Privacy Policy

Visit Gauteng is operated by Mind Interactive Holdings (Pty) Ltd (trading as Mind Interactive) under the Visit Gauteng brand licensed from the Gauteng Tourism Authority (GTA). It is an installable Progressive Web Application (PWA) at visit.gauteng.net.

The GTA is a statutory provincial public entity established under section 3 of the Gauteng Tourism Act 10 of 2001, read with section 49 and Schedule 3C of the PFMA, with its head office at 12th Floor, 124 Main Street, Marshalltown, 2001. The GTA is the primary responsible party under POPIA and owns the personal information processed through the platform. Mind Interactive, as operator and merchant of record, is also a responsible party for the processing it carries out to run the platform, and will register its own Information Officer with the Information Regulator. The GTA Information Officer remains its Chief Executive Officer, assisted by the Deputy Information Officer (Company Secretary and General Counsel).

For privacy enquiries, contact [email protected] or [email protected].

Account information

• Email address: required to create and sign in.

• Display name: shown to other users when you post or comment in the Live feed.

• Password (hashed): we never store passwords in plain text.

• Profile photo: optional, uploaded by you.

• OAuth identifiers: if you sign in with Google or Facebook, we receive your email and a stable identifier; never your password.

Booking and order information

• Bookings for attractions, experiences, events and venues.

• Marketplace orders, including delivery address and order history.

• Payment status (we do not store card details, see Section 5).

Vendor information

If you register as a vendor, we also collect business name, contact details, banking details (for payouts), and documents you upload as part of your application.

Technical information

• Device type, browser, operating system, IP address (anonymised after 30 days).

• Pages visited, search terms, time on page.

• Push notification subscriptions, if you opt in.

• Provide the services you request (bookings, orders, account management).

  • Send transactional emails (confirmations, order updates, password resets).

  • Personalise the app (saved itineraries, recently viewed, recommendations).

  • Investigate fraud, abuse and policy violations.

  • Improve the platform (anonymised analytics).

  • Send marketing communications, only if you have opted in.

• Consent: marketing communications and optional analytics.

  • Performance of contract: bookings, orders, vendor agreements.

  • Legitimate interest: fraud prevention and platform security.

  • Legal obligation: tax records, regulatory reporting and POPIA compliance.

All payments are processed by PayFast (Pty) Ltd, a licensed South African payment service provider. We do not see or store your card details. PayFast operates under its own privacy policy at payfast.io/privacy.

• Vendors receive your name and contact details when you book or order from them.

  • Payment processors (PayFast) receive what they need to process payments.

  • Delivery/courier providers receive the delivery name, address and phone for Marketplace orders.

  • Email providers (Amazon SES) handle transactional email delivery.

  • Cloud infrastructure (AWS) hosts images and files you upload.

  • Authorities, only when required by law.

We do not sell your personal information, and we do not share it with third parties for their own marketing.

• Account data: while your account is active, plus 90 days after closure for recovery.

  • Booking and order records: 5 years (SA tax law).

  • Server logs: 30 days, after which IP addresses are anonymised.

  • Marketing consents: until withdrawn.

Under POPIA you may access, correct, request deletion of, and object to direct marketing of your personal information, and lodge a complaint with the Information Regulator of South Africa. To exercise any right, email [email protected]; we respond within 30 days.

• Access the personal information we hold.

• Correct information that is wrong or incomplete.

• Request deletion (see the Data Deletion page).

• Object to direct marketing at any time.

• Lodge a complaint with the Information Regulator.

We protect your information with encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, hashed passwords, role-based admin access, and regular security reviews. No system is perfectly secure, but we take reasonable steps to keep your data safe.

Visit Gauteng is intended for users 16 years and older. We do not knowingly collect information from children under 16. If you believe we have, contact [email protected] and we will delete it.

When we make material changes we update the effective date and, where appropriate, notify you in the app or by email. The latest version is always at visit.gauteng.net/privacy.

Questions about this document: [email protected]. Operator: Mind Interactive Holdings (Pty) Ltd (trading as Mind Interactive), reg 2020/171062/07, VAT 4530314246, Design Quarter, Leslie Road, Douglasdale, 2191; [email protected]; www.mindinteractive.co.za. Brand owner and tourism partner: Gauteng Tourism Authority (GTA), 12th Floor, 124 Main Street, Marshalltown, 2001; [email protected]. You may also lodge a complaint with the Information Regulator of South Africa ([email protected]; https://inforegulator.org.za).

Operated by Mind Interactive Holdings (Pty) Ltd (trading as Mind Interactive, reg 2020/171062/07, VAT 4530314246) under the Visit Gauteng brand licensed from the Gauteng Tourism Authority (GTA).