← magiclive.one

Privacy Policy

Effective Date: 27 March 2026
Last Updated: 27 March 2026
Version: 1.0

This Privacy Policy describes how magiclive omega (Pty) Ltd (referred to as “we”, “us”, “our”, or “magiclive.one”) collects, uses, discloses, and protects your personal information when you use the magiclive.one smart city app, the website https://magiclive.one, and any associated services, tools, or platforms (collectively, the “Services”).

By using our Services, you accept and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

1. Who We Are

Legal Entity: magiclive omega (Pty) Ltd — CIPC-registered company in the Republic of South Africa.

Information Officer (POPIA Compliance Officer): CEO / designated Information Officer
Email: privacy@magiclive.one

We are the data controller for the personal information you provide through our Services.

2. Scope of This Policy

This Privacy Policy applies to all personal information collected via the magiclive.one app and website, and to all users including individuals in South Africa, the European Union, the United Kingdom, the United States, Nigeria, and other jurisdictions where our Services are available.

We comply with relevant data-protection regimes, including:

  • The Protection of Personal Information Act 4 of 2013 (POPIA) (South Africa).

  • The General Data Protection Regulation (GDPR) (EU and applicable territories).

  • The California Consumer Privacy Act (CCPA) and related state-level laws (US).

  • The Nigeria Data Protection Regulation (NDPR) and NITDA-related requirements.

Where local laws impose stricter requirements, we will apply the highest standard.

3. Definitions

  • Personal Information: Any information that relates to an identifiable living individual, including name, ID number, contact details, location, financial/employment data, and device identifiers.

  • Processing: Any operation performed on personal information (collection, storage, use, sharing, or deletion).

  • Data Subject: You, as the individual whose personal information we process.

  • Third Party: Any external entity (e.g., government programmes, payment providers, analytics tools) that receives personal information from us under a formal agreement.

4. What Personal Information We Collect

We collect the following types of information when you use magiclive.one:

4A. Account and Profile Information

  • Name, surname, date of birth, gender, and contact details (email, phone number).

  • South African ID number or passport number (as needed for identity and eligibility checks).

  • Employment status, education level, and skills (used for economic-participation and level matching).

4B. Economic and Social Participation Data

  • Grant, loan, or employment-eligibility-related information (e.g., SASSA data where shared under your consent, YES, Harambee-related programme data).

  • Income level, household size, and basic socio-economic indicators used to map opportunities across levels (survival, security, belonging, esteem, self-actualisation).

4C. Device and App Usage Information

  • Device type, operating system, app version, and IP address or approximated location (anonymised or aggregated where possible).

  • Usage patterns, feature interactions, and diagnostics for improving the app and fighting fraud.

4D. Location Data

  • Precise or approximate location when you enable location services, used to match you to local economic opportunities, municipal services, and community programmes, and to provide location-based notifications and mapping features.

  • You may withdraw consent for location tracking at any time via your device settings or in-app preferences.

4E. Cookies and Online Tracking

  • We use cookies and similar technologies to track app and website usage, preferences, and performance.

  • We do not log your raw IP address for analytics; it is anonymised where required by local law.

5. How We Use Your Information

We process your personal information for the following purposes:

Service Delivery

  • To provide and maintain the magiclive.one app and website.

  • To enable access to economic-participation opportunities (grants, loans, employment, training, and community programmes).

Eligibility and Matching

  • To determine your eligibility for programmes via eligibility wizards (informational and facilitative, not advisory).

  • To match you with opportunities aligned with level needs (from basic survival to self-actualisation).

Communication

  • To send service-related notifications, updates, and marketing where consented.

  • To respond to inquiries, support tickets, and complaints.

Analytics and Improvement

  • To monitor app performance, user behaviour, and feature usage.

  • To improve security, detect and prevent fraud or abuse.

Legal and Compliance

  • To meet our obligations under POPIA, GDPR, NDPR, CCPA, and other applicable laws.

  • To comply with court orders, regulatory requests, and government-related reporting requirements (e.g., B-BBEE, Seda/SEFA, DTIC, IDC partnerships).

Partnerships and Integration

  • To share anonymised or aggregated data with municipal, government, and partner organisations to support programme delivery, subject to strict data-processing agreements.

6. Legal Basis for Processing (POPIA, GDPR, CCPA)

Under applicable data-protection laws, our processing is based on:

  • Consent: For non-essential processing (e.g., marketing, location tracking, certain analytics). You may withdraw consent at any time.

  • Contractual necessity: To provide you with the Services you requested.

  • Legitimate interests: To improve security, fight fraud, and enhance user experience, provided your rights are not overridden.

  • Legal obligation: To comply with POPIA, FSR-related rules, tax, and other regulatory requirements.

7. How We Share Your Information

We do not sell your personal information. We only share it in the following ways:

7A. With Our Partners

  • With government and quasi-government entities (e.g., Seda, SEFA, Harambee, YES, SASSA-linked programmes) where you have consented and where we have a Data Processing Agreement (DPA) in place.

  • With partners, we share only the minimum data required for eligibility checks, programme verification, and analytics and reporting.

  • Partners must comply with their own privacy and data-protection obligations; they are contractually liable for programme-related misrepresentation.

7B. With Service Providers

  • With third-party service providers (e.g., cloud hosting, analytics, customer-support platforms, payment facilitators) who process data only on our instructions and are contractually bound to protect your data.

  • AWS (Cape Town/Johannesburg, with EU and US data centres as applicable for cross-border compliance).

  • Payment gateways (e.g., Yoco, Payfast) that handle payment information directly; we do not store full payment details.

7C. With Authorities and Legal Requests

  • Where required by law, court order, or a legitimate regulatory request, we may disclose data to courts, law-enforcement, regulators, or tax authorities. Such disclosures are made only where strictly necessary and proportionate.

7D. With Other Users

  • We do not share your personal information with other magiclive.one users unless you explicitly participate in a public feature (e.g., community forums) where you choose to disclose personal details; in such cases, you assume responsibility for that disclosure.

8. Cross-Border Data Transfers

Because our Services are used globally, we may transfer your personal information outside South Africa.

8A. Data Residency and Safeguards

  • Primary residency: South African users' data is stored primarily in AWS af-south-1 (Cape Town/Johannesburg), as required by local data-sovereignty expectations.

  • EU and UK data: For users in the EU/UK, we route data to AWS eu-west-1 (or similar EU-located region) and apply GDPR-compliant safeguards.

  • US data: For US-based users, data may be stored in AWS us-east-1 or other US-based regions, in line with sector-specific rules.

8B. International Transfer Mechanisms

Where data is transferred to countries without an “adequacy” decision, we rely on:

  • Standard Contractual Clauses (SCCs) approved by relevant regulators.

  • Binding corporate rules where applicable.

  • Encryption and pseudonymisation to minimise identifiability.

You may contact us to obtain a copy of our transfer mechanisms or Impact Assessment upon request.

9. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law.

  • General retention period: We retain personal information for a maximum of 5 years after the last date of active service usage unless longer retention is required by law or regulatory obligations.

  • Analytics and logs: Audit logs and security logs are retained for a minimum of 12 months and may be stored on an immutable ledger or blockchain-based audit trail for compliance purposes.

  • Deletion requests: Upon request (and subject to legal obligations), we will securely delete or anonymise your data within a reasonable timeframe, typically within 30 days.

10. Your Data Subject Rights

Depending on your jurisdiction, you may have the following rights:

10A. South Africa (POPIA)

  • Access your personal information.

  • Request correction of inaccurate or incomplete data.

  • Request deletion of your data where processing is unlawful or no longer necessary (subject to retention obligations).

  • Lodge a complaint with the Information Regulator (South Africa).

10B. European Union / GDPR

  • Object to processing for legitimate-interest purposes.

  • Receive your data in a structured, commonly used, machine-readable format (data portability).

  • Restrict processing under certain circumstances.

10C. United States / CCPA-style Rights

  • Opt-out of the sale or sharing of your personal information (we do not sell your data).

  • Request disclosure of what categories of data we collect and share.

  • Request deletion of your data (subject to legal and security exceptions).

10D. Exercising Your Rights

You may exercise any of these rights by:

  • Emailing our Information Officer at privacy@magiclive.one with “DATA SUBJECT REQUEST” in the subject line.

  • Using the in-app privacy settings where available (e.g., account deletion, consent toggles).

We will respond to your request within 30 days, or as required by local law.

11. Consent Management

magiclive.one uses a geo-adaptive consent engine that presents granular consent options for location tracking, economic and profile data collection, and analytics and marketing communications. It dynamically adjusts wording and options based on your detected jurisdiction (e.g., GDPR-style notices for EU users, CCPA-style notices for US users).

You may grant or withdraw consent at any time via in-app settings, device-level permissions (e.g., location, notifications), or email to our Information Officer. Withdrawal of consent does not affect the lawfulness of processing that occurred before you withdrew it.

12. Security and Data Protection

We take reasonable technical and organisational measures to protect your personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption in transit and at rest for all sensitive data.

  • Access controls limiting data access to authorised personnel only.

  • Audit logs for all data-access events, stored on an immutable or blockchain-based ledger where applicable.

  • Regular security assessments, vulnerability testing, and incident-response planning.

Despite these measures, no online environment is completely secure. You are responsible for keeping your account credentials confidential and using strong passwords.

13. Data Breach Notification

If we become aware of a security incident that is likely to result in a risk to your rights and freedoms, we will:

  • Notify you without undue delay, where required by law.

  • Notify the relevant supervisory authority (e.g., Information Regulator in South Africa, GDPR Supervisory Authority in the EU) within the legally prescribed timeframe (e.g., 72 hours for GDPR).

We will also take reasonable steps to mitigate the impact of any breach.

14. Children\u2019s Privacy

magiclive.one is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18 without verifiable parental or guardian consent.

If we learn that we have collected such data without proper consent, we will delete the information promptly and notify the relevant guardian or regulatory body where required.

15. Cookies and Tracking Technologies

We use cookies and similar technologies to remember your preferences, analyse usage patterns, and provide personalised features and advertisements where consented.

You may adjust your browser or device settings to block or delete cookies, or use the in-app cookie-consent banner to manage categories (e.g., essential, analytics, marketing). Disabling certain cookies may limit the functionality of the app or website.

16. Contact Information and Complaints

If you have any questions, concerns, or requests related to this Privacy Policy, please contact our Information Officer:

You may also lodge a complaint with the relevant data-protection authority in your jurisdiction:

  • South Africa: Information Regulator.

  • EU: Your local GDPR Supervisory Authority.

  • US: Your state’s Attorney General or relevant data-protection body.

We will acknowledge your complaint and work to resolve it in good faith.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or legal requirements. We will notify you of material changes through an in-app notification, by email (where you have consented), and by updating the Effective Date and version number at the top of this policy.

Your continued use of magiclive.one after these changes indicates that you accept the updated Privacy Policy.

18. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of South Africa, without regard to its conflict-of-laws principles.

  • For data-protection-related disputes, you may also seek redress under the applicable regime in your jurisdiction (e.g., GDPR in the EU, NDPR in Nigeria, CCPA in the US).

  • Any disputes not resolved through direct contact with our Information Officer may be referred to the relevant regulatory authority or, where applicable, to a court of competent jurisdiction.

19. Miscellaneous

  • Headings: The headings in this Privacy Policy are for convenience only and do not affect its interpretation.

  • Severability: If any provision is found to be invalid or unenforceable, the remaining provisions will continue in full force.

  • Waiver: Our failure to enforce any right or provision will not be considered a waiver of that right.