Your information, protected by law

1. What personal information do we collect?

We collect personal information when you contact us, request legal services, or interact with our website. This includes your name, email address, phone number, physical and postal address, company details, identity number where required for FICA compliance, and any information you voluntarily provide during consultations or correspondence. We may also collect technical data through cookies and website analytics tools, such as your IP address and pages visited, to improve our online services.

2. Lawful Grounds for Processing

Your personal information is processed on the following lawful grounds under POPIA: (1) performance of a contract or taking pre-contractual steps at your request, such as preparing a mandate agreement or fee arrangement; (2) compliance with a legal obligation, including FICA verification, court filing requirements, and regulatory reporting; (3) our legitimate interest in maintaining client relationships and delivering legal services effectively; and (4) your express consent where we rely on it as a processing ground. We do not sell or share your personal information with third parties for commercial purposes. Sharing occurs only where required by law, where you have consented, or where we engage service providers who are contractually bound to handle your data lawfully under a data processing agreement.

3. Your Rights Under POPIA

As a data subject under POPIA, you have the right to: be notified when your personal information is collected and how it will be used; access a copy of the personal information we hold about you; request correction of inaccurate, incomplete, or outdated information; object to processing on legitimate grounds; request deletion or destruction of your personal information where it is no longer needed or where processing is unlawful; not be subject to automated decision-making that produces legal or similarly significant effects; and lodge a complaint with the Information Regulator. To exercise any of these rights, submit a written request to our Information Officer. We will respond within 30 days as required by the Act.

4. Security Safeguards

Mashiane Attorneys Inc. implements appropriate technical and organisational security measures to protect personal information against accidental loss, destruction, alteration, unlawful access, or disclosure. Measures include encrypted email and document transmission, role-based access controls, password-protected systems, secure cloud storage with reputable providers, regular staff training on data handling obligations, and formal data breach response procedures. We conduct periodic security reviews to ensure our measures remain appropriate to the risks associated with our processing activities. In the event of a security compromise, we will notify affected data subjects and the Information Regulator as required by section 22 of POPIA, without unreasonable delay.

5. Data Retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Client matter files are retained for a minimum of five years after conclusion of the matter in accordance with LPC professional rules. FICA records are retained for at least five years following the end of a business relationship, as required by the Financial Intelligence Centre Act. Website and marketing data is retained for shorter periods and reviewed annually. When personal information is no longer needed, it is securely destroyed, deleted, or anonymised in a manner that prevents reconstruction.

6. Cookies and Website Tracking

Our website uses cookies to enhance the user experience, remember preferences, and analyse site traffic using anonymised analytics. Cookies are small text files stored on your device. We use session cookies, which are deleted when you close your browser, and persistent cookies, which are retained for a set period to remember your preferences. We do not use cookies to identify individual users without their consent. You can control and delete cookies through your browser settings. Disabling cookies may limit certain features of our website. We do not use third-party cookies for advertising targeting or behavioural profiling.

7. Operators, Third Parties and Cross-Border Transfers

We may engage third-party service providers (operators under POPIA) to assist with website hosting, email delivery, document management, accounting, and legal case management. These providers are required to enter into operator agreements obliging them to process personal information only on our instructions, in compliance with POPIA, and with appropriate security safeguards in place. We do not authorise operators to use your personal information for their own independent purposes.

8. Cross-Border Transfers

If your personal information is transferred to a recipient in a foreign country, we ensure the recipient is subject to a law, binding corporate rules, or a binding agreement providing adequate protection substantially equivalent to POPIA's standards, as required by section 72 of the Act. We will not transfer personal information cross-border without a lawful basis and appropriate safeguards in place.

9. Policy Updates

We may update this POPIA Privacy Policy from time to time to reflect changes in our data processing practices or applicable law. When material changes are made, we will update the effective date at the top of this page and, where appropriate, notify affected data subjects via email or a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information.

10. Complaints and Contact Details

For POPIA-related queries, access requests, objections, or complaints about the handling of your personal information, please contact our designated Information Officer through the Contact Us page. You may also lodge a complaint directly with the Information Regulator of South Africa at www.inforegulator.org.za or by emailing inforeg@justice.gov.za. All requests will be acknowledged within 30 days in accordance with the Act.