1. ABOUT THIS POLICY
1.1. Definitions: In this Policy, unless clearly inconsistent with or otherwise indicated by the context –
1.1.1. “Operator” means any person or entity that Processes Personal Information on our behalf;
1.1.2. ‘Personal Information’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
i. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or 5 mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
ii. information relating to the education or the medical, financial, criminal or employment history of the person;
iii. any identifying number, symbol, e-mail address, physical address, telephone 10 number, location information, online identifier or other particular assignment to the person;
iv. the biometric information of the person;
v. the personal opinions, views or preferences of the person;
vi. correspondence sent by the person that is implicitly or explicitly of a private 15 or confidential nature or further correspondence that would reveal the contents of the original correspondence;
vii. the views or opinions of another individual about the person; and
viii. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
1.1.3. “POPIA” means the Protection of Personal Information Act 4 of 2013;
1.1.4. “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.1.5. “Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
1.1.6. ‘Special Personal Information’ means and relates to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information. Also included in this category is information relating to the alleged commission of any offence or any proceedings in respect of any offence allegedly committed and the outcome of such proceedings.
i. NOTE: We will generally not process particularly Special Personal Information about you unless it is necessary for establishing, exercising or defending a right or obligation in law, or where we have obtained your consent to do so. On rare occasions, there may be other reasons for processing your Special Personal Information, such as where we may process information relating to your criminal behaviour as part of our recruitment process, or may process information relating to your health as part of our screening processes, in order to comply with Covid-19 regulations and protocols.
1.1.7. “Website” means any website operated, or maintained, by us or on our behalf.
1.2. We are a business with offices in Johannesburg. We are considered ‘a responsible party’ (or data controller, in some instances) in respect of your Personal Information and Special Personal Information, which means that our business determines the purpose of and means for processing your Personal Information.
1.3. We will not use your Personal Information for any other purpose than that set out in this Policy and will endeavour to protect your Personal Information that is in our possession from unauthorised alteration, loss, disclosure or access.
1.5. This Policy does not apply to the processing of Personal Information by other third parties relating to or by means of other parties’ websites, products or services, or sites which link to or advertise our Website or our products, services and/or staff.
2. INFORMATION COLLECTED
2.1. We may collect or obtain Personal Information about you:
2.1.1. directly from you;
2.1.2. in the course of our relationship with you;
2.1.3. in the course of providing legal services to you or your organisation;
2.1.4. we may obtain personal information about you from the organisation with which you are employed or affiliated, in order to render services to the organisation;
2.1.5. when you make your Personal Information public;
2.1.6. when you visit and/or interact with our Website or our various social media platforms;
2.1.7. when you register to use any of our legal and related services including but not limited to newsletters, webinars, events and legal updates;
2.1.8. when you interact with any third party content or advertising on our Website;
2.1.9. when you visit our offices or apply for a position; or
2.1.10. we may also receive Personal Information about you from third parties (e.g., law enforcement authorities).
2.2. Information we automatically collect about you;
2.2.1. With each visit to our Website, we may automatically collect and store certain information about you. This may include:
i. technical information, including your Internet Protocol (IP) address which is used to connect your computer to the Internet, operating system and browser type and platform for system administration; and
ii. information about your use of our Website including details of your visits such as pages viewed and the resources that you accessed. Such information includes traffic data, location data and other communication data.
2.3. We strive to collect only that Personal Information which is necessary for the intended purpose of the collection and we will not retain your Personal Information for longer than is necessary to achieve the purpose for which we collected it, unless there is a lawful basis or legal requirement for us to retain your Personal Information for a longer period.
3. USE AND PROCESSING OF INFORMATION
3.1. We will Process your Personal Information in the ordinary course of business of providing legal and related services. We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected. We may subject your Personal Information to Processing during the course of various activities, including, without limitation, the following –
3.1.1. conducting our business;
3.1.2. analysis, evaluation, review and collation of information in order to determine legal issues and potential disputes, provide legal advice and prepare or comment on opinions, memoranda, agreements, correspondence, reports, publications, documents relating to legal proceedings and other documents and records (whether in electronic or any other medium whatsoever)
3.1.3. compliance with applicable law and fraud prevention;
3.1.4. transfer of information to our Service Providers and other third parties; or
3.1.6. may process your Personal Information for relationship management and marketing purposes in relation to our services (including, but not limited to, Processing that is necessary for the development and improvement of our legal and related services), for accounts management, and for marketing activities in order to establish, maintain and/or improve our relationship with you and with our Service Providers; and
3.1.7. We may process your Personal Information for internal and management reporting purposes, which may include conducting internal audits or investigations, implementing internal business controls, providing central processing facilities, for insurance purposes and for management reporting analysis;
3.1.8. we may analyse your Personal Information for statistical or safety and security purposes.
4. SHARING YOUR PERSONAL INFORMATION
4.2. You agree and give permission for us to share your Personal Information under the following circumstances:
4.2.1. to our Employees, Associates and Service Providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality;
4.2.2. if required by law, including but not limited to governmental agencies and other regulatory or self-regulatory bodies, if required to do so by law or when we reasonably believe that such action is necessary;
4.2.3. to legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
4.2.4. to our third party Operators (including, but not limited to, data processors such as providers of data hosting services, document review technology services, development and administration, technical support, third party advertising, plugins or content, and related support services), located anywhere in the world, subject to the provisions contained herein for cross-border transfer and where it is necessary for the purposes of, or in connection with, legitimate business purposes.
4.2.5. to enable us to enforce or apply terms and/or any agreement you may have with us; and
4.2.6. to protect the rights, property or safety of members of the public (if you provide false or deceptive information or misrepresent yourself, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
4.2.7. We will get your permission before disclosing your Personal Information to any third party for any other purpose, if we are required by law to do so.
4.3. If we engage a third-party Operator to process any of your Personal Information, we recognise that any Operator who is in a foreign country must be subject to a law, binding corporate rules or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to –
4.3.1. only Process such Personal Information in accordance with our prior instructions; and
4.3.2. use appropriate measures to protect the confidentiality and security of such Personal Information.
5. SAFEGUARDING YOUR PERSONAL INFORMATION
5.1. We implement appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
5.2. Our technical and organizational personal data security measures include:
5.2.1. the storage of your personal data under password-secured databases;
5.2.2. the restriction of access to your personal data to specific staff/personnel who are designated and mandated to manage your personal data;
5.2.3. the restriction of access to all our premises where your personal data is stored in physical or digital form; and
5.2.4. the binding of any third parties who handle your personal data to confidentiality obligations with respect to the same.
5.3. Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorised person (data breach), we will notify the relevant regulator and you.
5.4. Despite the above measures being taken when processing Personal Information and Special Personal Information, subject to the provisions of this clause, as far as the law allows, we will not be liable for any loss, claim and/or damage arising from any unauthorised access, disclosure, misuse, loss, alteration or destruction of your Personal Information and/or Special Personal Information.
6. RETENTION AND ACCURACY OF YOUR PERSONAL INFORMATION
6.1. we shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer, or until you contact us and ask us to destroy it.
6.2. please ensure Personal Information provided to is accurate, complete and up-to-date. Should any details change, the onus is on you to notify us of the change and provide us with the accurate data.
7. YOUR RIGHTS
7.1. You can request access to any of your Personal Information that is held by us, including to request that we correct your Personal Information if it is inaccurate or delete the Personal Information if we are no longer required to retain it by law or for a legitimate purpose. You can also object to the processing of all or part of your personal data subject to any limitations to this right provided in the law.
7.2. Requests to access Personal Information held on you in accordance with this Policy can be made to firstname.lastname@example.org.
8. DIRECT MARKETING
8.1. we will only send you direct marketing materials if you have specifically opted-in to receive these materials, or if you are a client of the business, at all times in accordance with applicable laws.
8.2. if you complete any forms on our Website or join any of our social media accounts, you agree to receive marketing communication or direct marketing services from us.
8.3. you may refuse to accept, require us to discontinue, or pre-emptively block any approach or communication from us if that approach or communication is primarily for the purpose of direct marketing. This may be done by “opting out” out of receiving direct marketing communication from us at any time by requesting us (in any manner, whether telephonically, electronically, in writing or in person) to stop providing any direct marketing communication to you. You may also send your opt-out requests to email@example.com.