Professional Documents
Culture Documents
Nykaa.com is one of India’s biggest online destinations for beauty & wellness products. With more than
2500+ brands, 5 lakh+ products and delivery all across India, it has become a one-stop solution for women
looking for affordable cosmetic brands along with apparel. It was founded by Falguni Nayar in 2012.
In 2015, it expanded its reach and began selling Fashion products and in 2018 Nykaa Fashion came into
existence.
Today, Nykaa has multiple E-commerce platforms ranging from websites to mobile apps and has 76 offline
stores as well. It is a unicorn startup valued at ₹85 billion (US$1.2 billion) in 2020.
In the recent legal meet regarding the company’s policies, a security researcher of the general public
discovers a security vulnerability in the systems and responsibly shared the details with the department. As
the Head of the legal team, you are supposed to come up with the relevant steps that can be taken to
eliminate the legal risks involved in the given scenario.
Nykaa takes the security of our systems and data privacy very seriously.
Nykaa has come up with the process to report and issue directly to the responsible team;
Process to report an issue;
E-mail your findings to it-security@nykaa.com Please share your contact information with
your mobile number.
Do provide enough information to reproduce the problem, so we will be able to resolve it as
quickly as possible.
Do not take advantage of the vulnerability or problem you have discovered, for example by
downloading more data than necessary to demonstrate the vulnerability or deleting or
modifying other people's data
Do not reveal the problem to others until it has been resolved
Do not use attacks on physical security, social engineering, distributed denial of service,
spam, etc
This Privacy Policy outlines Nykaa E-Retail Private Limited ’s approach to Data Protection and
Privacy to fulfil its obligations under the applicable laws and regulations .
Customer has explicitly agreed to us processing Personal Data for a specific reason
The processing is necessary to perform the agreement we have with you or to take steps to
enter into an agreement with you
The processing is necessary to be in compliance with our Legal Obligations
The processing is necessary for the purposes of a legitimate interest (“Legitimate Interest”)
pursued by us, such as
to provide services to you,
to evaluate, develop or improve our products and services
Where the processing is based on your consent, you have a right to withdraw your consent at any
time. You may withdraw consent by contacting us. Upon receipt of your written request to
withdraw your consent, consequences of withdrawal will be communicated to you and, upon your
agreement, your request for withdrawal will be processed.
Cookies are small text files that are placed on your computer by websites that you visit. Similarly,
there are other types of trackers used. Likewise, Mobile Apps use requisite permissions and
SDKs. These are used to make Websites & Apps work, or work more efficiently, as well as to
provide information to the owners of the website/ App.
We use cookies, permissions and other trackers in our website, web-based properties and mobile
applications that are used to collect and process data about you so we can provide you a better
online experience as well as improve our services
Below are the categories of cookies used on our website along with a description of what they are
used for
Strictly Necessary
These cookies are needed to run our website, to keep it secure if you are logged on and to obey
regulations that apply to us.
If you are a customer, they help us know who you are so that you can log on and manage your
accounts. They also help us keep your details safe and private.
Functional
These cookies are used for remembering things like:
Performance
These cookies tell us how you and our other customers use our website. We combine all this data
together and study it. This helps us to:
Most web browsers allow some control of most cookies through the browser settings. Please note
disabling the ‘Strictly Necessary’ cookies may cause certain parts of our website to remain
inaccessible to you.
SDKs Purpose