Question 1:

Nykaa.com is one of India’s biggest online destinations for beauty & wellness products. With more than
2500+ brands, 5 lakh+ products and delivery all across India, it has become a one-stop solution for women
looking for affordable cosmetic brands along with apparel. It was founded by Falguni Nayar in 2012.

In 2015, it expanded its reach and began selling Fashion products and in 2018 Nykaa Fashion came into
existence.

Today, Nykaa has multiple E-commerce platforms ranging from websites to mobile apps and has 76 offline
stores as well. It is a unicorn startup valued at ₹85 billion (US$1.2 billion) in 2020.

In the recent legal meet regarding the company’s policies, a security researcher of the general public
discovers a security vulnerability in the systems and responsibly shared the details with the department. As
the Head of the legal team, you are supposed to come up with the relevant steps that can be taken to
eliminate the legal risks involved in the given scenario.

Nykaa takes the security of our systems and data privacy very seriously.
Nykaa has come up with the process to report and issue directly to the responsible team;
Process to report an issue;

 E-mail your findings to it-security@nykaa.com Please share your contact information with
your mobile number.
 Do provide enough information to reproduce the problem, so we will be able to resolve it as
quickly as possible.
 Do not take advantage of the vulnerability or problem you have discovered, for example by
downloading more data than necessary to demonstrate the vulnerability or deleting or
modifying other people's data
 Do not reveal the problem to others until it has been resolved
 Do not use attacks on physical security, social engineering, distributed denial of service,
spam, etc

Privacy Policy Nykaa;

This Privacy Policy outlines Nykaa E-Retail Private Limited ’s approach to Data Protection and
Privacy to fulfil its obligations under the applicable laws and regulations .

PERSONAL INFORMATION GATHERED BY NYKAA

The information gathered from customers, personal or otherwise, is used to register, verify identity
to permit the use the app, undertake transactions (including to facilitate and process payments),
communicate with you, convey any promotional offers, services or updates associated with
NYKAA, and generally maintain your accounts with us. We also use this information to customize
your experience and improve NYKAA.

LAWFUL BASES OF PROCESSING PERSONAL DATA

Nykaa is permitted to process Personal Data in compliance with applicable laws and regulations
by relying on one or more of the following lawful bases:

 Customer has explicitly agreed to us processing Personal Data for a specific reason
 The processing is necessary to perform the agreement we have with you or to take steps to
enter into an agreement with you
 The processing is necessary to be in compliance with our Legal Obligations
 The processing is necessary for the purposes of a legitimate interest (“Legitimate Interest”)
pursued by us, such as
 to provide services to you,
 to evaluate, develop or improve our products and services

Where the processing is based on your consent, you have a right to withdraw your consent at any
time. You may withdraw consent by contacting us. Upon receipt of your written request to
withdraw your consent, consequences of withdrawal will be communicated to you and, upon your
agreement, your request for withdrawal will be processed.

COOKIES AND OTHER TRACKERS USED BY OUR DIGITAL PROPERTIES

Cookies are small text files that are placed on your computer by websites that you visit. Similarly,
there are other types of trackers used. Likewise, Mobile Apps use requisite permissions and
SDKs. These are used to make Websites & Apps work, or work more efficiently, as well as to
provide information to the owners of the website/ App.

We use cookies, permissions and other trackers in our website, web-based properties and mobile
applications that are used to collect and process data about you so we can provide you a better
online experience as well as improve our services

Below are the categories of cookies used on our website along with a description of what they are
used for

Strictly Necessary
These cookies are needed to run our website, to keep it secure if you are logged on and to obey
regulations that apply to us.

If you are a customer, they help us know who you are so that you can log on and manage your
accounts. They also help us keep your details safe and private.

Functional
These cookies are used for remembering things like:

 Your user ID on the log on page

 Your region or country
 Your preferred language
 Accessibility options like large font or high contrast pages

Performance
These cookies tell us how you and our other customers use our website. We combine all this data
together and study it. This helps us to:

 Improve the performance of our services

  Improve the products we provide

Most web browsers allow some control of most cookies through the browser settings. Please note
disabling the ‘Strictly Necessary’ cookies may cause certain parts of our website to remain
inaccessible to you.

PERSONAL DATA DISCLOSURE

Nykaa app contains third party SDKs that collect personally identifiable information (PII). They use
this information to better target users or provide elements of our products & services on behalf of
us.These third party sites have separate and independent privacy policies.

NYKAA USES THREE TYPES OF SDKS :

SDKs Purpose

 Analyze in-depth detail about the visitors on our app

 Settle errors
Analytics  Better target users and
 Provide push notifications and digital ads to the users
 Example-Clevertap,Appsflyer,Crashlytics, Gamooga
Payment  Complete customers’ payment transaction Example - PayU, Razorpay, Cashfree
Login  Help users login at Nykaa Example - Google, Facebook