PRIVACY POLICY

  1. PURPOSE
    This privacy policy (“this Policy”) explains how, when Venns Attorneys acts as a Responsible Party, we Process and protect your Personal Information. This Policy also explains where we collect your Personal Information, our purpose for Processing the Personal Information and the legal basis on which we do so.
  2. DEFINITIONS
    In this Policy-
    2.1 “legal and related services” includes the range of services provided by attorneys and includes, but is not limited to, dispute resolution, property transfers and property law, the administration of deceased estates, the provision of commercial and corporate law services, the collection of debts and the like;
    2.2 “Operator” means any person or entity that Processes Personal Information on behalf of the Responsible Party;
    2.3 “Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
    2.4 “POPIA” means the Protection of Personal Information Act 4 of 2013;
    2.5 “Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
    2.6 “Responsible Party” means the entity that decides how and why Personal Information is Processed;
    2.7 “Service Provider” means third parties who provide various services to Venns Attorneys, including, but not limited to, providers of information technology, communication, archive file storage, data storage, accounting or auditing services, experts, investigators, advocates, correspondent attorneys, translators, taxation consultants and our insurers, bankers and professional advisors; and
    2.8 “Website” means www.venns.co.za.
  3. APPLICATION
    This Policy applies to our clients, representatives of entities who are our clients, visitors to our offices, other users of our legal and related services, our employees, applicants for employment, our suppliers and other third parties with whom Venns Attorneys interacts (“you”).
  4. HOW WE COLLECT PERSONAL INFORMATION
    4.1 We will only collect or obtain your Personal Information in a lawful manner.
    4.2 Amongst others, we may collect or obtain your Personal Information in the following ways:
    4.2.1 directly from you (this is our main source of personal information about you);
    4.2.2 during the course of providing legal and related services to you or the entity which you represent;
    4.2.3 when you make your Personal Information public;
    4.2.4 when you interact with our Website or our social media platforms;
    4.2.5 when you register to receive our newsletter or to participate in one of our seminars, webinars or other events;
    4.2.6 when you visit our offices;
    4.2.7 from the public records held by public authorities, such as the Deeds Office or the Master of the High Court;
    4.2.8 from other third parties, such as your medical practitioner auditors or bankers, on your instructions; and
    4.2.9 from databases such as Windeed and from the records of the various credit bureau.
    4.3 In addition, while providing legal and related services to you, we will create records of our communications and interactions with you. We will also create correspondence and legal documentation on your behalf which may contain your personal information.
  5. TYPES OF PERSONAL INFORMATION WHICH WE PROCESS
    Amongst others, we may process the following types of Personal Information about you -5.1 Your names;
    5.2 Your date of birth and nationality;
    5.3 Your passport or national identity number;
    5.4 Your entity’s name and registration number;
    5.5 Your contact details including physical and postal addresses; telephone number and email address;
    5.6 Personal Information included in correspondence, documents, evidence or other materials that we Process in the course of providing legal and related services;
    5.7 Attendance records including records of visiting our offices and of attending meetings and other events organised by Venns Attorneys;
    5.8 Records of any consents which you may have given to Venns Attorneys; and
    5.9 Payment details including your VAT number; billing address; payment method; bank account number; invoice records and payment records.
  6. PURPOSES OF PROCESSING
    6.1 We will only Process your Personal Information for lawful purposes.
    6.2 We collect and Process Personal Information for a range of purposes including-
    6.2.1 the provision of legal and related services to our clients;
    6.2.2 the conducting of our business as a legal practice;
    6.2.3 compliance with our obligations in terms of our employment contracts and applicable labour legislation; and
    6.2.4 compliance with other legislation of the Republic of South Africa.
    6.3 We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will only process your Personal Information for a further or secondary purpose with your consent or if that further or secondary purpose is closely related to the original or primary purpose for which the Personal Information was collected.
  7. LEGAL JUSTIFICATION FOR PROCESSING
    Depending on the context, we will Process your Personal Information based on one of the following legal justifications –
    7.1 your consent, whether express or implied;
    7.2 in order to exercise our rights or perform our obligations in terms of a contract with you; or
    7.3 in terms of an applicable law.
  8. WHERE WE KEEP YOUR PERSONAL INFORMATION
    8.1 Your personal information is stored by us on secure servers and physical filing systems in the Republic of South Africa.
    8.2 We use Microsoft Office 365. This means that if you send us electronic communication which contains your Personal Information, or if we are required to send such an electronic communication, then your Personal Information will be stored on secure Microsoft servers situated in South Africa.
    8.3 We also use AJS, an accounting system designed for attorneys. Certain personal information, necessary for running our accounts, is stored on an on-site server dedicated to the AJS accounting system.
    8.4 If you participate in a recorded Microsoft Teams meeting with us, that recording may be stored on Microsoft OneDrive which is backed up in the European Union. The European Union has data protection laws which provide an adequate level of protection that upholds principles for reasonable processing of personal information substantially similar to the conditions for lawful processing applied by POPIA.
  9. SECURING YOUR PERSONAL INFORMATION
    9.1 We take appropriate and reasonable technical and organisational steps to protect your personal information against unauthorised access or disclosure.
    9.2 The steps we take include physical and electronic access control, appropriate firewalls and malware and virus protection. We also employ IT Specialists to provide advice on IT security.
    9.3 Because the Internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the Internet and we cannot be held liable for any loss of privacy occurring during the course of such transmission.
  10. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
    10.1 We will not sell your Personal Information.
    10.2 We may disclose your Personal Information to our Service Providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. We will review our relationships with Service Providers and will ensure that appropriate contractual provisions are in place to ensure that Service Providers take measures to protect your Personal Information.
    10.3 In addition, we may disclose your Personal Information –
    10.3.1 if required by law;
    10.3.2 if required by any legal and regulatory authority, upon request, or for the purposes of reporting any actual or suspected breach of law;
    10.3.3 where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
    10.3.4 to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security; and
    10.3.5 to any relevant third party acquirer, in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation).
  11. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
    11.1 We may transfer your Personal Information to Service Providers outside of the Republic of South Africa, provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation and the transfer is necessary in order to provide the legal and other related services that are required by Venns Attorney’s clients.
    11.2 We will review our relationships with Operators we engage and, to the extent required by any applicable law if force, we will require such Operators to be bound by contractual obligations to –
    11.2.1 only Process such Personal Information in accordance with our prior written instructions; and
    11.2.2 use appropriate measures to protect the confidentiality and security of such Personal Information.
  12. HOW LONG WE KEEP YOUR PERSONSAL INFORMATION
    We will only retain and store Personal Information for the period for which the Personal Information is required bearing in mind the purpose for which the Personal Information was collected or for the period required to comply with an applicable legal requirement, whichever is longer. In this regard, the Legal Practice Council requires that attorneys retain records for a period of 7 years following the completion of the matter to which the record relates.
  13. YOUR RIGHTS AS DATA SUBJECT
    13.1 Data Subjects have a range of rights in terms of POPIA. Subject to POPIA and other applicable laws and the rights of others, you may:
    13.1.1 ask us to confirm, free of charge, if we hold personal information about you;
    13.1.2 for the prescribed fee, obtain a record or description of the personal information we hold and a list of third parties or the categories of third parties who hold it;
    13.1.3 where the legal basis on which we process your personal information is consent, you may withdraw your consent but this will not affect the lawfulness of our processing before your withdrawal and even if you do withdraw your consent, we can continue processing your personal information where there is another legal basis for that processing such as compliance with applicable laws;
    13.1.4 if any of your personal information that we have processed is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or if we are no longer authorised to retain that personal information, you may ask us to rectify, destroy or delete the personal information but, despite your request, we may not destroy or delete personal information where we are entitled to continue processing it; or
    13.1.5 at any time, object to the processing of personal information for direct marketing (other than direct marketing by means of unsolicited electronic communications).
    13.2 You can exercise the abovementioned rights by completing and sending us the request form available on request from info@venns.co.za.
    13.3 Your rights as data subject may be subject to our obligation as attorneys to keep confidential information which we receive within an attorney – client relationship.
    13.4 If you feel that we have processed your personal information unlawfully, you may complain to the Information Regulator who can be contacted at:
    13.4.1 JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001;
    13.4.2 PO Box 31533, Braamfontein, Johannesburg, 2017; or
    13.4.3 Email: complaints.ir@justice.gov.za.
  14. MARKETING
    14.1 With your consent, we may send you information about our other legal services, or about new developments in the law. You may, at any time, withdraw your consent by notifying us, and we will not send you any such material.
    14.2 If you currently receive marketing information from us which you would prefer not to receive in the future please email us at info@venns.co.za.
  15. CONTACT US
    15.1 You can contact Venns Attorneys at:
    Physical address: 30 Montrose Boulevard
    Victoria Country Club Estate Office Park
    170 Peter Brown Drive
    Montrose
    Pietermaritzburg
    3201
    Postal address: P O Box 600
    Pietermaritzburg
    3200
    Contact No: 033 355 3100 / 033 355 310115.2 Our Information Officers may be contacted as follows:
    Information Officer: Redvers Lee
    Email: redvers@venns.co.za
    Deputy Information Officer: Tim Brown
    Email: tim@venns.co.za
  16. REVIEWS AND UPDATES
    We may review and update this Policy from time to time by placing a new version of this Policy on our website.