Privacy policy

1) Who we are

The website midoronin.com (the “Site”) is owned and operated by Mikhail Doronin.

2) Scope

This Policy explains how we collect, use, disclose, and secure personal data of visitors to the Site and its blog, including contact forms, newsletter sign‑ups, embedded widgets (e.g., Telegram/WhatsApp, YouTube), and social media integrations.

3) Personal data we collect

  • Data you provide directly: name, email, phone number, message content, booking/request details, newsletter preferences, and (if enabled) blog comments (name/pseudonym, email, comment text).

  • Data collected automatically: IP address, device and browser details, language, referrer, approximate location (via IP), pages viewed, actions and timestamps, cookies and similar IDs (including localStorage).

  • Data from third parties (if connected): web analytics (e.g., Google Analytics 4), advertising/attribution platforms (e.g., Google/Meta/TikTok), scheduling tools (e.g., Calendly), email/CRM or help desk services.

  • We do not intentionally collect special categories of data (e.g., health, biometrics) via the Site. If identity verification or KYC is needed for services, it will be governed by separate documents.

 

4) Purposes and legal bases

Purpose Examples Legal basis (GDPR/UK GDPR)
Respond to enquiries & provide services contact forms, email/messengers contract pre‑steps or performance Art. 6(1)(b); legitimate interests Art. 6(1)(f)
Blog publishing & comment moderation publish/manage UGC, anti‑spam legitimate interests (f); consent where required
Newsletters & marketing subscription, event updates consent Art. 6(1)(a) (you may withdraw any time)
Site analytics & improvements GA4, performance metrics consent (cookie banner) or legitimate interests* (f)
Advertising/remarketing pixels/tags, audience matching consent (cookie banner)
Security & legal compliance logs, fraud prevention legal obligation (c) and/or legitimate interests (f)

* In some jurisdictions, analytics may rely on legitimate interests if privacy‑preserving settings are used; by default we seek consent.

UAE PDPL (Federal Decree‑Law No. 45/2021): We follow principles of lawfulness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and security.
California (CCPA/CPRA): See §12 for additional disclosures and opt‑out/limitation rights.

 

5) Cookies and similar technologies

We use the following types:

  • Strictly necessary (Site operation, security);

  • Functional (remember choices such as language);

  • Analytics (aggregate usage statistics);

  • Advertising/marketing (only with consent).

Manage preferences via our cookie banner and your browser settings. We endeavor to honor Global Privacy Control (GPC) signals where required. “Do Not Track” (DNT) signals are not consistently supported by industry standards.

Illustrative cookie list (update before publishing):

  • _ga_ga_* — Google Analytics 4 — analytics — retention typically 13–26 months

  • _fbp — Meta — advertising — 3 months

  • midoronin_session — first‑party — session/security — session/1 day

 

6) Data retention

We keep personal data only as long as needed for stated purposes, then delete or anonymise it:

  • enquiries/correspondence — 24 months after last interaction;

  • newsletter — until you unsubscribe;

  • blog comments — until removed by you or as part of moderation;

  • web server logs — 30–180 days (security);

  • analytics records — per vendor settings (~13–26 months).

 

7) Sharing and processors

We share data only as necessary for §4 purposes and under data‑processing agreements:

  • Hosting/CDN: Hostinger;

  • Email & office tools: Google and Hosting;

  • Analytics/advertising (with consent): Google Analytics/Ads, Meta, TikTok;

  • Forms/security: reCAPTCHA/anti‑spam;

  • Scheduling/meetings: Calendly, Google;

  • CRM/help desk: Kommo.
    We may also disclose data if legally required, to protect rights/safety, or in a business transfer (e.g., merger). A current list of processors is available on request: [privacy@midoronin.com].

 

8) International transfers

Your data may be processed outside your country. Where required, we use appropriate safeguards such as EU Standard Contractual Clauses (SCCs), the UK IDTA/Addendum, transfer impact assessments, and technical/organisational measures.

 

9) Security

We implement TLS/HTTPS, access controls, logging, backups, and data minimisation. No method of transmission or storage is completely secure.

 

10) Marketing communications

If you subscribe, we send news and updates. You can unsubscribe at any time via the email link or by writing to info@midoronin.com.

 

11) Blog and user‑generated content

Comments, if enabled, are public. Do not post personal data of others. We may moderate and use automated anti‑spam tools.

 

12) Your rights

EU/EEA & UK (GDPR/UK GDPR): rights to access, rectification, erasure, restriction, objection, portability, and to withdraw consent. You may complain to your local supervisory authority (e.g., an EU DPA or the UK ICO).
UAE (PDPL): rights to access, rectification, erasure, restriction, portability, and objection; you may complain to the competent UAE authority.
California (CCPA/CPRA): rights to know/access, correct, delete, opt‑out of “selling” or “sharing” (cross‑context behavioral advertising), and to limit the use/disclosure of sensitive personal information. You have the right not to be discriminated against for exercising your rights.
To exercise rights, contact: info@midoronin.com. We may take reasonable steps to verify your identity.

If we use cross‑context behavioural advertising in California, we will provide a visible “Do Not Sell or Share My Personal Information” link and honor opt‑out signals (e.g., GPC).

 

13) Children

The Site is not intended for children under 13 (or the age of consent in your jurisdiction). We do not knowingly collect data from children. If you believe a child provided data, contact us to remove it.

 

14) Third‑party links and embeds

Our Site may contain links or embeds from third parties (e.g., YouTube, social widgets). Their practices are governed by their own policies.

 

15) Automated decision‑making

We do not use automated decisions that produce legal or similarly significant effects via the Site.

 

16) Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on the Site and, where required, we will seek new consent. See the “Last updated” date above.

 

17) Contact

Questions, privacy requests, or complaints:
Email: info@midoronin.com
Phone: +971 52 639 01 68

Get a free consultation