We recognise the importance of privacy and we aim to ensure that your personal information is collected and used properly, lawfully and transparently.
- PROCESSING OF INFORMATION
2.1 We collect personal information in the following circumstances:
- When you contact us telephonically or via email;
- If you contact us through social media, or when you make use of our website;
- If you make use of any of our legal services; and
- When you apply for employment at Conradie Inc.
2.2 We may collect the following personal information directly from you or from third parties:
Full name and surname, identity number, contact details (residential or business address, telephone number and e-mail address), financial information, as well as all other relevant information regarding the specific matter you need assistance with.
2.3 We will inform you what information you are required to provide us with and which information is optional.
- PURPOSE FOR PROCESSING PERSONAL INFORMATION
The purpose for which we collect and process personal information include, but are not limited to:
- Provide services to you.
- Conduct business with you.
- Notify you of the services we provide.
- FURTHER PROCESSING OF PERSONAL INFORMATION
We may disclose your personal information to third parties in the following circumstances:
- If you consent to the sharing of your personal information;
- As a result of contractual obligations;
- In order for us to provide services to you;
- If we are legally required to do so.
If we make use of the services of contractors, consultants, and external service providers they are subject to a confidentiality undertaking in terms of the provisions of POPIA.
We will never disclose or process your information further if we do not have the necessary consent to do so, if there is no purpose to do so and we will also take cognisance of the nature of the information you provided, the consequences of the intended further processing, the manner in which the information has been collected and any other contractual obligations.
- INFORMATION QUALITY
Conradie Inc. will take reasonably practicable steps to ensure that the personal information, we collect is complete, accurate, not misleading and updated where necessary. In taking such steps, we will always have regard to the purpose for which personal information is collected or for which purpose it will be further processed for.
- OPENNESS AND PARTICIPATION OF DATA SUBJECT
As a data subject, you have the right to request access, correct or to delete personal information that is in our possession. If you wish to exercise your rights, you can contact us at the details provided below. We may charge a fee for accessing, correcting or deleting your personal information. If your request is unlawful, we have the right to refuse your request.
If your personal information changes, we encourage you to update the personal information that you provided.
- SECURITY SAFEGUARDS
7.1 HOW DO WE LOOK AFTER YOUR PERSONAL DATA?
We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic.
We retain personal data for as long as is required to deliver our service to you, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes, we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
7.2 AGENTS, SUB-CONTRACTORS AND OTHER THIRD-PARTY CONTROLS
Before making use of any Agent, Sub-contractor or third-party we ensure that the following is in place:
- That adequate and effective privacy controls are in place when we do make use of agent, subcontractors and third-party correspondents;
- That there is a process to govern the selection and management of these agents, subcontractors and third-party correspondents;
- An agreement that incorporates data privacy and protection of personal information; and
- That these agents, subcontractors and third-party correspondents are POPIA compliant and have the necessary data privacy protection measures in place to ensure that the information that we share with them is safeguarded.
7.3 PHYSICAL ACCESS TO CONRADIE INC OFFICE
We employ the following physical safety measures within our office:
- Receptionist to identify and welcome visitors.
- Central alarm with armed response.
- Access code required for staff entrance way.
7.4 CONRADIE INC. CONTROLS FOR UNAUTHORISED ACCESS TO CLIENT INFORMATION
7.4.1 Paper records
- Paper records and files containing personal data are handled in such a way as to restrict access to only those persons with business reasons to access them.
- Conradie Inc. shreds all discarded paper records that contain confidential information. Other secure disposal methods are in place and properly used for confidential material not on paper.
- Facsimile technology (fax machines) is not used for transmitting documents containing personal data.
- Papers with confidential data are locked away in an access-controlled room, when not in use.
7.4.2 Laptops and Other Mobile Storage Devices
- Passwords used to access PCs, applications, databases, etc. are of sufficient strength to deter password cracking or guessing attacks.
- Passwords are created for employees via our technical administrators, this ensures that passwords are securely managed and comply with best practices.
- Personal, private, sensitive, or confidential data are not stored on portable devices.
- Laptops are physically secured if left in the office overnight. When out of the office, the device is kept secure at all times.
- When replacing or selling laptops, hard drives are formatted.
7.4.3 Data Transmissions
Data transfers only take place via secure on-line channels where the data is encrypted rather than copying to media for transportation.
Audit trails are used where technically possible, to capture instances of inappropriate access (whether internal or external), addition, deletion, or editing of data.
Access to files containing personal data is monitored by supervisors on an ongoing basis. Staff is made aware that this is being done. IT systems are in place to support this supervision.
7.4.5 Conradie Inc. also takes the below precautions
- Privileges are allocated on a need-to-use basis, and only after authorisation.
- Staff access rights are reviewed at regular intervals.
- Staff are advised on how to select and maintain secure passwords.
- Staff and sub-contractors are made aware of the security requirements and procedures for protecting unattended equipment.
7.5. CONRADIE INC. SYSTEMS, APPLICATIONS AND SOFTWARE
7.5.1 Email software
We make use of Microsoft Office 2010 Suite as our email client and the emails are managed through Mimecast.
Microsoft uses ‘encryption in transit’ for all data, which means that your data is protected against eavesdropping. Integrating Mimecast ensures advanced protection of all communication within our company and externally.
Mimecast’s email security technology deters threat actors with advanced features to break chains of all kind. It keeps email flowing if Outlook goes down, improves compliance, and pervades rich threat intelligence across our security system. This in turn helps us to identify and halt attacks faster, shortening dwell time. Mimecast also immediately identifies any emails which poses a risk and notifies the user before the email is opened. If the recipient is unknown, you have the option to permanently block the recipient email address.
7.5.2 Data storage
We make use of a Dell server which has a Raid 5 setup. Thus, we have a number of drives so that in the event that one of the drives fail, the data does not go missing. It is kept in the other drives until the faulty drive has been repaired.
We also have a local back-up and an off-site back-up and we make use of virtual machines.
7.5.3 Bulk email application
We make use of a GDPR and POPIA compliant bulk mail platform.
Recipients of bulk email communication have had to express a legitimate interest and have either:
- Opted in to receive newsletters, or;
- Established a clear business relationship or interest by being a client or;
- Previously received regular opt-out communication or;
- Engaged with bulk email communication in the past 18 months.
Conradie Inc. appointed BNIT Worcester for our data storage and Africa Horizons for our email monitoring. Their contact details are available and can be obtained from our Information Officer.
- RETENTION POLICY
According to Rule 54.9.2 of the Rules of the Legal Practice Council a law firm shall retain accounting records and files and documents relating to matters dealt with on behalf of clients, for at least 7 years from the date of last entry recorded. Conradie Inc. abides by and are bound by the rules of the Legal Practice Council.
- CHANGES TO THIS POLICY
- HOW TO CONTACT US
Our Information Officer is: Lizette Nortje, Office and Financial Manager.
Our Deputy Information Officer is: Fuad Davids, Attorney & IT Support Liaison.
- Billing/account information update: firstname.lastname@example.org
- Information updates related to bulk email, website, and other digital tools can be submitted via our Information Officer at email@example.com – the request will then be completed by the department representative.
If you would like access your data, requests must be submitted to us in writing.
Requests for personal information will be handled in accordance with POPIA and PAIA.
Address: 23 Stockenström Street, Worcester, 6850.
Telephone: +27 23 347 0996