Privacy Policy

Privacy notice for Healthy U (2000) Limited (Healthy U) customers accessing our stores, services and apps. We are referred to in this Privacy Notice as “Healthy U”, “we” or “our” or “us”. An individual who is the subject of the personal data is referred to as “Customer”, “User” or “You”.

Healthy U’s employees or third-party vendors personal details are handled in-line with the terms of employment agreement or contractual relationships, or our separate policies that we provide, as relevant, independent of this Privacy Notice.

This Privacy Notice was last updated on 18 January 2024.

Healthy U ( 2000) Limited a limited company registered in the Republic of Kenya.

Registered address: Sarit centre, Westlands, Nairobi, Kenya
Postal Address: 64953-00606

Email address:
Telephone number: +254709694000 or +254719200000

Website: __ “Our website”)

Healthy – U is a Data Controller registered with the Office of the Data Protection Commissioner (registration number 169-4009-CF3A, expiration date 09/01/2026)

We understand how important your personal information is. This privacy notice will inform you how Healthy U uses and looks after your personal information when you visit and shop with us or use any of our services, use our website, buy products from us, or download and interact with our apps.

Our website and apps are not intended for children under the age of 18, and we do not knowingly collect personal information relating to children.

1. What does this Privacy Notice cover
  1. This Privacy Notice explains how we use your personal data: how it is collected, how it is held and how it is processed. It also explains your rights under the law relating to your personal data.
  2. We will process any personal data we collect from you in accordance with this Privacy Notice and our Terms and Conditions of Service (together with any other documents referred to in it). Kindly carefully read this Notice carefully so that you can understand how we handle your personal data.
2. General Information
  1. Processing of personal data is governed by the Data Protection Act, 2019(‘the Act’), The Data Protection General Regulations 2021, The Data Protection (Registration of Data Controllers and Data Processors) 2021, The Data Protection (Complaints Handling and Enforcement Procedures) Regulations 2021 and as may be amended from time to time, and any other regulations made thereunder (collectively, “the Data Protection Legislation”).
  2. Personal data refers to any information about you that enables you to be identified as individual such as your name, contact details, identification numbers but it also covers less obvious information such as, electronic location data, and other online identifiers.
  3. The personal data that we collect and use is set out in Part 3.
3. Data we collect about you
  1. 3.1 When you visit one of our stores or use our website we collect personal data about you or if you communicate with us by phone, e-mail and social media.
  2. 3.2 The personal data we collect includes:

    • Personal details such as your name, address, date of birth, email address, phone number and other contact information, transaction information, such as the product you purchased, its price, your method of payment and your payment details.
    • Information about you like your employment details, financial position and information taken from identification documents like your passport or identification number when we review your credit application for our services.
    • Your account information – such as dates of payments owed and received, the subscription services you use or any other information related to your account.
    • The phone numbers that you call/send messages to or the phone numbers that you receive calls/messages from.

  3. 3.3 When you use our website, the details we collect includes:

    • Account data, like your username and password you use to access our website or to buy our products and services.
    • Any relevant detail that you provide in your dealings with us which includes when you register to use our online services, or when you subscribe to our offers or services.
    • IP address and Cookie data which is used as per our Cookie Policy

  4. 3.4 The circumstances when you provide personal data could include when you:

    • Purchase products at our stores.
    • Register or use our website.
    • When you register for our loyalty points scheme.
    • Request to receive marketing or other communications.
    • Enter one of our competitions or when you complete one of our customer surveys.
    • Submit information when you’re providing feedback.

  5. We may collect any sensitive personal data like data relating to your health status biometric data and gender race if we have your explicit consent, or if is in our legitimate interest as a data controller or your interest as our Customer. We do not ethnic social origin, conscience, belief, genetic data, , property details, marital status, family details including names of your children, parents, spouse or spouses, sex or the sexual orientation.
4. How we use your personal data, purposes and lawful basis.

For us to process and use your personal data legally there are a number of options available to us under the Data Protection Legislation. We will categorically set out in this Privacy Notice which option(s) we have chosen for the service we provide to you for processing your personal data.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you
To register you for our loyalty program.  

1. Identity card no

2. Full names

3. Telephone Contact

4. Email address

 (a) Explicit Consent (which consent you may withdraw at any time).

To process and deliver your order or when you are purchasing items from our stores including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(c) Deliver a products and services to you (we may need to share your details with a third party providing a service, such as delivery couriers)


(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications


(a) Performance of a contract with you.

(b) Necessary for our legitimate interests (to recover debts due to us, protect you from fraud and record your marketing preferences)


To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy.

(b) Sending you legally required information relating to your orders or information about products.

(c) Asking you to leave a review or take a survey

(d) Responding to your queries, refund requests or complaints.


(a) Identity

(b) Contact

(c) Profile

(d) Usage


(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated, to study how customers use our products/services, to provide you with the best service and to understand how we can improve our service based on your experience)

To enable you to take part in a prize draw, competition or complete a survey and to allow us to administer any of our prize draws or competitions  

(a) Identity

(b) Contact

(c) Profile

(d) Usage


(a) Performance of a contract with you.

(b) Explicit Consent (which consent you may withdraw at any time).

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

(a) Identity

(b) Contact

(c) Technical


(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

(b) Necessary to comply with a legal obligation

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences and to conduct market research campaigns.  

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
For commercial marketing, to make suggestions and recommendations to you about goods or services that may be of interest to you  

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Explicit Consent (which consent you may withdraw at any time)
  1. 4.1 We will not use your personal data for any other purpose other than the purpose(s) for which it was originally collected, unless we reasonably believe that another purpose is compatible with that or those original purpose(s). If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us.
  2. 4.2 If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so or seek your consent.
  3. 4.3 In some circumstances, where permitted or required by law, we may disclose your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
5. Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers from us

We may use your Identity, Contact, and Usage to form a view on what we think you may want or need, or what may be of interest to you.

You will receive marketing communications from us if you have requested information from us or purchased goods from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, where you have opted in by giving us your explicit consent to receive receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any company outside Healthy-U for marketing purposes.

Opting out

You can ask us to stop sending you marketing messages at any time by:
logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences in your online preference centre;
following the opt-out links on any marketing message sent to you;
sending an email with your full name and address and your preference request by
writing to us at Healthy-U,; or
calling us on +254709694000 or +254719200000.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase.

6. Your rights under the Data Protection Legislation.

Under the Data Protection Legislation, you have the following rights, which we will always work to respect and uphold:

  1. (a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  2. (b) The right to access the personal data we hold about you.
  3. (c) The right to have your personal data corrected if any of your personal data held by us is false, erroneous or misleading.
  4. (d) The right to ask us to delete or otherwise dispose of any of your personal data that we hold.
  5. (e) The right to restrict (i.e. prevent) the processing of your personal data.
  6. (f) The right to object to us to our use of your personal data for a particular purpose or purposes.
  7. (g) The right to withdraw consent. This means that, if we are relying on your consent as the lawful basis for using your personal data, you are free to withdraw that consent at any time.
  8. (h) The right to data portability. You have a right to request your personal data, which you have provided to us in a structured and commonly used format for your own use across different services.
  9. (i) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights), such as:

Full name of the account holder
Postal address
Telephone number
Customer number (if available)
Recent order number (if available)
Email address(s) registered with us (if available).
This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us by email as set out in Part 11.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of the Data Protection Commissioner. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.

Time limit to respond

We try to respond to all legitimate requests within 7 to 30 days. Occasionally it may take us longer than the stipulated time period if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

7. Closed Circuit Television (C.C.T.V.)
  1. 7.1 We use C.C.T.V. system to capture an overview of our stores and for purposes of security of our storess.
  2. 7.2 The C.C.T.V. data we collect is for the purposes of security in the interest of the public and visitors of our stores.
  3. 7.3 What is the lawful basis allowing us to collect and process C.C.T.V. information?
    The lawful basis for processing personal data collected by the system our legitimate interest as set out in Section 30(1)(b)(vii) of The Data Protection Act 2019 for purposes of security of our premises, products, customers and visitors.
  4. 7.4 How long do we keep C.C.T.V. information for?
    The C.C.T.V. data is retained for 30 days, except where an incident has been reported in which case it will be stored for a reasonable period for purposes of evaluating and concluding any incident and then deleted.
  5. 7.5 We may share C.C.T.V. data in limited circumstances as follows:

    1. For detection, prevention or resolution of crime on at our storess;
    2. Where required to share under any statute or a court order of competent jurisdiction; and
    3. With authorised third parties.

8. How we share your personal data.

All data sharing will be undertaken in line with the Data Protection Legislation.

  1. 8.1 Transfer of your personal data outside of the Republic of Kenya.

    • Subject to one or more appropriate safeguards set out in the Data Protection Legislation, we may from time to time transfer your personal data to our suppliers and service providers based outside of the Republic of Kenya for the purposes described in this Privacy Notice.
    • When transferring your personal data we will ensure that it is protected in the same way as if it was being processed in the Republic of Kenya.
    • We will ensure that the recipient country of your personal data has equivalent data protection laws in place and we will put in place a written contract with the recipient that means they must protect it to the same standards as the Republic of Kenya.

  2. 8.2 Within Healthy

    • For administrative and operational purposes we share data internally across our departments in Healthy U as the departments need to access data to fulfil our service to you. The sharing across our departments is reasonable, is in line with Data Protection Legislation, and respects your rights.
    • We hold may your personal data record for you in our service centres as to provide and fulfil our obligations to you and have the most up-to-date contact details for you across services to support your right to accurate data.

  3. 8.3 Outside Healthy U

    • A number of organisations assist us in delivering our services to you but we do not share, store or handle your information with these organisations. We may provide them access, without sharing our personal data, to our platform for purposes of facilitating our service to you. For example, external service providers who assist us in repairing or servicing the products or appliances you purchase from us. We are responsible for your personal data and ensure that appropriate safeguards are in place.
    • We’re obliged by law to share some personal data with Government, law and enforcement agencies. Where possible, we make this anonymous and only share statistics.
    • Where your consent is needed to transfer the data, we will make this clear to you in simple and clear language so you may make an informed decision.
    • We will never share your information if it’s not legal to do so, and will always consider your rights, and whether there is another way of achieving our aim, before doing so.

9. We keep your personal data safe.

We use a high level of protection, both organisational and technical measures, to ensure we process our customers data safely. Some of the measures are:

  • Servers that meet the highest standards for security.
  • Access to data via secure log-in, to which is restricted by our IT teams.
  • Buildings and areas that have access only through staff passes, and secure files stored in areas that are further restricted by passes and keys.
  • Systems are only available through strictly controlled security processes. We ensure that only the right people have access to systems
10. How long do we keep your personal data.

We are required under the Data Protection Legislation to keep your personal data only for specific period as lawfully required. Some of the considerations we take into account when deciding on the retention of your data is:

  • Where it is stipulated under the law; and
  • The necessary time your data is needed for us to deliver the service to you.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

11. How we use Cookies

We use cookies to store and collect information about your use of our website. More information is on our Cookie Policy, which may be accessed from webpage (

12. How to Contact us

If you wish to contact us in respect of part of this Privacy Notice or have any questions or would like further information regarding our handling of your personal data, please contact us by email:

Designation: Human resource Manager
Physical Address: Sarit Centre
Postal Address: 64953-00606
Email address:

13. Amendments to this Privacy Notice

We may change, modify or adopt a new Privacy Notice from time to time.
If we do so, we will post it on our website and at our retail centers. It’s your responsibility to check the Privacy Notice every time you submit your personal data to us.

14. We keep your personal data safe.

Please keep us informed of any changes to your personal data by emailing us with full details of the changes at

Subscribe To Our

Join Our Mailing List