Privacy Policy

Privacy Policy for Ryansfoods
Last updated: 23 December 2025

This Privacy Policy explains how James & Ben Enterprise (“James & Ben”, “we”, “us”, “our”) collects, uses, shares and protects personal data when you visit or make a purchase from ryansfoods (the “Website”) or otherwise interact with us.

We are committed to protecting your privacy and handling your personal data in a lawful, fair and transparent manner in accordance with applicable data protection laws, including, where relevant, the EU/EEA General Data Protection Regulation (GDPR) and similar laws in other jurisdictions.

By using the Website, you acknowledge that you have read and understood this Policy.

1. Data Controller

The entity responsible for determining how and why your personal data is processed is:

James & Ben Enterprise
Made in Kenya by James & Ben Ent. at KIRDI
P.O. Box 30650-00100
Popo Road, South C
Nairobi, Kenya

Email:

  • info@ryansfoods.co.ke
  • instantryans123@gmail.com

If you have any questions about this Policy or our data practices, you can contact us using the details above.

If we are required under GDPR to appoint an EU/EEA or UK representative, we will update this Privacy Policy with their contact details.

2. What Personal Data We Collect

We only collect personal data that is relevant and necessary for the purposes described in this Policy.

2.1 Data you provide directly

When you interact with us, you may provide the following information:

  • Account and identity data
    • Name
    • Email address
    • Phone number (if provided)
    • Billing and delivery address
  • Order and transaction data
    • Products purchased (e.g. Instant Uji Mix)
    • Order dates, amounts and payment status
    • Delivery instructions
    • Correspondence related to your order
  • Communication data
    • Messages you send via email, contact forms or social media
    • Feedback, product reviews or survey responses
  • Marketing preferences
    • Your consent and preferences for receiving newsletters, offers or updates

2.2 Data we collect automatically

When you visit our Website, we may automatically collect:

  • Technical data
    • IP address
    • Browser type and version
    • Device type, operating system
    • Time zone setting and approximate location
    • Referring websites and URLs
  • Usage data
    • Pages you view, links you click
    • Time spent on pages
    • How you navigate the Website

This data is typically collected through cookies and similar technologies (see Section 6).

2.3 Data from third parties

We may receive information about you from:

  • Payment providers (e.g. confirmation of payment status)
  • Delivery and courier services (e.g. delivery updates)
  • Analytics providers (e.g. aggregated or anonymised usage statistics)
  • Social media platforms (if you interact with our pages or content there)

3. Purposes and Legal Bases for Processing

Where GDPR applies, we must identify a legal basis for processing your personal data. We rely on the following:

3.1 Performance of a contract (Article 6(1)(b) GDPR)

We process your data as necessary to:

  • Create and manage your customer account
  • Process and deliver your orders of instant uji mix and related products
  • Provide customer service and handle returns, exchanges or complaints
  • Communicate with you about your orders, delivery and payments

3.2 Legitimate interests (Article 6(1)(f) GDPR)

We may process personal data where it is necessary for our legitimate interests and where your interests and fundamental rights do not override those interests. Our legitimate interests include:

  • Running, improving and securing our Website and business
  • Understanding how customers use our products and Website
  • Preventing fraud, misuse or security threats
  • Enforcing our terms and conditions and defending legal claims
  • Limited and proportionate direct marketing to existing customers (e.g. emails about similar products), where permitted by law

You have the right to object to processing based on legitimate interests (see Section 10).

3.3 Consent (Article 6(1)(a) GDPR)

We will rely on your consent when:

  • You subscribe to our newsletter or marketing communications
  • We use non-essential cookies or similar technologies (for analytics or marketing)
  • We use your data for certain optional surveys, competitions or promotions

You may withdraw your consent at any time (see Section 10.5), without affecting the lawfulness of processing based on consent before its withdrawal.

3.4 Legal obligation (Article 6(1)(c) GDPR)

We may process your personal data to comply with legal obligations, such as:

  • Tax, accounting and financial reporting requirements
  • Responding to lawful requests from public authorities or courts

4. How We Use Your Data

We use personal data for the following purposes:

  • To provide our products and services
    • Receiving and handling orders for instant uji mix and related products
    • Processing payments and issuing invoices or receipts
    • Delivering products to your chosen address
  • To communicate with you
    • Sending order confirmations, delivery updates and service messages
    • Responding to your enquiries, complaints or requests for information
  • To improve our products and Website
    • Analysing usage patterns to understand what customers like and need
    • Developing new products, flavours or formats based on feedback
  • For marketing and promotions
    • Sending newsletters, offers, and product updates (where allowed)
    • Running promotions, surveys or competitions
  • For security, fraud prevention and legal purposes
    • Protecting our Website and systems against misuse or attacks
    • Investigating and preventing fraud or suspicious activity
    • Establishing, exercising or defending legal claims

5. Data Sharing and Disclosure

We do not sell your personal data.

We may share your data with:

  1. Service providers (data processors)
    These are third parties who process data on our behalf, under a written contract, and only according to our instructions. They may include:
    • Web hosting and IT infrastructure providers
    • Payment gateways and financial service providers
    • Delivery and courier companies
    • Email service providers and marketing tools
    • Customer support platforms and survey tools
  2. Professional advisers
    • Lawyers, accountants or auditors, where necessary for legitimate business purposes and subject to confidentiality obligations.
  3. Authorities and legal bodies
    • Law enforcement, regulatory or governmental authorities where we are legally required to do so or where it is necessary to protect our rights or the rights of others.
  4. Business transfers
    • If we are involved in a merger, acquisition, restructuring or sale of all or part of our business, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

Where we use data processors, we take steps to ensure they provide sufficient guarantees that your data is processed securely and in compliance with applicable data protection laws.

6. Cookies and Similar Technologies

Our Website may use cookies and similar technologies to:

  • Enable core Website functionality (e.g. shopping cart, login)
  • Remember your preferences
  • Analyse how users interact with the Website
  • Support marketing and advertising efforts (where permitted)

You can manage your cookie preferences through your browser settings and, where provided, through our cookie banner or consent tool. Disabling certain cookies may affect the functionality of the Website.

For more detail, we may provide a separate Cookie Policy that explains the types of cookies we use and how long they last.

7. International Data Transfers

Our business is based in Kenya, and your personal data may be stored and processed there.

We may also use service providers located in other countries, including countries outside the EU/EEA or UK, which may not offer the same level of data protection. Where GDPR or similar laws apply, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Other lawful transfer mechanisms and contractual protections

You may request more information about these safeguards by contacting us.

8. Data Retention

We keep your personal data only for as long as necessary for the purposes for which it was collected, including to:

  • Fulfil your orders and provide customer service
  • Comply with legal, accounting or reporting obligations
  • Resolve disputes and enforce our agreements

Retention periods depend on the type of data and the purpose. For example:

  • Order and transaction data – typically retained for at least 5–7 years (or longer if required by tax and accounting laws).
  • Customer support communications – retained as long as necessary to resolve your query and for a reasonable period thereafter.
  • Marketing data (email subscriptions) – retained until you unsubscribe or withdraw consent.

When data is no longer needed, we will delete or anonymise it in a secure manner.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include:

  • Secure servers and firewalls
  • Access controls and authentication for our systems
  • Encryption in transit (e.g. HTTPS) where feasible
  • Regular monitoring and backups

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. Your Rights (GDPR and Similar Laws)

Where the GDPR or similar data protection laws apply to you, you may have the following rights regarding your personal data:

10.1 Right of access

You can request confirmation of whether we process your personal data and obtain a copy of that data together with information about how it is processed.

10.2 Right to rectification

You can ask us to correct or complete any inaccurate or incomplete personal data we hold about you.

10.3 Right to erasure (“right to be forgotten”)

You can request the deletion of your personal data where, for example, it is no longer needed for the purposes for which it was collected, or you withdraw consent and there is no other legal basis for processing. This right may be limited where we must retain data to comply with legal obligations.

10.4 Right to restriction of processing

You may request that we restrict the processing of your data in certain circumstances, for example while we verify its accuracy or where you have objected to our use of it.

10.5 Right to withdraw consent

Where we rely on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal, but we will stop processing your data for those purposes.

10.6 Right to data portability

You may have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible and where processing is based on consent or contract.

10.7 Right to object

You may object at any time to:

  • Processing based on our legitimate interests, on grounds relating to your particular situation; and
  • Direct marketing, including profiling for marketing purposes. If you object to direct marketing, we will stop sending it.

10.8 Right to lodge a complaint

If you believe that we have infringed your data protection rights, you have the right to complain to your local data protection authority. We encourage you to contact us first so we can try to resolve your concerns.

11. Exercising Your Rights

To exercise any of the rights described above, or to ask questions about this Policy or our data practices, please contact us at:

  • info@ryansfoods.co.ke
  • instantryans123@gmail.com

We may need to verify your identity before fulfilling your request. We aim to respond within the time limits set by applicable law.

12. Children’s Privacy

Our Website and products are not intended for children under 18 years of age, and we do not knowingly collect personal data from children.

If you believe that a child has provided us with personal data without appropriate consent, please contact us and we will take steps to delete such data as required by law.

13. Links to Other Websites

Our website may contain links to third-party websites, plug-ins or services. We are not responsible for the privacy practices or content of such third parties. We encourage you to read the privacy policies of every website you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, products, legal requirements or other factors.

When we make material changes, we will:

  • Update the “Last updated” date at the top of this Policy; and
  • Where required by law, seek your consent or provide additional notice.

Your continued use of the Website after any changes become effective constitutes your acceptance of the updated Policy.