This Privacy Notice outlines Nykaa Fashion’s approach to Data Protection to fulfil its obligations under the EU General Data Protection Regulation 2016/679 (‘GDPR’). This Privacy Notice applies to your Personal Data which is processed by us, whether in physical or electronic mode. This notice shall apply to you ONLY if GDPR applies to the processing of your Personal Data by us.
In this Privacy Notice, the expressions ‘Personal Data’, ‘Data Subject’, ‘Controller’, ‘Processor’ and ‘Processing’ shall have the meanings given to them in the GDPR.
We are committed to treating data privacy seriously. It is important that you know exactly what we do with your Personal Data.
Throughout this document, “we”, “us”, “our”, “ours” refer to NYKAA FASHION PRIVATE LIMITED. Wherever we have said ‘you’ or ‘your’, this means YOU (as a Data Subject).
NYKAA FASHION PRIVATE LIMITED is a company incorporated and registered under the provisions of the Companies Act, 2013 and having its registered office at 104, Vasan Udyog Bhavan, Sun Mill Compound, Lower Parel, Mumbai 400 013. Nykaa Fashion Private Limited is engaged in the business of facilitating selling, marketing and retailing clothes / garments (“Business”) through the e-commerce websites and mobile applications (“App”) both developed and owned by Nykaa Fashion Private Limited and its affiliates (Website and App collectively referred to as “Platform”) or offline stores / events to conduct its Business.
We play the role of a Data Controller when we collect and process Personal Data about you.
We play the role of a Data Processor when we collect and process Personal Data on behalf of another Data Controller
We commit to protecting your privacy and hence our Personal Data handling practices are continually reviewed to ensure compliance with the European Union General Data Protection Regulation (GDPR), 2018.
We understand that when you interact with Nykaa, you have rights over your Personal Data. These rights involve providing reasonable steps to allow you to access your personal data, correct any errors among others. This is your right and you can exercise any of these rights whenever you want. In the event that you are not satisfied with our response or have unresolved concerns, you can get in touch with us to resolve the issue by means of email@example.com.
To access your rights as a data subject for accessing or rectifying your personal data. click here.
Categories of Personal Data collected and processed by us are as follows;
We are permitted to process your Personal Data in compliance with GDPR by relying on one or more of the following lawful bases:
Where the processing is based on your consent, you have a right to withdraw your consent at any time. You may withdraw consent by contacting us. Upon receipt of your written request to withdraw your consent, consequences of withdrawal will be communicated to you and, upon your agreement, your request for withdrawal will be processed.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
Below are the categories of cookies used on our website along with a description of what they are used for
Most web browsers allow some control of most cookies through the browser settings. Please note disabling the ‘Strictly Necessary’ cookies may cause certain parts of our website to remain inaccessible to you.
We use other tracking mechanisms in addition to the above.
In addition to cookies and tracking mechanisms on our website and web-based properties, we also take permissions which help us to serve you.
We use third parties who provide elements of our products & services on behalf of us. We have appropriate contracts in place with our third-party partners. This means that they cannot do anything with your Personal Data which is outside of the scope permitted by us. They hold it securely and retain it only for the period specified in our contracts with them.
We might also disclose your Personal Data to appropriate authorities if we believe that it is reasonably necessary to comply with a law, regulation, legal process, to protect the safety of any person, to address fraud, security, or technical issues, or to protect our rights or the rights of those who use our products & services.
We may disclose your Personal Data to others where it is lawful to do so including where we or they:
We may disclose your Personal Data for the above purposes to other parties including:
Personal Data we hold about you may be transferred to other countries outside your residential country for any of the purposes described in this Privacy Notice.
You understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.
If we transfer your Personal Data to third parties for purposes stated in this Privacy Notice, we will use best endeavors to put in place appropriate controls and safeguards to ensure that your Personal Data is kept accurate, adequately protected, and processed only for specified and reasonable purposes in a manner that is fair, transparent and has a lawful basis, and is stored for no longer than is absolutely necessary.
We are committed to protecting your Personal Data in our custody. We take reasonable steps to ensure appropriate physical, technical and managerial safeguards are in place to protect your Personal Data from unauthorized access, alteration, transmission and deletion. We ensure that the third parties who provide services to us under appropriate contracts, take appropriate security measures to protect your Personal Data in line with our policies.
We keep the Personal Data we collect about you on our systems or with third parties for as long as it is required for the purposes set out in this Privacy Notice and for legal or regulatory reasons. We will only use your Personal Data for those purposes and will make sure that your Privacy is protected. We shall take reasonable steps to delete or permanently de-identify Personal Data that is no longer needed.
Our website may contain links to websites of other organisations. This privacy notice does not cover how that organisation processes Personal Data. We encourage you to read the privacy notices on the other websites you visit.
Our website is directed to be used by adults only. If you are not an adult, while you may look at our site, but you should not make a purchase, register, or submit Personal Data to us. We or our associates /affiliates do not knowingly collect information from minors.
If you are an EU resident, under the GDPR, you have the following rights and we commit to provide you with the same:
If you wish to make a request to exercise any of your rights, you can only send your request using the details mentioned in the ‘Contact us’ section of this notice.
For any further queries and complaints related to privacy, or exercising your rights under GDPR, you could reach us at: Contact Email Address: firstname.lastname@example.org
We keep our Privacy Notice under regular review to make sure it is up to date and accurate. Any changes we may make to this Privacy Notice in the future will be posted on this page. We recommend that you re-visit this page regularly to check for any updates.