tilda education

Privacy Policy

This policy defines the procedure and conditions for processing personal data when visiting Tilda Education.

Please read this document carefully. By providing us with your personal data, you agree to its processing in accordance with the terms of this policy. If you do not agree with the terms, please do not provide us with your data.

The document consists of the following sections:

Terms and Definitions
General Provisions
Purposes and Grounds for Processing
Procedure for Processing, Use of Databases
Transfer of Personal Data to Third Parties
Protection and Security
Withdrawal of Consent and Destruction of Personal Data
Miscellaneous
Contacts

If you have any questions regarding the processing of personal data, please write to us at: dpo@tilda.ru.

Terms and Definitions

Policy – this Privacy Policy, available on the Internet at https://tilda.education/en/privacy/.
Personal Data – any information related directly or indirectly to an individual who is or can be identified based on such information.
Controller – Tilda Publishing JSC, INN 9707041449, OGRN 1247700830354, processing Personal Data, as well as determining the purposes of processing, the composition of Personal Data and actions performed with it.
Website – the Controller's website, available on the Internet at https://tilda.education/en/.
User – a person who visits the Website and/or has logged into their Personal account on the Website.
Personal account – a section of the Website through which the User can access restricted materials of Tilda Education.

If a term is not defined in the text of the Policy, the interpretation of the term should be guided primarily by the Terms of Service (hereinafter referred to as the Agreement), regardless of whether capitalized or lowercased, then – as provided by the Russian Federation legislation, secondly – as established (commonly used) on the Internet.

1. General Provisions

1.1. Scope of Application of the Policy. This Policy applies to the processing of Users Personal Data by the Controller.

1.2. Processing Other Personal Data. The terms and conditions for processing the Personal Data of visitors and users of other websites and/or services of the Controller are determined by the processing policies of the relevant websites and services.

Processing of Personal Data of candidates, employees, counterparties and representatives of the Controller's counterparties shall be carried out in accordance with other documents of the Controller. However, this Policy may be applied to the specified persons in case of their interaction with the Controller as subjects covered by this Policy.

2. Purposes and Grounds for Processing

2.1. Providing access to the Personal Account on the Website. To provide access to the Personal Account, the Controller processes IP, as well as the name and email address specified by the User during authorisation. The processing of Personal Data is carried out by the Controller on the basis of the Agreement to which the User is a party.

2.2. Reviewing Questions and Requests. The Website contains feedback forms that are necessary for the Controller to communicate with Users.

Depending on the form used, the Controller may collect and process the name, email address, information about the profession, skills and work experience, nickname in the Telegram messenger, links to profiles on social networks. Such feedback is carried out for the purpose of reviewing User requests based on the consent obtained.

2.3. E-mail Distribution. The Controller may send informational and news materials to the e-mail address by the User in the data collection form on the Website.

The email address is processed based on the consent obtained. The User can unsubscribe from the Controller's news/promotional mail-outs by clicking on the corresponding link in the e-mail message or by application to the Controller in the manner provided for by this Policy.

2.4. Analysis of Website Statistics. In order to analyse traffic on the Website, the Controller collects and processes analytical cookies using an internal statistics system:

Name	Type	Purpose of Use
tildasid, tildauid	Analytical	Recording of request statistics
previousUrl	Analytical	Storing information about the previous page
lectionview	Analytical	Storing information about lecture viewing

To obtain advanced analytics for the Website, the Controller uses the Yandex Metrica service, owned by Yandex LLC. To track visitors, Yandex LLC uses anonymous browser identifiers that are stored in cookie files. The user can view the list of cookie files collected in the service's technical documentation.

The collection and processing of analytical cookie files is carried out by the Controller on the basis of the consent received.

When visiting the Website for the first time, the User is asked to accept the use of analytical cookies. The User has the right to refuse the collection of analytical cookies at any time by changing the cookie processing settings in the web browser used.

2.5. Ensuring the Functioning of the Website. The Controller processes essential cookies to ensure the functioning of the Website:
1) for the User session, the Controller collects and processes the PHPSESSID cookie;
2) to display videos, the Controller uses integrations with third-party services, which may independently collect cookies to ensure the operability of the integrations;
3) to verify requests, the Controller uses the SmartCaptcha service, owned by Yandex.Cloud LLC, which processes cookies necessary for the service to function.

The collection and subsequent processing of mandatory cookies on the Website is carried out on the basis of the Agreement and/or the Controller's legitimate interest.

The Controller recommends that Users familiarise themselves with the data processing policies of third-party services and, if they disagree with their terms and conditions, disable the collection of third-party cookies in their web browser settings.

3. Processing Procedure, Use of Databases

3.1. Processing Methods. The Controller processes Personal Data by the following methods: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), de-identification, blocking, deletion, destruction. The Controller may process Personal Data with or without the use of automation tools.

3.2. Collecting Personal Data. When the Controller collects Personal Data, its processing, including storage, is performed using the databases of Selectel JSC and Yandex.Cloud LLC located in the territory of the Russian Federation.

3.3. Personal Data Processing Terms. The Controller processes Personal Data no longer than is required to achieve the purposes of processing:
1) when processing is based on the Agreement – for the term of the Agreement, as well as for 3 years after its termination on any grounds;
2) when processing is based on the consent and/or the legitimate interest of the Controller – for no more than 10 years.

A specific term may be set by the Russian Federation legislation or the consent obtained.

4. Transfer of Personal Data to Third Parties

4.1. Purposes of Personal Data Transfer. Personal Data is transferred by the Controller solely to achieve the purposes set out in this Policy. The Controller does not sell or provide Personal Data to third parties for marketing and/or advertising purposes.

4.2. Processing on behalf of the Controller. For the purposes of collecting and further processing Personal Data on servers and/or for verifying requests, the Controller entrusts the processing of Personal Data on the basis of the relevant agreement between Selectel JSC and Yandex.Cloud LLC.

Entities processing Personal Data on behalf of the Controller undertake to comply with measures to ensure confidentiality and security of Personal Data. The Controller shall be liable to individuals for the actions of entities processing Personal Data on behalf of the Controller.

4.3. Transfer of Personal Data without an Instruction. The Controller shall be entitled to transfer Personal Data to third parties without the relevant instruction for processing if such transfer is based on the consent obtained, is necessary to fulfill obligations provided for by the Agreement, is provided for by international or national legislation, or occurs within the framework of assignment, transfer of debt and/or in the order of legal succession.

4.4. Cross-Border transfer. Cross-border transfer of Personal Data in the course of its processing in accordance with this Policy shall not be carried out.

5. Protection and Security

5.1. Ensuring Personal Data Protection. The Controller takes necessary legal, technical and organizational security measures to protect Personal Data in accordance with the Russian Federation legislation.

5.2. Measures Applied. The Controller ensures the security of Personal Data by, among others:
1) adopting and publishing this Policy;
2) appointing a person responsible for organizing Personal Data processing;
3) detecting unauthorized access to Personal Data and taking appropriate measures;
4) exercising control over the measures taken to ensure Personal Data security;
5) familiarizing the Controller's employees with the legislation on Personal Data, including the requirements for Personal Data protection.

6. Withdrawal of Consent and Destruction of Personal Data

6.1. Withdrawal of consent to processing. If, in accordance with this Policy, the Controller processes Personal Data based on the consent obtained, such consent may be withdrawn at any time by submitting an application to the Controller

If the consent is withdrawn, the Controller shall be entitled to continue processing Personal Data without the consent if there are other legal grounds provided for by the Russian Federation legislation.

6.2. Procedure for Personal Data Destruction. The Controller destroys Personal Data in case of expiration of the term of their processing, withdrawal of consent, deletion by the User on their own, detection of unlawful processing, termination of activities, as well as in other cases provided for by the Policy and/or the Russian Federation legislation.

Personal Data is destroyed within 30 days. However, the Controller reserves the right to further process those categories of Personal Data that are necessary for performance of the Agreement, compliance with the requirements of the Russian Federation legislation, exercising legitimate interests of the Controller or third parties.

7. Miscellaneous

7.1. Requests and Applications. Requests and applications related to the Personal Data processing procedure under this Policy may be sent to the Controller in writing to the address: post office box 44, 21 Tsvetnoy Blvd., building 1, Moscow, 127051, or in the electronic form to e-mail address dpo@tilda.ru.

The request must contain:
1) last name, first name, patronymic;
2) information on the main identity document of the person or their representative;
3) description of the substance of the request;
4) contact information for communication;
5) information confirming the representative's powers (if any);
6) signature of the person or their representative.

The Controller shall review and send responses to the received requests within 30 days from the date of their receipt.

7.2. Procedure for Amending the Policy. This Policy may be changed by the Controller unilaterally by publishing a new version of the Policy on the Internet. The current version of the Policy is available at the link.

Any changes to the Policy come into force on the day following the day the Policy is published in the amended version. The Controller is entitled, but not obliged, to notify of changes to the Policy.

7.3. Applicable Law and Language. This Policy shall be drawn up in the Russian language, and its provisions shall be governed by and construed in accordance with the laws of the Russian Federation.

8. Contacts

Controller details: Tilda Publishing JSC, OGRN 1247700830354, INN 9707041449, postal address: post office box 44, 21 Tsvetnoy Blvd., building 1, Moscow, 127051
For Personal Data processing issues: dpo@tilda.ru

The current version of the Privacy Policy is dated 20.02.2026