MAGICMILL (Pty) Ltd | Registration Number: 2016 / 042783 / 07

Data Protection Rules and Privacy Policy V1.0
December 2023

Introduction

MAGICMILL (Pty) Ltd is a South African company that offers the following services:

1. Copywriting
2. Design
3. Marketing
4. Technology Development (websites and apps)
5. Business Development
6. Online ticket and publishing marketplace where independent South African businesses and clients can list their tickets, content and or similar inventory to customers.
7. Publishing of print and digital works via CREWSYLLABLES, an imprint of MAGICMILL (PTY) LTD.

Information officers: Karlind Govender
Contact: +27 78 646 3761 | +27 21 683 6117
Email: carrierpigeon@crewsyllables.live

Personal Information

MAGICMILL (Pty) Ltd prescribes to the South Africa privacy laws. As a company that processes and stores personal information of customers, we subscribe to best practise to ensure data is used and stored in compliance with POPI.

MAGICMILL (Pty) Ltd offers a South African online publishing marketplace service where independent South African businesses and clients can list their tickets, content and or similar inventory to customers. In performing its service, MAGICMILL (Pty) Ltd collects information from customers in order to perform the following functions.

1. Processing of purchase
2. Customer service and experience
3. Risk and Fraud detection
4. Fulfilment of service provided by the ticket
5. Communicating to customers when conditions and/or circumstance of purchase fulfilment have changed
6. Outbound marketing to MAGICMILL (Pty) Ltd customers

As a rule, MAGICMILL (Pty) Ltd only collects personal information directly from the customer, except as otherwise as outlined below:

1. Onboarding of customer data by a new Client from a legacy system where customer has provided consent.
2. Collection of the information from a new Client that allows MAGICMILL (Pty) Ltd to fulfil its responsibilities which does not prejudice a legitimate interest of the customer.

MAGICMILL (Pty) Ltd collects a range of personal data for the purpose of executing on its mandated service provided to the client. Moreover, MAGICMILL (Pty) Ltd makes the customer aware that the data collected and processes will only be used for the purposes of fulfilling its mandate.

MAGICMILL (Pty) Ltd expressly requests the customer’s consent to retain customer data to ensure the following:

1. Customer service
2. Improved user experience

MAGICMILL (Pty) Ltd allows the customer to edit their customer data and provides for the customer to delete their information from MAGICMILL (Pty) Ltd.

All customer data is located and processed in South Africa with servers in the United Kingdom, United States of America and India.

Sharing of Personal Data MAGICMILL (Pty) Ltd

Clients

MAGICMILL (Pty) Ltd is a ticket and publishing marketplace and therefore hosts many independent clients selling tickets and content on their behalf.

MAGICMILL (Pty) Ltd shares personal data of customers that purchase tickets hosted by the client on MAGICMILL (Pty) Ltd. MAGICMILL (Pty) Ltd shares the relevant customer data that is required for the fulfilment and execution of the purchase obligations. The customer data collected and shared is governed by the relevant regulations and laws in which the client operates.

Sharing of Data is permission based.

Confidential information is not shared unless explicit permission from the customer has been received.

External parties

MAGICMILL (Pty) Ltd does not share personal data with 3rd parties unless compelled by the South African Law or court action.

Use of Personal Data

Communication to Customers

Fulfilment of ticket and content

MAGICMILL (Pty) Ltd shall only communicate to customers in the fulfilment of their ticket and content obligation and legal mandate. Should the ticket and content conditions and obligation change since the customer purchase the ticket or content, MAGICMILL (Pty) Ltd will communicate directly with the customer to outline the changes.

The following are examples of ticket or content condition changing:

1. Cancellation of event, race, or tour
2. Outstanding information required by MAGICMILL (Pty) Ltd to fulfil ticket or content mandate
3. Change in time, date and/or location of event
4. Information relating to refunds.

Marketing and related services

MAGICMILL (Pty) Ltd shall only send marketing communications to customers that have explicitly provided permission for MAGICMILL (Pty) Ltd to contact them. Moreover, customers can decide any time to change permissions how MAGICMILL (Pty) Ltd is allowed to communicate to them.

Clients based marketing is also permission based. Clients shall be permitted to send marketing-based communications to customers only after explicit consent.

Use of 3rd Party Service providers

MAGICMILL (Pty) Ltd does use the services of independent service providers that make use of personal customer data. MAGICMILL (Pty) Ltd employs the following principles when engaging service providers:

1. MAGICMILL (Pty) Ltd preforms a due diligence on service provider to understand the risk and data security measure undertaken by the service provider.

2. MAGICMILL (Pty) Ltd can request service provider to complete a risk assessment and questionnaire to assess security of data and risks

3. The measured understand need to be a higher standard and risks need to be lower than MAGICMILL (Pty) Ltd for MAGICMILL (Pty) Ltd to ensure use of service

4. Only bare minimal of data is shared with service provider

5. No confidential or sensitive information is shared without the permission of customer

6. Annual evaluation is performed to assess change in risks.

In some cases, a 3rd-party handles the in-store registrations who is acting on our behalf and governed by this Privacy Policy in terms of capturing your personal information.

PCI/DSS Compliance

MAGICMILL (Pty) Ltd, through their payment service providers subscribes to and is PCI/DSS compliant.

MAGICMILL (Pty) Ltd use Paystack which is PCI level 1 certified for the following services:

1. Payment Gateway/Switch

2. POS/Card Present

3. Internet/e-commerce

4. Clearing and Settlement

MAGICMILL (Pty) Ltd does not store card details, ever.

Security Governance and Security Management

MAGICMILL (Pty) Ltd store and secure data making use of dedicated server infrastructure, shared-server infrastructure, virtual private servers or cloud-based infrastructure hosting by a 3rd party service provider.

Access to cloud infrastructure is largely via VPN or Multi-Factor Authentication.

All sensitive data is encrypted and MAGICMILL (Pty) Ltd staff only have data allowing them to perform the following functions

1. Customer support

2. Fulfilment of ticket or content

Access into the hosting environment is logged and all incidents are logged and remedial action instituted.

All sensitive data is encrypted and not visible by any MAGICMILL (Pty) Ltd staff or 3rd parties.

MAGICMILL (Pty) Ltd regular patch and deploy malware protection across our applications and database.

MAGICMILL (Pty) Ltd runs security test on ImmuniWeb® Community | Website Security Test to Website security.

Personnel Matters

All employees screened prior to employment and contracts include clauses relating to data confidentiality and/or data protection.

MAGICMILL (Pty) Ltd conducts regular reviews and awareness training which covers information security principles and the procedures to protect customer data.

Warrantees and Guarantees

MAGICMILL (Pty) Ltd will use its best endeavours to ensure it is compliant with POPI.

Should there be a breach of data occur as envisaged by POPI, MAGICMILL (Pty) Ltd will immediately notify the relevant Clients and data subjects of such a breach and where the Information Regulator needs to be informed.