Tilda Publishing
Privacy Policy
1. Privacy Policy
This Privacy Policy (hereinafter — “Privacy Policy”) determines the Administration's responsibilities towards non-disclosure and protection of the confidentiality of personal data provided by the User on the Administration's request when register on the Platform (hereinafter — the “Platform”).

Privacy Policy refers to all information that the Platform can collect about a User while they are using the service (the “Service”). By registering on this Platform, the User consents to all terms of this Privacy Policy.

This Privacy Policy may be amended by the Administration without prior notification. The current Privacy Policy is at all times available at https://tilda.cc/privacy.
2. User's Personal Data
2.1. Key terms

Upon registration, the User provides the Administration with personal data including name, surname, and e-mail address. When registering and /or using the Service the Platform may automatically or with the participation of a User collect additional personal information, including IP-address, browser version, country, language, UTM parameters, partner's tags, address of a page's referrer, and other technical data, which can be used for identification of the User without taking additional measures.

The User may be required to provide access to accounts of third-party service providers including, inter alia, public file storage, instant messages service, social networks and other in order to use different Services. In this case, the Administration may receive additional personal data from the third-party provider including, inter alia, sex, location, userpic, etc. All information accessed through the third-party service provider shall be processed and stored in accordance with the Terms of Service Agreement and Privacy Policy.

2.2. Payment Policy

The Platform tariff payment shall be made via one of the available payment systems such as Stripe.com, PayPal, CloudPayments. These payment systems collect and retain financial information in accordance with the Terms of Service Agreement and Privacy Policy.

The Administration does not store full card details. It does not act as a Payment Controller, and only receives notifications about successful payments.

It is understood, however, that when receiving payment for the Tariff, the Administration may collect additional information including, inter alia, transaction number, transaction time, type and expiration date of the card used for payments as well as the last four digits of the card number, the cardholder's name, country, and city where the card has been charged.

2.3. Personal Data requested by third party services

The User may be required to provide access to accounts of third-party service providers including, inter alia, public file storage, instant messaging service, social networks, and other in order to use different Services. In this case the Administration may receive additional personal data from the third-party provider including, inter alia, gender, location, userpic, etc. All information accessed through the third-party service provider shall be processed and stored in accordance with the Terms of Service Agreement and Privacy Policy.

2.4. Activity Data Tracking

For the purposes of security and fraud prevention, when the User is logged into their Account the following activities are logged: date and time of signing in, date and time when the project was created, date and time when the project was deleted; date and time the password and e-mail were changed, date and time the project and webpage were transferred to another account.

2.5. Personal Data required during domains registration

The User has the option of registering a domain name in their personal account on the Platform. This service is provided by the domain name registrar LLC Domains Registrar REG.RU. All personal data required for domain registration shall be processed and stored in accordance with the Terms of Service Agreement and Privacy Policy. The Platform does not process these requested data; it solely provides the user interface for transferring personal data to the domain registrar.
3. The Personal Data Collection Procedure
The main ways of receiving personal information from Users are as follows:

a) the User provides personal information directly (e.g., when registering on the Platform or using a payment system);
b) Personal Data is collected automatically when the User runs or uses the Platform, for example with the help of cookie files (for more details see the Cookie Policy);
c) the User can provide Personal Data on their own accord when they log in and use third-party services that have been knowingly integrated into the Platform.
4. Personal Data Use
The Administration may use Personal Data provided to it by the User to:

a) Create an Account and Personal account in order to use the Platform;
b) Provide client service and technical support;
c) Send notices by e-mail, such as confirmation of registration, a reminder or a notice about a forthcoming or completed payment, activation of the trial period and notice of its termination, complaints about the Website created within the Account, notices about significant changes in client service. These messages are mandatory from a technical point of view and cannot be cancelled for an active account.
d) Email-related educational materials regarding use of the Platform and monthly newsletters containing news connected with the Platform's functions. To opt out from receiving these messages, the User must follow the unsubscribe instruction which is contained in every message they receive.
e) Provide tailored service. For example, location and language detected by the browser are used to set the language of the Platform's interface.
f) Send promotional materials and advertising. Depending on how the User engages with the Platform, they may be sent individual marketing messages about products and services. Also, the information about User interaction with the Platform allows it to recalibrate advertising campaigns, for example, avoid showing social ads to the Platform's users.
g) Integrate third-party services that provide additional functionalities to the User's website that have been added knowingly with the User’s consent.
h) Sending notifications of payments made on the User's website.
i) Improve the functioning of the Platform and provide better services. Statistics and analysis of the use of the Platform's functions allow us to determine the priorities for further development. As a result, anonymous generalized information is used for these purposes.
5. Transfer of Personal Data to Third Parties
The User may be required to provide Personal Data when using third-party services, for example, when making a transaction or integrating third-party services that give additional features to the User's website. The User provides this information voluntarily and on their own accord. All personal data required by third-party services shall be processed and stored in accordance with the Terms of Service Agreement and Privacy Policy.

The Administration can share personal data with service providers that perform services on the Administration's behalf. For example, the Administration can engage third parties to help it provide customer support, manage to advertise, send notifications, and newsletters on the Administration's behalf. These third parties are prohibited from using the Users' personal data for promotional purposes.

The Administration can disclose personal data to the extent required by laws or to protect rights and interests if such disclosure is reasonably required in order to comply with laws or to prevent fraud. In particular, the Administration can disclose the User's data if it is lawfully requested by the state authorities or if it receives a justified claim addressed to the User regarding violation of the third parties' rights and/or the Terms of Service Agreement.

The Administration can share the User's personal data with third parties to provide the User with targeted advertising, and also to measure and control its effectiveness. For example, the Administration can use encrypted e-mails to adjust advertising in social networks to avoid showing these ads to current Platform users.
6. Storage of Data
The processing and storage of User's personal data will be carried out on the legal grounds during the time that the account exists. In the event that the account is deleted, some data may be stored insofar as it is necessary for fulfilling legal obligations, settling disputes, preventing fraud, and protecting the interests of the Administration.

The Administration takes all necessary technical and organizational precautions to protect User's personal data against unauthorized or accidental access, deletion or alteration, blocking, copying, disclosure, or other unauthorized actions of third parties.

In case of loss or disclosure of User's personal data, the Administration notifies the User about the fact of their personal data loss or disclosure.
7. Personal Data Collected by Users on Their Websites
7.1. General provisions

The Administration does not process personal data collected by the User on websites, and only provides the computing capacity that could be used for data collection. The Administration acts not as a 'Controller' but as a 'Processor' in the meaning of the European Union General Data Protection Regulation.

Data collected on the User's website is kept in their personal account for 30 days. This function is included by default and is aimed at improving user experience. The User is free to switch off this function at any time, change the amount of time their data is retained, change or delete data either in part or in full, and also to export data.

In the event the User uses an online payment system, the Administration may receive partial data about a successful payment in order to facilitate cooperation between the website and payment system.

The function of logging and retaining partial information about a successful payment is included by default. This function can be set by the User in their personal account. The User may change the length of time their data is kept or turn off this function.

7.2. Responsibility of the User

Should the User process third party data, the User is solely liable for taking appropriate measures for the protection of personal data, according to the General Data Protection Regulation (GDPR) and other laws and regulations, including obtaining appropriate permits and posting the necessary documentation and information to their website.

The Administration does not have the right to provide legal assistance to Users, although it recommends that the Users who process personal data add the Terms of Service Agreement to their website, as well as the confidentiality agreement and add links to these documents and a special field in the data collection form that will show that the User has read and agreed to these rules. Read more about this in the Help section of the Platform: help.tilda.ws/gdpr-compliance

The website created by the User uses cookie files by default. In case if the User has no plans to use this function or to work with personal data, they must disable the use of cookies in the website settings.
8. Cookie Policy
Cookies are small text files sent by the server to the User's device. Cookies perform many functions, for example, they allow to save the settings made by the user, allow the user to move between pages after signing in, and, on the whole, make working on a website easier.

Here is how we use cookie files:
а) Identification — cookie files allow website providers to recognize your advice and your Account so they do not have to request your login details and password every time you go to another page;
b) Analytics — cookie files allow us to obtain information about the viewing how many times this or that page was viewed.

The user has the right to set the browser to refuse cookies but this will substantially limit their ability to use the Platform.
9. Managing Personal Data
The User can review, change or delete Personal data that was provided by the User or that was collected from the User's website, in their personal account or by sending a relevant query to legal@tilda.cc. The User may use the same e-mail address should the User request their online Account to be deleted.

For technical reasons, the information may not be deleted straight away, but with a delay. Please note that we may retain some of the information to the extent that is necessary for fulfilling legal obligations, resolving disputes, preventing fraud, and protecting the legitimate interests of the Administration.
10. User's Obligations
In relation to the User to the Administration, the User provides their personal data and keeps it up to date.

The User shall independently manage relationships with their Users in relation to the data collected on the User's website.
11. Administration Obligations
The Administration undertakes to:

a) Use the information provided exclusively for the purposes set out in Clause 4 of this Privacy Policy;
b) Keep personal information confidential; not to disclose the User's personal information without prior written permission obtained from the User; not to sell, exchange, publish or disclose it by any other means, except for the means indicated in Clause 5 of this Privacy Policy.
c) Take measures to protect the confidentiality of User's personal information according to standard procedures.
d) Block the User's personal information immediately after receiving a request from the User or their legal representative or a relevant authority for the protection of the User's personal data while it is being checked in case invalid data or unauthorized activities are detected.

The Administration may share the User's personal data with the authorities in the relevant jurisdiction solely on the grounds and in accordance with the legislation of the Russian Federation.
12. Liabilities of the Parties
In case of failure to perform its obligations, the Administration accepts liability for any losses, which amount is limited to the cost of the Tariff, incurred by the User as a result of the unauthorized use of their personal data, in accordance with the legislation of the Russian Federation, except for the cases when personal data:

a) was disclosed to the competent authorities in the relevant jurisdiction;
b) was disclosed by the third party after it was shared by the Administration with the User's consent;
c) became public before it was lost or disclosed;
d) was received from a third party before it was provided to the Administration;
e) was disclosed with the User's consent;
f) was disclosed as a result of a force majeure event;
g) was disclosed as a result of a justified claim addressed to the User regarding the violation of the third parties' rights and/or the Terms of Service Agreement.
13. Contacts
If you have any questions, comments, or complaints about this Privacy Policy, please contact us at legal@tilda.cc. We will respond within a reasonable amount of time.
Made on
Tilda