PRIVACY POLICY – csglow.org

Effective Date: August 21, 2025

This Privacy Policy explains how NEXLIFY EL LTD (“we”, “us”, or “our”) collects, uses, processes, discloses, and safeguards your personal data when you access or use csglow.org and its services, including the purchase, sale, and delivery of Dota 2 virtual items.

By accessing or using the csglow.org, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

1. Data Controller

NEXLIFY EL LTD (Company No. 17129407), registered in England and Wales, with its registered office at 77 Fulham Palace Road, London, United Kingdom, W6 8AF, acts as the Data Controller for the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: info@csglow.org

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

Identity and Contact Data

Includes your name, email address, billing address, and any other personal information you provide when using the Website.

Transactional Data

Includes details of purchases, sales, payouts, order history, transaction identifiers, and related records.

Payment Data

Payment details are processed securely by authorised third-party providers. We do not store or have access to full payment card numbers.

Steam and Trading Data

Includes your Steam username, trade URL, account identifiers, transaction status, and delivery confirmation data.

Technical Data

Includes IP address, device type, browser type, operating system, time zone, referral source, and cookie identifiers.

Communication Data

Includes any information you provide when contacting support or communicating with us via email, forms, or other channels.

Verification and Compliance Data

Includes identity verification documents, proof of address, date of birth, and any additional information required for AML/KYC compliance, fraud prevention, or regulatory obligations.

3. Methods of Data Collection

We collect personal data through the following methods:

Direct Interactions

When you:

● create an account;

● place orders or list items;

● request payouts;

● contact support.

Automated Technologies

Through cookies, tracking technologies, server logs, and analytics tools when you interact with the Website.

Third-Party Sources

From:

● payment processors (e.g., PayPal, Stripe, WooCommerce);

● fraud prevention and compliance providers;

● identity verification services;

● financial institutions or acquiring banks.

4. Purposes and Legal Basis for Processing

We process personal data in accordance with the UK GDPR on the following legal bases:

Contractual Necessity

To:

● process and fulfil orders;

● deliver digital items via Steam trade offers;

● execute payouts and manage transactions.

Legal and Regulatory Obligations

To:

● comply with AML/CTF requirements;

● perform identity verification (KYC);

● meet tax, accounting, and audit obligations;

● comply with payment network and acquiring bank rules.

Legitimate Interests

To:

● detect and prevent fraud, chargebacks, and abuse;

● maintain platform security and integrity;

● improve services, performance, and user experience;

● conduct risk assessment and transaction monitoring.

Consent (where applicable)

For:

● marketing communications;

● non-essential cookies and tracking technologies.

We process personal data only where a valid legal basis applies and where such processing is necessary and proportionate.

5. Sharing and Disclosure of Personal Data

We may disclose personal data to the following categories of recipients:

Payment and Financial Institutions

Including acquiring banks, payment processors, and card schemes for:

● transaction processing;

● fraud screening;

● chargeback management;

● AML/KYC compliance.

Technical and Operational Service Providers

Including hosting providers, analytics platforms, communication services, and customer support tools.

Fraud Prevention and Compliance Providers

For risk scoring, transaction monitoring, identity verification, and regulatory compliance.

Gaming Platform Providers

Including Steam / Valve Corporation, where required to facilitate item delivery.

Regulatory Authorities and Legal Advisors

Where disclosure is required by law, regulation, court order, or to protect our legal rights.

We do not sell personal data to third parties.

Payment information is processed directly by authorised providers. NEXLIFY EL LTD does not store or access payment card details.

6. Communications

We may use your contact details to send:

● transaction confirmations and delivery notifications;

● account-related or security communications;

● service updates or operational notices;

● marketing communications (only where you have provided consent).

You may unsubscribe from marketing communications at any time. Service-related communications may still be sent where necessary.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

● ensure the proper functioning of the Website;

● maintain session security and authentication;

● analyse usage and performance;

● support fraud detection and transaction monitoring;

● deliver marketing content where consent is provided.

You may manage cookie preferences through your browser settings or cookie management tools where available.

Disabling certain cookies may affect Website functionality.

8. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this Policy:

● KYC/AML data: minimum 5 years (or longer where required by law)

● Transaction and financial data: up to 6 years for accounting and audit purposes

● Support communications: retained as necessary for record-keeping and dispute resolution

● Technical and analytics data: retained according to lifecycle or until deletion

Data may be retained longer where required for legal claims, regulatory investigations, or enforcement purposes.

9. Your Rights

Under the UK GDPR, you have the right to:

● access your personal data;

● request correction or deletion;

● restrict or object to processing;

● request data portability;

● withdraw consent where processing is based on consent;

● lodge a complaint with a supervisory authority.

To exercise your rights, contact: info@csglow.org You may also contact the Information Commissioner’s Office (ICO) at: www.ico.org.uk

10. International Data Transfers

Your personal data may be transferred outside the United Kingdom or the European Economic Area, including to payment providers and service partners.

Where such transfers occur, we implement appropriate safeguards, including:

● Standard Contractual Clauses (SCCs);

● adequacy decisions;

● other legally recognised transfer mechanisms.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

● encryption of sensitive data;

● access control mechanisms;

● system monitoring and fraud detection tools;

● secure infrastructure and data storage practices.

However, no system can guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Certain transactions may be subject to automated decision-making, including fraud detection and risk scoring. You have the right to request human intervention and review of such decisions.

12. Children’s Data

The Website is intended for individuals aged 18 years or older. We do not knowingly collect personal data from minors.

If we become aware that such data has been collected, we will take steps to delete it.

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements.

Updated versions will be published on the Website with a revised effective date. Continued use of the Website constitutes acceptance of the updated Policy.

Contact Information

NEXLIFY EL LTD 77
Fulham Palace Road, London, United Kingdom, W6 8AF
Company No. 17129407
Email: info@csglow.org