Effective Date: May 18, 2026
1. Data Controller and Legal Basis
Entity Information
AR NORDLINE LTD (Company No. 17013884), incorporated in England and Wales, serves as the Data Controller.
Regulatory Compliance
This policy is designed to comply with the UK GDPR and the Data Protection Act 2018.
Consent
By utilizing our website and services, you expressly agree to the collection and processing of your information as described herein.
2. Categories of Data Collected
Identity and Contact Details
Includes your full name, email address, and billing address provided during registration or checkout.
Steam and Trading Data
We process your Steam username, unique Trade URL, and the status of in-game asset deliveries.
Transactional Information
Includes your order history, digital receipts, and payment confirmations.
Technical Metadata
We collect IP addresses, device types, browser information, and referral sources automatically.
Verification Data
Includes identity documents and proof of address required for mandatory AML/KYC screenings.
Payment Processing
Financial data is handled securely by authorized third-party providers; AR NORDLINE LTD does not store or access full payment card details.
3. Data Usage and Disclosure
Order Fulfillment
Data is used to process and deliver CS2 items via Steam trade offers.
Security and Compliance
We utilize information to monitor for fraud, prevent risk, and meet regulatory obligations such as tax reporting and AML/CTF rules.
Authorized Sharing
Your information may be shared with acquiring banks, card schemes, and payment processors for fraud screening and chargeback handling.
Platform Integration
Data is shared with Valve Corporation (Steam) where necessary to facilitate the transfer of virtual assets.
Marketing
We may send updates or marketing communications only if you have explicitly opted in.
4. Data Retention and Security
HMRC Compliance
Transaction and order data are retained for up to 6 years to meet UK accounting and legal requirements.
Regulatory Retention
AML and KYC records are stored for a minimum of 5 years.
Protective Measures
We apply technical safeguards, including encryption and access controls, to secure your personal data.
Automated Processing
Certain transactions are subject to automated fraud checks by banks; you have the right to request a human review of any such automated decision.
5. Your Statutory Rights
Access and Erasure
Under the UK GDPR, you have the right to access, rectify, or request the deletion of your personal data.
Restriction
You may object to certain types of processing or request data portability.
Complaints
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
Contact
All requests can be submitted to our support team at info@entryfrag.org.
6. Legal Bases for Processing
Performance of Contract
To provide services, process orders, and deliver transactions.
Legal Obligation
To comply with AML/CTF, tax, fraud prevention, and other regulatory requirements.
Legitimate Interests
To ensure platform security, prevent fraud and abuse, and maintain and improve our services, where such interests do not override your rights.
7. Profiling and Automated Decision-Making
We may use automated systems, including profiling and risk-scoring mechanisms, to assess transactions and detect fraud, money laundering, or other suspicious activity. Such processing may result in actions including transaction delays, requests for additional verification, enhanced due diligence checks, or refusal of transactions or services. Where automated decision-making significantly affects you, you have the right to request human intervention, to express your point of view, and to contest the decision.
8. International Data Transfers
International Data Transfers
Your personal data may be transferred to, stored, and processed in countries outside the United Kingdom or European Economic Area, including jurisdictions that may not provide the same level of data protection.
Safeguards
Where such transfers occur, we ensure appropriate safeguards are in place in accordance with UK GDPR, including the use of Standard Contractual Clauses, adequacy regulations, or other lawful transfer mechanisms.
Service Providers
International transfers may occur through the use of third-party service providers such as payment processors, fraud prevention tools, analytics providers, and Steam/Valve systems where necessary for service delivery and transaction processing.
