top of page

ABBY PRIVACY POLICY
Last updated: 23 April 2025

1. Introduction

We take our responsibility to our users very seriously. We understand the sensitive nature of the data we process and therefore treat the data we hold on you as special. Your data is handled in the strictest confidence. We share it with third parties only when:

  • we have absolute confidence they share our commitment to data security, and

  • you have given us explicit consent (unless another lawful basis applies – see section 4).

 

2. Who we are

Abby is a health-kiosk service. “Abby” is a registered trade-mark of I. Sandler and Co cc (Company Reg No. 2007/057116/23).
We act as Responsible Party (controller) for the data that you supply when you create an account and for data generated on any Abby Health Kiosk.

Registered address
18 Bessemer Street, Amalgam, Johannesburg, South Africa

Contact
support@go-abby.co.za

3. Acting for third-party controllers

If a corporate client (“Third-Party Controller”) supplies your details to us (for example, your employer or a medical-aid scheme), we process your personal information on their instructions as their Operator (processor). Their privacy policy will apply to that processing. Where you also give us consent for the additional purposes in this policy, we become the Responsible Party for those purposes.

When an operating facility creates an Abby account on your behalf, that facility remains the controller until your account is handed over to us.

4. Our lawful bases under POPIA

We process personal information on one or more of the following grounds:

Lawful basisWhen it applies

ContractTo administer your account and deliver the Abby service.

ConsentWhere we ask for, and you grant, permission (e.g. optional health-survey answers).

Legitimate interestWhere necessary for: (a) providing and improving our products and services; (b) running and securing our business; (c) limited direct marketing of our own or selected partners’ services; (d) providing services to the corporate or facility in which you use the equipment – and where these interests are not overridden by your rights and freedoms.

 

5. Why we collect your data

  • To administer your account.

  • To provide the Abby service.

  • To meet contractual obligations to our customers and partners.

  • To communicate with you.

6. What we collect

CategoryDetails & purpose

Personal detailsName, e-mail address, unique identifier, date of birth, height and gender – required for accurate scans and for account support.

AuthenticationEncrypted password (never visible to Abby staff).

Scan dataTime, date, facility, device type, and technical logs for each scan.

Medical data (special personal information under POPIA)Height, weight, BMI, BMR, DCI, metabolic age, body-fat %, muscle-mass, water %, and any other metrics produced by the kiosk.

Medical referralsAnswers to health surveys where your GP/medical-aid/health-care provider refers you.

Login dataDate/time, IP address and platform when you log in to a kiosk, website or app.

Technical dataBrowser/OS details, time-zone, click-stream and page-interaction data on our website or apps.

Data from othersAdditional health or fitness data you authorise third parties to share (e.g. heart-rate, sleep), plus data from business partners, subcontractors, analytics and search providers.

CommunicationsRecords of e-mails and other interactions with Abby staff.

7. How we use your data

  • Provide your results and let you track your wellness journey via kiosks, website and (future) mobile apps.

  • Produce anonymised or aggregated reports for the facility operating the equipment.

  • Share identifiable data with that facility only if a binding operator agreement is in place with safeguards equivalent to ours.

  • Maintain records of communications for compliance, quality-assurance and staff training.

 

8. Data location & security

All data is stored in South-African data centres protected by firewalls, encryption (in transit and at rest) and strict access controls. We follow recognised information-security standards and perform regular security testing.

9. Data retention

We keep each data category only as long as necessary for the purposes in this policy, or as required by law or contractual obligation. When no longer needed, data is securely deleted or irreversibly anonymised.

10. Sharing your data

We may share your personal information with:

  1. The facility operating the Abby equipment – to administer your account.

  2. Your GP, medical-aid or health-care provider – if you were referred to Abby as part of their scheme, provided a compliant operator agreement exists.

We never sell your data.

11. Your rights (under POPIA)

  • Access – view most information via your account; request a full CSV of all fields.

  • Correction – update personal details online or by contacting us (scan results themselves cannot be edited).

  • Restriction – ask us to limit processing in specific circumstances.

  • Deletion – request erasure of your records (e-mail support@go-abby.co.za).

  • Withdraw consent – you may withdraw any consent at any time; this may limit your use of the service.

  • Object – object to (a) direct marketing or (b) processing based on our legitimate interests.

  • Data-portability – receive your personal information in a structured, commonly-used format where technically feasible.

 

12. Complaints

If you have concerns about how we handle your personal information, please contact us first. You also have the right to complain to the Information Regulator (South Africa):
http://www.justice.gov.za/inforeg/index.html

 

13. Changes to this policy

We may update this Privacy Policy from time to time. Any material changes will be notified through our website or via e-mail. The date at the top shows when the policy was last revised.

For any questions about this policy or your personal information, please e-mail support@go-abby.co.za.

bottom of page