Tel: +254 20 6917 000

Data Privacy Policy


All references to ‘our’, ‘us’, ‘we’ or ‘company’ in this policy and in the opt-in, notice are deemed to refer to CFAO Kenya Limited, its subsidiaries, affiliates and/or associates, as appropriate.

In our endeavor to protect your personal information, we provide this privacy and cookie policy to help you to understand what we may do with any personal information that we obtain from you. By giving us your personal information, you accept our privacy and cookie policy and agree that we may collect, use and disclose your personal information as described in it. If you don’t agree to the policy, please don’t provide CFAO Kenya with your personal details.

This privacy and cookie policy is incorporated into, and forms part of, the Terms of Use that govern your use of the site in general, and the Terms of Sale which sets out the legal terms and conditions on which we sell any of the products (Product/s) listed on our site to you. We will use your information only for the purposes set out in this policy.

We may need to update this privacy and cookie policy from time to time. We recommend that you check this page regularly to ensure that you have read the most recent version of the policy.

We respect your privacy, and we are committed to keeping your Personal Data secure and managing it in accordance with our legal responsibilities under the applicable data protection laws.

  1. What Personal Data Do We Collect and How Do We Use your Personal Data?

You can access  a large part of our Website without being required to provide any Personal Data to us. However, for certain services and purposes, you need to provide Personal Data to us for us to be able to process your order, respond to your inquiry or to send marketing promotions, messages or other relevant information to you.

In addition to the information you are required to provide to us, we collect certain information when you visit our Website. Requested information on the Website marked with an asterisk* is mandatory. If you do not provide the requested information, we will not be able to deliver the service or product to you.

We have specified the Personal Data we collect, the purposes for which we use the Personal Data and how long we will generally retain your Personal Data as follows:

  • Processing your order to be able to process your payment and to deliver the requested product or service to you.

We need your name, e-mail address, telephone number (For mobile money payment or in case we need to communicate to you about your order), your address or that of the recipient of our goods/services, payment information. This is also required for our sales administration.

The use of this Personal Data is to perform our agreement with you or to comply with legal obligations, such as tax and accounting  regulations. Our online sales records will be retained by us for at least 5 years or longer if required by tax or accounts.

Our online sales process involves inquiries made online and a customer service staff will get in touch either through email and quotation or a phone call based on what information may be required. If you then make another purchase, we are able to link this order to the same contact details. We do this to avoid duplication of data and to ensure we can fulfil your purchase order. You can also request to remove this data via Customer Service Team

  • Customer Services

For answering your questions if you have submitted a question via the Website concerning Customer experience, product returns, queries or feedback.

In this case, we process your e-mail address or phone number (depending on how you have contacted us) and the question or issue you have raised with us. We register your requests, questions and our responses and other actions to handle your request. Customer Service will retain all information for 1 year after your query or complaint has been solved or the inquiry was closed.

  • Sending Marketing Promotional Emails (and other information emails).

If you have subscribed or requested to receive CFAO Kenya Newsletters/ Promotional emails, we use the email address you have provided to send you our updated promotions / information emails and you will be added automatically to our customer database.

If you have ordered one of our products via our Website or social media handles , we may also send you commercial messages to inform you of our other similar products that we think may be of interest to you. If you no longer wish to receive commercial messages from us, you can unsubscribe at any time by using the unsubscribe button on the footer of each email or alternatively you can contact Customer Service Team.

The use of your Personal Data is to process your subscription, so as to perform our agreement with you, or  to send our customers information about our products. We will remove your email address once you have opted-out/unsubscribed from receiving the newsletter/promotional email, unless this is also used and retained for other purposes listed in this Privacy Policy.

  • Marketing

Information about your purchases, your online searches and social media activity (such as Twitter, LinkedIn, Facebook & Instagram) (clicks and views), your settings on our Website, the items in your shopping cart, your customer service requests and contact history can be combined by us.

This information enables us to use different channels for relationship management and marketing of our products and services to you via Promotional emails, social media or online advertising which may include personalizing Website/Email/ App and Social Media content and offers so these are tailored to your preferences.

You can always opt-out of receiving our promotional emails and you can always object to our use of your Personal Data for direct marketing purposes (please see information on Your Rights to Access, Rectification, Deletion, Restriction and Data Portability & Your Right to Object).

We use this Personal Data as it is necessary  to be able to promote our products and services to our customers and website visitors, to enable us to attract  customers, to improve the sale of our products and services and to finance our Website (via online advertisements). We will retain the Personal Data as specified under the relevant purposes for which the Personal Data will have been collected (e.g., promotional messages, account information, processing orders and payments).

The Personal Data shall generally be deleted within 5 years after your last order on our CFAO Kenya website or digital platforms, except where we are legally required to retain the Personal Data or where it is kept for any of the other purposes as described in the privacy policy.

Participate in research activities

We also may request you to participate in research activities such as: surveys, pilots, panels, focus groups, and other research activities. Depending on the research activity, we will collect different sets of Personal Data. You will always be informed prior to the research activity what Personal Data we will collect and for what purpose we will collect this Personal data. We will provide research activities either with your consent or because we have a legitimate interest, depending on the type and nature of the research activity.

To enable you to participate in sweepstakes, contests or other promotions

To administer the sweepstake, contest or other promotion, in which you choose to participate. Some of these promotions have additional rules containing information about how we will use and disclose your Personal Data. We use this information to manage our contractual relationship with you.

Information about your visit to & use of our Website/ Apps/Promotional Emails

We collect certain information when you visit our Website such as your: IP address, the web pages you visit, the name of your computer, and type of internet browser, clicks and views.

We also keep track of how you use our Website and commercial messages: the commercial messages you open, pages you view, parts you read and which device you use and when so we can customize, the Website and our promotional emails to your preferences.

The information about your use of our Website and services enables us to build segments, which are groups of website visitors or customers with a number of common characteristics such as age group, gender and region or product interest.

We use segments to customize the Website and to change the order of search results or where we place certain offers so you are more likely to see them. We may also use segments to show relevant commercial messages to you.

We use this Personal Data as it is necessary  to do so to be able to promote our products and services to our customers and website visitors,

To enable us to attract  customers, improve the sale of our products and services, to finance our Website (via online advertisement). We will retain the Personal Data for a maximum of 1 year.

Maintenance and optimization of our Website.

Your Personal Data will also be used for maintenance and analysis of our Website to solve performance issues, to improve the availability and to secure the website against fraud (e.g. in case of repeated attempts to log-in or to make a purchase or if the purchase is made where there is non-compliance with our terms and conditions, e.g. by individuals under 21). The analysis also enables us to check whether the online ordering process works efficiently so that we can improve, where possible. We log all use of our Website.

Our use of your Personal Data for these purposes is necessary for legitimate purposes and will be obtained with your consent  and retained for a maximum period of time of 1 year.

  1. How We Share Your Personal Data

We may need to share Personal Data with third parties to help us provide services and products to you and to run our Website. These third parties are:

  • for the purpose of storing Personal Data processed via the Website, due to shared IT systems.

Service providers (such as Web developers, Credit card processing agents, Cloud Hosting) where this is needed to provide us with a service or to (help us) provide or deliver the service or product ordered by you on the Website (including our third-party delivery provider) and to provide data analytics services

  • Social Media Providers, such as Twitter, LinkedIn, Facebook and Instagram where necessary and whilst following proper procedure.
  • Payment service providers that will act as data controller in order to obtain and process payments made by you via the Website;
  • Independent debt recovery agencies, solicitors or other agents for the purpose of collecting monies due or outstanding on your account;

In case CFAO Kenya sells all or some of the assets or shares of the company to which Personal Data was transferred to a third party, your Personal Data may be provided to this third party.

These parties may be located in other parts of Africa, the United States, Canada, European Union or other countries in the European Economic Area or elsewhere in the world.  When Personal Data is stored in the US or within the EEA, we will ensure an adequate level of protection of the transferred Data. We require service providers to use appropriate measures to protect the confidentiality and security of the Personal Data.

We may also need to provide Personal Data to law enforcement bodies in order to comply with any legal obligation or court order.

  1. Security of Personal Data

We will take appropriate technical, physical and organizational measures to protect the Personal Data collected through the Website from misuse or accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or access, that are consistent with applicable privacy and data security laws and regulations. However, no internet-based site can be 100% secure and we cannot be held responsible for unauthorized or unintended access that is beyond our control.

Our Website may contain links to other websites. We are not responsible for the privacy practices, content or security used by such other websites, which shall not be governed by this Privacy Policy. We advise you to always carefully read the privacy policies on these other websites.

  1. Retention of Your Personal Data

We will retain your Personal Data for as long as legally required or for as long as necessary to provide you with any requested services or for any of the other purposes listed in this Privacy Policy.

The specific retention terms are listed in this Privacy Policy for each of the relevant purposes.

We will take reasonable steps to destroy or de-identify Personal Data we hold if it is no longer needed for the purposes set out above or after the expiration of the defined retention term.


What are cookies and what cookies do we use on this site? Like many other websites, we use “cookies” to help us gather and store information about visitors to our websites.

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device.

You can find more information about cookies at: Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. The cookies which may be used on this site have been categorized as shown below:

International Chamber of Commerce UK Cookie guide as follows:

Strictly Necessary Cookies; these cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Performance Cookies; These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All of the information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

Functionality Cookies; These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.

Targeting Cookies or Advertising Cookies; these cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission.

They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organization.

How do I enable/disable cookies? You can accept or decline (enable or disable) cookies by changing the settings in your browser. However, if you disable cookies, you may not be able to use all the interactive features of the site.

  1. Your Rights to Access, Rectification, Deletion, Restriction and Data Portability

You have the right to request an overview of your Personal Data processed by or on behalf of us. You have the right to have your Data rectified, deleted or restricted (as appropriate). You can exercise this right by contacting the Customer Service Team.

Please note that requests that do not meet the requirements set out by applicable law or CFAO Kenya guidelines may be requested to be re-issued or ultimately denied and that certain Personal Data may be exempt from such access, rectification and deletion requests pursuant to applicable data protection laws or other laws and regulations.

Please note that we will retain Personal Data where it is legally required for us to do so, which applies e.g., to sales administration.

You have the right to receive the Personal Data that you have provided to us in a structured, commonly used and machine-readable format, and in certain circumstances we will, at your request, transmit your Data to another controller where this is technically feasible.

You have the right to file a complaint with your local data protection authority where you feel that the collection and use of your personal data is not procedural or legal.

Right to Object

You also have a right, in certain circumstances, to require us to stop processing your Personal Data, but where we have compelling legitimate grounds, we will continue processing your Personal Data.

However, you have the right to object to our use of your Personal Data for direct marketing purposes, including profiling, and when you do so, we will accommodate your request.

Where you have provided consent to our use of your Personal Data, you have the right to withdraw your consent without this effecting the lawfulness of our use of this Data before your withdrawal.


We will keep this Privacy Policy under review and make updates from time to time. Any changes to this Privacy Policy will be posted on our Website page and to the extent reasonably possible, will be communicated to you.

  1. Contact

If you wish to exercise any of your data subject rights, you can contact us at Customer Relations Team. Please note that we may request proof of identity. If you have any other question, objection to our use of your Personal Data or a complaint about this Privacy Policy or about our handling of your Personal Data, you can mail Customer Service Team.