PRIVACY POLICY

CONSENT TO PROCESS PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF INFORMATION ACT, 4 OF 2013 (POPIA)

BOTHA BEZUIDENHOUT ATTORNEYS INC.

13 STAMVRUG STREET, VAL-DE-GRACE, PRETORIA

012 481 3557 | INFO@BBLAW.CO.ZA

(the “Company”)

Please read this Notice before you provide the required Personal Information. By providing us with your Personal Information, you consent to the Company processing your Personal Information, which the Company undertakes to process strictly in accordance with this Section 18 informed consent document and the provisions of the Protection of Personal Information Act 4 of 2013.

1.                  INTRODUCTION

1.1.             The Company is a company, established and duly registered in accordance with the company laws of the Republic of South Africa.

1.2.             In terms of a law known as the Protection of Personal Information 4 of 2013, (POPIA) everyone has the right to privacy, including the right to the lawful collection, retention, dissemination and use of one’s Personal Information.

1.3.             In order to give effect to this right, the Company is under a duty to provide any person whose personal information is processed by it, known as a data subject, with a number of details pertaining to the use of and subsequent processing of the data subject’s personal information, before such information is used or processed.

1.4.             In accordance with this requirement, the Company sets out below:

1.4.1.       The information being collected as well as the source thereof.

1.4.2.       The purpose for which the information is collected

1.4.3.       Whether the supply of the information is voluntary or mandatory;

1.4.4.       The consequences of failure to provide the information;

1.4.5.       Any particular law authorising or requiring the collection of the information;

1.4.6.       Whether the company intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation;

1.4.7.       The recipient of the information;

1.4.8.       Nature or category of the information;

1.4.9.       Right to access the information

1.4.10.   Right to object to the processing of information;

1.4.11.   Right to lodge a complaint with the Information Regulator

1.4.12.   How the information will be used and shared.

2.                  APPLICATION

2.1.             This is the privacy policy of the Company, which is applicable to all dealings with the Company, whether orally, in writing or electronically, and whether owned by, established by, used by, hosted by and / or accessed by data subjects, which data subjects include, without detracting from the generality thereof, the Company’s client’s, learners, employees and staff, contractors and service providers and / or other third parties who may access and make use of the Company’s written records and/or electronic platforms.

2.2.             This privacy policy furthermore applies to:

2.2.1.       the data subjects who may make use of, or access the Company’s services, written records and electronic platforms, and all the processing of personal information by the Company as a result of a data subject making use of, any services of the Company, except to the extent that a separate POPIA policy has been issued in respect of a specific service or product and related processing activities.

3.                  ACCOUNTABILITY

3.1.             The Company takes the privacy and protection of a data subject’s personal information very seriously and will only process a data subject’s personal information in accordance with POPIA and the terms of this privacy statement.

3.2.             In turn where the Company provides any of its personal information to a responsible party or operator, then such person will be required as a condition of receiving such information, to process such personal information in accordance with POPIA and the terms of this privacy statement.

3.3.             Accordingly, the relevant data privacy principles relating to the processing of personal information, whether that belonging to the Company or that belonging to a data subject (including, but not limited to, the collection, handling, transfer, sharing, correction, storage, archiving and deletion) will apply without exception, save where POPIA provides for such an exception, to all and any personal information provided by the Company to another or received by the Company.

4.                  AGREEMENT TO BE BOUND AND CONSENT TO PROCESS

4.1.             By accessing or using the Company’s services, website, URL’s, and / or when sending or receiving emails using any of the Company email addresses, the data subject;

4.1.1.       Acknowledges that it has read and understood this section 18 informed consent notice and related provisions;

4.1.2.       agrees to be bound by this section 18 informed consent notice and the privacy policy;

4.1.3.       agrees to comply with this section 18 informed consent notice and privacy policy; and

4.1.4.       gives the Company consent to process and further process the required personal information in accordance with this section 18 informed consent notice.

5.                  RECEIPT, USE AND SHARING OF PERSONAL INFORMATION BY THE COMPANY

5.1.             The Company will receive personal information pertaining to a data subject when the data subject interacts with the Company, whether by physical, telephonic or otherwise electronic contact.

5.2.             On contact, the Company will use and process the data subject’s personal information for a variety of purposes, depending on the nature of the contact, which without detracting from the generality thereof may include:

5.2.1.       for the purposes of identifying and / or verifying the data subject’s details;

5.2.2.       for the purposes of providing information, products and / or services that the data subject, may have requested;

5.2.3.       for employment application purposes;

5.2.4.       for the purposes of managing any information pertaining to the data subject;

5.2.5.       for general administration purposes;

5.2.6.       for legal or contractual purposes;

5.2.7.       to help the Company improve the quality of the Company products and services;

5.2.8.       to help the Company detect and prevent fraud and money laundering;

5.2.9.       for the purposes of recovering unpaid fees and / or any other amount due to the Company;

5.2.10.   for the purpose of debt collection;

5.2.11.   for the purposes of research, analytical and statistical purposes;

5.2.12.   for the purpose of carrying out analysis of customer profiling;

5.2.13.   for the purposes of identifying other products and services which might be of interest to the data subjects;

5.2.14.   for the purposes of informing a data subject about the Company products and services; and

5.2.15.   making such information available to third parties, if it protects or pursues the legitimate interest of the data subject, the Company or that of such third party.

5.3.             In order to perform the purposes described above, the Company may from time to time share a data subject’s personal information with the following parties:

5.3.1.       the Company’s employees, which will only be done on a need-to-know basis;

5.3.2.       the Company carefully selected business partners who provide products and services which may be of benefit to a data subject which will only be done on a need-to-know basis; and

5.3.3.       the Company operators such as service providers and agents who perform services on our behalf which will only be done on a need-to-know basis and in terms of an operator agreement.

5.4.             The Company does not share a data subject’s personal information with any third parties who have not been described above, unless:

5.4.1.       the Company is legally obliged to provide such information to another for legal or regulatory purposes;

5.4.2.       the Company is required to do so for purposes of existing or future legal proceedings;

5.4.3.       the onward transmission or sharing of personal information is necessary for the pursuance or protection of the Company’s legitimate interests or that of the data subject or a third party;

5.4.4.       the Company is involved in the prevention of fraud, loss, bribery or corruption and is using another agent or service provider under a mandate to provide such service,

5.4.5.       and under all of the abovementioned circumstances, the Company will take reasonable measures to ensure that such personal information is only provided to the recipient if such recipient undertakes to keep the information confidential and secure.

5.5.             Where the Company has to transfer the data subject’s personal information across the South African borders, it will ensure that before it does so, that it will ensure that the recipient thereof agrees to be bound by POPIA under and in terms of a set of binding corporate rules or binding agreements that provide an adequate level of protection and uphold the principles for the reasonable and lawful processing of such personal information.

6.                  INFORMATION QUALITY / OPENNESS / DATA SUBJECT PARTICIPATION

6.1.             Whilst the Company will make every effort to ensure the integrity and accuracy of a data subject’s personal information, this may not at all times be possible. Following this, the data subject accepts the responsibility for keeping its / her or his information up to date, and undertakes to inform the Company of any changes to its / his or her personal information. This can be done by accessing the prescribed change of details form on the Company’s website / Data Privacy (POPI) Page and submitting same to the Company’s Information Officer, alternatively, requesting a change or correction directly to the Company,

6.2.             A data subject has a right of access to any personal information which the Company may have and where applicable may ask the Company to correct any inaccuracies in or to any such personal information.

7.                  SECURITY OF PERSONAL DATA

7.1.             The Company makes all reasonable efforts to keep its data secure at all times, however advise that it cannot guarantee the security of any information provided to us or by us. The Company cannot be held responsible for any loss or unauthorized use or interception of information transmitted in accordance with this privacy statement.

7.2.             The Company website may contain links to other websites outside of the Company control. The Company is not responsible for the content, privacy or security of these other third party-controlled websites.

7.3.             The Company has placed cookies on its website which makes contact with your / a data subject’s device to help make its website better. A data subject may change these cookie settings by accessing the relevant settings. When the settings are not amended or changed, the Company will accept that you are happy that these cookies access and make use of your details.

7.4.             The Company may make use of social plug-ins of social networks such as Facebook, YouTube, LinkedIn and Twitter. Please note that the Company has no influence on or control over the extent of the data retrieved by the social networks’ interfaces and the Company can accordingly not be held responsible or liable for any processing or use of personal information transmitted via these social plug-ins. For information on the purpose and extent of the data retrieval by the social network concerned, and about the rights and settings possibilities for the protection of your private sphere, please refer to the data protection information provided by the social network in question.

7.5.             Note that all Telephone calls may be recorded and / or monitored for security and quality assessment purposes.

7.6.             Subject to the provisions above, the Company has implemented the appropriate technical and organizational security measures which are required in order to protect all personal data which it holds from and / or against unauthorized access, accidental or wilful manipulation, loss or destruction.

8.                  INFORMATION BEING COLLECTED AND THE SUPPLY THEREOF

8.1.             We collect the information you provide to us.

8.2.             We may request information from you from time to time, and by you providing the information so requested, you consent to the processing thereof in terms of this privacy statement.

8.3.             Should you fail or refuse to provide any information requested by us, such failure or refusal may impact the quality and extent of the service we provide.

8.4.             In the premises, all information is provided voluntarily by data subjects, but are mandatory for the performance of our services.

8.5.             Information is only collected from third-party sources if permitted by POPIA.

9.                  RELEVANT LEGISLATION

9.1.             Legislation provides that the Company must collect certain personal information from data subjects.

9.2.             These legislations include, but are not limited to:

9.2.1.       The South African Revenue Service Act;

9.2.2.       The Financial Intelligence Centre Act.

10.              TRANSFER OF INFORMATION

10.1.         The Company makes use of “cloud-storage” services from international service providers.

10.2.         The level of protection afforded to the information is similar to that of POPIA and at least equal to the protection provided by the General Data Protection Regulation (GDPR) passed by the European Union.

11.              RIGHT TO ACCESS THE INFORMATION

11.1.         Any data subject has the right to establish whether the Company holds any personal information about him and to request access thereto.

11.2.         A data subject may exercise this right by completing and sending to the Information Officer, a request in the prescribed form.

12.              RIGHT TO OBJECT TO THE PROCESSING OF INFORMATION

A data subject can object to the processing of his personal information by completing and sending to the Information Officer, an objection in the prescribed form

13.              RIGHT TO LODGE A COMPLAINT WITH THE INFORMATION REGULATOR

Complaints about alleged interference with the protection of personal information of a data subject can also be submitted to the Information Regulator (South Africa) at complaints.IR@justice.gov.za.

14.              CONTACT DETAILS

You can contact the Company in relation to this Privacy policy by writing to us at info@bblaw.co.za or by phoning our office number.

15.              REVISION OF POLICIES

We reserve the right to and may from time to time update this Privacy Notice. Any such revision will be published as an amended version on our website. Any change to this Policy will be posted as an updated version and readers are advised to visit and re-read this policy on a regular basis.