Visiting the website, using the platform, and any other provision of personal information constitutes your consent to the processing of personal data to the extent and for the purposes set out in this Policy.

Please read this document carefully. If you do not agree with its terms, please do not use the website or the platform, and do not provide us with your personal data.

Policy – this Privacy Policy, available on the Internet at https://tilda.kz/privacy/.
Personal Data – any information relating to an identified or identifiable data subject, recorded on an electronic, paper, or other material medium.
Controller – Tilda Publishing Kaz LLC, BIN 220540034413, which is the controller and owner of the database and carries out the collection, processing, and protection of Personal Data.
Platform – a software package located on the Internet at https://tilda.kz/, and intended for creation and publication of websites, letters and documents.
Website – the website available on the Internet at https://tilda.kz/, including all of its pages and related subdomains.
User – a person who uses the functionality of the Platform.
Representative – representative and/or contact person of the User being a legal entity.
Project – website, letter or document created through the functionality of the Platform.
Event – an information, marketing and/or promotional event of the Controller related to the use of the Platform.
Applicant – any person submitting to the Controller an inquiry, complaint, or claim regarding the use and/or operation of the Platform, except for a User.

If there is no definition of a term in the text of the Policy, you should be guided by the interpretation of the term: first of all – as provided by the legislation of the Republic of Kazakhstan, secondly – as established (commonly used) on the Internet.

Terms related to the use of the Platform shall be interpreted in accordance with the Terms of Service (hereinafter referred to as the Agreement), regardless of whether capitalized or lowercased.

1.1. Scope of Application of the Policy. This Policy applies to the processing of the following Personal Data by the Controller:
1) Website visitors;
2) Users and Representatives;
3) Applicants;
4) Event attendees.

1.2. Processing the Personal Data on the Projects. By using the functionality of the Platform, the Users may process Personal Data of third parties on the Projects, including the following methods:
1) posting information on the Projects about the individuals, including counterparties, partners, employees and customers;
2) using feedback collection forms, request management systems, as well as tools for creating online stores and training courses, such as shopping carts, delivery services and/or personal accounts on the Projects;
3) analyzing visitation statistics for the Projects published on the Internet.

Users are solely responsible for the processing of Personal Data of third parties. The Controller processes Personal Data of third parties, acting as a third party in accordance with the Data Processing Agreement.

The Controller shall not be responsible for the actions of Users when processing Personal Data on the Projects. Any claims of third parties related to the processing of their Personal Data should be addressed directly to the User that performs such processing.

1.3. Processing Other Personal Data. The conditions and procedure for processing Personal Data of visitors and users of other websites and/or services of the Controller are determined by the processing policies of the relevant websites and services.

Processing of Personal Data of candidates, employees, counterparties and representatives of the Controller's counterparties shall be carried out in accordance with other documents of the Controller. However, this Policy may be applied to the specified persons in case of their interaction with the Controller as subjects covered by this Policy.

2.1. Informing about the Location. The Website is intended for use by persons whose main location is the territory of the Republic of Kazakhstan. In order to analyze the location of the Website visitor, the Controller processes IP thereof, including the country by IP.

If the Website visitor is located outside the Republic of Kazakhstan, the Controller shall send automatic notification about the regional specificity of the Website and the possibility of switching to the version corresponding to the relevant geographical location.

2.2. Ensuring the Website Functioning. The Controller processes essential and functional cookies of the Website visitors. Cookies are processed to ensure the Website functioning in accordance with the Cookie Policy.

2.3. Receiving Feedback. Visitors to the Website can leave their feedback about the Platform on the relevant Website page. For receiving feedback, the Controller processes the e-mail address, name and links to social media profiles.

2.4. E-mail Distribution. The Controller may send informational and technical materials, notices and messages related to the use of the Platform to the e-mail address provided by the Website visitor in the data collection form. E-mail address is processed by the Controller based on the consent received.

2.5. Analysis of Website Statistics. In order to analyze traffic and behavior on the Website, the Controller uses Google Analytics and Google Tag Manager services. The collection and processing of analytical cookies of Website visitors is carried out by the Controller in accordance with the Cookie Policy.

3.1. Providing Access to the Platform Functionality. In order to provide access to the Platform and its functionality, the Controller processes the name, e-mail address, country, User ID of the Users, as well as the IP, including city and country by IP of the Users and their Representatives.

3.2. Payment of License Fee and Other Services of the Controller. In case of payment of the license fee and other services of the Controller using a bank card, the Controller shall process the masked number of the bank card, validity period of the bank card, country of issue, the date and time of payment, name of the payment system, number of the transaction in the fast payment system.

When paying with a bank card, the User uses payment aggregator services TipTop Pay Kazakhstan LLP or Freedom Pay LLP, being the Controller’s partners. Financial information of the Users is processed by payment aggregators and acquiring banks in accordance with their policies and processing rules.

The Controller does not receive information about full details of the User's bank card and does not process payment transactions directly.

Users being legal entities or individual entrepreneurs can choose invoice payment for the license fee and other services of the Controller as a payment method. If the User chooses the specified payment method, the Controller shall process the last name, first name, patronymic, e-mail address and the telephone number of the Representative.

3.3. Restoring Access to the Account. If e-mail address, password from the account on the Platform are lost, and/or there is no access to the linked e-mail address, the Controller may request the User to provide a masked bank card number, bank account number, as well as the last name, first name, patronymic of the User or the Representative.

Personal Data provided to the Controller is processed in order to verify the User and further restore access to the account on the Platform in case of verification.

3.4. Removing the Automatic Restriction on Publication of the Project. The Platform has built-in protection against suspicious activities in the User's account.

For the purposes of removing restrictions, the Controller requests the User's cell phone number and/or links to the User's social media accounts. In this case, the Personal Data provided is processed by the Controller based on legitimate interest.

3.5. User Support. In case of any questions related to the use and/or functioning of the Platform, the User may contact the Controller's support service by e-mail or through the internal system on the Platform.

In order to provide support services, the Controller processes the name, e-mail address, country, User ID, IP, including city and country by IP of Users, as well as any other data specified in the User's application.

3.6. Creating Portfolios and Searching for Designers. The User may create their portfolio on the Platform for the purpose of client acquisition. When creating a portfolio, the User provides the Controller with the photo, first and last name, description of the activity, e-mail address, and receives a unique designer identifier.

By creating a portfolio, the User understands that their information will be published on the Internet. Disclosure of Personal Data to an unlimited number of persons is carried out by the User independently.

A User wishing to engage a designer to create a Project can fill out a corresponding questionnaire on the Platform or in the designer's profile. In this case, the User provides the Controller with the name, e-mail and information about the Project.

Personal Data mentioned above is processed by the Controller in order to provide Users with the opportunity to create portfolios and search for designers in accordance with the Tilda Experts Terms of Use.

The Controller may also publish links to a User’s portfolio, made publicly available in the Website gallery, as well as on the separate website. By creating a portfolio, the User gives the Controller consent to distribute such Personal Data without establishing any separate conditions and/or restrictions on its processing.

3.7. Posting Information on the Projects. The functionality of the Platform allows the Users to post documents, diagrams, texts, videos and other objects on the Projects. The User independently manages the information placed on the Projects, including uploading, modifying text materials, as well as exporting the Project in accordance with the terms and conditions of the Agreement.

If the information posted on the Project contains Personal Data of the User who is an individual, the Controller processes the provided Personal Data in order to enable the User to post information on the Project.

However, the functionality of posting Content on the Projects is not intended for publishing images containing the User's Personal Data, including photos thereof and/or scanned copies of documents.

When using the multi-access feature, Personal Data posted on the Project may become available to other Users and, when the Project is published on the Internet, to an unlimited number of persons. The User independently determines the conditions of access to Personal Data in the relevant Project settings.

By publishing the Project in the public domain on the Internet, the User understands and acknowledges that:
1) disclosure of Personal Data to an unlimited number of persons is carried out by the User independently;
2) the Controller does not distribute the User's Personal Data in the context of the legislation of the Republic of Kazakhstan.

3.8. Connecting Third-Party Services. When using the Platform functionality, the User may be offered to connect third-party services, including e-mail services, cloud storage and social networks.

In case of connection of third-party services, the Controller may gain access to e-mail addresses and/or nicknames specified in the relevant User's service accounts. This Personal Data is processed by the Controller in order to ensure integration with third-party services.

3.9. E-mail Distribution. The Controller may send informational and technical materials, notices and messages related to the use of the Platform and updates on the Platform to the e-mail address provided in the User’s account.

The User can unsubscribe from the Controller's news/promotional mail-outs in the Personal Account of the Platform or by clicking on the corresponding link in the e-mail message.

3.10. Technical Provision of the Platform. The Controller processes essential and functional cookies of Users in accordance with the Cookie Policy in order to ensure the functioning of the Platform.

3.11. Information Security. In order to ensure the security of the Platform and prevent unauthorized access, the Controller:
1) uses reCAPTCHA service that analyzes the technical parameters of the device, the User's behavioral characteristics, and the User's digital footprint;
2) automatically registers the User's actions when working in an account on the Platform.

4.1. Reviewing Applications. In order to consider questions, complaints, claims and other requests related to the use and/or operation of the Platform, the Controller processes the following Personal Data of the Applicants and/or their Representatives: last name, first name, patronymic, e-mail address, identity document data, other information indicated directly in the text of the request and documents.

Consent to the processing of Personal Data for the purposes of reviewing the request may be provided to the Controller.
1) by ticking the relevant boxes in online forms;
2) by including the consent in the text of the request and/or the content of the electronic message;
3) in any other manner that clearly expresses the Applicant's consent.

4.2. Referrals to Users. The Controller shall be entitled to redirect the Applicant's complaint, inquiry or claim to a specific User, if the content of the received application concerns the actions of the User and/or the Project.

Personal Data contained in the Applicant's application is transferred by the Controller in order to settle a dispute between the User and the Applicant. Thereat, the Applicant's Personal Data may be transferred to the User solely based on the consent given in writing or by including the consent in the text of the request and/or the content of the electronic message.

Non-profit organizations and/or entities creating non-profit Projects may be entitled to use the Platform to provide grants.

When submitting a grant application, the participant provides the Controller with the last name, first name, patronymic, contact e-mail address, e-mail address of the account on the Platform. The Controller processes the provided Personal Data for the purpose of processing grant applications.

6.1. Actions with Personal Data. The Controller processes Personal Data by performing the following actions: collection, storage, modification, supplementation, use, distribution, anonymization, blocking, and destruction of Personal Data.

6.2. Personal Data Processing Terms. The Controller processes Personal Data no longer than is required to achieve the purposes of processing:
1) when processing the Personal Data of Users and Representatives – for the term of the Agreement, as well as for 3 years after its termination on any grounds;
2) when processing the Personal Data of Website visitors, Applicants, and Event attendees – for no more than 10 years.

Other retention periods for Personal Data may be established by the legislation of the Republic of Kazakhstan or by separately obtained consent.

In accordance with legal requirements, the Controller stores Personal Data in databases located on the technical facilities of Internet Company PS LLP and SSR LLP, which are situated within the territory of the Republic of Kazakhstan.

To ensure the preservation and recovery of data in case of loss, the Controller may store Personal Data on other servers, including those of Hetzner Online GmbH.

8.1. Purposes of Personal Data Transfer. Personal Data is transferred by the Controller solely to achieve the purposes set out in this Policy. The Controller does not sell or provide Personal Data to third parties for marketing and/or advertising purposes.

8.2. Transfer to Third Parties. The Controller transfers Personal Data to Internet Company PS LLP and SSR LLP for the purpose of ensuring the storage of Personal Data in databases hosted on technical facilities located within the territory of the Republic of Kazakhstan.

An agreement has also been concluded between the Controller and Tilda Platform Cloud Services Co. LLC to ensure the lawful transfer of Personal Data to Hetzner Online GmbH for the processing of Personal Data on its servers.

The Controller shall be entitled to transfer Personal Data to third parties if such transfer is based on the consent obtained, is necessary to fulfill obligations provided for by the Agreement, is provided for by international or national legislation, or occurs within the framework of assignment, transfer of debt and/or in the order of legal succession.

In particular, the Controller transfers Personal Data to:
1) entities maintaining the Platform on other top-level domain names, when changing the country of the profile on the Platform at the initiative of the User;
2) payment aggregators and/or acquiring banks in case the User initiates the procedure of disputing the payment by bank card;

8.4. Cross-Border Transfer. The Controller carries out cross-border transfers of Personal Data in the cases provided for by the Policy. In particular, such a transfer occurs when the User changes the country of their profile on the Platform.

When performing cross-border transfers, the Controller undertakes to ensure the security of the transfer in accordance with the requirements of the legislation of the Republic of Kazakhstan. The transfer of data to the territory of foreign countries that do not protect personal data is carried out by the Controller upon receipt of consent.

9.1. Ensuring Personal Data Protection. The Controller takes necessary legal, technical and organizational security measures to protect Personal Data in accordance with the legislation of the Republic of Kazakhstan.

9.2. Measures Applied. The security of Personal Data processing is ensured by the Controller, including through the following measures:
1) identifying business processes that contain Personal Data;
2) adopting this Policy;
3) appointing a person responsible for organizing Personal Data processing;
4) defining the list of persons who collect and process Personal Data or have access to them;
5) establishing procedures for accessing Personal Data;
6) ensuring the installation of information security tools and software updates on technical systems that process Personal Data;
7) ensuring the transfer of Personal Data to other parties via secure communication channels or through encryption;
8) ensuring the use of cryptographic protection tools for the reliable storage of restricted-access Personal Data;
9) using identification and/or authentication tools when working with restricted-access Personal Data;
10) applying backup technologies.

10.1. Withdrawal of Consent to Processing. Consent to the collection and processing of Personal Data may be withdrawn at any time by submitting a request to the Controller in the manner provided by this Policy.

However, consent cannot be withdrawn if:
1) the withdrawal contradicts the legislation of the Republic of Kazakhstan; or
2) there are outstanding obligations, including when Personal Data is necessary for the Controller to fulfill the purposes of the Agreement.

10.2. Destruction of Personal Data. The Controller destroys Personal Data upon the expiration of the storage period, termination of legal relations, entry into force of a court decision, detection of collection and processing of Personal Data without consent, as well as in other cases provided by the legislation of the Republic of Kazakhstan.

10.3. Blocks and Restrictions on the Platform. In case of violation of or reasonable suspicion that the User has violated the Agreement and/or the applicable legislation, the Controller shall be entitled to delete such information, block the User's account, as well as take other measures provided for by the Agreement.

The User understands and acknowledges that if the Controller takes administrative measures, the Personal Data specified, posted and/or published by the User may be destroyed without the possibility of subsequent recovery.

11.1. Requests and Applications. Requests and applications related to the Personal Data processing procedure under this Policy may be sent to the Controller in writing to the address:, or in the electronic form to e-mail address dpo@tilda.kz.

The request must contain:
1) last name, first name, patronymic;
2) information on the main identity document of the person or their representative;
3) description of the substance of the request;
4) contact information for communication;
5) information confirming the representative's powers (if any);
6) signature of the person or their representative.

The Controller shall review and send responses to the received requests within 30 days from the date of their receipt unless another deadline is established by the legislation of the Republic of Kazakhstan.

11.2. Procedure for Amending the Policy. This Policy may be changed by the Controller unilaterally by publishing a new version of the Policy on the Internet. The current version of the Policy is available at the link.

Any changes to the Policy come into force on the day following the day the Policy is published in the amended version. The Controller is entitled, but not obliged, to notify of changes to the Policy.

11.3. Applicable Law and Language. This Policy shall be governed and construed in accordance with the legislation of the Republic of Kazakhstan

This Policy is drawn up in Russian and may be provided for review in another language. In the event of a discrepancy between the Russian version of the Policy and the version of the Policy in another language, the provisions of the Russian version shall apply.

Controller's details: Tilda Publishing Kaz, LLC, BIN 220540034413, postal address: Timiryazeva str., building 51A, n.p. 30, 050060, Kazakhstan, Almaty
For Personal Data processing issues: dpo@tilda.kz