Log in Sign up
Tilda Publishing
Privacy Policy
Thank you for choosing Tilda!

Privacy Policy (hereinafter — Privacy Policy, Policy) is an integral part of the Terms of Service Agreement (hereinafter — the Agreement) and explains what personal user data is collected and stored by the Administration when interacting with it, using the Tilda Platform and the Administration's websites, as well as when it can be used or shared with third parties. If you wish to use Tilda's services, you must read and accept the terms of the Privacy Policy and the Agreement.

This Privacy Policy is developed in accordance with the requirements of the Federal Decree Law UAE No. 45/2021 on the Protection of Personal Data and the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) (hereinafter collectively — Law), is adopted and in force by the Administration (hereinafter — Administration, we).

This document consists of the following sections:
General Provisions
Purposes of Processing Personal Data
Logging of User Actions
Personal Data Processed by Users
Methods for Collecting Personal Data
Transfer and Receipt of Personal Data from Third Parties
Personal Data Storage
Updating and Deleting Personal Data
Rights and Obligations of the User
Rights and Obligations of the Administration
Contacts

By using our Platform and/or providing us with Personal Data, you agree that this Personal Data will be processed in accordance with this Policy and the Cookie Policy.

If you have any legal questions related to this Policy, please contact us: legal@tilda.cc
For general and technical questions — team@tilda.cc
For questions regarding the organization of processing and protection of personal data — dpo@tilda.cc
1. General Provisions
1.1. This Privacy Policy defines the obligations of the Administration to non-disclosure and protection of confidentiality of personal data that subjects of personal data (hereinafter the Subject of Personal Data) provide at the request of the Administration, including during registration on the Platform Tilda (hereinafter the Platform) and during further interaction with the Platform.

1.2. The Privacy Policy applies to all information processed by the Administration, including information that the Platform may collect about the User when using the services of the Platform. By registering on the Platform, the User agrees to all the terms of the Privacy Policy.

1.3. The Privacy Policy may be amended by the Administration without prior notification. The current Privacy Policy is at all times available at https://tilda.cc/privacy/.
2. Purposes of Processing Personal Data
2.1. Administration determines for each purpose of Personal Data processing the categories and list of processed Personal Data, methods, terms of their processing and storage, the order of destruction of Personal Data upon achievement of the purposes of their processing or upon occurrence of other legal grounds.

2.2. The Administration has determined the following purposes of Personal Data processing:

2.2.1. For the User's Personal Data:
1) providing access to the Platform (registration);
2) ensuring the security of the Platform and its correct functioning;
3) restoring access to the Account (if it was stolen / login and password was lost / login error during registration / it is not possible to use two-factor authentication);
4) providing access within the framework of paid tariffs when paying by a bank card;
5) ensuring the reliability of the Platform and the ability to recover data after failures using backup and data recovery technologies;
6) processing on behalf of the User for the implementation of processes automated by the User using the Platform (regulated by the Data Processing Agreement);
7) transfer of the User’s Personal Data to another Controller when the User transfers their profile to it.

2.2.2. For Personal Data of persons who address the Administration with various requests:
1) reviewing requests from the Subjects of Personal Datare garding the processing of their Personal Data by Users on the Platform;
2) reviewing requests concerning violations of intellectual property rights by Users under the Intellectual Property Protection Policy;
3) reviewing requests related to the posting of potentially inaccurate information about a business entity by Users;
4) consideration of questions regarding blocking of the account due to application to the Stripe payment system;
5) reviewing other requests.

2.2.3. For Personal Data of individuals participating in the Administration’s informational projects — participation in the informational projects of the Administration.

2.2.4. For Personal Data of visitors to the Administration’s websites — analyzing website visitation statistics of the Administration.

2.3. The Administration processes Personal Data as described below:

2.3.1. The purpose of processing — to provide access to the Platform (registration)

Processed Personal Data:
  • Name;
  • Email;
  • Unique identifier of the User used on the Platform (ID).

Processing is carried out automatically/with the User's participation:
  • IP;
  • City/Country (by IP);
  • Browser Version;
  • Language;
  • UTM parameters;
  • Partner Tag;
  • The address of a website page's referrer;
  • Cookie data used to identify the User without the use of technical measures.

Grounds for processing of Personal Data — processing shall be carried out as part of fulfillment of contractual obligations.

Types of processing of Personal Data:
  • Collection, recording, systematization, accumulation, storage of Personal Data;
  • Clarification (update, modification) is performed by the subject of Personal Data via the profile management form, as well as automatically during the User's interaction with the Website;
  • De-identification, blocking, destruction of Personal Data is performed through the Control Panel for User management.

Retention period of Personal Data — Personal Data shall be stored for the entire duration of the agreement/during the periods established by the current United Arab Emirates legislation.

Deletion of Personal Data — Personal Data are deleted by the User in the Personal Account or automatically at the end of the storage period for the data collected in automatic mode. The fact of deletion is recorded in the Platform logs.

2.3.2. The purpose of processing — to ensure the security of the Platform and its correct functioning

Processed Personal Data:
  • Phone number;
  • Links to the account owner's social media profiles.

Grounds for processing of Personal Data — processing is performed within the framework of fulfillment of contractual obligations.

Types of processing of Personal Data:
  • Collection, recording, systematization, accumulation, storage (if fraudulent activities, spam or mass registration are suspected, the User shall provide the Administration with a contact phone number to confirm independent actions in the Personal Account);
  • Viewing, depersonalization, blocking through the Control panel for user management.

Retention period of Personal Data — Personal Data shall be stored during the entire term of the agreement/during the periods established by the current United Arab Emirates legislation.

Deletion of Personal Data — Personal Data are deleted by the User in the Personal Account. The fact of deletion is recorded in the Platform logs and stored for the period of time specified by the current legislation of the United Arab Emirates.

2.3.3. The purpose of processing — to restore access to the Account (if it has been stolen/lost login and password/error in login during registration/no possibility to use two-factor authentication)

Processed Personal Data:
  • Masked bank card number;
  • Phone number.

Grounds for processing of Personal Data — processing is performed within the framework of fulfillment of contractual obligations.

Types of processing of Personal Data:
  • Collection, recording, accumulation, storage, depersonalization, blocking, deletion;
  • Viewing through the Control Panel for user management.

Retention period of Personal Data — Personal Data shall be stored for the entire duration of the agreement.

Deletion of Personal Data — Personal Data are deleted by the Administration after the goal is achieved.

2.3.4. The purpose of processing — to ensure the reliability of the Platform operation and the possibility of data recovery after failures using data backup and recovery technologies

Processed Personal Data — all data processed by the Administration and listed in this document.

Grounds for processing of Personal Data — processing is carried out within the framework of fulfillment of contractual obligations.

Types of processing of Personal Data:
  • Storage;
  • Transfer for realization of geo-distributed storage of backup copies;
  • Deletion is performed automatically upon expiration of the retention period of the backup copies of the data

Processing shall be carried out by hosting the Platform on the facilities leased by the Processor in data processing centres provided by partners with whom agreements have been concluded to guarantee the security of the Personal Data processed by them:

Retention period of Personal Data — Personal Data shall be stored for the entire term of the agreement/for the terms established by the applicable laws of the United Arab Emirates.

Deletion of Personal Data — Personal Data is deleted automatically upon expiration of the retention period of the backup copies of the data, as part of the backup and recovery process in place.

2.3.5. Purpose of processing — granting access within the framework of paid plans when paying by bank card

Processed Personal Data:
  • Surname and first name on the card;
  • Masked bank card number;
  • Card validity period;
  • Eemail;
  • User ID;
  • Information about the completed purchase (tariff name, price, currency);
  • Ttransaction number;
  • Invoice ID;
  • Country of issue of the card;
  • Unique card identifier (fingerprint).

Grounds for processing of Personal Data — processing is carried out within the framework of fulfillment of contractual obligations.

Types of processing of Personal Data:
  • Receipt of Personal Data from third parties, recording, systematization, accumulation, storage of Personal Data is carried out after payment for the plans on the page;
  • Clarification (update, modification) is not performed;
  • Deletion, depersonalization, blocking, destruction of Personal Data is performed through the Control Panel for User management.

Retention period of Personal Data — Personal Data shall be stored for the entire term of the agreement/for the terms established by the applicable laws of the United Arab Emirates.

Deletion of Personal Data — Personal Data shall be deleted after the expiration of the retention period specified by the applicable laws of the United Arab Emirates.

Payment for the Plan, in accordance with which the User uses the services of the Platform, shall be carried out using the payment systems Stripe, Telr. These payment systems collect and store financial information in accordance with their user agreements and privacy policies.

The administration does not store full card details and does not process payments, receiving only a notification from the payment system about the fact of successful payment.

In the process of receiving payment for the Plan, the Administration may collect additional information related to the payment made by the User, including, but not limited to, the transaction number, time of the transaction, type and expiration date of the card used for payments, as well as the last four digits of the card number, name of the cardholder, country and city in which funds were written off from the card.

2.3.6. The purpose of processing — to transfer of the User’s Personal Data to another Personal Data Controller when the User transfers profile to it

Processed Personal Data:
  • Name;
  • Emai;.
  • Unique User ID used on the Platform (ID).

Grounds for processing of Personal Data — processing is carried out as part of the User’s consent expressed by action.

Types of processing of Personal Data — cross-border transfer of Personal Data. Shall be initiated by the Personal Data Subject by instructing the Administration to transfer his/her Personal Data to another Personal Data Controller located in another jurisdiction. Carried out by the User independently by interacting with the Platform through the User interface.

Retention period of Personal Data — Within the framework of this processing of Personal Data, they are not store.

Deletion of Personal Data — deletion of Personal Data is not performed due to the fact that it is not stored.

2.3.7. The purpose of processing — review of requests from Personal Data Subjects regarding the processing of their Personal Data by Users on the Platform

Processed Personal Data:

For the applicant (Personal Data Subject):
  • Last name, first name;
  • E-mail;
  • Information about the identity document (including a scanned copy);
  • Personal Data that is the subject of the request.

For the applicant’s representative:
  • Last name, first name;
  • E-mail;
  • Personal Data reflected in documents confirming the representative’s authority, processed exclusively for the purpose of reviewing the request submitted by the representative on behalf of the applicant (name, date of birth, address, and other data as required by applicable law for documents);
  • Personal Data of the Personal Data Subject (the principal or represented person) whose Personal Data is the subject of the request.

Processing is carried out automatically upon submission of the request via a web form:
  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — processing is based on the consent of the Personal Data Subject.

Types of processing of Personal Data:
  • Collection, recording, accumulation, storage, anonymization, blocking, deletion.
  • Viewing via the system for interaction with Users.

Retention period of Personal Data — Personal Data shall be stored for 3 (three) years after the response to the request.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the consent for processing is withdrawn.

2.3.8. The purpose of processing — review of requests regarding violations of intellectual property rights by Users within the Intellectual Property Protection Policy

Processed Personal Data:

For the applicant (rights holder):
  • Full name of the rights holder;
  • E-mail;
  • Information about the identity document (including a scanned copy).

For the applicant’s representative:
  • Last name, first name;
  • E-mail;
  • Personal Data reflected in documents confirming the representative’s authority, processed exclusively for the purpose of reviewing the request submitted by the representative on behalf of the applicant (name, date of birth, address, and other data as required by applicable law for documents);
  • Job title and position (for representatives of legal entities authorized to act without a power of attorney).
  • Full name of the rights holder (for individuals).

Processing is carried out automatically upon submission of the request via a web form:
  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — processing is based on the consent of the Personal Data Subject.

Types of processing of Personal Data:
  • Collection, recording, accumulation, storage, anonymization, blocking, deletion.
  • Viewing via the system for interaction with Users.

Retention period of Personal Data — Personal Data shall be stored for 3 (three) years after the response to the request.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the consent for processing is withdrawn.

2.3.9. The purpose of processing — review of requests regarding the posting of potentially inaccurate information about a business entity by Users

Processed Personal Data:

For the applicant:
  • Last name, first name of the applicant (business entity);
  • E-mail.

For the applicant’s representative:
  • Last name, first name;
  • E-mail;
  • Personal Data reflected in documents confirming the representative’s authority, processed exclusively for the purpose of reviewing the request submitted by the representative on behalf of the applicant (name, date of birth, address, and other data as required by applicable law for documents);
  • Job title and position (for representatives of legal entities authorized to act without a power of attorney);
  • Full name of the person represented (trustor) whose Personal Data is processed.

Processing is carried out automatically upon submission of the request via a web form:
  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — processing is based on the consent of the Personal Data Subject.

Types of processing of Personal Data:
  • Collection, recording, accumulation, storage, anonymization, blocking, deletion.
  • Viewing via the system for interaction with Users.
  • Transfer — data may be transferred to the User in relation to whom the request was submitted.

Retention period of Personal Data — Personal Data shall be stored for 3 (three) years after the response to the request.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the consent for processing is withdrawn.

2.3.10.The purpose of processing — consideration of questions regarding blocking of the account due to application to the Stripe payment system

Processed Personal Data:

For the applicant:
  • Last name, first name of the applicant;
  • E-mail.

For the owner of the payment instrument:
  • Last name, first name of the payment instrument;
  • E-mail;
  • First name, last name indicated on the bank card from which the payment was made;
  • First and last 4 digits of the bank card;
  • Personal data contained in the document confirming the ownership of the bank card.

For the applicant’s representative:
  • Last name, first name;
  • E-mail;
  • Personal Data reflected in documents confirming the representative’s authority, processed exclusively for the purpose of reviewing the request submitted by the representative on behalf of the applicant (name, date of birth, address, and other data as required by applicable law for documents).

Processing is carried out automatically upon submission of the request via a web form:
  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — processing is based on the consent of the Personal Data Subject.

Types of processing of Personal Data:
  • Collection, recording, accumulation, storage, anonymization, blocking, deletion.
  • Viewing via the system for interaction with Users.
  • Transfer — data may be transferred to the User in relation to whom the request was submitted.

Retention period of Personal Data — Personal Data shall be stored for 3 (three) years after the response to the request.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the consent for processing is withdrawn.

2.3.11. The purpose of processing — review of other requests

Processed Personal Data:

For the applicant:
  • Last name, first name of the applicant;
  • E-mail;
  • Personal Data that is the subject of the request (if available in the request).

For the applicant’s representative:
  • Last name, first name;
  • E-mail;
  • Personal Data reflected in documents confirming the representative’s authority, processed exclusively for the purpose of reviewing the request submitted by the representative on behalf of the applicant (name, date of birth, address, and other data as required by applicable law for documents).

Processing is carried out automatically upon submission of the request via a web form:
  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — processing is based on the consent of the Personal Data Subject.

Types of processing of Personal Data:
  • Collection, recording, accumulation, storage, anonymization, blocking, deletion.
  • Viewing via the system for interaction with Users.
  • Transfer — data may be transferred to the User in relation to whom the request was submitted.

Retention period of Personal Data — Personal Data shall be stored for 3 (three) years after the response to the request.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the consent for processing is withdrawn.

2.3.12. Purpose of processing — participation in the Administration’s informational projects and informing about them

Processed Personal Data:
  • Participant’s name;
  • E-mail;
  • Messenger nickname.

Processing is carried out automatically upon submission of the request via a web form:
  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — processing is based on the consent of the Personal Data Subject.

Types of processing of Personal Data:
  • Collection, recording, accumulation, systematization, storage, extraction, use, anonymization, blocking, deletion.
  • Clarification (updating, changing) is not performed.

Retention period of Personal Data — Personal Datas shall be stored for 3 (three) years after registration for participation in the Administration’s informational project.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the consent for processing is withdrawn.

2.3.13. Purpose of processing — analysis of website visitation statistics of the Administration

Processing is carried out automatically upon visiting the Administration’s websites:

  • IP address;
  • City/Country (based on IP);
  • Browser version;
  • Language;
  • UTM parameters;
  • Partner tag;
  • URL of the page the User came from when accessing the Platform;
  • Cookie data used for User identification.

Grounds for processing of Personal Data — legitimate interest of the Administration.

Types of processing of Personal Data:
  • Collection, recording, accumulation, systematization, storage, extraction, use, anonymization, blocking, deletion.
  • Clarification (updating, changing) is not performed.

Retention period of Personal Data — Personal Data shall be stored for 3 (three) years after visiting the Administration’s website.

Deletion of Personal Data — Personal Data are deleted by the Administration after the retention period or earlier if the Personal Data Subject requests it.
3. Logging of User Actions
3.1. When the User performs actions in the Account, for security purposes and to prevent fraudulent activities, the following activity shall be logged: date and time of authorization, date and time of creating a project and page, date and time of deleting projects and pages, date and time of changing the login and password, date and time of transfer of projects or pages to other Accounts.
4. Personal Data Processed by Users
4.1. The Administration provides the User with the Platform, which can be used by the User for processing Personal Data.

The processing and storage of Personal Data processed (including those collected, stored and published) by Users on the Users' websites is carried out legally, for a period of time determined by the User themselves.

4.2. The Controller of this data shall be the User, and the Administration is the Processor, to which the User entrusts processing of Personal Data of their clients (according to the terminology defined by the Law). These relations shall be governed by the Instruction for Personal Data Processing. By using the Platform for processing Personal Data , the User thereby expresses their consent and accepts the Data Processing Agreement.

4.3. The User shall obtain all necessary consents from its customers when processing their personal data, including consent to transfer and to entrust the processing of such personal data to third parties (e.g. third-party server hosting service providers, etc.) as described in this Policy.

4.4. The User independently decides which Platform services they uses on their website to process Personal Data of their clients (collecting applications, orders, etc.).

4.5. If the User processes Personal Data of third parties using the functionality and services of the Platform, the User shall bear sole responsibility for compliance with appropriate measures to protect Personal Data in accordance with the Law and other laws and regulations, including in terms of obtaining appropriate permits, placement of the necessary documents and information on the User's Website.

4.6. The Administration shall not be responsible for the User’s relations with their clients or for the methods of the User’s procesing of their Personal Data (even if the User collects it using the functionality and services of the Platform), and the Administration does not and will not provide the User with any legal advice on such issues.

4.7. The Administration shall process Personal Data collected by the User on its websites on behalf of the User for the purposes determined by the User themselves.

4.8. If the User uses the payment system website, the Administration, on behalf of the User, may receive partial data (for example, 4 or 6 digits of the payment card number, the surname and name of the card holder and the name of the card-issuing bank) on the successful payment processing to ensure interaction between the website and the payment system.

4.9. The function of logging and storing partial data on successful payment processing shall be enabled by default. The User shall configure this function independently in the Personal Account. The User can change the data storage period (set a value from 1 to 30 days or delete the data immediately after transfer to the data collection services enabled by the User) or disable this function.

4.10. Data collected on the User’s website shall be stored for a period configured by the User (no more than 30 days, depending on the parameters set by the User).

4.11. The User shall be prohibited from processing special, biometric and other sensitive Personal Data of their clients due to the fact that the Platform is not intended for processing thereof.

4.12. If the User processes Personal Data of third parties, the User shall bear sole responsibility for compliance with appropriate measures to protect Personal Data in accordance with the Law and other laws and regulations, including in terms of obtaining appropriate permits, placement of the necessary documents and information on the User's Website.

4.13. The Administration shall not be authorized to provide legal advice to Users, however, it recommends that Users processing Personal Data place a user agreement, privacy policy on the website and add links to these documents and a special field in the data collection form to obtain explicit consent that the user has read and agrees to these rules.

4.14. The website created by the User uses cookies by default. If the User does not plan to use this function and work with Personal Data, they should independently disable the use of cookies that are not necessary for functioning of the Platform in the website settings.
5. Methods for Collecting Personal Data
5.1. The main ways in which the Administration obtains the User's Personal Data:
1) The User provides Personal Data directly (for example, when registering or connecting and using third-party services integrated into the Platform);
2) Personal Data is collected automatically when the User browses or uses the Platform, for example by means of cookies (more details in the Cookie Policy);
3) Personal Data may be obtained from third parties and services integrated into the Platform and used by the User.
6. Transfer and Receipt of Personal Data from Third Parties
6.1. To use various services of the Platform, the User may be required to provide access to accounts of third-party service providers, including, but not limited to, public file storage, instant messaging, social networks, etc. In this case, the Administration may receive from third parties additional Personal Data , including, but not limited to, gender, location, userpic, etc. All information available through the third party service provider shall be processed and stored in accordance with its user agreement and privacy policy.

6.2. The User may be asked for Personal Data and other information by third parties, for example, when it is necessary to make a payment, or to add additional functions using third-party services integrated with the Platform. The user voluntarily provides Personal Data and other information. All Personal Data requested by third parties should be processed and stored in accordance with the aser agreement and privacy policy of the said third parties.

6.3. The Administration may transfer Personal Data to another Personal Data Operator when the User transfers their profile to them, as well as to service providers acting on behalf of the Administration. For example, the Administration may engage third parties to provide support to Users, manage advertisements on third-party resources, send marketing and other messages on behalf of the Administration (as described in the Terms of Service) or provide assistance in storing data. These third parties shall be prohibited from using the Users’ Personal Data for advertising purposes.

6.4. The Administration may disclose the User’s Personal Data in accordance with the law or to protect the rights and interests, if such disclosure is necessary to comply with the law or prevent fraud. In particular, the Administration may disclose the User’s Personal Data in response to official requests from government agencies or in the event of receiving a complaint against the User in connection with a violation of the rights of third parties and/or the user agreement on the grounds provided for by law.

6.5. The Administration may exchange Personal Data with third parties in order to provide the User with targeted advertising, analyze and monitor its effectiveness. For example, the Administration may use an encrypted email address to set up advertising on a social network so as not to show advertising to persons who are already Users of the Platform.

6.6. The Administration may transfer Personal Data to third-party providers of services on behalf of the Administration at the instruction. For example, the Administration engages providers of hosting and server housing services, content delivery networks (CDNs), data transmission and cybersecurity service providers, payment systems, web analytics service providers, service providers for distribution and monitoring of electronic messages, content providers, legal and financial consultants.

6.7. To host and ensure the functioning of the Platform, the Administration uses the services of data processing centre providers located in the United Arab Emirates and States that ensure an adequate level of protection of the rights of data subjects and with whom agreements have been concluded to guarantee the security of Personal Data processed by it:

6.8. To provide the Users with technical support services and process their requests, the Administration may entrust processing (including collection, recording, accumulation, storage, depersonalization, blocking, deletion, viewing) of all Personal Data listed in this document to Tilda Publishing Kaz LLP (050054, Republic of Kazakhstan, Almaty city, Turksib district, Mailina street, building 79/2), with whom the Administration has concluded all necessary agreements guaranteeing the security of processed Personal Data and respect for the rights of the Users.
7. Personal Data Storage
7.1. The processing and storage of the User's Personal Data is carried out legally during the existence of the User's Account, as well as within the terms established by the current legislation of the United Arab Emirates. In case of deletion of the Account, it is possible to retain part of the information to the extent necessary to fulfill legal obligations, settle disputes, prevent fraud, and protect the legitimate interests of the Administration.

7.2. In case of loss or disclosure of the User's Personal Data, the Administration shall notify the User of the fact of their personal data loss or disclosure.

7.3. In order to ensure adequate protection of the User's Personal Data, the Administration:
1) appoints a person responsible for organizing the processing of Personal Data (Data Protection Officer;
2) issues documents defining the Administration's policy regarding the processing of Personal Data, local acts on the issues of Personal Data processing, defining for each purpose of Personal Data processing the categories and list of processed Personal Data, categories of subjects whose Personal Data are processed, methods, terms of their processing and storage, the procedure for destruction of Personal Data upon achievement of the goals of their processing or upon occurrence of other legitimate grounds, as well as local acts establishing procedures aimed at detecting and preventing violations of the United Arab Emirates legislation and eliminating the consequences of such violations;
3) applies legal, organizational and technical measures to protect Personal Data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data, necessary to fulfill the requirements to the protection of personal data established by the Law.;

4) identifies threats to the security of personal data during its processing in personal data information systems;

5) evaluates the effectiveness of the measures taken to ensure the security of Personal Data prior to the commissioning of Personal Data information systems;
6) detects unauthorized access to Personal Data and takes measures to detect, prevent and eliminate the consequences of computer attacks on Personal Data information systems and respond to computer incidents therein;
7) restores Personal Data modified or destroyed due to unauthorized access to it;
8) establishes rules of access to Personal Data processed in Personal Data information systems, as well as ensures registration and record keeping of all actions performed with Personal Data in Personal Data information systems;
9) exercises control over the measures taken to ensure the security of Personal Data and the level of protection of Personal Data information systems;
10) exercises internal control and (or) audit of compliance of Personal Data processing with the Law, regulatory legal acts adopted in accordance with it, requirements to Personal Data protection, operator's policy on Personal Data processing, local acts of the operator;
11) assesses the harm that may be caused to the subjects of Personal Data in case of violation of the Law, the correlation between this harm and the measures taken by the operator to ensure the fulfillment of obligations under this Law.

7.4. The Administration shall organize, inter alia:
1) a system of continuous monitoring of detection of non-standard behavior of information systems with subsequent analysis for unauthorized access or common errors;
2) provision of a secure channel for accessing/processing Personal Data (HTTPS, TLS1.2+);
3) introduction of two-factor authorization for both Administration employees and Users;
4) annual audit of the information system, which is a control over the measures taken to ensure the security of Personal Data and the level of protection of the information system of Personal Data;
5) loosely coupled microservice architecture, where each microservice processes only those Personal Data and the minimum necessary for its operation;
6) storage of sensitive data in encrypted form with a variable encryption key;
7) implementation of the public Bug Bounty vulnerability search program, within the framework of which each User can inform the Administration about the vulnerabilities they have discovered.

7.4. The Administration detects facts of unauthorized access to Personal Data and takes measures, including detection, prevention and elimination of consequences of computer attacks on information systems of Personal Data and response to computer incidents in them.
The Administration has adopted local acts on Personal Data security issues.

7.5. Employees of the Administration having access to Personal Data are familiarized with this Policy and local acts on Personal Data security issues.
8. Updating and Deleting Personal Data
8.1. The User can independently, by authorizing in the Personal Account, update, restrict the use or change Personal Data they have provided.

8.2. To withdraw consent for the processing of Personal Data and to request the deletion of Personal Data, the Personal Data Subject must send a relevant request to the email address dpo@tilda.cc. In response, the User will receive an email with a link to a page in the Personal Account where they will need to confirm their intention to delete their Personal Data and Account. Requests from other categories of Personal Data Subjects will be processed by the Administration in accordance with the applicable procedure.

The period for deleting Personal Data is 30 days from the date the request is received by the Administration.

8.3. For technical reasons, the information may be deleted not immediately, but with a delay. In this case, the Administration blocks such Personal Data until their complete deletion from its databases, in connection with which, such Personal Data become inaccessible and their use - impossible.
It should also be taken into account that it is possible to retain some of the information to the extent necessary for the fulfillment of legal obligations, dispute resolution, fraud prevention and protection of legitimate interests of the Administration.

8.4. After the final deletion of data and Account, all Personal Data and information will be deleted from the databases of the Administration (after the expiration of storage periods established by applicable law). Upon completion of this process, the User will no longer be able to use the Platform services, and the Account and all data will be deleted without the possibility of recovery.
9. Rights and Obligations of the User
9.1. In relation to the Administration, the User provides their Personal Data and keeps it up to date.

9.2. The User independently regulates relations with third parties, with whom they interact through their website, regarding the data collected on the User's website and bears responsibility both to third parties and to regulatory authorities.

9.3. In accordance with the applicable law, the User has the following rights in relation to Personal Data processed by the Administration:
1) the right to receive information about the processing of Personal Data by the Administration;
2) the right of access to processed Personal Data;
3) the right to receive from the Administration the Personal Data processed by it in a generally accepted machine-readable format (right to data portability);
4) the right to clarify and correct Personal Data;
5) the right to stop processing and delete Personal Data (the right to be "forgotten")
6) the right to restrict the processing of Personal Data;
7) the right to restrict decision-making based solely on the automated processing of Personal Data (including refusal of profiling);
8) the right to receive information about the restriction or termination of processing of Personal Data at the initiative of the Administration;
9) the right to object to the processing of Personal Data.

9.4. To exercise the listed rights, the User should contact the Administration, as described in the Contacts section hereof.

9.5. Also, according to the applicable law, the user has the right to contact the government body supervising the processing of Personal Data — UAE Data office.
10. Rights and Obligations of the Administration
10.1. The Administration undertakes to:
1) Use Personal Data provided by the User exclusively for the purposes specified in this Privacy Policy;
2) Keep the confidentiality of Personal Data; not to disclose Personal Data of the User without prior permission of the User, except as expressly provided by law; not to sell, exchange, publish or disclose it Personal Data by any other means, except as specified in this Privacy Policy;
3) Take measures to protect the confidentiality of the User's Personal Data in accordance with the internal procedures of the Administration;
4) Immediately block the User's Personal Data after receiving a request from the User or their legal representative or the appropriate authority for the protection of the User's Personal Data during the verification of this information in case of detection of invalid data or unauthorized actions.

10.2. In accordance with the applicable law, the Administration may request from the User confirmation of the existence of legal grounds regarding the User’s processing of personal data processed by him/her using the Platform.

10.3. The Administration shall be entitled not to respond to the User’s request in the following cases:
1) the request is not related to the User’s Personal Data, or is repeated too often;
2) the request is contrary to judicial procedures or investigations carried out by the competent authorities;
3) the request has a negative impact on the Administration’s efforts to ensure information security;
4) the request concerns the confidentiality of Personal Data of third parties which are not Clients of the User;
5) the request contradicts other legislation to which the Administration is subject.

10.4. The Administration shall be entitled to continue processing of Personal Data without the Consent of the Personal Data subjects in the following cases:
1) when processing is limited to storage of Personal Data;
2) when processing is necessary for initiation or defense of any proceedings relating to a claim of rights or legal action, or connected with legal proceedings;
3) if processing is necessary to protect the rights of third parties in accordance with the applicable law.
4) when processing is necessary for reasons of public interest.

10.5. In case of failure to perform its obligations, the Administration accepts liability for any losses, which amount is limited to the cost of the Plan, incurred by the User as a result of the unauthorized use of their Personal Data, in accordance with the legislation of the United Arab Emirates, except for the cases when Personal Data:
1) was disclosed to the competent authorities of the United Arab Emirates;
2) was disclosed by the third party after it was shared by the Administration with the User's consent;
3) became public before it was lost or disclosed;
4) was received from a third party before it was provided to the Administration;
5) was disclosed with the User's consent;
6) was disclosed as a result of a force majeure event;
7) was disclosed as a result of a justified claim addressed to the User regarding the violation of the third parties' rights and/or the Terms of Service Agreement.
11. Contacts
If you have any questions, comments or complaints about this Privacy Policy, or if you wish to withdraw your consent for the processing of Personal Data, please send us a request to the ticket system if you are an authorized User of the Platform.

If you are not an authorized User of the Platform, please contact us by sending an email to legal@tilda.cc — for legal matters and dpo@tilda.cc — for matters related to the organisation of processing and protection of personal data.A response will be sent within the time period established for consideration of appeals.
The current version of the Privacy Policy is dated 18.12.2024
Made on
Tilda