information: for example, all data necessary for legal and regulatory compliance, including Anti-Money-Laundering (AML) and Know-Your-Customer (KYC) related requirements (including proof of address, photographic evidence, occupation details, data from sanctions and watchlist screening, risk assessment information, etc.).
  • On-Premises Video Surveillance Information: for example, data obtained from video surveillance conducted at our office premises.
  • Claims and Disputes Information: for example, information linked to claims and disputes that may arise.
  • Technical and Device Information: for example, information about your device, browser type, operating system, IP address, and other technical specifics.
  • User Support and Communication Information: for example, all data related to communication with you (e.g., email exchanges, records of incoming and outgoing calls, chat history, user support events, surveys, etc.).
  • Marketing Information: for example, data associated with your marketing choices and preferences.

In our ongoing effort to provide you with tailored and efficient services, we collect personal data from various sources. The following outlines the categories of sources from which we may obtain your personal information:
  • Direct Interaction: E.g., information is provided directly by you during account creation, product purchases, interactions on our website, or communication with our support team.
  • Third-Party Sources: In certain instances, we may collect information from third-party sources, such as payment institutions, competent state authorities, analytics providers, etc.

We process personal data only if there is an appropriate legitimate purpose and legal basis for processing. The list of such purposes and corresponding legal grounds that we rely on are as follows:
  • Purpose: Creating and managing your user account.
Legal Basis: Contractual necessity.
  • Purpose: Entering into agreement and delivering our services
Legal Basis: Contractual necessity.
  • Purpose: Verifying the identity of users and authenticating them.
  • Legal Basis: Legal obligation, legitimate interests.
  • Purpose: Fulfilling and managing your orders.
Legal Basis: Contractual necessity.
  • Purpose: Processing transactions.
Legal Basis: Contractual necessity, legitimate interests.
  • Purpose: Communicate with you and provide customer support.
Legal Basis: Contractual necessity, legitimate interests.
  • Purpose: Meeting industry-specific legal and regulatory requirements.
Legal Basis: Legal obligation, public task.
  • Purpose: Managing risks and making business operations-related decisions.
Legal Basis: Contractual necessity, legal obligations, legitimate interests.
  • Purpose: Providing you with marketing materials and personalized content.
Legal Basis: Consent, legitimate interests.
  • Purpose: Improving and developing our services.
Legal Basis: Legitimate interests.
  • Purpose: Troubleshooting and addressing technical issues.
Legal Basis: Contractual necessity.
  • Purpose: Preventing fraud and misuse of our services.
Legal Basis: Legal obligation, legitimate interests.
  • Purpose: Ensuring the security of services, information, and other assets.
Legal Basis: Contractual necessity, legal obligation, legitimate interests.
  • Purpose: Addressing claims and resolve disputes.
Legal Basis: Contractual necessity, legal obligation, legitimate interests.

We may need to disclose personal data to the following categories of recipients in order to achieve purposes outlined in this document:
  • our service providers and partners who help us to provide our services (for instance, payment institutions);
  • competent state authorities;
  • other recipients if you instruct us or if there are other legal grounds and purpose to do so.

While our primary processing of personal data takes place within the European Union and European Economic Area ("EU/EEA"), there may be situations necessitating the transfer of this data outside of the EU/EEA. Rest assured, when such instances arise, we are steadfast in our commitment to executing any international data transfer in full adherence to the pertinent requirements stipulated by applicable personal data protection laws, including the GDPR. This commitment ensures that your personal data continues to receive the same level of protection, regardless of its location.

We retain your personal data for the duration necessary to fulfil the purposes outlined in this Privacy Policy unless extended retention is mandated by applicable laws. For example, legal requirements, such as those related to Anti-Money Laundering (“AML”), accounting, taxation, and similar regulations, may prescribe specific retention periods. In cases where applicable laws do not specify a particular retention period, we establish it ourselves in accordance with the principles outlined by the GDPR. Once your personal data is no longer needed for the purposes defined in this document, we employ secure deletion or anonymization procedures to ensure the irreversible removal or anonymization of your information.

At TRINITY SKINS, safeguarding your personal data is a top priority. We have implemented a range of technical and organizational security measures designed to ensure the confidentiality, integrity, and availability of your information. These measures are aligned with the stringent requirements of the GDPR. Our security measures include, for example, data encryption, access controls, data minimization, regular audits, employee training, etc.

While we take extensive measures to protect your data, it is essential to recognize that ensuring the security of your personal information is your responsibility as well. We kindly request that you too follow good information security practices, including, for example, using strong and unique passwords, keeping your devices secure, avoiding use of public Wi-Fi networks, etc.

When using our website and services, you may be requested to provide either obligatory or non-obligatory information, namely:
  • Obligatory information: When using our services, certain personal data is necessary for the performance of our agreement with you and to comply with legal obligations. Failure to provide this obligatory information may result in the inability to register an account, use our services, or access specific features on our website. To notify you of mandatory data, we include appropriate labels in the relevant sections.
  • Non-obligatory information: In addition to obligatory information, you have the option to provide non-obligatory, optional information. This information is not essential for the core functionality of our services but may enhance your overall user experience. For example, you can choose to provide optional information for features like marketing subscriptions. You have the freedom to update or withdraw your consent for processing this non-obligatory information at any time through your account settings or by contacting us. The decision to provide non-obligatory information is entirely voluntary, and its non-provision will not affect your ability to use our core services. However, it may impact the personalization of your experience and the receipt of certain promotional communications.
    1. Your rights as a data subject under the GDPR are as follows:
  • Right to Access: You have the entitlement to request information about the personal data we hold concerning you.
  • Right to Rectification: If you believe the personal data, we hold about you is inaccurate or incomplete, you have the right to request correction or completion.
  • Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal ground for processing.
  • Right to Restriction of Processing: In certain circumstances, you have the right to request the restriction of processing your personal data, meaning we will only store your data without further processing.
  • Right to Object: You can object to certain types of processing (as it is, for example, in case of marketing).
  • Right to Consent Withdrawal: If processing is based on your consent, you have the right to withdraw it. However, withdrawal does not affect the lawfulness of processing before consent withdrawal.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, with the ability to transmit it to another controller.

Please note: The rights listed above are not absolute and may be subject to limitations as provided by applicable data protection and other laws.
    1. To exercise any of the rights mentioned above or if you have any questions regarding your rights, please contact us using the contact information indicated in Section 3 of this document.
    2. To ensure that personal data is not disclosed to any person without the right to receive it, we may require additional information from you to verify your identity before addressing your request.

In certain instances, we may employ automated decision-making processes and profiling to enhance our services and ensure a secure and personalized experience. We strive to be transparent about these processes and their implications. Here are the key points regarding automated decision making and profiling:
  • Automated Decision Making: Our processes that may employ automated decision making are related to:
  1. fraud-prevention activities – namely we may utilize automated systems to detect and prevent suspicious transactions or behaviours. Detection of unusual activity may lead to measures such as transaction suspension or temporary account restrictions;
  2. recommendations - algorithms may be employed to offer personalized recommendations based on your interactions with our platform.
  • Profiling: Profiling may be utilized to better understand the preferences, behaviours, and interests of our users. Furthermore, profiling enables us to deliver customized content and a more personalized experience.

We are committed to promptly and efficiently resolving any claims or disputes related to the processing of your personal data. Should you have any questions, concerns, or complaints, please reach out to us using the contact information provided in Section 3. While we recommend contacting us initially for a friendly and efficient resolution of any issues, you also have the right to lodge a complaint with Estonian Data Protection Inspectorate.

This Privacy Policy is subject to periodic updates to reflect changes in our practices and legal requirements. Any modifications will be effective immediately upon posting, and your continued use of our services signifies your acceptance of these changes. In case of major changes, we may notify you about them using the contact details available to us. However, it is still your responsibility to review this Privacy Policy periodically and ensure that you understand its content.

If you have any questions or concerns about this Privacy Policy or personal data processing activities conducted by us, please contact us using the contact details provided in Section 3 of this document.

Effective date: 15.12.2023.