Legal
Privacy Policy
Effective Date: May 2026 · Last Updated: May 2026 · Version: 1.0
Introduction
WIVA ("WIVA", "we", "us", "our") is a real estate marketing service operated by Navi Studios (Pty) Ltd (Registration Number: 2019/156833/07). We are committed to protecting your privacy and to handling your personal information lawfully, transparently, and securely.
This Privacy Policy explains how we collect, use, disclose, and safeguard the personal information of:
- Real estate agents, agencies, and brokers who subscribe to or enquire about our packages
- Visitors to our website and recipients of our marketing communications
- Suppliers, contractors, and business partners who work with us
By using our services or providing us with your personal information, you confirm that you have read, understood, and agree to the terms of this Privacy Policy.
1. Jurisdiction and Legal Framework
WIVA is operated from the Republic of South Africa and processes personal information in accordance with the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"). Where applicable to data subjects in the European Union, we also align with the General Data Protection Regulation ("GDPR").
2. Definitions
| Term | Definition |
|---|---|
| Personal Information | Information relating to an identifiable, living, natural person — and where applicable, an identifiable, existing juristic person. |
| Processing | Any operation performed on personal information, including collection, recording, storage, use, disclosure, or destruction. |
| Data Subject | The natural or juristic person to whom personal information relates. |
| Responsible Party | The party that determines the purpose and means of processing personal information — in this case, Navi Studios (Pty) Ltd, trading as WIVA. |
| Operator | A third party that processes personal information on our behalf. |
3. How We Collect Personal Information
3.1 Information you give us
- Contact and enquiry forms on our website
- WhatsApp and telephone communications
- Subscription and onboarding for one of our marketing packages (Tier 1, 2, or 3)
- Branding briefs, listing details, photographs, and other content you provide for design work
3.2 Information collected automatically
- Website analytics (page views, referrers, approximate location, device, browser)
- Server logs (IP address, request metadata)
- Cookies and similar technologies — see Section 7
3.3 Information from third parties
- Payment processors (transaction status, masked card details)
- Social platforms where you have engaged with our content
- Public registries and business directories (where lawful)
4. Categories of Personal Information We Process
- Identity & contact: name, phone, agency or company name, job title
- Listing & creative content: property details, photographs, agent portraits, branded artwork supplied by you
- Billing: billing address, invoicing details, transaction records (full card numbers are not stored by us)
- Communications: WhatsApp messages, briefs, feedback, and call notes
- Technical: IP address, device and browser identifiers, cookies, analytics events
5. Lawful Basis for Processing
We process your personal information on one or more of the following bases:
- Consent — you have given clear, informed consent (e.g. submitting the contact form)
- Contract — processing is necessary to deliver the package or service you have purchased
- Legal obligation — processing is required to comply with applicable law (e.g. tax, accounting)
- Legitimate interest — processing is necessary for our legitimate business interests, balanced against your rights
6. How We Use Your Personal Information
- Delivering the marketing material, social posts, and brand assets you have engaged us for
- Responding to enquiries and quoting on packages
- Processing payments and issuing invoices
- Sending service-related communications (delivery confirmations, briefs, schedules)
- Sending marketing communications, with your consent and an option to opt out at any time
- Improving our website and services through aggregated analytics
- Detecting fraud and protecting our systems and clients
- Complying with our legal and regulatory obligations
7. Cookies and Analytics
Our website uses a small number of cookies and similar technologies. These are used strictly to keep the site working (e.g. remembering your light/dark mode preference) and to measure aggregate traffic patterns. We do not sell or share your browsing activity with advertisers. Where we use a third-party analytics provider, we configure it to anonymise IP addresses and limit retention to a reasonable period.
You can disable cookies in your browser settings, though some parts of the site may not function as intended.
8. Sharing Your Personal Information
We share personal information only where necessary, and only with parties bound to protect it:
- Operators who provide infrastructure on our behalf — hosting, messaging delivery, payment processing, analytics, customer support tooling
- Print and production partners for physical brand material (business cards, folders, packs)
- Professional advisors — accountants, auditors, and legal counsel — under confidentiality
- Authorities where we are legally required to disclose information
We do not sell your personal information. Where information is transferred outside South Africa, we use providers that offer protection consistent with POPIA.
9. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, including any legal, accounting, or reporting requirements. Typical retention periods:
- Enquiry submissions: up to 24 months from your last interaction
- Active subscription records: for the duration of your subscription plus 5 years (tax / contractual)
- Creative deliverables: archived for 12 months after delivery, then on request
10. Data Security
- Encryption in transit (TLS 1.2+) and at rest where supported
- Role-based access controls and multi-factor authentication for staff
- Routine vulnerability scanning and patching of our systems
- Vetted operators with contractual data-processing obligations
No system is perfectly secure, but we treat our security posture seriously and review it regularly.
11. Your Rights as a Data Subject
Under POPIA you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — have inaccurate or incomplete information corrected
- Deletion — request deletion of your personal information, subject to legal retention obligations
- Restriction — request that we limit how we use your information
- Objection — object to processing for direct marketing at any time
- Withdraw consent — where processing is based on consent
- Lodge a complaint with the Information Regulator (see Section 13)
To exercise any of these rights, contact our Information Officer (Section 12).
12. Contact Information
Information Officer
Name: Ivan Dennis May
Title: Director & Information Officer
Operating entity: Navi Studios (Pty) Ltd, trading as WIVA
Registration Number: 2019/156833/07
WhatsApp: +27 (0)73 335 9629
Phone: +27 (0)73 335 9629
Address: Cape Town, Western Cape, South Africa
13. Supervisory Authority
If you are not satisfied with our response to a privacy concern, you may lodge a complaint with:
Information Regulator (South Africa)
Website: justice.gov.za/inforeg
Email: inforeg@justice.gov.za
Tel: +27 (0)10 023 5200
14. Changes to this Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page reflects when the latest changes were made. Material changes will be communicated to active subscribers via WhatsApp or in-app notification.
© 2026 WIVA — Navi Studios (Pty) Ltd. All rights reserved. This policy is provided for informational purposes and does not constitute legal advice.