PRIVACY POLICY

Effective date: 19 March 2013
Last updated: 10 October 2025

Attention: By using https://market.csgo.com you confirm that you have read and agree to this Privacy Policy. If you do not agree with any provision, please do not use the website or its functionality.

Contents
  1. General Provisions and Definitions
  2. Categories and Methods of Data Collection
  3. Purposes and Legal Bases of Processing
  4. Use of Cookies
  5. Storage, Protection and Sharing of Data
  6. User Rights
  7. Email Notifications and Marketing
  8. Account and Data Deletion
  9. Requests From Law-Enforcement Authorities
  10. Force Majeure
  11. Updates to This Policy
  12. Contact Information
1. General Provisions and Definitions
1.1.
Market.CSGO is an online trading platform operated by CRYSTAL FUTURE OÜ (Estonia, Laki tn 14a, Tallinn, registration number 14198230).
1.2.
"User" means any natural person using the website, mobile/desktop applications, browser extensions or the Platform's API.
1.3.
"Personal Data" means any information relating to an identified or identifiable natural person.
1.4.
"KYC" means identity verification through Sumsub performed in accordance with EU and Estonian AML legislation (including AMLD5, Estonian Money Laundering and Terrorist Financing Prevention Act).
1.5.
"API key" means a unique access key to the Platform's API: https://market.csgo.com/api
1.6.
"Cookies" are small text files stored by the browser for authentication, analytics and personalization purposes.
1.7.
"AlphaSkin" means a trade-ban-free digital skin, tradable on https://alfaskins.com
1.8.
"Balance" means the User's internal account balance on the Platform.
2. Categories and Methods of Data Collection
2.1.
The Platform collects only data necessary for service operation, security, contract performance and compliance with EU/Estonian law (including AMLD5 and GDPR).
2.2.
Categories of data processed:
  • name, email, country, language;
  • IP address, device type, cookies;
  • KYC documentation (identity document, proof of address, selfie) for AML purposes;
  • transaction history, participation in giveaways, bonuses;
  • API key and API-related activity;
  • login logs, two-factor authentication, payment password;
  • account settings and user actions in the Dashboard;
  • payment method details when provided directly by the User.
2.3.
The Platform does not collect biometric, genetic or irrelevant data unless required by law and/or provided upon explicit consent.
3. Purposes and Legal Bases of Processing
3.1.
Legal bases under GDPR include:
  • performance of the Terms of Use and Agency Agreement (Art. 6(1)(b) GDPR);
  • compliance with legal obligations, including AML/CTF regulations (Art. 6(1)(c) GDPR);
  • User consent (cookies, marketing) (Art. 6(1)(a) GDPR);
  • legitimate interests of the Operator (fraud prevention, security, service improvement) (Art. 6(1)(f) GDPR).
3.2.
Purposes of processing:
  • account registration and security;
  • execution of transactions, including AlphaSkin operations;
  • KYC/AML checks under EU AML legislation;
  • deposits and withdrawals;
  • bonuses and giveaways;
  • notifications, recommendations, support;
  • fraud prevention and platform security;
  • compliance with lawful requests from authorities.
3.3.
Data is not used outside the purposes above and is not sold to third parties.
4. Use of Cookies
4.1.
Types of cookies used:
  • functional (login, 2FA, settings);
  • analytical (usage analysis);
  • marketing (personalized offers).
4.2.
On the first visit, a cookie-consent banner is displayed, allowing:
  • accept all / choose categories / decline non-essential cookies.
4.3.
Cookies may be disabled in the browser; this may affect some functionality.
5. Storage, Protection and Sharing of Data
5.1.
Processing and protection of Personal Data is carried out in accordance with:
  • GDPR (EU Regulation 2016/679);
  • Estonian Personal Data Protection Act;
  • security requirements: restricted access, encryption, backups, audits;
  • use of 2FA and payment passwords for critical operations.
5.2.
Data may be shared with:
  • our KYC and payment partners when required for service provision and AML compliance;
  • in case of merger/acquisition, subject to GDPR requirements;
  • competent authorities upon receipt of valid legal requests under EU/Estonian law.
5.3.
The User must keep their API key confidential. The Platform is not responsible for consequences of an API key breach.
5.4.
When a User reports a suspected security incident (account breach, unauthorized access, data leak), the Platform conducts an internal review, assists the User, and applies relevant security measures. Official notifications to Users are issued only when incidents are confirmed.
5.5.
Cross-border data transfers are performed only where adequate protection is ensured (Art. 44–49 GDPR), including standard contractual clauses or explicit user consent.
6. User Rights
6.1.
In accordance with GDPR, the User has the right to:
  • obtain information about processing and receive a copy of their Personal Data;
  • request correction, update or deletion of Personal Data;
  • restrict processing;
  • withdraw consent at any time;
  • object to processing, including marketing;
  • lodge a complaint with the Estonian Data Protection Inspectorate or another EU supervisory authority.
6.2.
Requests may be sent to: [email protected]
Processing time: up to 15 working days, unless otherwise required by law.
7. Email Notifications and Marketing
7.1.
When enabling notifications, the User agrees to receive:
  • technical emails (transactions, KYC, security, updates);
  • marketing emails (promotions, news, personalized offers) based on consent under GDPR and ePrivacy Directive.
7.2.
Unsubscription options:
7.3.
Emails are not shared with third parties for advertising, except technical transmission by contracted processors.
8. Account and Data Deletion
8.1.
Deletion is available upon request to [email protected]
8.2.
Deleted data include:
  • account
  • settings,
  • balance
  • API keys
  • transaction history
  • bonuses
  • KYC documents — except data required to be retained under EU/Estonian AML
  • accounting, tax or legal retention obligations.
8.3.
Deletion period: up to 30 calendar days. Users are advised to withdraw assets beforehand.
9. Requests From Law-Enforcement Authorities
9.1.
Personal Data is provided only upon valid, lawful, proportionate requests from competent authorities under EU and Estonian law.
9.2.
Requests are processed within statutory deadlines via [email protected] using required forms and channels.
10. Force Majeure
10.1.
The Platform is not liable for failures caused by events beyond its reasonable control, including:
  • data-center or Steam service outages;
  • internet provider disruptions;
  • power outages;
  • cyberattacks or other malicious third-party actions;
  • updates or restrictions introduced by Steam or other platforms;
  • market activity and price volatility outside Platform control.
Force-majeure applies pursuant to §103 of the Estonian Law of Obligations Act.
11. Updates to This Policy
11.1.
The Platform may update the Policy due to new features, legal changes or identified risks.
11.2.
Updates are published on the website.
11.3.
Continued use of the Platform after updates constitutes acceptance of the revised Policy.
12. Contact Information
General inquiries:
[email protected]
Partnership:
[email protected]
Các giao dịch trong toàn bộ khoảng thời gian
Lịch sử mua hàng
@2026 market.csgo.com
Liên hệ với chúng tôiLịch sử mua hàngCác quy tắcAPI
Liên hệ với chúng tôiCác quy tắcCác điều khoảnPrivacy PolicyAPI
Không liên kết với Valve
Trustpilot