Effective Date: 1 January 2025

1. Information We Collect

In the course of providing professional services and operating our website, we may collect the following types of information:

• Contact information (name, email address, phone number)
• Company details and business information
• Communication records and correspondence
• Website usage data (cookies, analytics, IP addresses)
• Professional and engagement-related documentation

2. How We Use Your Information

We process personal information for the following purposes:

• Responding to inquiries and service requests
• Providing professional advisory, legal, and forensic services
• Legal compliance and regulatory record-keeping requirements
• Service improvement and quality assurance
• Communication regarding engagements and business matters

3. Legal Basis for Processing (POPIA)

We process personal information under the following lawful bases as defined by the Protection of Personal Information Act (POPIA):

• Consent: Where you have provided explicit consent (e.g., contact forms, newsletter subscriptions)
• Contractual necessity: Processing required for the performance of professional services
• Legitimate interests: Processing necessary for our business operations and service delivery
• Legal obligations: Compliance with statutory record-keeping, FICA, and professional body requirements

4. Data Retention

We retain personal information in accordance with professional and legal requirements:

• Client records: 7 years (in accordance with accounting and professional standards)
• Communication records: 5 years (as required by FICA and anti-money laundering regulations)
• Marketing communications: Until consent is withdrawn
• Legal matters: 10 years for litigious matters

5. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. This includes:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication mechanisms
• Regular security audits and monitoring
• Staff training on data protection and confidentiality

6. Your Rights (POPIA & GDPR)

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Objection: Object to processing of your personal information
• Portability: Request a copy of your data in a structured, machine-readable format
• Complaint: Lodge a complaint with the Information Regulator of South Africa

7. Third-Party Processors

We may engage third-party service providers to process personal information on our behalf. All processors are contractually bound to maintain confidentiality and comply with applicable data protection laws.

8. International Data Transfers

Where personal information is transferred outside South Africa, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy assessments in compliance with POPIA and GDPR requirements.

9. Cookies and Tracking

Our website uses cookies and similar technologies for analytics and functionality. You may control cookie preferences through your browser settings. Essential cookies required for website operation cannot be disabled.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and the Information Regulator as required by law, within 72 hours of becoming aware of the breach.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through our website and, where appropriate, direct notification.

12. Contact Information

Information Officer: Bernard Richter
Email: privacy@richtersconsulting.com
Address: Johannesburg, South Africa

13. Information Regulator Contact

If you wish to lodge a complaint regarding our processing of your personal information:
Information Regulator (South Africa)
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg