Skin.Club
Skin.Club
Skin.Club

隱私權政策

Last updated: 19 June 2026

At a glance

Skin.Club is operated by Moontain Limited, a Cyprus-incorporated company. We are the controller of your personal data. We collect data you give us (account, KYC, payment), data about how you use the platform (activity, device, location), and data from third parties (Steam, identity-verification providers). We use this data to run the platform, verify your age and identity, prevent fraud, comply with anti-money-laundering law, and send you marketing where you have agreed to it. Identity verification involves a biometric liveness check carried out by our verification provider; we receive only your identity document and the verification result, not the biometric template. We use automated systems to support risk scoring and account decisions, but significant decisions about your account are made or reviewed by a person, and you can request human review. We share your data with service providers (hosting, analytics, advertising, identity verification) and in limited cases transfer it outside the EU/EEA under appropriate safeguards. You have the right to access, correct, delete, object to, restrict and port your data. You can exercise your rights through privacy@skin.club.

  1. About this policy

    This Privacy Policy describes how Moontain Limited (“Skin.Club”, “we”, “us”, “our”) collects, uses, shares and protects your personal data when you access or use the Skin.Club website at https://skin.club (the “Platform”) and related services (the “Services”).

    We are the controller of your personal data. This means we decide what personal data is collected about you, why it is collected and how it is used.

    This policy is designed to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the Cyprus Personal Data Protection Law (Law 125(I)/2018), and applicable national rules implementing the ePrivacy Directive.

    If you do not agree with any part of this policy, please do not use the Platform.

  2. Who we are and how to contact us

    Controller: Moontain Limited, incorporated in the Republic of Cyprus under registration number HE410299, registered office at 13 Kypranoros Street, Office 205, 1061 Nicosia, Cyprus.

    General enquiries: help@skin.club

    Data Protection Officer: privacy@skin.club (or write to the registered office, marked FAO “Data Protection Officer”).

    EU/EEA matters: You may also contact the Cyprus Commissioner for Personal Data Protection (https://www.dataprotection.gov.cy).

  3. The personal data we collect

    Information you give us

    • Account information: Steam ID, username, display name, email address (optional for some flows), language preference, password credentials.

    • Identity and age-verification information: full legal name, date of birth, nationality, government-issued identification document, a photograph of you with the document (“selfie”), and biometric data derived from a liveness check, collected through our identity-verification provider (see Section 5).

    • Payment information: limited payment card details (scheme, last four digits, expiry, token) or wallet identifier, required to process deposits. We do not store full card numbers.

    • Communications: the content of messages you send us through support chat, email or other channels.

    Information we collect automatically

    • Device and technical information: IP address, device identifiers, browser type and version, operating system, language, time zone, screen resolution, device fingerprint.

    • Location information: approximate location derived from your IP address and, where you permit it, more precise location.

    • Platform activity: pages visited, features used, cases opened, transaction history, win/loss records, session duration, clicks, scroll behaviour, referral source, timestamps.

    • Cookies and similar technologies: see Section 11.

    • Security and fraud signals: login attempts, authentication events, device reputation signals, behavioural anomalies.

    Information we receive from third parties

    • Steam: your Steam ID, Steam level, publicly visible profile information, and information needed for inventory or trade functionality.

    • Identity-verification provider: verification results, biometric liveness outcomes, sanctions/PEP screening results and related risk flags.

    • Fraud and device-intelligence providers: device reputation, bot-detection scores, anomaly signals.

    • Payment service providers: transaction authorisation results, fraud scores, chargeback data.

    • Advertising and analytics providers: attribution signals, advertising identifiers, conversion data.

    • Publicly available sources: sanctions lists, PEP lists, adverse-media databases (for AML screening).

  4. How and why we use your personal data

    The table below sets out each purpose, the data involved, the legal basis, and how long we keep the data. Where we rely on legitimate interests we have carried out a balancing test, and you have the right to object (Section 10).

    PurposeData categoriesLegal basis (EU GDPR)Retention
    Creating and managing your account; authenticating you via SteamSteam ID, username, email, password credentials, device/IPArticle 6(1)(b) — performance of a contractDuration of your account plus 5 years after closure (AML record-keeping)
    Verifying your age and identity (KYC); sanctions and PEP screeningFull name, DOB, nationality, ID document, photograph/selfie, biometric liveness data, screening resultsArticle 6(1)(c) — legal obligation under Cyprus AML law (Law 188(I)/2007 as amended); and Article 9(2)(a) — explicit consent for the biometric liveness check (see Section 5)5 years after the end of the customer relationship. Biometric templates are not retained by us; they are processed by our verification provider and deleted or anonymised shortly after verification
    Processing deposits and other payment transactionsPayment card details (limited), transaction data, wallet identifiersArticle 6(1)(b) — contract; Article 6(1)(c) — legal obligation (AML and tax record-keeping)5 years after the transaction
    Preventing, detecting and investigating fraud, bot activity and abuseDevice fingerprint, IP, behavioural signals, transaction data, Steam data, support correspondenceArticle 6(1)(f) — legitimate interests in protecting the integrity of the Platform and our users12 months from the last relevant signal, or longer where required to defend a legal claim
    AML transaction monitoring and suspicious-activity reportingTransaction data, KYC data, behavioural signals, risk scoresArticle 6(1)(c) — legal obligation; Article 10 — processing relating to criminal offences as authorised by law5 years after the end of the customer relationship, or longer if a suspicious-activity report is filed
    Risk scoring and account decisions, including suspension/banAccount data, transaction data, behavioural signals, fraud signals, KYC dataArticle 6(1)(f) — legitimate interests in detecting and preventing breaches of our Terms and fraud. These decisions are not based solely on automated processing — see Section 6Decision records retained 5 years for accountability
    Keeping the Platform secure; logging and monitoringAccess logs, IP, device, session dataArticle 6(1)(f) — legitimate interests in network and information security (Recital 49); Article 6(1)(c) where logging is legally required12 months
    Providing customer supportSupport tickets, chat transcripts, email correspondence, account dataArticle 6(1)(b) — contract; Article 6(1)(f) — service improvement3 years after ticket closure
    Sending you direct marketing by email and pushEmail address, account data, preferencesArticle 6(1)(a) — consentUntil you withdraw consent; suppression record kept 3 years
    Profiling for marketing (offers tailored to your activity)Activity data, preferences, transaction history, inferred attributesArticle 6(1)(a) — consentUntil you withdraw consent
    Website and app analyticsCookie identifiers, device and usage data, IP (truncated where feasible)Article 6(1)(a) — consent, via cookie bannerPer analytics cookie expiry (see Cookie Policy); aggregated data may be kept longer
    Advertising, retargeting and measurement (incl. Meta, Google, TikTok, Twitter/X, Amazon)Cookie and pixel identifiers, hashed email (where applicable), activity dataArticle 6(1)(a) — consent, via cookie bannerPer the expiry set by the relevant cookie (see Cookie Policy)
    Complying with lawful requests from authorities and regulatorsAny relevant account, KYC or transaction dataArticle 6(1)(c) — legal obligation; Article 6(1)(f) — legitimate interests in compliancePer the request, or 5 years (whichever is longer)
    Establishing, exercising or defending legal claimsAny relevant dataArticle 6(1)(f) — legitimate interestsFor the applicable limitation period (ordinarily 6 years in Cyprus for contractual claims)
  5. Special categories of personal data (biometrics)

    Biometric data — a short liveness-check image or video captured to confirm that the person presenting an identity document is a real, present human — is a special category of personal data under Article 9 GDPR. We only process biometric data where you initiate our identity-verification process, which is required to register on and use the Platform.

    The biometric data is captured and processed by our identity-verification provider, SumSub, acting as our processor. It is used solely to assess whether the person on camera matches the photograph on the submitted identity document and is alive at the time of capture. We do not receive or retain the biometric template; we receive your identity document and the verification result (including confirmation that the face matched the document).

    Legal basis. We rely on your explicit consent under Article 9(2)(a) GDPR, which you provide before the liveness check begins. We do not use biometric data for any purpose other than identity and age verification, and we do not sell or share it with advertisers, data brokers or other third parties.

  6. Automated decision-making and profiling

    We use automated systems to support decisions about your account, including detecting fraud, bot activity, multi-accounting and chargeback abuse; risk scoring that determines verification level, transaction limits or manual review; and profiling for marketing, where you have consented.

    How decisions are made. Our systems apply pre-defined rules, statistical models and third-party risk signals to account, device, behavioural and transactional data. The models score and flag accounts, but decisions that have a legal or similarly significant effect on you are made or reviewed by a member of our compliance or trust-and-safety team. We do not take such decisions based solely on automated processing.

    Your rights. Even though a person is involved in significant decisions, you can always ask us to review a decision about your account. You have the right to obtain human review, to express your point of view, and to contest the decision. Contact privacy@skin.club describing the decision; we will route your request to a reviewer who was not involved in the original decision.

  7. Who we share your personal data with

    We share your personal data with the following categories of recipient. In most cases these recipients act as our processors and handle your data only on our documented instructions, under a written data processing agreement.

    Category of recipientExamples / roleWhy we share
    Hosting and cloud infrastructureAWS; content delivery network (Cloudflare); database and storage servicesTo run the Platform
    Identity verificationSumSubTo verify your age and identity, screen for sanctions/PEP, and assess fraud risk
    Payment processingCard acquirers and payment service providersTo process your deposits and detect payment fraud
    Fraud and device intelligenceFingerprintJS and similar vendorsTo detect bots, multi-accounting and abuse
    Customer support toolingZendesk and similar platformsTo respond to your enquiries
    AnalyticsGoogle Analytics; Amplitude; Microsoft ClarityTo understand how the Platform is used and improve it
    Email and notificationsMailgun; Customer.io; OneSignal; NovuAccount notifications and, where you have consented, marketing
    Advertising partnersMeta, Google Ads, TikTok, Twitter/X, Amazon advertisingTo show you relevant advertising on third-party platforms, where you have consented
    Professional advisersLawyers, accountants, auditorsWhere necessary to run the business or defend legal claims
    Authorities and regulatorsLaw enforcement, tax authorities, data-protection and other regulatorsWhere required by law or to protect our rights and the safety of others
    Corporate transactionsProspective acquirers, investors and their advisersIn a merger, acquisition, reorganisation or financing, subject to confidentiality and data-protection safeguards

    We do not sell your personal data. We do not share your personal data with third parties for their own independent marketing purposes, except where you have consented.

  8. International data transfers

    Some recipients in Section 7 are based, or process data, outside the European Economic Area (EEA), including in the United States. When we transfer personal data outside the EEA, we ensure one of the following safeguards is in place:

    • An adequacy decision of the European Commission covering the destination, including the EU-US Data Privacy Framework where the recipient is certified under it;

    • The European Commission’s Standard Contractual Clauses (SCCs), together with any additional measures required; or

    • Another safeguard recognised under applicable law, including binding corporate rules.

    Where a US recipient is not certified under the EU-US Data Privacy Framework, we rely on the SCCs. You can request a copy of the relevant safeguards by writing to privacy@skin.club.

  9. How long we keep your personal data

    We keep your personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting or reporting obligations and to defend legal claims. The specific period for each purpose is in the Section 4 table. In summary:

    • Active account data: duration of your account plus 5 years after closure.

    • KYC, AML and transaction records: 5 years after the end of the customer relationship.

    • Fraud and security records: 12 months (longer where needed to defend a claim).

    • Marketing: until you withdraw consent, plus a 3-year suppression record for evidential purposes.

    • Legal-claims records: the applicable limitation period (ordinarily 6 years in Cyprus for contractual claims).

    When we no longer need your personal data, we delete or anonymise it.

  10. Your rights

    Subject to applicable law, you have the following rights in relation to your personal data.

    RightWhat it means
    Right of accessObtain a copy of the personal data we hold about you and information about how we process it.
    Right to rectificationAsk us to correct inaccurate or incomplete personal data.
    Right to erasure (“right to be forgotten”)Ask us to delete your personal data in certain circumstances. This is not absolute: we may need to keep certain data to meet legal obligations (including AML record-keeping) or defend legal claims.
    Right to restriction of processingAsk us to temporarily stop processing your personal data, e.g. while we look into a rectification or objection request.
    Right to objectObject to processing based on legitimate interests, or to direct marketing. Where you object to direct marketing, we will stop.
    Right to data portabilityReceive the personal data you provided to us in a structured, commonly used, machine-readable format, where processing is based on consent or contract and carried out by automated means.
    Rights relating to automated decision-makingSee Section 6.
    Right to withdraw consentWithdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
    Right to lodge a complaintLodge a complaint with your supervisory authority. See Section 16.

    How to exercise your rights. Write to privacy@skin.club, or use the in-platform data request form or the support chat in your account. You can request erasure by any of these channels. We may ask you to verify your identity before we respond; because erasure is permanent, we take additional steps to confirm your identity before carrying it out.

    Response time. We respond within one month, which we may extend by up to two further months for complex or numerous requests, telling you within the first month.

    No charge. Exercising your rights is free. If a request is manifestly unfounded or excessive we may charge a reasonable fee or refuse it, with a clear explanation.

  11. Cookies and similar technologies

    We use cookies, pixels, local storage and similar technologies to run the Platform, remember your preferences, understand how the Platform is used, and (with your consent) show you relevant advertising. Non-essential cookies are only set after you consent through our cookie banner. You can change your preferences at any time through the “Cookie settings” link in the Platform footer. Full details are in our Cookie Policy at https://skin.club/en/cookie-policy.

  12. Children

    The Platform is for adults only. You must be at least 18 to register and use it. We do not knowingly collect personal data from anyone under 18. If we learn that we have, we will close the account and delete the data without undue delay, subject to legal-retention obligations. If you believe we have collected data from a minor, contact privacy@skin.club immediately.

  13. How we protect your personal data

    We use technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure, including:

    • Encryption of data in transit (TLS) and, for sensitive data, at rest.

    • Role-based access controls and least privilege.

    • Multi-factor authentication for staff access to systems processing personal data.

    • Vulnerability management, including periodic penetration testing.

    • Security monitoring, logging and alerting.

    • Confidentiality and data-protection commitments from staff and service providers.

    • Security-awareness training for staff who handle personal data.

    • An incident-response plan for personal-data breaches.

    No system is completely secure. While we take security seriously, we cannot guarantee that personal data will never be accessed, disclosed or altered without authorisation. If you believe your account has been compromised, contact us immediately.

  14. Changes to this policy

    We may update this policy from time to time to reflect changes in our processing, in applicable law, or in our business. For material changes we will notify you in the Platform and, where appropriate, by email before they take effect. The date at the top shows when it was last updated.

  15. Country-specific information

    Our lead supervisory authority in the EEA is the Cyprus Commissioner for Personal Data Protection. You may also lodge a complaint with the supervisory authority of the EU member state where you live, work, or where the alleged infringement took place. Where other privacy laws apply to our processing, we will honour rights granted to you under those laws; contact privacy@skin.club for more information.

  16. Contact and complaints

    If you have any questions, concerns or complaints about how we handle your personal data, please contact us first so we can address them:

    • Email: privacy@skin.club

    • Post: Moontain Limited, FAO Data Protection Officer, 13 Kypranoros Street, Office 205, 1061 Nicosia, Cyprus

    You also have the right to lodge a complaint with a supervisory authority. Details of the Cyprus Commissioner for Personal Data Protection are at https://www.dataprotection.gov.cy.

Skin.ClubSkin.Club

以最優惠的價格取得你最愛的所有外觀。 所有交易均使用 Steam 機器人自動進行。

Moontain Limited (HE410299) 13 Kypranoros street, EVI Building, 2nd floor, flat/office 205, 1061, Nicosia, Cyprus.

banner

前往此網站,即代表您確認
您已年滿 18 歲

help@skin.club網站地圖
  • Visa payment
  • Visa secure
  • Mastercard payment
  • Maestro payment
  • Mastercard id check
  • sofort
  • interac

關於 Skin.Club

Skin.Club 是由玩家建立而成的網站,專為 CS 外觀的廣大愛好者服務,且該網站的一大特色,便是採用了所謂「公平可證」 的系統。 大多數曾發佈過的 CS2 外觀,都可以透過我們的平台取得!

取得 CS2 的外觀從來沒有這麼簡單過:

  • 登入
  • 用現金或 CS2 外觀來進行儲值
  • 透過網站上的各種機制來探索大量的外觀!

Skin.Club 支援多種付費方式,包括 G2A Pay、信用卡,甚至連 CS2 外觀都能拿來付費! 此外,Skin.Club 還會在自己的社群媒體上提供可用來儲值的特別促銷碼。

如果你的資金充足,則能自由選擇打開任何 CS2 武器箱。 武器箱一經開啟,你就會收到 CS2 外觀,並可以決定如何使用。 你可以將 CS2 外觀提領至 Steam 存放、回售給網站、送去供升級使用,甚至拿來換成其他新外觀!

Skin.Club 的升級功能可以讓你將武器箱中價格較為低廉的外觀提升為較為貴重的外觀。 正是這一項獨特的功能,使得 Skin.Club 如此與眾不同,因為並非所有的開箱網站都提供這樣的選項。 請你一定要試試看!

運作原理:

  1. 從庫存中選取一個或多個外觀
  2. 選擇你想得到的外觀來當作升級目標
  3. 按一下「升級」按鈕

升級的成功與否,取決於所選外觀與升級目標之間的差價。 兩者間的價差越小,升級就越可能成功。

要提領 CS2 外觀,請遵循以下步驟操作:

  1. 在你的個人檔案中選取想要的物品
  2. 按一下「徵求」按鈕
  3. 在 Steam 上等待交易報價
  4. 接受交易,將外觀加進你的庫存裡

值得注意的是,Skin.Club 不提供提領現金的選項。 由於所有交易均由系統自動處理,因此提領通常只需幾分鐘。

公平可證

Skin.Club 採用了一種叫做「公平可證」(Provably Fair) 的演算法,確保開箱過程與各種機制中所產生的結果都是完全隨機且無法篡改的。 這能保證沒有使用者能操縱系統,而每個參與者都有平等的機會從 CS2 武器箱中獲得珍貴的外觀。 只要有公平可證系統,就沒有人可以預測未來的結果;但可以驗證以前的結果。

這種方法能確保所有結果 (無論輸贏) 的公平性和數學準確性,更使得任何人都無法按照自己的期望來操縱數字。 Skin.Club 很自豪能為市場提供如此透明且誠實的公平可證系統。

  • 在 Skin.Club,你可以檢視所有已產生的結果和種子變更的完整歷程記錄。 有了這樣的功能,任何人都沒有辦法為特定的使用者訂定中獎機率。
  • Skin.Club 允許使用者檢查其他玩家的中獎機率和遊戲結果,藉此確認其真實性。 這種透明度能確保其他玩家的遊戲結果不是偽造的。

此外,Skin.Club 的獨特之處,還在於能檢查用戶端和伺服器種子的歷程記錄。 這些資料全是公開的,可供任何人隨時核查。