Nikky Athan

Privacy Policy

Last updated4 April 2026

This Privacy Policy explains how Nikky Athan (“Nikky Athan”, “we”, “us”, or “our”) collects, uses, discloses, stores, transfers, and protects personal data when you visit www.nikkyathan.com and their localized pages, interact with our content, contact us, or use any related communication or meeting-booking channel connected to the Website (collectively, the “Services”).

The data controller is Nikky Athan, email contact(at)nikkyathan.com. This Policy applies to the Website as a presentation, portfolio, and business-contact website. The Website is not currently operated as a user-account platform, subscription product, private dashboard, or online payment service.

Our processing of personal data is governed by Regulation (EU) 2016/679 (GDPR), the applicable ePrivacy and electronic communications rules, and any other applicable European data protection legislation.

By accessing or using the Services, you acknowledge the practices described in this Privacy Policy. Where consent is required by law, we will request it through the appropriate technical or communication channel.

1. What Personal Data We Collect

For the purposes of this Policy, “personal data” means any information relating to an identified or identifiable natural person. We aim to collect only data that is appropriate, relevant, and limited to what is necessary for the purposes described below.

  • Identity and contact data, such as your name, email address, telephone number, company name, role, and any other contact details you choose to provide.
  • Communication data, including the contents of emails, inquiry messages, attachments, meeting requests, project descriptions, and any follow-up correspondence with us.
  • Technical and device data, such as IP address, browser type, device type, operating system, language settings, date and time of access, approximate location, referring URL, and page interaction information.
  • Preference data, such as your cookie-consent choice, language preferences, and theme preferences where these are stored locally or transmitted through your browser.
  • Meeting-booking data, including the information you submit when requesting or scheduling a call through a third-party scheduling service.
  • Aggregated or statistical usage data that does not, by itself, directly identify you, but may be derived from personal data or device data.

We do not intentionally collect special categories of personal data through the Website unless you choose to disclose such information in your communications with us. We ask that you avoid sending unnecessary sensitive data unless it is strictly required for a specific legal or project-related reason.

2. How We Collect Personal Data

  • Directly from you when you contact us by email, request information, send a project inquiry, or schedule a meeting.
  • Automatically when you browse the Website, through server logs, cookies, analytics tools, embedded media, browser signals, and related web technologies.
  • From third-party service providers we use for analytics, scheduling, embedded content, hosting, font delivery, and infrastructure support.
  • From public or professional sources where relevant to assessing a legitimate business inquiry, provided such review is lawful and proportionate.

3. Third-Party Links and External Services

The Website may contain links to third-party websites, scheduling pages, social profiles, video platforms, maps, or other external services. When you follow such links or interact with embedded third-party content, your personal data may be processed by that third party under its own privacy policy and terms.

We do not control the privacy practices or content of third-party websites and services and are not responsible for them. We encourage you to review the relevant privacy notices before submitting personal data to external providers.

4. How We Use Personal Data

  • To operate, maintain, administer, secure, and improve the Website and related digital infrastructure.
  • To respond to inquiries, evaluate project requests, organize meetings, and communicate with prospective clients, collaborators, or other contacts.
  • To monitor usage patterns, analyze performance, and improve content clarity, user experience, and service positioning.
  • To troubleshoot technical issues, detect abuse, prevent fraud, and protect the integrity, security, and availability of the Website and our systems.
  • To comply with legal, regulatory, tax, accounting, or claim-defense obligations.
  • To keep internal records of communications, project discussions, and business development activity.
  • Where lawful and appropriate, to send relevant follow-up communications in connection with an inquiry, an ongoing discussion, or a prior business relationship.

5. Legal Bases for Processing

We process personal data only where there is a valid legal basis under applicable law. Depending on the context, we may rely on one or more of the following legal bases:

  • Consent, where required, especially for non-essential cookies, analytics technologies, or specific communications.
  • Steps prior to entering into a contract or performance of a contract, where processing is necessary to respond to a project request, prepare a proposal, or manage a service relationship.
  • Legitimate interests, including Website security, service improvement, analytics review, internal administration, and business communications, provided such interests are not overridden by your rights and freedoms.
  • Compliance with legal obligations, where processing is required by law or necessary to establish, exercise, or defend legal claims.

Where we rely on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

6. Recipients of Personal Data

We do not sell your personal data. We may disclose personal data only where this is necessary for operating the Website, managing communications, complying with the law, or protecting our legitimate interests.

  • Hosting and infrastructure providers that support the operation and delivery of the Website.
  • Analytics providers, including Google Analytics, for traffic and usage measurement.
  • Scheduling or calendar providers, including Google Calendar, where you use a booking or scheduling link.
  • Content and media providers, including YouTube, where embedded media is loaded on the Website.
  • Font-delivery or technical asset providers, including Google Fonts, where relevant to page rendering.
  • Email, productivity, or communication service providers where used to manage and respond to your inquiry.
  • Professional advisers such as lawyers, accountants, auditors, insurers, or compliance consultants, where disclosure is reasonably necessary and subject to confidentiality obligations.
  • Public authorities, courts, regulators, tax authorities, or law-enforcement bodies where disclosure is required by law or necessary to protect legal rights.

All such recipients receive only the data reasonably necessary for the relevant purpose and are expected to apply appropriate security and confidentiality measures.

7. International Data Transfers

Some third-party providers we use may store or process personal data outside the European Economic Area, including in the United States or other jurisdictions where data protection laws may differ from those in the European Union.

Where such transfers occur, we take reasonable steps to ensure that they are based on appropriate safeguards recognized under the GDPR, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms, as applicable.

8. Security of Personal Data

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

  • Access controls and role-based permissions
  • Transport-layer protection and secure service configuration where applicable
  • Logging, monitoring, and abuse-prevention measures
  • Reasonable controls around infrastructure, content delivery, and administrative access
  • Confidentiality expectations for service providers and professional advisers who may access data

However, no Website, network, or transmission method can be guaranteed to be completely secure. Any transmission of information to us is carried out at your own risk, and to the maximum extent permitted by law we cannot guarantee absolute security.

9. Data Retention

We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including compliance, record-keeping, legal, regulatory, accounting, tax, and dispute-resolution needs.

  • Technical logs and analytics data may be retained for a limited period depending on security, administration, and tool-specific settings.
  • Contact data and project-inquiry records may be retained for as long as needed to respond, evaluate a potential collaboration, and maintain a basic record of business communications.
  • Where required, we may retain data for longer periods to comply with legal obligations, defend claims, enforce rights, or resolve disputes.
  • Where lawful and appropriate, we may anonymize data so that it can no longer be associated with you and retain such anonymized information for analytical or research purposes.

10. Your Rights

Subject to the GDPR and applicable law, you may have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, objection to processing, data portability where applicable, and withdrawal of consent where processing is based on consent.

We may ask for additional information to verify your identity before responding to your request. We will assess each request in accordance with applicable law and may decline or limit a request where a legal exemption applies.

11. Minors

The Website is not intentionally directed to children, and we do not knowingly seek to collect personal data from minors without an appropriate legal basis or parental involvement where required by law.

12. Cookies and Similar Technologies

The Website uses cookies and similar technologies to support basic functionality, remember preferences, measure traffic, and understand how users interact with the Website.

Some cookies may be set directly by us, while others may be set by third-party services used for analytics, embedded content, or related technical features. You can manage cookies through your browser settings, although disabling certain cookies may affect how parts of the Website function.

If we provide a separate cookie notice or update our cookie controls, those notices and controls will complement this Privacy Policy.

13. Changes and Updates to This Policy

We may update this Privacy Policy from time to time in order to reflect changes to the Website, our practices, the service providers we use, or our legal and regulatory obligations. The latest version will always be published on this page with an updated effective date.

Your continued use of the Website after an updated version becomes effective may indicate your acknowledgement of the revised Policy, to the extent permitted by applicable law.

14. Applicable Law

This Privacy Policy is governed by European law, as interpreted in light of the GDPR and the applicable European legal framework on personal data protection.

15. Contact

For questions about this Policy, to update the information we hold about you, or to exercise your rights, please contact contact(at)nikkyathan.com.