POPIA Compliance

Privacy Policy

How Gerber Attorneys collects, uses and protects personal information in accordance with the Protection of Personal Information Act, No. 4 of 2013.

Introduction

This Privacy Policy (“Policy”) has been compiled by Gerber Attorneys (“we”, “us” or “our”) in accordance with the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”). Gerber Attorneys is a law firm incorporated and practising in the Republic of South Africa.

Gerber Attorneys is the responsible party in respect of any personal information collected, held or processed by us. This means we determine the purpose of, and the means for, processing your personal information. We are committed to protecting your privacy and handling your personal information lawfully, responsibly and with the utmost care.

1. Information Officer

Gerber Attorneys has designated the following Information Officer in terms of POPIA and the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”):

  • Information Officer: James Gerber
  • Firm: Gerber Attorneys
  • Email: info@gerbers.co.za
  • Website: www.gerberattorneys.co.za

All queries, requests to exercise data subject rights, and complaints relating to this Policy must be directed to the Information Officer at the email address above.

2. Application of this Privacy Policy

2.1 Scope

This Policy applies to personal information that Gerber Attorneys collects, uses and processes in connection with:

  • Use of our website (www.gerberattorneys.co.za) and any online portals or platforms we operate;
  • Legal, notarial and conveyancing services rendered to clients;
  • Business development, marketing and communication activities;
  • Communications initiated with us by email, telephone, post or in person;
  • Engagement with us as a supplier, service provider or business associate;
  • Client onboarding, matter administration, billing and fee recovery;
  • Compliance with anti-money laundering (“AML”) and know-your-client (“KYC”) obligations under the Financial Intelligence Centre Act, No. 38 of 2001 (“FICA”);
  • Court proceedings and correspondence with courts, opposing parties and other third parties;
  • CCTV monitoring at our premises, where applicable;
  • Publicly available sources, including the Companies and Intellectual Property Commission (“CIPC”), the Deeds Registry, the Government Gazette and court records.

2.2 Third-party personal information

Where you provide us with personal information relating to another person, for example, a counterparty, a family member or a beneficial owner, you warrant that you are lawfully entitled to provide such information. You indemnify Gerber Attorneys against any loss or liability arising from the unlawful provision of another person’s personal information to us.

3. Personal Information We Collect

3.1 Categories of personal information

Depending on the nature of our engagement with you, we may collect and process the following categories of personal information:

  • Identity information: Full names, identity number, passport number, date of birth, nationality, gender and marital status;
  • Contact details: Physical address, postal address, email address and telephone numbers;
  • Financial information: Bank account details, income details, tax identification number, proof of funds, source of funds information, and billing and payment records;
  • Legal matter information: Instructions, matter files, pleadings, contracts, correspondence, court orders and judgments, transactional documents and settlement agreements;
  • AML/KYC information: Identity documents, proof of address, beneficial ownership information, source of funds and wealth declarations, risk assessment records;
  • Special personal information: Health data, race or ethnic origin, religious beliefs, political opinions, trade union membership, criminal record or proceedings, only where legally required or specifically permitted by POPIA;
  • Professional information: Occupation, employer, company details and professional registrations;
  • Technical information: IP address, browser type, cookies and website usage data;
  • CCTV footage: Images or video captured when visiting our premises, where applicable;
  • Publicly available information: Records from CIPC, the Deeds Registry, court records and the Government Gazette.

3.2 How we collect personal information

We collect most personal information directly from you. Where required by the nature of the legal services, or where information is not reasonably available from you, we may collect information from third-party sources including:

  • Courts, tribunals and regulatory bodies;
  • Public registers, including CIPC, the Deeds Registry and the Government Gazette;
  • Credit bureaus and AML/sanctions screening databases;
  • Opposing parties and their legal representatives;
  • Referral partners, estate agents, bond originators and financial institutions;
  • Employers, professional bodies and other references.

4. Purposes for Which We Process Your Personal Information

Gerber Attorneys processes personal information for the following purposes, subject to a lawful basis under section 11 of POPIA in each case:

  • Providing legal, notarial and conveyancing services: To fulfil our mandate and render the legal services for which you have engaged us;
  • Client onboarding and KYC/AML compliance: To meet our obligations as an accountable institution under FICA, including verifying client identity, conducting risk assessments and screening for politically exposed persons and sanctions;
  • Court proceedings and matter administration: To conduct litigation, conveyancing, negotiations and all associated correspondence and administration;
  • Billing and fee recovery: To issue invoices, process payments and recover fees owing;
  • Responding to queries: To respond to your enquiries and communications;
  • Marketing communications: To send legal updates, newsletters and information about our services, subject to your consent or an existing relationship with opt-out rights;
  • Regulatory compliance: To comply with POPIA, PAIA, the Legal Practice Act, the National Credit Act and other applicable legislation and professional rules;
  • Fraud prevention and sanctions screening: To detect, prevent and report fraud, money laundering and terrorist financing;
  • Safety and security: To monitor access to our premises using CCTV for safety and security purposes;
  • Statutory reporting: To comply with reporting obligations to SARS, the Information Regulator, the Financial Intelligence Centre (“FIC”) and other regulators.

We will not process your personal information for purposes other than those stated above without your consent, unless required or permitted by law.

5. Legal Professional Privilege and Confidentiality

As a law firm, Gerber Attorneys is bound by strict duties of attorney-client confidentiality and legal professional privilege. All information shared with us in the course of obtaining legal advice is privileged and confidential. We will not disclose your confidential legal communications to any third party except:

  • Where you have given your explicit prior consent;
  • Where disclosure is compelled by law or court order;
  • Where disclosure is necessary for the provision of legal services (for example, briefing counsel, engaging expert witnesses, or filing court papers);
  • Where a mandatory statutory reporting obligation applies (for example, under FICA), subject to the legal privilege protections in section 29 of the FIC Act.

6. Special Personal Information

POPIA affords heightened protection to certain categories of sensitive personal information, referred to as “special personal information”. These include information relating to:

  • Religious or philosophical beliefs;
  • Race or ethnic origin;
  • Trade union membership;
  • Political persuasion;
  • Health or sex life;
  • Biometric information;
  • Criminal behaviour, including alleged offences or proceedings.

MN Attorneys will only process special personal information where:

  • You have given your explicit written consent;
  • Processing is required to comply with a legal obligation (for example, in criminal defence mandates, FICA compliance or employment law matters);
  • Processing is necessary for the institution, exercise or defence of a legal right or obligation;
  • A specific statutory exemption applies.

7. Anti-Money Laundering and FICA Obligations

As an accountable institution listed in Schedule 1 to the Financial Intelligence Centre Act, No. 38 of 2001 (“FICA”), Gerber Attorneys is legally required to:

  • Verify the identity of clients and beneficial owners before we may act on any instruction;
  • Obtain and retain copies of identity documents, proof of address and corporate registration documents;
  • Conduct client risk assessments and apply a risk-based approach to client relationships;
  • Report suspicious or unusual transactions to the Financial Intelligence Centre (“FIC”) where required;
  • Maintain records for a minimum of five years from the end of a business relationship.

We cannot accept an instruction or commence work on a matter until our FICA onboarding requirements have been satisfied. In terms of section 29 of the FIC Act, we may be prohibited by law from disclosing to you whether we have filed, or intend to file, a report with the FIC.

8. Disclosure and Sharing of Personal Information

8.1 Within Gerber Attorneys

Personal information may be shared between the attorneys, legal consultants, candidate attorneys and support staff of Gerber Attorneys to the extent necessary for the provision of legal services, conflict checking, billing and general administration.

8.2 External third parties

We may share your personal information with the following categories of external parties for the purposes described in this Policy:

  • Advocates, counsel and expert witnesses briefed in connection with your matter;
  • Correspondent attorneys and other law firms (local and international) assisting with your matter;
  • Courts, tribunals, arbitrators and mediators;
  • Opposing parties and their legal representatives, to the extent required by law and the procedural rules of the relevant forum;
  • The Deeds Registry, CIPC and other public registers, as required in conveyancing and commercial transactions;
  • SARS, the Information Regulator, the Legal Practice Council (“LPC”) and other regulatory or governmental bodies;
  • The Financial Intelligence Centre (“FIC”), in terms of FICA reporting obligations;
  • Banks, bond originators, estate agents and other transferring or bond attorneys in conveyancing matters;
  • IT service providers, cloud service providers and our practice management software provider;
  • Our auditors, tax advisors and professional indemnity insurers;
  • Tracing agents and debt collection agencies for the recovery of fees;
  • Potential purchasers, successors or merger partners of MN Attorneys.

We do not sell, rent or otherwise transfer your personal information to any third party for commercial marketing purposes.

8.3 Legally compelled disclosure

We may be required to disclose your personal information pursuant to a court order, subpoena or other lawful demand from a competent authority. Where permitted by law, we will endeavour to notify you of any such compelled disclosure.

9. Cross-Border Transfers of Personal Information

Gerber Attorneys conducts the majority of its operations within the Republic of South Africa. In certain circumstances, personal information may be transmitted outside South Africa, for example:

  • Where we engage international co-counsel, arbitrators or expert witnesses for cross-border matters;
  • Where our IT systems, cloud storage or software are hosted on servers located outside South Africa;
  • Where a legal matter involves a foreign court, tribunal or regulatory body.

Where personal information is transferred outside South Africa, we will take all reasonable steps to ensure that the transfer complies with section 72 of POPIA. This requires that the recipient country, entity or binding agreement affords personal information an adequate level of protection substantially equivalent to the protection required under POPIA.

10. Security of Your Personal Information

Gerber Attorneys has implemented appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction or alteration. These measures include:

  • Password-protected access controls for electronic files;
  • Encrypted email communications and secure document sharing platforms;
  • Physical security at our premises, including locked filing systems and visitor access controls;
  • Regular data backups to safeguard against data loss;
  • Anti-virus, anti-malware and firewall protection on all devices and systems;
  • Staff awareness and training on data protection, cybersecurity and phishing risks.

Important banking fraud warning: Where you are required to make a payment to us, it is your obligation to call our offices on a number independently verified from our website before making such payment, to verify the provided bank details. We will not accept liability for funds transferred to a fraudulent account on the basis of an email instruction.

10.1 Security compromise (data breach) notification

In the event of a security compromise involving your personal information, MN Attorneys will, as soon as reasonably practicable and in accordance with POPIA:

  • Notify the Information Regulator of the breach; and
  • Notify you as the affected data subject, unless we are advised by law enforcement or the Information Regulator that notification would impede a criminal investigation.

Notification will include the nature of the breach, the categories of personal information affected, and the remedial steps we have taken or intend to take.

11. Retention of Personal Information

We will retain your personal information for as long as is necessary for the purposes for which it was collected, or as required by applicable law. As a law firm, our retention obligations include the following minimum periods:

  • Legal files and correspondence: five years from the conclusion of the matter, or such longer period as required by the LPC rules or applicable legislation;
  • FICA/KYC records: five years from the termination of the business relationship or the date of a single transaction, as required by FICA;
  • Financial records (invoices, trust account records, receipts): five years, as required by the LPC accounting rules and the Income Tax Act;
  • Conveyancing records: as required by the Deeds Registries Act and the applicable LPC rules;
  • Electronic communications: as required by the Electronic Communications and Transactions Act and our internal policies.

On expiry of the applicable retention period, personal information will be destroyed or de-identified in a secure and responsible manner.

12. Your Rights as a Data Subject

Subject to the provisions of POPIA and any applicable legal limitations, you have the following rights in respect of your personal information:

  • Right of access: You may request a description and copy of the personal information we hold about you in terms of sections 23 and 50 of PAIA read with POPIA;
  • Right to correction: You may request that incomplete or inaccurate personal information be corrected or updated;
  • Right to deletion/destruction: You may request the deletion or destruction of personal information that is unlawfully processed, excessive or no longer required for its original purpose;
  • Right to object: You may object to the processing of your personal information in the circumstances described in section 11(3) of POPIA, including objection to direct marketing;
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal;
  • Right to complain: You may lodge a complaint with the Information Officer of MN Attorneys, or directly with the Information Regulator of South Africa.

To exercise any of the above rights, please contact our Information Officer at info@gerbers.co.za. We will respond within 30 days of receiving your request. We may require you to verify your identity before processing your request.

Please note that certain rights are subject to limitation by applicable legal obligations. For example, we cannot delete FICA records before the statutory retention period has expired.

13. Direct Marketing

We may from time to time send you legal updates, newsletters and information about our services. We will only do so where we have your prior consent, or where we have an existing relationship with you and you have not opted out.

You may opt out of any marketing communications at any time by:

  • Sending an email to info@mnattorneys.co.za with the subject line “OPT-OUT / UNSUBSCRIBE”; or
  • Clicking the unsubscribe link in any marketing email we send you.

We will process your opt-out request promptly and free of charge.

14. Cookies and Website Usage

Our website (www.gerberattorneys.co.za) may use cookies and similar technologies to enhance your browsing experience and to analyse site traffic. Where non-essential cookies are used, we will request your consent before placing them. You may configure your browser settings to refuse or delete cookies, although this may affect certain website functionality.

15. The Information Regulator

The Information Regulator of South Africa is the independent regulatory body responsible for overseeing compliance with POPIA and PAIA. If you are dissatisfied with our response to any privacy complaint or request, you have the right to approach the Information Regulator:

  • Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
  • Postal address: P.O. Box 31533, Braamfontein, Johannesburg, 2017
  • Email: inforeg@justice.gov.za
  • POPIA complaints: POPIAComplaints@inforegulator.org.za
  • Website: www.inforegulator.org.za

16. Changes to this Privacy Policy

We reserve the right to update or amend this Policy from time to time to reflect changes in legislation, our practices or the nature of our services. Any material amendments will be communicated to you by email or posted on our website with an updated version date. Continued engagement with Gerber Attorneys following notice of an amendment constitutes acceptance of the updated Policy.

17. Queries and Complaints

If you have any questions, concerns or complaints regarding this Policy or the manner in which we handle your personal information, please contact our Information Officer:

  • Name: James Gerber (Information Officer)
  • Firm: Gerber Attorneys
  • Email: info@gerbers.co.za
  • Website: www.gerberattorneys.co.za

We will acknowledge receipt of your complaint within 5 business days and provide a full response within 30 days. Where a matter is complex, we may require additional time and will keep you informed of our progress.

← Back to home