Our menu

Select Menu

Privacy Policy



This Privacy Policy describes how Nairobi Java House Limited (“Java House”) collects, uses or otherwise processes an individual’s Personal Data.

We take your privacy very seriously and when you visit our website and use our services, we commit to protecting your Personal Data. This Privacy Policy is intended to inform you in the clearest way possible how we gather, define, and use Personal Data that you provide to us when using our website, mobile application, and third parties providing services on our behalf or when relying on our services. Please take a moment to read this Privacy Policy carefully.

This Privacy Policy aims to give you information on how we collect and process your personal information through:

  • your use of our website https://javahouseafrica.com/ (for example, when you sign up for any of our services, place orders, interact with our social media platforms, or otherwise use our website).
  • any information you may provide to a member of the Java House team in our branches/stores when accessing our services as a customer.
  • information provided by suppliers, and other third parties engaged by Java House.
  • information provided to Java House when you purchase and/or use a product or service both online and, in our branches, /stores; or
  • data provided to Java House when you take part in any of our marketing campaigns, promotions, loyalty programmes and competitions.

This list is non-exhaustive. Data protection is a matter of trust, and your privacy is important to us and as such we strive to maintain constant compliance with any privacy laws in Kenya as modified from time to time. We will only collect information where it is necessary for us to do so, and we will only collect information if it is relevant to our dealings with you or which otherwise relate to our services. All use of your personal information will be in the manner set out in this Privacy Policy.


  1. “You (r)” refers to, customers, clients, and suppliers.
  2. “Java House”, “us”, “we”, “our” means the entities forming part of Java House Group.
  3. “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, CCTV footage, e-mail address, telephone number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  4. “Data Protection Law” means the Data Protection Act, No. 24 of 2019, and its attendant regulations
  5. “Third Party (ies)” means a natural or legal person, public authority, agency, or body who is authorized to process Personal Data under our direct authority.


We will collect and process Your Personal Data in accordance with the principles below:

  1. The performance of a Product/Service Agreement with you.
  2. Our legitimate business interests such as processing your orders, managing payments, to recover debts and to study how our customers enjoy our products/services.
  3. Compliance with a mandatory legal obligation such as tax and financial reporting requirements such as those stipulated in the Proceeds of Crime and Anti-Money Laundering Act, No. 9 of 2009 as amended from time to time.
  4. Consent you provide.
  5. Public interest such as health and security purposes.

Your vital interest or those of a third party and your interests and fundamental rights do not override those interests. From time to time, we may ask you for your written consent to allow us to process certain types of Personal Data for marketing and promotional purposes (section 9 below) and any other commercial purpose which we will communicate to you. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. It is not a condition of our service provision that you agree to any request for consent from us.


You consent to the processing of your Personal Data if you indicate agreement clearly either by a statement or positive action to the processing activity (e.g., box-ticking/signature/fingerprint).


The Personal Data that we collect depends on the context of your interactions with us, our websites, or applications, the choices you make, and the products and features used and interacted with. The information we collect and store about you includes but is not limited to the following:

  1. Internet Protocol (IP) addresses, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent and other statistics which are collected automatically when you visit our website.
  2. Your financial and transactional data when you use and pay for our services.
  3. Your contact information (phone number and e-mail address), such as when you call us, place an order for delivery or interact with us through social media platforms or email.
  4. We use Closed Circuit Television (CCTV) surveillance recordings to keep you, our staff, other guests, and our premises safe. CCTV devices are installed at strategic locations to provide a safe and secure environment in all Java House premises as a part of our commitment to community safety, security, and crime prevention;
  5. When you request us to make a reservation for you, we will collect and retain your Personal Data such as your name and telephone number.
  6. When you use the WIFI internet connection at our respective branches/premises, we record the device address and log traffic information in the form of sites visited, duration and date data is sent/received.
  7. Cookies to track your activity and interactions when visiting our website or whilst using the Java House loyalty points application (“the Loyalty App”). You can instruct your browser to refuse all cookies, permit a limited number of cookies, accept all cookies, or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions or full functionality of our website.
  8. We also collect your Personal Data in accidents/incident reporting. The data is collected as we have a legal obligation to document these incidents/accidents and to report certain types of accidents, injuries and dangerous occurrences arising out of or in connection with our services to the relevant enforcing authorities.
  9. Your Personal Data when making an order or complaints through Third Party food delivery platforms.
  10. Your name, email address and phone number when registering for our Loyalty App or gift cards.

5.      COOKIES

a)      What are cookies?

A cookie is a small file which stores text-based data about a user’s visit to a website; it is accessed by the website each time that a user re-visits. These files are stored on your computer or mobile/tablet devices or on the hard drive of these devices. It is created on your device(s) each time you visit a website that uses cookies. They are often necessary to ensure a good user experience by, for instance, providing relevant information about a user’s experience, preferences, and interests. Cookies on any website tend to be required for basic use e.g., login data and analytics or on a more complex basis.

For further details about cookies, how they are used and how they can be deleted or disabled, you can visit https://allaboutcookies.org/


b)      How do we use them?

Our website uses cookies to distinguish you from other users and to provide improved functionality when you are browsing. Unless you have adjusted your browser settings to disallow cookies, our systems will issue cookies where necessary to enable efficient functionality and service. If you have switched off your cookies, please be aware that some of the functionality of the website may not work as seamlessly as you may expect.

The cookies that we use only collect anonymized information, however, not all the cookies on our websites are set by us. Please see the section 7 below on third party cookies.

c)       What cookies do we use?

The cookies on our website are generally functional and analytical cookies. Analytical cookies allow us to track and recognize visitors browsing the website, and to see what they are interested in. This data is classified as anonymous demographic data. Functional cookies, on the other hand, relate to the functionality of our websites and allow us to improve the service we offer you online.


d)      Where can I find more information, and how do I turn cookies off or delete cookies?

Most cookies can be blocked by activating a setting in your browser which allows you to opt in/out of some or all cookies. It is worth noting, however, that if you choose to block all cookies, you may not be able to access parts of our website and may therefore have an inefficient experience when trying to access certain pages.

To delete the stored cookies from your device, you may need to refer to your browser settings or handset manual.


We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, our compliance with legal obligations and with your consent. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may use and analyze your information for the following purposes:

  1. Processing products and services that you have bought from Java House or from Third Parties billing you for using our, or Third-Party products or services.
  2. Responding to any of your customer service queries, requests or concerns.
  3. For statistical, survey or business continuity purposes.
  4. Preventing and detecting fraud or other crimes.
  5. To understand how you use our products and services for the purposes of developing or improving them.
  6. In business practices including quality control, training, and ensuring effective systems operation.
  7. To recognize you during subsequent visits to our website and develop customized services tailored to your individual interests and needs.
  8. To comply with any legal, governmental, or regulatory requirement (for example tax returns, accounting and financial reporting requirements, social security requirements and public health regulations) or for use in connection with any legal proceedings.
  9. Where we need to protect your interests (or someone else’s interests regarding security, health and safety, and public health regulations).
  10. Where it is necessary for our legitimate interests or third-party interests, and these outweigh your interests.
  11. To send you marketing and promotional communications (see section 9 below)

(You can contact us at any time to opt out of receiving marketing messages through the simple prescribed methods across our free and accessible communication channels such as SMS, e-mail on the Loyalty App or via our website).

  1. To request your evaluation of your customer experience or feedback.
  2. To contact you about your use of our website or Loyalty App.
  3. To share your Personal Data with Third Parties for the purposes set out in this Privacy Policy; only to the extent permitted by law (see section 10 below)
  4. To share aggregated demographic information during our business with certain Third Parties. This sharing does not include any Personal Data that can identify any individual person.


If you click on a link to a Third-Party website, you will be taken to a website we do not control, and our Privacy Policy will no longer be in effect. Your browsing and interaction on any other website are subject to the terms of use and privacy and other policies of such Third-Party website. Read the privacy policies of other Third-Party websites carefully. We are not responsible or liable for the information or content on such Third-Party websites.


We retain your Personal Data for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you or for as long as is permitted by the legally prescribed periods. For example, we may retain your Personal Data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this Privacy Policy and prevent fraud and abuse.

To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.  Retention of personal data is guided by our internal policy on data retention.  Our data retention schedule shall be under constant periodic review.


We may use and analyze your information to send you marketing and promotional communications for which you have consented and opted in. When you consent and opt-in to receiving our information, we may also send you other information about us, the website, our products, sales promotions, our newsletters, anything relating to other companies in our group or our business partners. If you would prefer not to receive any of this additional information as detailed in this paragraph (or any part of it) please click the ‘unsubscribe’ or opt-out and OTP link in any email/communication that we send to you. You may choose to call us or send us an email to privacy@javahouseafrica.com  to opt-out of receiving such communication. At any stage you also have the right to ask us to stop using your Personal Data for direct marketing purposes and withdraw your consent by notification to us through the contact at privacy@javahouseafrica.com


We may share your Personal Data with Third Parties for the purposes set out in this Privacy Policy; only to the extent permitted by law where it is necessary for the working relationship or where we have another legitimate interest in doing so such as a contractual obligation or legal obligations related to accounting and/or tax purposes.  We may transfer your Personal Data outside Kenya and other entities only within the Java House Group if required. If we do, you can expect a similar degree of protection in respect of your Personal Data.


We intend to keep your Personal Data safe, and we have put in place appropriate technical, organizational and security measures to ensure the integrity, availability, and confidentiality of your data via controls including but not limited to encryption techniques, physical and IT (Information Technology) system access and usage controls, obligations of confidentiality. We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our processing of your Personal Data.

The security of your Personal Data is important to us but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. However, we will do our best to protect your Personal Data.

Data Breach:

A data breach occurs when an unauthorized person(s) gains access to private and sensitive databases, or successfully infiltrates a data storage site and extracts, transfers or steals protected, classified data. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so and within the prescribed timelines.


We do not at any time knowingly/intentionally collect or target information regarding persons under eighteen (18) years of age.

The content of our website is not targeted towards, nor intended for use by anyone under the age of eighteen (18) years. A user must be of the age of majority to access and use our website. If a user is under the age of eighteen (18), he or she may only use our website under the supervision of a parent or legal guardian who agrees to be bound by this Privacy Policy whilst accessing our website and services. If we become aware that we have collected Personal Data from children without verification of parental or guardian consent, we will take steps to remove that information from our servers and files/records.

If you become aware of any data, we have collected regarding persons under the age of 18, please do not hesitate to contact us at privacy@javahouseafrica.com


Subject to legal and contractual exceptions, you have rights under data protection laws in relation to your Personal Data. These are listed below: –

  1. Right to be informed that we are collecting Personal Data about you.
  2. Right to access Personal Data that we hold about you and request information about how we process it.
  3. Right to request that we correct your Personal Data where it is inaccurate or incomplete. Please note that you may at any time review or change the information in your account by contacting us through privacy@javahouseafrica.com.
  4. Right to request that we erase your Personal Data noting that we may continue to retain your information if obligated by the law or if the retention is for necessary and lawful purposes.
  5. Right to object and withdraw your consent to processing of your Personal Data where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
  6. We may continue to process your information, thereby overriding your data privacy rights and interests if we have a legitimate or legal reason to do so.
  7. Right to request restricted processing of your Personal Data noting that we may be entitled or legally obligated to continue processing your data and refuse your request.
  8. Right to lodge a complaint with the regulator that is tasked with Personal Data protection within the Republic of Kenya.


Either You or Java House shall have the right to terminate this contractual relationship or any agreement herein, for either party’s failure to comply with the provisions of this Privacy Policy and Java House reserve the right to reject any application for information contrary to this Privacy Policy.


We reserve the right to modify and update this Privacy Policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.

Any amendment or modification to this Privacy Policy will take effect from the date of notification on our website. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.  If you do not agree with the proposed changes, you should discontinue your use of our services and website prior to the time the new Privacy Policy takes effect.

If you continue using our services and website after the new Privacy Policy takes effect, you will be bound by the modified Privacy Policy.


Your information and Personal Data, including sensitive Personal Data, may be transferred to — and maintained on — computers and/or servers located outside of Kenya. The processing of sensitive Personal Data out of Kenya shall only be affected by us upon obtaining your consent and with confirmation that there are appropriate safeguards in place to guard the integrity of your data. We always maintain the highest standards of security and cybersecurity safeguards whilst handling your Personal Data. If you are located outside Kenya and choose to provide information to us, please note that we transfer the data, including Personal Data, to Kenya and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Where we transfer your Personal Data out of Kenya, we ensure a similar degree of protection is afforded to it by ensuring that there are appropriate safeguards in place with respect to the security and protection of your Personal Data. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Kenya.

Please note that if our business is acquired or merged with another company, your information may be transferred to the new owners.


If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information; contact our DPO  at privacy@javahouseafrica.com.

If you have any questions about this Privacy Policy, please contact us using the details set out below:

Contact details:

Our full details are:

  • Full name of legal entity: Nairobi Java House Limited
  • Name of Data Protection Officer: Orge Godana

E-mail address: privacy@javahouseafrica.com.

Telephone number: +254 716 334 621

If you are not satisfied with the response that you receive from us, you may, where applicable, contact the relevant data protection regulator in your jurisdiction.

We will provide information on the way complaints to regulators may be made, if requested to do so.

If you have any further questions about this Privacy Policy, please email us at: privacy@javahouseafrica.com.