Welcome to Chandarana Foodplus Supermarkets

Privacy Policy

  1. Introduction

Welcome to Chandaranarana Supermarkets LTD.

*Chandarana Supermarkets LTD (“us”, “we”, or “our”) operates foodplus.co.ke (hereinafter referred to as “Services”).

Our Privacy Policy governs your visit to foodplus.co.ke, and explains how Chandarana Supermarkets LTD collects, safeguards and discloses information that results from your use of our Services.

We use your data to provide and improve Service. By using our Services, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitutes your agreement with us (“agreement”).

  1. Definitions

Using our SERVICES means:

  • Buying / Ordering services or products from any of our branches over the phone, via WhatsApp, through email, in store or online from us or any of our partners
  • Using any of our platforms, including websites (“our Websites”), public Wi-Fi networks, or mobile applications (“our Mobile Apps”); or
  • Being a member of any of our loyalty programs
  • Taking part in our promotions & competitions and registering to receive our newsletters and offers
  • This Policy also applies if you contact us or we contact you about our Services.

PERSONAL DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

COOKIES are small files stored on your device (computer or mobile device).

DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

DATA SUBJECT is any living individual who is the subject of Personal Data.

THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

  1. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

  1. Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

0.1. Email address

0.2. First name and last name

0.3. Phone number

0.4. Address, Country, County, Province, ZIP/Postal code, City

0.5. Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by contacting us.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through any device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a device, this Usage Data may include information such as the type of device you use, your device unique ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

0.1. Session Cookies: We use Session Cookies to operate our Service.

0.2. Preference Cookies: We use Preference Cookies to remember your preferences and various settings.

0.3. Security Cookies: We use Security Cookies for security purposes.

0.4. Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Other Data

While using our Services, we may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at place of residence and actual address, telephone number (work, mobile), office location and other data.

  1. Use of Data

Chandarana Supermarkets LTD uses the collected data for various purposes:

0.1. to provide and maintain our Service;

0.2. to notify you about changes to our Service;

0.3. to allow you to participate in interactive features of our Service when you choose to do so;

0.4. to provide customer support;

0.5. to gather analysis or valuable information so that we can improve our Service;

0.6. to monitor the usage of our Service;

0.7. to detect, prevent and address technical issues;

0.8. to fulfil any other purpose for which you provide it;

0.9. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

0.10. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;

0.11. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;

0.12. in any other way we may describe when you provide the information;

0.13. for any other purpose with your consent.

  1. Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

  1. Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Kenya and choose to provide information to us, please note that we transfer the data, including Personal Data, to Kenya and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Chandarana Supermarkets LTD will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

  1. Disclosure of Data

We may disclose personal information that we collect, or you provide:

0.1. Disclosure for Law Enforcement.

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

0.2. Business Transaction.

If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.

0.3. Other cases. We may disclose your information also:

0.3.1. to our subsidiaries and affiliates;

0.3.2. to contractors, service providers, and other third parties we use to support our business;

0.3.3. to fulfill the purpose for which you provide it;

0.3.4. for any other purpose disclosed by us when you provide the information;

0.3.5. with your consent in any other cases;

0.3.6. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.

  1. Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

  1. Your Data Protection Rights



Before processing personal data, a data controller or processor is required to inform the data subject on the nature and scope of the personal data, the reasons for processing the required personal data and whether it shall be shared with the third parties.

The data controllers or data processors have an obligation to ensure that a data subject has the capacity to understand and communicate their consent, they are informed of the nature of processing in simple and clear language that is understandable, they voluntarily give consent; and the consent is specific.

Processing of data

A data subject may request a data controller or data processor to restrict the processing of their personal data on grounds that: 2

  1. a) the data subject contests the accuracy of their personal data;
  2. b) the personal data has been unlawfully processed and the data subject opposes erasure and requests restriction instead;
  3. c) the data subject no longer needs their personal data but requires it to be kept in order to establish, exercise or defend a legal claim; or
  4. d) a data subject has objected to the processing of their personal data and a data controller or data processor is considering legitimate grounds that override those of the data subject.


Importantly, a data subject may request a data controller or data processor to rectify their personal data, which is untrue, inaccurate, outdated, incomplete or misleading. The application may be supported by the necessary documents relevant to the rectification being sought. Upon receiving the request, a data controller or data processor shall within seven days of receipt of the request, rectify an entry of personal data in the database where the data controller or data processor is satisfied that a rectification is necessary. In the event of a decline the data controller or data processor shall notify a data subject of that refusal and provide reasons


The Right to Object

A data subject has the right to object to processing where it may result in an unwarranted interference with their interests or rights by requesting a data controller or data processor not to process their personal data. An objection may be in relation to all or part of the personal data held by a data controller or data processor on a data subject.


Data Access request

A data subject may request to access their personal data. Upon the request, a data controller or data processor shall provide access to a data subject of their personal data in its possession, put in place electronic or manual mechanisms to enable a data subject access their personal data or provide the data subject with a copy of their personal data and details of the use and disclosure of their personal data.

A request for access to personal data may be declined on the grounds that:

  1. a) giving access would result to a serious threat to the life, health or safety of a data subject, or to public health or public safety;
  2. b) giving access would have an unreasonable impact on the privacy of any other data subject;
  3. c) the request for access is frivolous and vexatious;
  4. d) giving access would be unlawful;
  5. e) denial of access is authorized by an order of the court; and
  6. f) giving access would likely reveal evaluative information generated by the data controller or data processor in connection with a commercially sensitive decision-making process.

3 The Regulations provide that compliance with a request for access to personal data shall be free of charge.


Data Portability

A data subject may apply to transfer or copy their personal data from one data controller or data processor to another. Upon receipt of the application, a data controller or data processor shall within thirty days and upon payment of any charge port personal data to the data subject’s choice of recipient.


Right of erasure.

A data subject has the right to have their personal data erased if—

  1. a) the personal data is no longer necessary for the purpose which it was originally collected;
  2. b) the data subject withdraws their consent that was the lawful basis for retaining the personal data;
  3. c) the data subject objects to the processing of their data and there is no overriding legitimate interest to continue the processing;
  4. d) the processing of personal data is for direct marketing purposes and the individual objects to that processing;
  5. e) the processing of personal data has been unlawful including in breach of the lawfulness requirement; or
  6. f) required to comply with a legal obligation.


A request for erasure shall be dealt with within fourteen days of the request.

The right does not apply if processing is necessary for one of the following reasons:

  1. a) to exercise the right of freedom of expression and information;
  2. b) to comply with a legal obligation;
  3. c) for the performance of a task carried out in the public interest or in the exercise of official authority;
  4. d) for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  5. e) for the establishment, exercise or defence of a legal claim.


  1. Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  1. Analytics

We may use third-party Service Providers to monitor and analyze the use of our Services.

  1. CI/CD tools

We may use third-party Service Providers to automate the development process of our Services.

  1. Behavioral Remarketing

We may use remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Services.

  1. Links to Other Sites

Our Services may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

  1. Children’s Privacy

Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).

We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

  1. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

  1. Contact Us

If you have any questions about this Privacy Policy, please contact us by email: info@chandaranasupermarkets.co.ke.