EXTERNAL PRIVACY POLICY

This Policy was last updated on 03 December 2024.

  1. INTRODUCTION AND APPLICATION
  • Whiley and Associates Incorporated (“we”, “us”, “our”, “ourselves”) are committed to the principle of accountability in maintaining the integrity and confidentiality of Personal Information collected or received by us when you use our Website, or interact with us in the ways mentioned in section 1.4 below. This External Privacy Policy describes how we treat Personal Information collected or received from you. The Data Subject’s (“you”, “your”, “yourself”, “yourselves”) engagements with us or our Website is subject to this Policy. In general, by engaging us via contract or client mandate, or by visiting/engaging with the Website, you signify your Consent to our Processing your Personal Information in accordance with applicable Data Protection Laws.
  • Accordingly, we encourage you to read this Policy carefully and contact us with any questions or concerns about our privacy practices. We may amend this Policy at any time. All amended terms shall be effective immediately upon the posting the revised Policy and any subsequent activity between you and us or our website shall be governed by such amended terms and conditions.
  • This Policy does not apply to Personal Information that we collect about our employees and other personnel or applicants and candidates. This Policy applies the Processing of Personal Information by us in accordance with applicable Data Protection Laws and in connection with our:
  • Website, available at whileyandassociates.com;
  • business communications between us and you, and other online and offline business interactions between us and you;
  • the provision of our legal and professional services to you;
  • third-party service providers, including analytics, technical, payment and delivery services providers;
  • request for the supply of products and services to us. 

If You do not agree with the terms of this Policy, please do not visit our Website or contact our Information Officer, info@whileyandassociates.com.

  1. DEFINITIONS
  • Data Protection Laws” shall mean all applicable legislation, regulations and/or guidance notes protecting the fundamental rights and freedoms of individuals in respect of their right to privacy with respect to the Processing of Personal Information/Data. This includes South Africa’s Protection of Personal Information Act, No. 4 of 2013 (“POPIA”) and the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”), and where applicable, the General Data Protection Regulation[1] (“GDPR”) as it applies to the United Kingdom and to the European Union respectively;
  • Consent” shall mean any voluntary, specific, and informed expression of will in terms of which you give your permission for us to Process your Personal Information in accordance with this Policy;
  • Data Subject” shall mean any natural or juristic person to whom the Personal Information relates;
  • Electronic Signatures” shall mean data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature;
  • Information Officer” shall mean, in the case of a juristic person: the chief executive officer or equivalent officer of the juristic person or any person duly authorised by that officer; or the person who is acting as the head of the juristic person or any person duly authorised by such acting person. In the case of the Firm, the Information Officer is Bronwyn Whiley;
  • Operator” shall mean a person who Processes Personal Information on behalf of a Responsible Party in terms of a contract or mandate, without coming under the direct authority of the Responsible Party;
  • Personal Information” shall mean information relating to an identifiable, living, natural person and where it is applicable, to an identifiable, existing juristic person, including but not limited to information relating to:
    • race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
    • the education or the medical, financial, criminal or employment history of the person;
    • an identifying number, symbol, email address, physical address, telephone number, location information, online identifier, or other particular assignment to the person;
    • the biometric information of the person;
    • the personal opinions, views or preferences of the person;
    • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    • the views or opinions of another individual about the person; and
    • the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person;
  • Policy” means this External Privacy Policy;
  • Process/Processing” shall mean any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including: the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use, dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction, degradation, erasure or destruction of information;
  • Responsible Party” shall mean a public or private body or any other person which alone or in conjunction with others, determines the purpose and means for Processing Personal Information. For the purposes of this Policy, we are the Responsible Party in relation to Personal Information you submit to us;
  • the Firm” shall mean Whiley and Associates Incorporated, a law firm incorporated under the laws and regulations of the Republic of South Africa;
  • Third-Party/ies” shall mean any other natural or juristic person that is neither our clients, nor ourselves;
  • Website” shall mean the Firm’s website located at whileyandassociates.com, which is owned and operated by us and to which this Policy relates.
  1. PERSONAL INFORMATION

Consent For Collection and Processing

  • By submitting your Personal Information to us, whether in digital, physical or any other format, or by accessing or visiting or otherwise using our Website you agree to the terms and conditions of this Policy.
  • You expressly Consent to our Processing of your Personal Information in accordance with this Policy.
  • You understand that your Consent to our Processing of your Personal Information by us relates strictly to the purposes specified below.
  • You warrant that the Personal Information submitted to us relates to you and not to a Third Party. Where you submit the Personal Information of a Third Party, you warrant that you are legally entitled to do so. You indemnify us against any loss, liability, damage or expense (including interest and penalties) suffered or incurred by any member of our Firm due to your provision of Third-Party Personal Information to us in an unlawful manner. 
  • You agree to let us know immediately if you become aware that your Personal Information has been provided to us by another person without your Consent or if you did not obtain Consent before providing a Third Party’s Personal Information to us.
  • You expressly Consent to us keeping your Personal Information once your relationship with us has been terminated in order for us to comply with applicable laws. We may also keep your Personal Information for aggregate, statistical or historical purposes. Personal Information retained for aggregate, statistical or historical will be de-identified and cannot be used to identify you personally.
  • If you wish to revoke Consent pertaining to your Personal Information, and you would like us to delete and/or destroy your Personal Information, you are encouraged to contact our Information Officer whose role and contact details are set out in section 13 below.

Purpose For Collection and Processing

  • In order to provide the Website to you, we primarily Process your Personal Information, collected or received from you:
    • to facilitate communication between us and you;
    • to respond to any queries submitted by you either through the contact-us form on our Website or sent by you to us over email;
    • to inform you about our services;
    • to use data analytics to improve our Website;
    • to provide our legal or other professional services to you;
    • to register you as our client;
    • to monitor, keep record of and have access to all forms of correspondence or communications received from you by us or our employees, agents or contractors, including monitoring, recording and third-parties, using as evidence, where applicable, all telephone and online communication between us and you;  
    • to conduct any sanction screenings and/or other due diligence screenings that we may determine to be necessary at our sole discretion;
    • to verify your identity or the identity of your beneficial owners;
    • to detect and prevent fraud and money laundering;
    • in the interest of security and crime prevention; 
    • to manage payments, fees, charges and accounts (including collecting and recovering money owed to us by you);
    • to procure goods and services;
    • to respond to requests for quotations and tenders;
    • to disclose Personal Information to Third Parties for reasons set out in this Policy (where it is lawful for us to do so);
    • to promote our services to you where we have obtained your Consent for us to do so;
    • to track traffic and engagement with our Website;
    • to request you to leave a review of our services;
    • to comply with lawful requests for information received from local or foreign law enforcement, government and tax collection agencies;
    • for operational, auditing, legal and record keeping requirements;   
    • to achieve any other purposes as authorised or required by law.
  • We expressly acknowledge and undertake to not use any Personal Information for any other purposes without your Consent or as required by law.
  1. WHAT WE COLLECT AND HOW
  • We and/or our Operators may collect, Process, and retain certain Personal Information from you for the purposes set out above.
  • We only collect Personal Information in the following ways:
    • when you visit the Website;
    • when you complete a contact-us form on the Website;
    • when you send an email or other data message to us or call us;
    • when you visit our offices in-person;
    • when you engage with us during in-person or virtual consultations.
  • We may collect the following Personal Information from you:
    • your internet protocol (“IP”) address and traffic to our Website;
    • your name, surname, business name;
    • your physical address (including proof of residence);
    • your email address;
    • your mobile contact number;
    • Personal Information that may be contained in your email or other communications with us;
    • your gender, marital status, date and place of birth, nationality, employer, job title, financial records or other financial information, employment history, and family details, including their relationship to you;
    • identification numbers such as national identity number, passport number, tax identification number, business identification/registration details;
    • banking details;
  • Any other information that you provide to us as part of our provision of our services to you, which depends on the nature of your instructions to us – this may also include:
    • information you provide to us for the purposes of attending meetings and events, including dietary requirements which may reveal information about your health or religious beliefs; 
    • special or sensitive Personal Information as defined under Data Protection Laws such as information relating to your racial or ethnic origin, health or sex life, political opinions or philosophical or religious beliefs, trade union membership etc.;
    • relevant information as required by applicable laws, including anti-money laundering legislation and as part of our client onboarding procedures, including evidence of source of funds.
  1. ACCURACY
  • You agree to provide us with Personal Information that is accurate and up to date. In the event that your Personal Information contains any errors or inaccuracies, you agree to:
    • indemnify and hold us, our officers, directors, employees, agents, members and service providers harmless from and against any claims, damages, actions and liabilities, including without limitation, loss of profits, direct, indirect, incidental, special, consequential or punitive damages arising out of our reliance on such Personal Information;
    • correct or update the information to ensure that we hold the most accurate version of the information.
  1. PROCESSING OF PERSONAL INFORMATION
  • The Processing of Your Personal Information by us shall include the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as blocking, degradation, erasure or destruction of information. 
  • We will only Process your Personal Information, where:
    • you have Consented to such Processing (which Consent may be withdrawn at any time by sending an email to our Information Officer. See section 13 below;
    • Processing is necessary to provide the Website or our services to you;
    • Processing is necessary for the conclusion or performance of a contract between us and you;
    • Processing is necessary for compliance with our legal obligations; and/or
    • Processing is necessary to protect your legitimate interests or to pursue our legitimate interests or those of any Third-Party recipients that may receive your Personal Information.
  1. DISCLOSURE AND FURTHER PROCESSING OF PERSONAL INFORMATION
  • Disclosure:
    • We may disclose your Personal Information to:
      • our employees to enable us to operate our business;
      • our employees to fulfil instructions by you, and to otherwise provide information or services to you;
      • any organisation for any authorised purpose with your express Consent
      • we may share non-personally identifiable information with Third Parties for certain reasons, including advertising, marketing and/or other purposes.
      • to comply with the law or with legal process;
      • to protect and defend our rights, equipment, facilities and other property;
      • to protect us against misuse or unauthorised use of the Website.
    • Sell or Share Personal Information:
      • We do not and will not sell, rent out or trade your Personal Information. We will only share your Personal Information with Third Parties in the manner set out in this Policy and in accordance with Data Protection Laws. Note that the term ‘share’ includes the act of disclosing, transferring, sending or otherwise making your Personal Information available or accessible to another person or entity.
    • Third-party Access:
      • We may, as we may deem necessary for any one or more of the purposes set out in this Policy or other lawful purposes, transfer Personal Information to Third Parties or service providers in countries which may not have data protection laws which are similar to those of the country where the Personal Information was collected, including to:
        • service providers acting as Operators or processors or Responsible Parties or controllers who provide information technology and system administration services;
        • professional advisors acting as Operators or processors or Responsible Parties or controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, accounting and other services;
        • service providers who conduct screening on any of our clients (or their beneficial owners) or suppliers for anti-money laundering purposes;
        • regulators and other authorities if we are legally obliged to do so, or if instructed by you to do so, for purposes of preventing, detecting and reporting fraud and criminal activities, identifying the proceeds of unlawful activities and the combatting of crime.
      • We will not disclose your Personal Information to any Third-Parties other than our Operators who are authorised to Process your Personal Information on our behalf. Any other disclosure of the Personal Information that you Provide to us, may be done only in accordance with Data Protection Laws.
      • Personal Information Processed by us will only be disclosed in accordance with this Policy, or as required by law. We do not permit any of our necessary Third-Party service providers to use your Personal Information for any other purpose than to perform the services that we have instructed them to provide. All Processing is compatible with such purpose.
    • Business Transition:
      • In the event that we enter into a business transition (including the sale, merger or acquisition of the Firm by another company, which may involve the sale of all or a portion of our assets), your Personal Information may be among the assets transferred. You acknowledge that such transfers may occur and are permitted by this Policy, and that such a purchaser or acquirer may continue to Process your Personal Information as set forth in this Policy.
    • Other:
      • Other than for the reasons mentioned above, we will not share your Personal Information without your Consent unless such disclosure is necessary for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), or where such disclosure is authorised or required by law (including Data Protection Laws).
  1. DIRECT MARKETING
  • We may approach you once to request whether you would like to receive direct marketing material from us. You have the right to opt into such communications or to refuse.
  • If in the past you have agreed to receive marketing material from us, you have the right to opt out of any direct marketing we share with you by contacting our Information Officer at info@whileyandassociates.com.
  1. TRANS-BORDER FLOW OF PERSONAL INFORMATION
  • We operate across various jurisdictions and we provide cross-jurisdictional legal advice and related services to our clients.
  • The multi-national nature of our business means that your Personal Information may be transferred across borders including to countries that may not have similar data protection laws to those where the Personal Information was collected.
  • If we transfer your Personal Information across national or international borders, we will make those transfers in compliance with Data Protection Laws.
  1. RETENTION OF PERSONAL INFORMATION
  • We retain Personal Information for the period necessary to provide our services to you, to fulfil the purposes outlined in this Policy, and/or as required by law.
  • When determining how long to retain Personal Information, we take into account the necessity of the Personal Information for the provision of the Website and/ or relevant services, as well as the requirements of other Third-Parties, applicable laws, regulations and legal obligations.
  • We may also retain records to investigate or defend against potential legal claims. 
  • When retention of the Personal Information is no longer necessary to fulfil the above purposes or in accordance with this Policy, the information will be deleted or destroyed or de-identified.
  • Where the Personal Information is aggregated for historical or statistical purposes, we will de-identify your Personal Information.
  1. SECURITY OF PERSONAL INFORMATION
  • We are committed to and will implement and maintain reasonable and appropriate technical and organisational measures to safeguard any Personal Information provided to us from accidental or unlawful destruction, loss or alteration, as well as the unauthorised disclosure of, or access to, Personal Information transmitted, stored or otherwise Processed.
  • We have various security measures in place to protect Personal Information from loss and misuse, and from unauthorised access, modification, disclosure and interference. We will review these processes regularly and improve them when required.
  • We will delete, destroy or de-identify Personal Information once we no longer require it for the purposes mentioned herein, or as required by law.
  • Notwithstanding the above, it is emphasised that even though we have taken significant steps to protect your Personal Information, you acknowledge and understand that no company, including ourselves, can fully protect against security risks associated with the Processing of Personal Information online.
  • You indemnify and hold us harmless from any loss, damages or injury that you may incur as a result of:
    • any security compromise of Personal Information to unauthorised persons; or
    • your actions or omissions during the provision of Personal Information to us.
  1. OUR WEBSITE AND THIRD-PARTY LINKS
  • Our Website:
    • we own the Website, which serves to inform you of the Firm and our services. All information contained on the Website is solely for informational purposes and does not under any circumstances constitute professional and/or legal advice.
    • by visiting our Website, you represent that you are 18 years of age or older. Our Website is not intended for use by children. By visiting the Website, you expressly Consent to the collection, Processing, and storage of your Personal Information as defined in this Policy.
  • User Analytics and Tracking:
    • we may use Google Analytics or other user analytics software as a tracking technology to collect information for the purpose of tracking traffic to and understanding user interaction with our Website. The information collected is kept confidential.
    • we collect information which is aggregated to measure the frequency of visits to our Website, the average time spent on the Website and pages viewed. The analytics tool may use various cookies to collect information and report site usage statistics. You are able to manage cookie settings. However, if you choose not to allow certain cookies, or if you withdraw your Consent, your experience with some, or all of the Website features, may be affected.
    • we collect and use the information as mentioned in this section for the purposes of administering and improving our Website. This information may be shared with our Operators to such an extent as it is necessary for them to administer and improve our Website on our behalf.
    • we automatically collect your IP address when you visit the Website. This collection is facilitated by our Website hosting service providers. Such information is kept confidential.
  • Third-Party Websites and Links:
    • our Website may include links to other websites. These links are provided for your convenience for the purposes of providing further information to you. Such links do not signify that we endorse the website(s) linked to this Website. You agree that we shall have no responsibility or bear no liability in relation to the content of the linked website(s). Content hosted on Third-Party websites is the responsibility of those websites, and not of the Firm.
    • By accessing Third-Party links, you agree that those Third-Party websites have their own methods of collecting and Processing your Personal Information. You are encouraged to read the Privacy Policies of Third-Party websites, prior to submitting Personal Information on such websites.
  1. OUR INFORMATION OFFICER AND YOUR RIGHTS
  • The POPIA requires that us to appoint an Information Officer. This position is automatically filled by the Chief Executive Officer or equivalent officer, or a person acting as the head of the company, or another authorised person appointed as such. The role of the Information Officer is filled by Bronwyn Whiley, her duties under the Data Protection Laws include:
    • liaising with you when you have a question about your Personal Information;
    • assisting you with any requests and enforcing your rights in respect of your Personal Information;
    • making sure that we are compliant with the Data Protection Laws and that we Process your Personal Information in accordance with this Policy.
  • You may choose when you wish to provide your Personal Information to us. You also have the right to withdraw your Consent at any time.
  • To the extent provided for in law, you have certain rights in respect of your Personal Information, including, but not limited to:
    • Withdrawal of Consent:
      • you may withdraw your Consent at any time by sending a written request to our Information Officer. Upon receiving notice that you have revoked your Consent, we will stop using your Personal Information within a reasonable time, which will vary depending on what information we have collected and for what purpose. we will send you a confirmation email stating same.
    • Access or obtain a copy of your Personal Information:
      • you have the right to examine any of your Personal Information that we collect. Should you wish to examine the Personal Information we hold about you, or obtain a copy thereof, please send a written request to our Information Officer. As per the Promotion of Access to Information Act, 2000, we may charge a nominal fee should you request any physical copies or records.
    • Update, modify, rectify, erase:
      • you may request us to update, modify, rectify or erase the Personal Information that we hold, by emailing our Information Officer.
    • Object:
      • you have the right to object to our Processing of your Personal Information or restrict or stop us from using any of the Personal Information which we hold on you behalf, including by withdrawing any Consent you have previously given to the Processing of such information. In this regard you may email our Information Officer.
    • If in the past you have opted into receiving marketing material from us, you also have the right to request us to stop contacting you for marketing purposes. When you receive promotional communications from us (as a result of previously having opted in), you may indicate a preference to stop receiving further promotional communications from us and you will have the opportunity to “opt-out” by contacting our Information Officer.
  • Please contact our Information Officer for more information about your rights under Data Protection Laws.
  • The above rights are not absolute, and we therefore reserve the right to refuse any requests in terms of the above-mentioned rights, for any reason permitted under the Data Protection Laws.
  • Furthermore, you also have the right to complain to the South African Information Regulator or any other applicable data protection authorities.
  1. ELECTRONIC SIGNATURES
  • We recognize the importance of modern, efficient processes in conducting business, including the use of electronic signatures.
  • By providing your Electronic Signature or otherwise indicating your acceptance electronically (via either a mouse pointer, or electronic check-box or any other similar methods), you agree that such actions constitute your legally binding signature under applicable laws.
  • Digital contracts entered into between you and us have the same legal validity and enforceability as agreements executed in traditional written form. We ensure compliance with relevant electronic transaction and e-signature legislation to safeguard the integrity and authenticity of these agreements.
  • Please retain copies of any signed agreements for your records.
  1. CHANGES TO THIS POLICY
  • We may update this Policy at any time, in which case any amended terms shall be effective immediately upon the posting or release of the revised Policy.
  • Any subsequent engagement with us or activity in relation to the Website shall be governed by such amended terms.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).