Privacy Policy (PoPIA)
This policy explains what personal information Bhealthy collects, why we collect it, who we share it with, and the rights you have over it. We've written it to comply with South Africa's Protection of Personal Information Act (POPIA) — and to be readable. If anything here is unclear, ask us.
Who we are
Bhealthy CC (registration 2008/187982/23) is a small South African online wellness store. For POPIA purposes, we are the "responsible party" for your personal information.
- Address: 26 Unicorn Road, New Kentucky, Meyerton, 1961
- Email: accounts@bhealthy.co.za
- WhatsApp: 069 297 0285
- Information Officer: Charlotte Matlala, reachable at the email above
What we collect
Depending on how you use the store, we collect:
- Contact and delivery details — your name, email address, phone number, billing and shipping address.
- Order information — what you buy, return or exchange, and your order history.
- Payment information — processed by our payment providers (PayFast, and Shopify's payment infrastructure). We do not see or store your full card number.
- Account details — your username, password and preferences, if you create an account.
- Communications — what you send us when you email, WhatsApp or fill in a form, including Chronicle sign-up preferences.
- Device and usage information — your IP address, browser and how you move through the site, collected through cookies (see our Cookie Policy).
We collect this directly from you, automatically when you use the site, and from the service providers who run parts of the store on our behalf.
Why we use it
- To run the store — processing orders and payments, arranging delivery, handling returns, and managing your account. This is necessary to carry out the purchase you've asked us to make.
- To respond to you — customer support and answering your questions.
- To send you what you asked for — Chronicle articles and other email you've signed up to receive. This only happens with your consent, and every email has an unsubscribe link. Opting out never affects your orders.
- To keep the store safe — detecting fraud and securing payments.
- To meet our legal obligations — tax and business records, and responding to lawful requests.
We don't use your information for anything beyond these purposes, and we don't sell it.
Who we share it with
We share personal information only with the services needed to run the store:
- Shopify — the platform this store runs on. Shopify processes information about your visits and purchases to provide the store's infrastructure; its handling is described in the Shopify Consumer Privacy Policy.
- Payment providers — PayFast and Shopify's payment systems, to process your payment securely.
- Couriers — your name, address and phone number, so your order reaches you.
- Email service — to send the messages you've signed up for, according to your preferences.
Each of these providers is bound by its own privacy obligations. We share the minimum needed for each task.
Where it's stored
Shopify's servers are located outside South Africa, which means your information is stored and processed internationally. POPIA permits this where the recipient is subject to laws or agreements that protect your information in a comparable way — which applies to the providers above.
How long we keep it
We keep personal information only as long as needed for the purpose we collected it: order records for as long as tax and company law require, account information while your account is active, and marketing preferences until you unsubscribe. When information is no longer needed, we delete it.
How we protect it
The store uses SSL encryption, and access to customer information is limited to the people who need it to fulfil your orders. We take reasonable, appropriate measures as POPIA requires — and we'll be honest: no system is perfectly secure. If a breach ever puts your information at risk, we will notify you and the Information Regulator as the law requires.
Your rights
Under POPIA you may, at any time:
- ask what we hold about you and request a copy;
- ask us to correct information that's wrong;
- ask us to delete information we no longer have a reason to keep;
- object to processing, including direct marketing;
- withdraw consent you've previously given;
- complain to the Information Regulator if you believe we've handled your information unlawfully.
To exercise any of these, email accounts@bhealthy.co.za. We may need to confirm your identity first, and we'll respond as POPIA requires.
Information Regulator (South Africa): inforegulator.org.za · enquiries@inforegulator.org.za
Children
The store isn't intended for children, and we don't knowingly collect children's information. If you're a parent or guardian and believe a child has given us their details, contact us and we'll delete them.
Changes to this policy
If we change how we handle personal information, we'll update this page and the date below. Meaningful changes will be flagged, not buried.
Last updated: 14 July 2026