GroFresh - Authentic Indian Groceries UK🚚 Free delivery over £40⚡ Same-day delivery across Manchester📦 UK-wide delivery⭐ Trusted by Indian families across the UK

How we use account, order, delivery, and website data.

This policy explains what personal information GroFresh collects, why we use it, who we share it with, and the choices you have as a customer in the UK.

UK-wide online grocery deliveryLast updated 14 May 2026

Who we are

GroFresh is a trading name of Kerala Super Mart LTD, a company registered in England and Wales. When this policy refers to 'we', 'us', or 'our', it means Kerala Super Mart LTD trading as GroFresh, operating the website grofresh.co.uk.

Kerala Super Mart LTD is the data controller responsible for the personal information collected through this website.

We process your personal data in accordance with the UK GDPR (the retained EU General Data Protection Regulation as it forms part of UK law) and the Data Protection Act 2018, and we uphold the data protection principles set out in that legislation. The UK Information Commissioner's Office (ICO) is the supervisory authority for data protection in the UK.

What information we collect

We collect information directly from you, from your use of the site, and from trusted service providers such as payment, fraud, and delivery partners.

Account details such as your name, email address, phone number, and saved addresses
Order information including basket contents, delivery details, and payment status
Support communications and account history (including refund requests submitted for damaged or expired-on-arrival items)
Technical data such as IP address, browser type, device information, and on-site activity
Marketing preferences and cookie choices where you give them

How we use your information

Our main legal bases are contract, legitimate interests, legal obligations, and consent where consent is required.

To create and manage your account
To process payments, pack orders, and arrange delivery
To send order updates, service messages, and support responses
To prevent fraud, misuse, and security incidents
To improve site performance, reporting, and customer experience
To send marketing where you have opted in or where we can rely on a lawful soft opt-in

Who we share information with

We share personal information only where it is necessary to run the store. This may include payment providers, couriers, customer support platforms, fraud prevention services, analytics providers, and technology partners that host or maintain the site.

We may also disclose information where required by law, regulation, court order, or to protect our rights, customers, or business.

Retention

We keep account and order records for as long as needed to supply our services, manage disputes, and meet tax, accounting, and legal obligations. Some records may be kept for up to 6 years after your last transaction where this is required for compliance purposes.

Support enquiries and marketing records are kept only for as long as needed for the relevant purpose or until you ask us to stop, subject to any legal retention requirements.

Cookies and similar technologies

We use essential cookies to keep the site secure, remember your basket, and support checkout. We may also use analytics or marketing cookies where you have accepted them.

You can manage cookie choices through your browser settings and any cookie controls we make available on the site. For a full list of the cookies we use and how to control them, see our Cookie Policy.

Security

We use industry-standard security measures including encrypted connections (HTTPS), access controls, and regular reviews of data handling practices to protect your personal information.

Payment card data is processed directly by our payment provider (Stripe) and is not stored on our servers. While we take reasonable steps to protect your data, no method of transmission or storage is completely secure.

Transfers outside the UK

Some of our service providers may operate or store data outside the UK. Where this happens, we ensure appropriate safeguards are in place in line with UK data protection law, such as standard contractual clauses approved by the ICO or transfers to countries with an adequacy decision.

Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by a notice on the site. The 'last updated' date at the top of this page shows when it was last revised.

Your rights

Under the UK GDPR and the Data Protection Act 2018 you have the following rights over your personal data:

The right to be informed about how your data is used (this policy)
Request access to the personal data we hold about you (a subject access request)
Ask us to correct inaccurate or incomplete data (rectification)
Request erasure in certain circumstances ('right to be forgotten')
Object to or restrict certain processing activities
Request data portability where the law gives you that right
Rights in relation to automated decision-making and profiling
Withdraw consent for marketing at any time

Exercising your rights and complaints

To exercise any of these rights, contact us at hello@grofresh.co.uk. We will respond within one month of receiving your request, as required by the UK GDPR. There is normally no charge, although we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

If you are unhappy with how we handle your data or your rights request, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to address your concerns first.