Privacy Policy

The Gauteng Tourism Authority (GTA) operates Visit Gauteng as an installable Progressive Web Application (PWA) accessible at visit.gauteng.net. The technical platform is developed and maintained by Mind Interactive (Pty) Ltd on behalf of the GTA.

For privacy enquiries, contact us at [email protected]. Our registered office is at the Gauteng Tourism Authority, 124 Main Street, Marshalltown, Johannesburg, 2001.

Account information

• Email address: required to create and sign in to your account.
• Display name: shown to other users when you post or comment in the Live feed.
• Password (hashed): we never store passwords in plain text.
• Profile photo: optional, uploaded by you.
• OAuth identifiers: if you sign in with Google or Facebook, we receive your email address and a stable identifier; we never receive your password.

Booking and order information

• Bookings made for attractions, experiences, events and venues.
• Orders placed in the Marketplace, including delivery address and order history.
• Payment status (we do not store card details: see Section 5).

Vendor information

If you register as a vendor, we also collect business name, contact details, banking details (for payouts), and any documents you upload as part of your application.

Technical information

• Device type, browser, operating system, IP address (anonymised after 30 days).
• Pages visited, search terms, time on page.
• Push notification subscriptions, if you opt in.

We use your information to:

• Provide the services you request (bookings, orders, account management).
• Send transactional emails (booking confirmations, order updates, password resets).
• Personalise the app (saved itineraries, recently viewed, recommendations).
• Investigate fraud, abuse and policy violations.
• Improve the platform (anonymised analytics).
• Send marketing communications, only if you have opted in.

We rely on the following lawful bases for processing your personal information:

• Consent: for marketing communications and optional analytics.
• Performance of contract: for bookings, orders, vendor agreements.
• Legitimate interest: for fraud prevention and platform security.
• Legal obligation: for tax records, regulatory reporting and POPIA compliance.

All payments are processed by PayFast (Pty) Ltd, a licensed South African payment service provider. We do not see or store your card details. PayFast operates under its own privacy policy at payfast.io/privacy.

We share information only as needed to operate the service:

• Vendors receive your name and contact details when you book or order from them.
• Payment processors (PayFast) receive what they need to process payments.
• Email providers (Amazon SES) handle transactional email delivery.
• Cloud infrastructure (AWS, in eu-west-1) hosts images and files you upload.
• Authorities, only when required by law.

We do not sell your personal information to advertisers or data brokers, and we do not share it with third parties for their own marketing.

• Account data: for as long as your account is active, plus 90 days after closure for recovery.
• Booking and order records: 5 years (SA tax law).
• Server logs: 30 days, after which IP addresses are anonymised.
• Marketing consents: until withdrawn.

Under POPIA you have the right to:

• Access the personal information we hold about you.
• Correct information that is wrong or incomplete.
• Request deletion (see Data Deletion).
• Object to direct marketing at any time.
• Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, email [email protected]. We respond within 30 days.

We protect your information with industry-standard measures: encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, hashed passwords, role-based access for administrators, and regular security reviews. No system is perfectly secure, but we take reasonable steps to keep your data safe.

Visit Gauteng is intended for users 16 years and older. We do not knowingly collect information from children under 16. If you believe we have, please contact [email protected] and we will delete the data.

When we make material changes to this policy, we update the effective date at the top and, where appropriate, notify you in the app or by email. The latest version is always available at visit.gauteng.net/privacy.