Privacy

Personal data is any information relating to an identified or identifiable person (e.g., name, phone number, photos, body measurements, message contents). This notice explains which data I process when you first contact me, during 1:1 style consultations, in-person visits, or bespoke tailoring.

Nataliia NKN Khreshkova Sole proprietor – fashion design, style consulting & bespoke tailoring Address: Flottmoorring 3 24568 Kaltenkirchen Germany Phone: +49 177 4019818 Email: [email protected]

I process personal data solely within my professional activity as a fashion designer, style consultant and provider of bespoke tailoring. a) Contact and scheduling Collected when you contact me via Instagram, WhatsApp, Facebook, TikTok, Telegram or email. Processed data: • Name or username • Phone number • Email address • Message contents • Appointment details (place, time) • Information about wishes, style questions, physical specifics Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps, contract performance) Art. 6(1)(f) GDPR (legitimate interest in efficient communication) b) Personal 1:1 consultation – on-site or with me Processed data: • Body measurements (e.g., bust, waist, hips, arm length, back length) • Necessary fit measurements using a tape measure • Photos of clothing and silhouette (if voluntarily provided) • Style preferences, materials, colors, wishes • Figure specifics (e.g., posture, proportions, individual fit requirements) Note: Physical contact during measuring (placing a tape measure) serves purely technical purposes and is not data processing itself. Only the measurement results are processed. Legal basis: Art. 6(1)(b) GDPR c) Bespoke tailoring and garment design Processed data: • Measurements and fit data • Technical sketches • Fabric and design selection • Photos for fit analysis (if voluntarily provided) Legal basis: Art. 6(1)(b) GDPR d) Payments Processed data (depending on payment method): • Name • Bank details (IBAN) • PayPal name/email Legal basis: Art. 6(1)(b) GDPR Art. 6(1)(c) GDPR (tax retention obligations)

I use WhatsApp Business. Message contents are end-to-end encrypted. However, WhatsApp may process metadata (time, sender, recipient, device type). WhatsApp privacy policy: https://www.whatsapp.com/legal/#privacy-policy Legal bases: Art. 6(1)(f) GDPR Art. 6(1)(b) GDPR (customer inquiries)

Telegram uses server-side encryption. Secret chats are end-to-end encrypted. Processed data: • Username • Metadata • Message contents Telegram privacy policy: https://telegram.org/privacy Legal basis: Art. 6(1)(f) GDPR

I do not share personal data with third parties, except: • when necessary for contract performance (e.g., tax advisor) • when required by law (e.g., tax authorities) No sharing with: • advertising companies • social media platforms • tracking services • analytics companies

I store personal data: • as long as necessary for consultation or bespoke tailoring • and according to legal retention periods (6–10 years)