- PRIVACY NOTICE
1.1 Shepstone & Wylie Attorneys (S&W, we or us) process personal information in terms of this policy when we act as a responsible party (we decide why and how to process the personal information). We take privacy seriously.
1.2 This policy (read with other notices given to individual data subjects) is our notice in terms of section 18 of the Protection of Personal Information Act, 2013 (POPIA).
1.3 This policy describes what personal information we process, where we collect it, why we process it and the legal basis on which we do so and generally, how we do so.
2. THE INFORMATION WE COLLECT AND PROCESS
2.1 INFORMATION RELATING TO OUR SERVICES
2.1.1 We process personal information in relation to our legal services (Service Information) including names, identity, passport or registration numbers, VAT numbers, contact information (phone numbers, email and other addresses) information in communications with our clients and others relating to our services, bank account details, financial information, employment history, marital status and children.
2.1.2 Our client and its employees or representatives are the main source of the Service Information but we also source it from others on our clients’ instructions (eg external auditors), public records and licensed databases.
2.1.3 We process Service Information to provide, bill and obtain payment for our services, ensure the security of our business and systems including our website, comply with the law (eg identifying our clients in terms of money laundering laws), charging VAT and keeping records of our dealings with our clients, including backups of our databases, communicating and managing our contract and relationship with our clients and securely and properly administering our law firm and marketing our services.
2.1.4 The legal bases on which we process Service Information are consent or compliance with the law or concluding and performing a contract for our services or our legitimate interests in properly and securely administering our business and marketing our services.
2.2 INFORMATION VIA OUR WEBSITE AND SOCIAL MEDIA PLATFORMS
2.2.1 You don’t have to provide personal information to us when you visit our website or communicate with us using a social media platform on which we have an account but you can do so by:
188.8.131.52 sending an enquiry to us;
184.108.40.206 subscribing for newsletters and marketing communication;
220.127.116.11 registering for an event;
18.104.22.168 applying for a job by emailing us or, where applicable, through our website.
2.2.2 If you provide us with personal information using our website or when you communicate with us using our social media accounts, we source that information from you, with your consent and we only use it for the purpose for which you provide it.
2.2.3 Your email enquiries are held on our email server, by the addressee and by anyone in our business to whom the addressee refers your email for a response. Your subscriptions and registrations are held by our marketing personnel. Job applications are held by our human resources personnel and anyone to whom our human resources personnel refer your application for consideration.
2.2.4 We use the personal information that you provide to us through our website or when communicating with us using our social media accounts:
22.214.171.124 for the purposes for which you provided it;
126.96.36.199 to administer and improve our website;
188.8.131.52 to improve our services;
184.108.40.206 to communicate with you.
2.2.5 When you use our website or our social media accounts, we process personal information about how you do so including your IP address and information about your use of the website (eg the search terms you use, what pages you access, the links you click, when you visited and the web browser you use) (Analytics Information). We don’t collect any of your other personal information when you use our website and we don’t use the Analytics Information to identify any person. We collect the Analytics Information from our website analytics service provider, Google Analytics. The legal basis on which we use the Analytics Information is our legitimate interest in analyzing use of, and improving, our website.
2.2.8 We use social media platforms such as Facebook, YouTube and Twitter to communicate with the public about our business and services. You don’t have to provide us with any personal information when communicating with us on our social media accounts but if you do so, we may store and use that information to respond to you or otherwise deal with your communication. The legal basis on which we process information which you provide to us on our social media accounts is our legitimate interest in marketing our business and responding to enquiries. When you communicate with us using our social media accounts, please remember that each social media platform may collect your personal information for its own purposes including tracking your use of our website on the pages on which links to the social media platform are displayed. If you are logged in to a social media platform (including any Google service) while you visit our website or our social media accounts, the social media platform’s tracking will be associated with your profile with that social media platform. Social media platforms are beyond our control. They have their own independent privacy policies which you can find on their websites.
2.2.9 We may use SMSs and WhatsApp to communicate in relation to our services. You don’t have to provide us with any personal information using SMSs or WhatsApp but if you do so, we may use and store and process that information in relation to our services (Message Information). If you provide us with Message Information, we source that information from you, with your consent and we only use it for the purpose for which you provide it. The legal bases on which we process Message Information are consent or concluding and performing a contract for our services or our legitimate interests in properly and securely administering our business and marketing our services. Telecommunications companies and WhatsApp may collect your personal information for its own purposes when you communicate with us using SMSs and WhatsApp. The telecommunications companies and WhatsApp are beyond our control. They have their own independent privacy policies which you can find on their websites.
2.2.10 On our website we have links to other websites and platforms (such as YouTube, LinkedIn and Facebook). These linked websites and platforms are beyond our control. If you click on links on our website, the linked website or platform may send its own cookies to your device, collect data or process your personal information. You access other websites and platforms through links on our website at your own risk. Please check the privacy policies of websites and platforms which are linked to our website. You don’t have any recourse against us if you access a third party website or platform, even if you do so using a link on our website.
2.2.11 If you post information on our website or on our social media accounts, we may process personal information in your posts (Published Information). We may process the Published Information to enable publication of your posts and in administering our website and marketing our services. The legal basis on which we process Published Information is your consent or our legitimate interests in properly administering our business including our website and marketing our services or entering or performing a contract with you.
2.3 INFORMATION OF OUR PEOPLE, THEIR FAMILY MEMBERS AND BENEFICIARIES
2.3.1 We process personal information in relation to our partners, employees and their family members and beneficiaries (Employee Information) including names, identity or passport numbers, contact information (phone numbers, email and other addresses) information in communications relating to our employees’ employment, bank account details, payroll information, tax numbers, financial, education and employment information, marital status, children, race, gender and biometric information.
2.3.2 Our partners and employees are the main source of the Employee Information but we also source it from recruitment agents and websites such as LinkedIn, references, public records and licensed databases.
2.3.3 We process Employee Information in relation to our services, marketing our services, responding to tender invitations, dealing with potential client enquiries, concluding and managing our contracts with our partners and employees, in relation to benefits such as medical scheme, retirement fund and group life insurance membership, to comply with applicable laws including employment, tax, laws relating to COVID-19, determining our employment equity compliance in respect of diversity categories including age, gender, ethnicity, nationality, disability and marital or family status, in our legitimate business interests in determining our broad-based black economic empowerment contribution level, so we know who to contact in an emergency involving a partner or employee, in implementing, monitoring and applying access and security controls for our offices and databases, in dealing with disputes and claims by and against us involving any of our partners or employees, including legal proceedings in any forum.
2.3.4 The legal bases on which we process Employee Information are consent or compliance with the law or concluding and performing a contract with our partners or employees or our legitimate interests in providing our services, marketing our services, administering our business, securing our offices and databases, ensuring a proper standard of service to our clients and communicating with and managing our partners and employees.
2.4 INFORMATION RELATING TO JOB APPLICATIONS
2.4.1 We process the personal information relating to job applicants including names, contact details (including phone numbers, email and other addresses), education and employment history, race, gender and any other personal information included in the job application (Applicant Information).
2.4.2 We source most of the Applicant Information from the job applicant in person, by email or, where applicable, through our website. We may also source Applicant Information from recruitment agents and websites such as LinkedIn, from references, public records and licensed databases.
2.4.3 We process Applicant Information to consider and deal with the job applications and so that we can contact applicants about possible job opportunities.
2.4.4 The legal basis on which we process the Applicant Information is consent or our legitimate interests in recruiting employees for our business.
2.5 SUPPLIER INFORMATION
2.5.1 We process personal information relating to potential and actual suppliers of goods and services including names, identity registration numbers, contact information (including phone numbers, email and other addresses), VAT numbers, bank account details (Supplier Information).
2.5.2 We usually source the Supplier Information directly from our potential or actual suppliers but we may source it from quotations, adverts, references or other suppliers.
2.5.3 We process Supplier Information in relation to the quotations we obtain and supply contracts we conclude in relation to our business and in providing our services to our clients. The legal bases on which we process Supplier Information include consent or concluding and performing contracts with suppliers or our legitimate interests in managing relationships and communicating with our suppliers, receiving, processing and paying supplier invoices, complying with applicable laws including tax laws, dealing with disputes and claims by and against us relating to any of our suppliers, including legal proceedings in any forum.
2.6 OTHER TYPES OF INFORMATION
2.6.2 If you enquire about our services, we may process your personal information (Enquiry Information). We process Enquiry Information about our services for the purposes of responding to your inquiry and marketing our services to you and to do conflict checks. Consent and compliance with the law (the Legal Practice Act, 2014) are the legal bases on which we process your Enquiry Information.
2.6.3 If you subscribe to our newsletters and emailed marketing communications, we process your personal information (Marketing Information). We source Marketing Information from you. We process Marketing Information for our legitimate purposes of marketing our services including sending you invitations to events, updates, newsletters and other communications about our business and services. The legal basis on which we process Marketing Information is your consent.
2.6.4 We process information when you communicate with us (Communication Information). The Communication Information may include your name and contact details, the content of your communication and if you use our website or social media accounts for your communication, related metadata. We process Communication Information to communicate with you and keep records. The legal basis on which we process Communication Information is our legitimate interest in properly administering our business and website, marketing our services to client and responding to enquiries.
2.6.5 We process any of the personal information identified in this policy to investigate, assess, establish, exercise or defend legal claims by or against us in any forum (Claims Information). The legal basis on which we process Claims Information is our legitimate interests in protecting and enforcing our rights or the rights of others and the proper administration and protection of our business.
2.6.6 We process any of the personal information identified in this policy when necessary for audits, to obtain expert advice, identify, mitigate and manage risks and obtain and maintain and claim under insurance cover (Risk Information). The legal basis on which we process Risk Information is our legitimate interest in identifying, managing and protecting our business against risk and dealing with any related disputes or claims by or against us, including legal proceedings in any forum.
2.6.7 We process any of the personal information described in this policy and your health information when necessary to comply with the law (e.g. COVID-19 laws and when necessary to cooperate with any investigation by any regulatory authority or law enforcement agency).
2.6.8 We process any of the personal information described in this policy when necessary to protect your life or other vital interests or those of any other person.
3. SHARING YOUR PERSONAL INFORMATION WITH OTHERS
3.1 We won’t sell personal information to anyone.
3.2 When necessary, our trusted third party operators process personal information for us. We contract with our operators binding them to comply with applicable data privacy laws including POPIA. Our contracts oblige our operators to process information only for the purposes and means of processing we prescribe.
3.3 We use the following service providers to process personal information: hosting provider, web analysis service provider, providers of online platforms, IT programming and maintenance service providers (including website and email exchange), archiving and document storage service providers (electronic and hard copy), practice management system service providers, payroll service providers and data destruction service provider (physical files).
3.5 We disclose personal information to underwriters and professional advisors when necessary so that we can obtain or maintain insurance cover, manage risk, get their advice or to establish, exercise or defend our rights including in relation to claims by or against us in any legal proceedings in any forum and in any negotiation.
3.6 We disclose Employee Information to medical schemes, retirement funds, group life underwriters and brokers for these schemes and funds for the purposes of making benefits available to our partners, employees, their families and beneficiaries.
4. OFFSHORE TRANSFERS
4.1 Where you publish information on our website or on our social media accounts or where you instruct us to use an online platform which transfers personal information offshore, you consent to the transfer of your personal information to third parties in foreign countries and you acknowledge that that personal information may be available through the Internet around the world. We cannot prevent unauthorized access to, misuse of, damage to, or destruction of, that personal information.
4.2 If we are obliged by law to use an online platform which may transfer personal information offshore, we do not control that online platform and we cannot prevent unauthorized access to, misuse of, damage to, or destruction of, that personal information.
4.3 Where we transfer personal information to countries which don’t have an adequate level of data protection similar to POPIA’s conditions for lawful processing and the transfer is not covered by section 72 (1) (b) (consent to transfer), (c) (transfer needed to perform a contract with the data subject or take pre-contract steps), (d) (transfer needed to conclude or perform a contract in the data subject’s interests) or (e) (the transfer is for the data subject’s benefit and it’s not reasonably practicable to obtain the data subject’s consent) of POPIA, we will conclude contracts with the third parties to whom the information is transferred binding them to process your information to the standards required by POPIA and not transfer your information to any other country without similar protection.
4.4 If a Microsoft Teams meeting with us is recorded, that recording may be stored on Microsoft OneDrive which is backed up in the European Union. The European Union has data protection laws which provide an adequate level of protection that upholds principles for reasonable processing of personal information substantially similar to the conditions for lawful processing applied by POPIA.
5. MANDATORY AND VOLUNTARY DISCLOSURE
5.1 Where we have to collect and process personal information to comply with the law, we can’t provide our services to you unless you provide that information.
5.2 Except where providing personal information to us is required by law, our clients are free to volunteer personal information to us. If a client chooses not to provide personal information which we request to enable us to provide our services, this may restrict or prevent us from providing our services to that client.
6. PROTECTING PERSONAL INFORMATION
6.1 We take appropriate and reasonable technical and organisational steps to protect your personal information against unauthorised access or disclosure.
6.2 The steps we take include physical and electronic access control, encryption, appropriate firewalls and malware and virus protection.
7. SUMMARY OF DATA SUBJECT RIGHTS
7.1 For convenience, we’ve summarized every data subject’s rights in this paragraph. This is just a summary and to get a proper understanding of your rights, please read the relevant provisions in POPIA.
7.2 Subject to POPIA and other laws, by completing and sending us the request form available on request from email@example.com, you may:
7.2.1 ask us to confirm, free of charge, if we hold personal information about you;
7.2.2 for the prescribed fee, obtain a record or description of the personal information we hold and a list of third parties or the categories of third parties who hold it;
7.2.3 where the legal basis on which we process your personal information is consent, you may withdraw your consent but this will not affect the lawfulness of our processing before your withdrawal and even if you do withdraw your consent, we can continue processing your personal information where there is another legal basis for that processing such as compliance with applicable laws;
7.2.4 if any of your personal information that we have processed is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or if we are no longer authorised to retain that personal information, you may ask us to correct, destroy or delete the personal information but we emphasize that, despite your request, we may not destroy or delete personal information where we are entitled to continue processing it;
7.2.5 object to the processing of your personal information if that processing is not necessary:
220.127.116.11 for the proper performance of a public law duty by a public body; and
18.104.22.168 to pursue your legitimate interests;
22.214.171.124 to pursue our legitimate interests or those of a third party to which the personal information is supplied;
7.2.6 at any time, object to the processing of personal information for direct marketing (other than direct marketing by means of unsolicited electronic communications);
7.2.7 if you feel that we have processed your personal information unlawfully, to complain to the Information Regulator who can be contacted at:
126.96.36.199 JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
188.8.131.52 P.O Box 31533, Braamfontein, Johannesburg, 2017; or
184.108.40.206 Complaints email: complaints.IR@justice.gov.za.
8. AMENDING THIS POLICY
8.1 We may update this policy from time to time by publishing a new version on our website.
8.2 We may email you to tell you tell you about important changes to this policy.
8.3 You can also obtain the current version of this policy at any time by emailing a request to firstname.lastname@example.org.
9. OUR ADDRESS AND OUR INFORMATION OFFICER’S DETAILS
9.1 Shepstone & Wylie Attorneys’ head office is at 24 Richefond Circle, Ridgeside Office Park, Umhlanga Rocks, 4319, South Africa.
9.2 Our Information Officer is Verlie Oosthuizen and you can contact her on email@example.com or 031 5757000.