GSM Law Privacy Policy

  1. Introduction

Gunston Strandvik Mlambo Incorporated (GSM Law) respects the privacy of every person who logs onto our website or our social media pages, or who shares personal information requested by us through whatever medium. This document outlines the measures we take to protect any Personal Information as defined in the Protection of Personal Information Act, No 4 of 2013 (the Act) collected by us while providing us with the data we need to deliver our services efficiently.

 

Just a few definitions to assist you in navigating the document:

 

  • “Responsible Party” is the person or entity that processes information on behalf of a Data Subject
  • “Data Subject” is any person that provides a Responsible Party with their personal information
  • “Operator” is any person who processes information of a Responsible Party in terms of a contract or mandate. An example of this is where a Responsible Party outsources a function of their business to a third party.

 

  1. Current Version Binding

By using this website, interacting on our social media pages or enlisting our services you agree to be bound by the most current version of this policy accessible on our website.

 

  1. What is personal information, and what personal information do we collect about you?

According to the Act, ‘ personal information’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.

 

At GSM Law, we may collect, where applicable:

 

 

  • As a Responsible Party:

 

For clients:

  • Identity data: name and registration number of your company or entity if you are a legal person, first name and surname and identity number if you are a natural person or the representative of a legal person  
  • Contact data: address, email address, contact number
  • Financial data: bank account and card details
  • Transaction data: details about payments and products/services you have purchased from us
  • Technical data: includes IP  address,  your login data,  browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website. As well as information about your visit, including the full URLs, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, errors, length  of  visits  to  certain  pages,  page  interaction  information  (such  as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
  • Profile data: username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
  • Usage data: information about how you use our Website, products and services.
  • Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.

 

For employees:

  • Identity data: your first name and surname
  • Contact data: address, email address, contact number
  • Financial data: bank account details
  • Technical data: includes IP  address,  your login data,  browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website. As well as information about your visit, including the complete URLs, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, errors, length  of  visits  to  certain  pages,  page  interaction  information  (such  as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
  • Profile data: username and password for any employee-related service

 

For third parties, where applicable (such as suppliers or potential customers):

 

  • Identity data: your first name and surname
  • Contact data: address, email address, contact number
  • Financial data: bank account details
  • Transaction data: details about payments and products/services you have supplied to us
  • Technical data: includes IP  address,  your login data,  browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website. As well as information about your visit, including the full URLs, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, errors, length  of  visits  to  certain  pages,  page  interaction  information  (such  as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
  • Usage data: information about how you use our Website, products and services.
  • Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.

 

  • As an Operator:

 

       Please note as an Operator we process certain information on behalf of our clients to fulfil the contract entered into with our client.  As an Operator, we are not liable under the Act as a Responsible Party.  However, we must protect and secure the information in terms of the Act (see paragraphs 8 and 10 below).  As Operator, we process the following information on behalf of our clients:

 

  • Identity data: first name and surname
  • Contact data: mobile number
  • Financial data: bank account and card details supplied to the client by their data subject
  • Transaction data: details about payments and products/services that the data subjects of our clients have purchased
  • Profile data: username and password, purchases or orders made by the Data Subject, their interests, preferences, feedback and survey responses
  • Marketing and communications data: Data Subject’s preferences in receiving marketing from you, as our client, and their communication preferences.

Except as is required to deliver legal services for which we are contracted, we do not collect any special categories of personal information about you.   This information includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political persuasion, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences (except as is required to deliver legal services for which we are contracted).

  1. Acceptance of our policy

By using our product/services, you understand that we will collect and use your personal information as indicated in this policy.

You have the right to decline consent and/or if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes.

Where we need to collect personal information under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have with you.

  1. How do we collect your personal information?
  • Direct interactions: by way of filling in forms, email or telephone correspondence, purchasing or subscribing to products/services, and via our Website.
  • Automated technologies or interactions: we automatically collect technical data about your equipment, browsing actions and patterns as you use our Website. We collect this personal information by using cookies and other similar technologies.
  • Third parties or publicly available sources: for example, business partners, sub-contractors or credit reference agencies.

 

 

 

  1. How do we use your or your Data Subject’s personal information?

GSM Law will only use your personal information when the law allows us to. We will most likely use your personal information in the following circumstances:

  • Where we need to perform the contract, we are about to enter into or have entered into with you
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Where we need to comply with a legal or regulatory obligation

 

  1. What will we use your or your Data Subjects personal information or the information of for (where applicable)?
  • To register you as a new customer
  • To employ you as an employee of GSM Law and to enable us to fulfil our function as an employer
  • To process and deliver in terms of our Agreement, including processing your Data Subjects information as an Operator, manage payments, fees and charges
  • To collect and recover money owed to us
  • To manage our relationship with you, as a client which will include notifying you about changes to our terms or privacy policy and asking you to leave a review or take a survey
  • To administer  and  protect our  business  and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • To deliver relevant website content and advertisements to you and to measure or understand the effectiveness of the advertising we serve to you
  • To use   data   analytics   to improve our Website, products/services, marketing, customer relationships and experiences
  • To make suggestions and recommendations to you about goods or services that may be of interest to you

 

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason. We may process your personal information without your knowledge or consent in compliance with the Act, where this is required or permitted by law.

 

 

 

  1. Marketing

We will provide you with choices regarding certain personal information uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or purchased services from us. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a product/service purchase, product/service experience or other transactions.

 

You may set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly.

 

  1. Disclosure of personal information

We will not sell personal information and no personal information will be disclosed to anyone except as provided in this policy. We may disclose your personal information if required by a subpoena or court order; or to comply with any law or regulation.

 

We may share your personal information:

  • with other related companies in terms of our Agreement with you, as our Client
  • with our service providers under contract, as permitted by law
  • with credit bureaus to report account information, as permitted by law
  • with social media platforms when you use tools or functionality on our Website provided by  those  platforms  (such  as  “recommend”  or  “share” buttons); and

with marketing partners where you register for events, webinars, or other related events

  • with public or government authorities to follow applicable law or to respond to legal  process  (like  a  subpoena).  We also may share your personal information when  there  are  threats  to  the  physical  safety  of  any  person, violations of this policy or other agreements, or to protect the legal rights  of  third  parties,  including  our  employees,  users,  or  the  public  as required by law
  • for business transactions like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal information, as well as choices you may have
  • with your consent. For example, when we post user testimonials that may identify you or for a third-party application that may be of use to you and
  • with your employer or organisation where you create an account or user role with an email address assigned to you as an employee, contractor or member of an organisation, that organisation may find your account and take specific actions that may affect your account
  • We may need to disclose personal  information  to  our  employees  that  require  the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance,  information  technology,  or  other personnel. Any of our employees or personnel that handle your personal information will have signed non-disclosure and confidentiality agreements

 

  1. International transfers

We may transfer personal information outside South Africa to be stored on servers located outside South Africa where the laws protecting personal information may not be as stringent as the laws in South Africa.  You consent to us processing your personal information in a foreign country whose laws regarding the processing of personal data may be less stringent.

 

  1. How secure is our data?

We have put into place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, such as password protection, device control policies and other stringent security measures.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who we require to process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and  will notify you and any applicable regulator of a breach where we are legally required to do so.

 

  1. How long will we use your personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal Information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which  we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

  1. What are your legal rights?

Under certain circumstances you are entitled to:

  • Request access to your Personal Information
  • Request correction of your Personal Information
  • Request removal of your Personal Information
  • Object to processing of your Personal Information
  • Request restriction of processing your Personal Information
  • Request transfer of your Personal Information
  • Withdraw consent
  • Not be subjected to automated decision-making

 

  1. Promotion of Access to Information Act 2 of 2000 (“PAIA”)

PAIA gives you the right to access information that is required to exercise or protect your rights. In terms of PAIA, before access to the information requested by persons is granted, specific requirements have to be met. PAIA also requires private bodies such as GSM Law to compile a manual designed to assist persons who want to exercise their right to access information.  You or third parties may also request access to your personal information held by GSM Law. PAIA regulates and sets out the procedure for such a request and under what circumstances such access may be refused. Please contact us should you require our PAIA manual, the prescribed request form and/or information on applicable fees payable for access to this information.

 

  1. Your duty to keep your personal information with us updated

This  policy  was  last  updated  on  26 May 2021. The personal information we hold about you must be accurate and current.  Please keep us updated if your information changes during your relationship with us.

 

  1. Queries or complaints

Should you have any queries or complaints about this policy, you may email our information officer, Ashleigh Mee on ashleigh@gsmlaw.co.za.

You are also entitled to refer any concerns to the South African Information Regulator:

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Email address:  complaints.IR@justice.gov.za