Privacy Policy

Updated 1 September 2024

 

Introduction

 

The purpose of this policy is to promote best practices for the collection and processing of personal information and to ensure that Legal Ninjas acts within the regulations under the Protection of Personal Information Act 4 of 2013 (the “POPIA”).

 

Unless otherwise defined, terms used in this policy will have their meaning as defined in the POPIA.

 

The policy as well as security measures taken by Legal Ninjas to protect personal information will be reviewed from time to time to ensure alignment with South African regulation and best practice.

 

Legal Ninjas will comply with the POPIA.  The policy rules below represent the principles and high-level summary of the methods taken to do so.

 

Policy Rules

 

Legal Ninjas will only request and collect personal information for the purposes of client onboarding, providing services to its clients and ancillary matters (such as contracting contractors to perform the services) as well as for any other legitimate business purposes including marketing and events (“Purposes”).

 

Legal Ninjas collects names, phone numbers, addresses, email addresses, financial and tax information such as VAT registration numbers, copies of identity documents, founding documents, proof of address, bank statements and other 'Know Your Client' documentation required under applicable law.  Legal Ninjas will only process personal information for the Purposes above.

 

Legal Ninjas will only share personal information with third parties in order to carry out the Purposes and/or complying with legal obligations.

 

Personal information may not be provided to any third party unless a written contract incorporating the appropriate data protection clauses has been executed with such third party, unless otherwise required under applicable law.  When personal information is sent to a third party, it should be sent via secured means eg. Password protected.

 

When personal information is transferred to countries outside of South Africa, it should be transferred to countries only if such country has a stricter or similar level of data protection to South Africa.

 

Personal information shall be accurate, complete and kept up to date as appropriate to the Purposes.

 

All personal information must be guarded against unauthorised access, alteration, disclosure or destruction.  The security used should be appropriate to the level of risk.  No hard copies of personal information should be kept unless necessary, marked confidential and securely stored.

 

Personal information shall be collected, processed and stored based on relevance to the Purposes and will not be excessive.  Personal information will be stored for as long as required under applicable law (eg. 5 years for FICA/KYC data), after which time it will be deleted.

 

The processing of sensitive personal information is subject to additional data protection requirements and special care must be taken when processing such personal information (eg. Health data, race, religious beliefs).  Legal Ninjas will keep processing of sensitive personal information to a minimum and only if strictly necessary to comply with the Purposes or its legitimate business requirements.  The highest security standards must apply to processing of such sensitive personal information and access should be restricted to those who ‘need to know’.

 

No personal information will be shared with a sub-contractor or employee of Legal Ninjas until such person has entered into a written agreement regulating the confidentiality and data protection obligations expected of such person.

 

Legal Ninjas will ensure that all employees of Legal Ninjas as well as all contractors working on assignments with Legal Ninjas read this policy to ensure their own compliance with the policy.  All employees and contractors are responsible for data privacy and confidentiality.

By using this website and/or engaging with Legal Ninjas, all data subjects consent to Legal Ninjas using their personal information for marketing purposes.

 

Legal Ninjas will notify a data subject of any collection of their personal information from a third party or database prior to such collection.

 

Breaches

 

Employees and contractors must report all data breaches or suspected data breaches immediately to Legal Ninjas by emailing hello@legalninjas.co.za. An example of a data breach is sending personal information to a friend’s email address which is similar to a legitimate recipient of such data.

 

If the breach relates to personal information, Legal Ninjas will notify the Information Regulator and/or affected data subjects without undue delay (within 72 hours of becoming aware of the details of the breach) and will take steps to mitigate the risk of unlawful access to such personal information eg. Request the family friend to delete the email immediately.  The notification will include sufficient detail to enable the Information Regulator and data subject to assess and/or mitigate the risks of such breach and take protective measures to avoid compromise to the data subject’s rights.

 

Access to Data

 

Upon request by a data subject, Legal Ninjas will provide them with a copy of their personal information within a reasonable period after receipt of such request. If an employee or a contractor receives such a request, they must forward the request as soon as possible to Legal Ninjas.

 

Legal Ninjas will correct the personal information relating to a data subject upon request to do so by the data subject. 

 

Legal Ninjas will restrict the processing of and/or delete the personal information when requested to do so by a data subject, subject to applicable law and any restrictions on being able to comply with the Purposes for which the personal information was being processed.

 

Consent

 

By using and/or engaging with Legal Ninjas (Pty) Ltd, you consent to the collection and processing of your personal information in accordance with this privacy policy and the POPIA.