Skip to main content

Privacy Policy

  1. INTRODUCTION 

This Privacy Policy describes how Nairobi Java House Limited (“Java House”) collects, uses or  otherwise processes an individual’s Personal Data. 

We take your privacy very seriously and when you visit our website and use our services, we  commit to protecting your Personal Data. This Privacy Policy is intended to inform you in the  clearest way possible how we gather, define, and use Personal Data that you provide to us when  using our website, mobile application, and third parties providing services on our behalf or when  relying on our services. Please take a moment to read this Privacy Policy carefully. 

This Privacy Policy aims to give you information on how we collect and process your personal  information through: 

  • your use of our website https://javahouseafrica.com/ (for example, when you sign up for  any of our services, place orders, interact with our social media platforms, or otherwise  use our website). 
  • any information you may provide to a member of the Java House team in our  branches/stores when accessing our services as a customer. 
  • information provided by suppliers, and other third parties engaged by Java House. 
  • information provided to Java House when you purchase and/or use a product or service  both online and, in our branches, /stores; or 
  • data provided to Java House when you take part in any of our marketing campaigns,  promotions, loyalty programmes and competitions.  

This list is non-exhaustive. Data protection is a matter of trust, and your privacy is important to us  and as such we strive to maintain constant compliance with any privacy laws in Kenya as modified  from time to time. We will only collect information where it is necessary for us to do so, and we  will only collect information if it is relevant to our dealings with you or which otherwise relate to 

our services. All use of your personal information will be in the manner set out in this Privacy  Policy. 

  1. DEFINITIONS 
  2. “You (r)” refers to, customers, clients, and suppliers. 
  3. “Java House”, “us”, “we”, “our” means the entities forming part of Java House Group. 

2 | P a g e 

  1. “Personal Data” means any information relating to an identified or identifiable natural person.  An identifiable natural person is one who can be identified, directly or indirectly, by reference  to an identifier such as a name, an identification number, location data, CCTV footage, e-mail  address, telephone number, an online identifier or to one or more factors specific to the  physical, physiological, genetic, mental, economic, cultural, or social identity of that natural  person. 
  2. “Data Protection Law” means the Data Protection Act, No. 24 of 2019, and its attendant  regulations thereunder.  
  3. “Third Party (ies)” means a natural or legal person, public authority, agency, or body who is authorized to process Personal Data under our direct authority.  
  4. OUR PRIVACY PRINCIPLES 

We will collect and process Your Personal Data in accordance with the principles below: 

  1. The performance of a Product/Service Agreement with you. 
  2. Our legitimate business interests such as processing your orders, managing payments, to  recover debts and to study how our customers enjoy our products/services. c. Compliance with a mandatory legal obligation such as tax and financial reporting  requirements such as those stipulated in the Proceeds of Crime and Anti-Money  Laundering Act, No. 9 of 2009 as amended from time to time
  3. Consent you provide. 
  4. Public interest such as health and security purposes. 

Your vital interest or those of a third party and your interests and fundamental rights do  not override those interests. From time to time, we may ask you for your written consent  to allow us to process certain types of Personal Data for marketing and promotional  purposes (section 9 below) and any other commercial purpose which we will  communicate to you. If we do so, we will provide you with full details of the information  that we would like and the reason we need it, so that you can carefully consider whether  you wish to consent. It is not a condition of our service provision that you agree to any  request for consent from us. 

You consent to the processing of your Personal Data if you indicate agreement clearly  either by a statement or positive action to the processing activity (e.g., box ticking/signature/fingerprint).

3 | P a g e 

  1. WHAT INFORMATION IS COLLECTED ABOUT YOU? 

The Personal Data that we collect depends on the context of your interactions with us, our  websites, or applications, the choices you make, and the products and features used and  interacted with. The information we collect and store about you includes but is not limited to the  following: 

  1. Internet Protocol (IP) addresses, browser type, browser version, the pages of our website  that you visit, the time and date of your visit, the time spent and other statistics which are  collected automatically when you visit our website. 
  2. Your financial and transactional data when you use and pay for our services. c. Your contact information (phone number and e-mail address), such as when you call us,  place an order for delivery or interact with us through social media platforms or email. d. We use Closed Circuit Television (CCTV) surveillance recordings to keep you, our staff,  other guests, and our premises safe. CCTV devices are installed at strategic locations to  provide a safe and secure environment in all Java House premises as a part of our  commitment to community safety, security, and crime prevention; 
  3. When you request us to make a reservation for you, we will collect and retain your  Personal Data such as your name and telephone number. 
  4. When you use the WIFI internet connection at our respective branches/premises, we  record the device address and log traffic information in the form of sites visited, duration  and date data is sent/received. 
  5. Cookies to track your activity and interactions when visiting our website or whilst using  the Java House loyalty points application (“the Loyalty App”). You can instruct your  browser to refuse all cookies, permit a limited number of cookies, accept all cookies, or to  indicate when a cookie is being sent. However, if you do not accept cookies, you may not  be able to use some portions or full functionality of our website. 
  6. We also collect your Personal Data in accidents/incident reporting. The data is collected  as we have a legal obligation to document these incidents/accidents and to report certain  types of accidents, injuries and dangerous occurrences arising out of or in connection with  our services to the relevant enforcing authorities. 
  7. Your Personal Data when making an order or complaints through Third Party food delivery  platforms. 
  8. Your name, email address and phone number when registering for our Loyalty App or gift  cards. 

4 | P a g e 

  1. COOKIES  
  2. a) What are cookies?  

A cookie is a small file which stores text-based data about a user’s visit to a website; it is accessed  by the website each time that a user re-visits. These files are stored on your computer or  mobile/tablet devices or on the hard drive of these devices. It is created on your device(s) each  time you visit a website that uses cookies. They are often necessary to ensure a good user  experience by, for instance, providing relevant information about a user’s experience, preferences, and interests. Cookies on any website tend to be required for basic use e.g., login data and  analytics or on a more complex basis. 

For further details about cookies, how they are used and how they can be deleted or disabled,  you can visit https://allaboutcookies.org/  

  1. b) How do we use them? 

Our website uses cookies to distinguish you from other users and to provide improved  functionality when you are browsing. Unless you have adjusted your browser settings to disallow  cookies, our systems will issue cookies where necessary to enable efficient functionality and  service. If you have switched off your cookies, please be aware that some of the functionality of  the website may not work as seamlessly as you may expect. 

The cookies that we use only collect anonymized information, however, not all the cookies on our  websites are set by us. Please see the section 7 below on third party cookies. 

  1. c) What cookies do we use? 

The cookies on our website are generally functional and analytical cookies. Analytical cookies  allow us to track and recognize visitors browsing the website, and to see what they are interested  in. This data is classified as anonymous demographic data. Functional cookies, on the other hand,  relate to the functionality of our websites and allow us to improve the service we offer you online. 

  1. d) Where can I find more information, and how do I turn cookies off or delete cookies? Most cookies can be blocked by activating a setting in your browser which allows you to opt in/out  

of some or all cookies. It is worth noting, however, that if you choose to block all cookies, you may  not be able to access parts of our website and may therefore have an inefficient experience when  trying to access certain pages. 

To delete the stored cookies from your device, you may need to refer to your browser settings or  handset manual.

5 | P a g e 

  1. HOW DO WE USE YOUR INFORMATION? 

We process your information for purposes based on legitimate business interests, the fulfillment  of our contract with you, our compliance with legal obligations and with your consent. We will  only use your personal information for the purposes for which we collected it, unless we  reasonably consider that we need to use it for another reason and that reason is compatible with  the original purpose. If we need to use your personal information for an unrelated purpose, we  will notify you and we will explain the legal basis which allows us to do so.  

We may use and analyze your information for the following purposes: 

  1. Processing products and services that you have bought from Java House or from Third  Parties billing you for using our, or Third-Party products or services. 
  2. Responding to any of your customer service queries, requests or concerns. c. For statistical, survey or business continuity purposes. 
  3. Preventing and detecting fraud or other crimes. 
  4. To understand how you use our products and services for the purposes of developing or  improving them. 
  5. In business practices including quality control, training, and ensuring effective systems  operation. 
  6. To recognize you during subsequent visits to our website and develop customized services  tailored to your individual interests and needs. 
  7. To comply with any legal, governmental, or regulatory requirement (for example tax  returns, accounting and financial reporting requirements, social security requirements  and public health regulations) or for use in connection with any legal proceedings. 
  8. Where we need to protect your interests (or someone else’s interests regarding security,  health and safety, and public health regulations). 
  9. Where it is necessary for our legitimate interests or third-party interests, and these  outweigh your interests. 
  10. To send you marketing and promotional communications (see section 9 below) (You can contact us at any time to opt out of receiving marketing messages through the  simple prescribed methods across our free and accessible communication channels such  as SMS, e-mail on the Loyalty App or via our website). 
  11. To request your evaluation of your customer experience or feedback. 
  12. To contact you about your use of our website or Loyalty App.

6 | P a g e 

  1. To share your Personal Data with Third Parties for the purposes set out in this Privacy  Policy; only to the extent permitted by law (see section 10 below
  2. To share aggregated demographic information during our business with certain Third  Parties. This sharing does not include any Personal Data that can identify any individual  person. 
  3. DOES THIS PRIVACY POLICY APPLY TO THIRD PARTY WEBSITES? 

If you click on a link to a Third-Party website, you will be taken to a website we do not control, and  our Privacy Policy will no longer be in effect. Your browsing and interaction on any other website  are subject to the terms of use and privacy and other policies of such Third-Party website. Read  the privacy policies of other Third-Party websites carefully. We are not responsible or liable for  the information or content on such Third-Party websites. 

  1. HOW LONG DO WE KEEP YOUR PERSONAL DATA? 

We retain your Personal Data for as long as is required to fulfil the activities set out in this Privacy  Policy, for as long as otherwise communicated to you or for as long as is permitted by the legally  prescribed periods. For example, we may retain your Personal Data if it is reasonably necessary to  comply with any legal obligations, meet any regulatory requirements, resolve any disputes or  litigation, or as otherwise needed to enforce this Privacy Policy and prevent fraud and abuse. 

To determine the appropriate retention period for the information we collect from you, we  consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from  unauthorized use or disclosure of the data, the purposes for which we process the Personal Data,  and whether we can achieve those purposes through other means, and the applicable legal  requirements. Retention of personal data is guided by our internal policy on data retention. Our  data retention schedule shall be under constant periodic review.  

  1. MARKETING COMMUNICATIONS AND PROMOTIONS  

We may use and analyze your information to send you marketing and promotional  communications for which you have consented and opted in. When you consent and opt-in to  receiving our information, we may also send you other information about us, the website, our  products, sales promotions, our newsletters, anything relating to other companies in our group or  our business partners. If you would prefer not to receive any of this additional information as  detailed in this paragraph (or any part of it) please click the ‘unsubscribe’ or opt-out and OTP link in any email/communication that we send to you. You may choose to call us or send us an email 

7 | P a g e 

to privacy@javahouseafrica.com to opt-out of receiving such communication. At any stage you  also have the right to ask us to stop using your Personal Data for direct marketing purposes and  withdraw your consent by notification to us through the contact at privacy@javahouseafrica.com 

  1. HOW WE DEAL WITH A DATA TRANSFERS  

We may share your Personal Data with Third Parties for the purposes set out in this Privacy Policy;  only to the extent permitted by law where it is necessary for the working relationship or where  we have another legitimate interest in doing so such as a contractual obligation or legal obligations  related to accounting and/or tax purposes. We may transfer your Personal Data outside Kenya  and other entities only within the Java House Group if required. If we do, you can expect a similar  degree of protection in respect of your Personal Data.  

  1. HOW DO WE KEEP YOUR INFORMATION SAFE? 

We intend to keep your Personal Data safe, and we have put in place appropriate technical,  organizational and security measures to ensure the integrity, availability, and confidentiality of  your data via controls including but not limited to encryption techniques, physical and IT  (Information Technology) system access and usage controls, obligations of confidentiality. We will  regularly evaluate and test the effectiveness of those safeguards to ensure security of our  processing of your Personal Data.  

The security of your Personal Data is important to us but remember that no method of  transmission over the internet, or method of electronic storage is 100% secure. While we strive to  use commercially acceptable means to protect your Personal Data, we cannot guarantee its  absolute security. However, we will do our best to protect your Personal Data.  

Data Breach:  

A data breach occurs when an unauthorized person(s) gains access to private and sensitive  databases, or successfully infiltrates a data storage site and extracts, transfers or steals protected,  classified data. We have put in place procedures to deal with any suspected Personal Data breach  and will notify you and any applicable regulator of a breach where we are legally required to do  so and within the prescribed timelines. 

  1. DO WE COLLECT INFORMATION FROM MINORS? 

We do not at any time knowingly/intentionally collect or target information regarding persons under eighteen (18) years of age.

8 | P a g e 

The content of our website is not targeted towards, nor intended for use by anyone under the age  of eighteen (18) years. A user must be of the age of majority to access and use our website. If a  user is under the age of eighteen (18), he or she may only use our website under the supervision  of a parent or legal guardian who agrees to be bound by this Privacy Policy whilst accessing our  website and services. If we become aware that we have collected Personal Data from children  without verification of parental or guardian consent, we will take steps to remove that information  from our servers and files/records. 

If you become aware of any data, we have collected regarding persons under the age of 18, please  do not hesitate to contact us at privacy@javahouseafrica.com 

  1. WHAT ARE YOUR PRIVACY RIGHTS? 

Subject to legal and contractual exceptions, you have rights under data protection laws in relation  to your Personal Data. These are listed below: – 

  1. Right to be informed that we are collecting Personal Data about you. 
  2. Right to access Personal Data that we hold about you and request information about how  we process it. 
  3. Right to request that we correct your Personal Data where it is inaccurate or incomplete. Please note that you may at any time review or change the information in your account by contacting us through privacy@javahouseafrica.com
  4. Right to request that we erase your Personal Data noting that we may continue to retain  your information if obligated by the law or if the retention is for necessary and lawful  purposes. 
  5. Right to object and withdraw your consent to processing of your Personal Data where we  are relying on consent to process your Personal Data. However, this will not affect the  lawfulness of any processing carried out before you withdraw your consent. If you  withdraw your consent, we may not be able to provide certain products or services to you. 
  6. We may continue to process your information, thereby overriding your data privacy rights  and interests if we have a legitimate or legal reason to do so. 
  7. Right to request restricted processing of your Personal Data noting that we may be entitled  or legally obligated to continue processing your data and refuse your request. h. Right to lodge a complaint with the regulator that is tasked with Personal Data protection  within the Republic of Kenya.

9 | P a g e 

  1. WHAT HAPPENS IN THE CASE OF NON-COMPLIANCE WITH THIS PRIVACY POLICY? Either You or Java House shall have the right to terminate this contractual relationship or any  agreement herein, for either party’sfailure to comply with the provisions of this Privacy Policy and Java House reserve the right to reject any application for information contrary to this Privacy  Policy. 
  2. DO WE MAKE MODIFICATIONS/AMENDMENTS TO THIS POLICY? 

We reserve the right to modify and update this Privacy Policy from time to time. We will bring  these changes to your attention should they be indicative of a fundamental change to the  processing or be relevant to the nature of the processing or be relevant to you and impact your  data protection rights. 

Any amendment or modification to this Privacy Policy will take effect from the date of notification  on our website. We encourage you to review this Privacy Policy frequently to be informed of how  we are protecting your information. If you do not agree with the proposed changes, you should  discontinue your use of our services and website prior to the time the new Privacy Policy takes  effect. 

If you continue using our services and website after the new Privacy Policy takes effect, you will  be bound by the modified Privacy Policy.  

  1. TRANSFER OF DATA  

Your information and Personal Data, including sensitive Personal Data, may be transferred to — and maintained on — computers and/or servers located outside of Kenya. The processing of  sensitive Personal Data out of Kenya shall only be affected by us upon obtaining your consent and  with confirmation that there are appropriate safeguards in place to guard the integrity of your  data. We always maintain the highest standards of security and cybersecurity safeguards whilst  handling your Personal Data. If you are located outside Kenya and choose to provide information  to us, please note that we transfer the data, including Personal Data, to Kenya and process it there.  Your consent to this Privacy Policy followed by your submission of such information represents  your agreement to that transfer. We will take all steps reasonably necessary to ensure that your  data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal  Data will take place to an organization or a country unless there are adequate controls in place  including the security of your data and other personal information.

10 | P a g e 

Where we transfer your Personal Data out of Kenya, we ensure a similar degree of protection is  afforded to it by ensuring that there are appropriate safeguards in place with respect to the  security and protection of your Personal Data. Please contact us if you want further information  on the specific mechanism used by us when transferring your personal data out of Kenya. 

Please note that if our business is acquired or merged with another company, your information  may be transferred to the new owners.  

  1. HOW CAN YOU CONTACT US ABOUT THIS POLICY? 

If you would like to: access, correct, amend or delete any personal information we have about  you, register a complaint, or simply want more information; contact our DPO  at privacy@javahouseafrica.com.  

If you have any questions about this Privacy Policy, please contact us using the details set out  below: 

Contact details: 

Our full details are: 

  • Full name of legal entity: Nairobi Java House Limited 
  • Name of Data Protection Officer: Orge Godana 

E-mail address: privacy@javahouseafrica.com.  

Telephone number: +254 716 334 621 

If you are not satisfied with the response that you receive from us, you may, where applicable,  contact the relevant data protection regulator in your jurisdiction. 

We will provide information on the way complaints to regulators may be made, if requested to do  so. 

If you have any further questions about this Privacy Policy, please email us at:  privacy@javahouseafrica.com.