privacy policy

privacy policy

HBGSchindlers Attorneys
PRIVACY POLICY
Effective Date: 24 June 2025
Next Review Date: 24 June 2028
Policy Owner: Managing Partner
Contact: info@hbgschindlers.com | +27 (11) 568 8500
Address: Third Floor, 3 Melrose Boulevard, Melrose Arch, 2076
Website: www.hbgschindlers.com

  1. INTRODUCTION
    1. HBGSchindlers Attorneys (“HBGSchindlers”, “the Firm”, “we”, “us”, or “our”) is a full-service South African law firm committed to protecting your privacy and processing personal information lawfully, fairly and transparently.
    2. This Privacy Policy explains how we collect, use, store, share, retain and protect your personal information, including data collected via our website, in accordance with the Protection of Personal Information Act, 4 of 2013 (“PoPIA”), the Promotion of Access to Information Act, 2 of 2000 (“PAIA”), and other applicable privacy and data protection laws.
  2. SCOPE
    This policy applies to all clients, service providers, prospective clients, vendors, suppliers, job applicants, employees, and users of our website (https://www.hbgschindlers.com) who provide us with Personal Information, whether directly or through automated means.
  3. DEFINITIONS
    1. Personal Information: Information relating to an identifiable, living individual or juristic person.
    2. Special Personal Information: Information relating to race, health, biometrics, religious or philosophical beliefs, political opinions, or criminal behaviour.
    3. Processing: Any operation or activity concerning personal information, including collection, use, storage, disclosure, or destruction.
  4. WHAT PERSONAL INFORMATION DO WE COLLECT?
    We may collect the following categories of information:

      1. Identity and Contact Details: Names, ID numbers, registration numbers, addresses, email addresses, phone numbers.
      2. Financial and Transactional Data: Bank details, payment records, tax and VAT numbers.
      3. Employment and HR Data: CVs, employment history, equity statistics, health and disability status (where relevant), criminal checks, references.
      4. Website and Technical Data: IP address, browser type, device details, cookies, clickstream data.
      5. Usage and Marketing Data: Preferences, feedback, subscription interests.
      6. CCTV and Access Logs: Visual images for security purposes when entering our premises.
  5. HOW DO WE COLLECT INFORMATION?
    1. Directly from you (e.g. via forms, correspondence, onboarding, employment process).
    2. Automatically through our website (cookies, analytics, log files).
    3. From third-party sources (e.g. recruitment agencies, background checks, regulators).
    4. Through CCTV and access control systems at our premises.
  6. PURPOSE OF COLLECTION
    1. We collect and process your Personal Information for the following purposes:
      1. deliver legal services;
      2. client onboarding (KYC, FICA, CDD requirements);
      3. HR, recruitment, and payroll administration;
      4. comply with legal, tax, and regulatory obligations;
      5. dispute resolution and to protect our legal rights;
      6. website administration and user experience optimisation;
      7. marketing and events communications (with opt-in consent).
    2. We will only process Special Personal Information where legally justified (e.g. consent, public interest, legal obligation).
  7. LEGAL BASIS FOR PROCESSING
    We process Personal Information on the basis of:

    1. your consent;
    2. a legal obligation;
    3. performance of a contract;
    4. our legitimate interests (e.g. improving services, protecting the firm); or
    5. protection of your or another person’s legitimate interest.
  8. MARKETING COMMUNICATIONS
    We may contact you with legal updates or event invitations. You may opt out at any time by following the unsubscribe link or emailing us. We respect all requests to withdraw consent.
  9. SHARING OF PERSONAL INFORMATION
    1. We may share your personal information with:
      1. third-party service providers (IT, storage, consultants, background checks) under written confidentiality agreements;
      2. legal and regulatory authorities where required;
      3. professional advisers and counsel involved in your matter;
      4. our insurers, auditors, alliance partners, and approved subcontractors;
      5. third parties with whom we are legally permitted or required to share such data.
    2. We do not sell your personal data.
  10. CROSS-BORDER TRANSFERS
    Where we transfer personal information across borders (e.g., for cloud hosting or international legal advice), we will:

    1. ensure the recipient jurisdiction offers adequate protection; or
    2. enter into appropriate contractual safeguards.
  11. SECURITY SAFEGUARDS
    We implement reasonable administrative, physical, and technical safeguards to protect personal information, including:

    1. access controls;
    2. encrypted storage;
    3. firewalls and anti-malware;
    4. POPIA training;
    5. incident response protocols.We also maintain business continuity and backup protocols.
  12. DATA RETENTION
    We retain Personal Information only for as long as necessary:

    1. to fulfil the purpose for which it was collected;
    2. as required by law or regulation;
    3. for legitimate business or evidentiary purposes; or
    4. as agreed with you.
  13. YOUR RIGHTS
    You have the right to:

    1. request access the Personal Information we hold about you;
    2. request correction or deletion of your Personal Information;
    3. object to processing or request restrictions;
    4. withdraw consent (where applicable);
    5. lodge a complaint with the Information Regulator.We may charge a statutory fee to process certain requests where permitted by law.
  14. CHILDREN’S INFORMATION
    We do not intentionally collect information of persons under 18, except where required in specific legal contexts, and then only with proper consent from a competent person.
  15. COOKIES
    We use cookies to enhance your experience on our website. You may disable cookies in your browser settings, but this may affect functionality. Our Cookie Policy is available upon request.
  16. WEBSITE LINKS & SOCIAL MEDIA
    Our website may link to external sites or social media platforms. We are not responsible for their privacy practices, and their use is governed by their own policies.
  17. WEBSITE-SPECIFIC PROCESSING
    1. We process limited Personal Information via iour website (e.g. name, email, country of residence).
    2. Metadata such as IP address, device type, and browsing history may also be processed for analytics and performance improvement.
    3. We rely on consent for such processing, which can be withdrawn at any time.
  18. PRIVACY INCIDENT RESPONSE
    We have a dedicated POPIA Incident Response Policy that sets out procedures for:

    1. reporting and escalating actual or suspected data breaches;
    2. notifying the Information Regulator and affected parties;
    3. mitigating risks and documenting actions taken;
    4. continuous policy review and system improvement.Third-party operators must notify us of any breach without delay.
  19. RECORD KEEPING
    We maintain a Security Compromise Register documenting:

    • breach date;
    • affected systems/data;
    • action taken;
    • notifications made;
    • lessons learned.
  20. POLICY UPDATES
    We may update this policy from time to time. Updates will be posted on our website and take effect upon publication. We recommend checking this policy periodically.
  21. CONTACT DETAILS
    For any privacy-related queries or to exercise your rights, contact our Information Officer:Sarah Thackwell
    info@hbgschindlers.com
    +27 (11) 568 8500If unresolved, you may contact the Information Regulator via https://www.inforegulator.org.za

  22. COPYRIGHT AND USE DISCLAIMER

    1. All content available on the HBGSchindlers website, including but not limited to legal articles, policies, documents, graphics, branding, layouts, and any downloadable resources (“Website Content”), is protected under South African and international copyright laws. The copyright and all intellectual property rights therein are owned by HBGSchindlers unless otherwise indicated.

    2. No person, company, institution, automated system, or artificial intelligence agent may copy, reproduce, adapt, translate, publish, upload, post, publicly display, encode, transmit, distribute, or in any way exploit or use any portion of the Website Content, whether in whole or in part, for the purposes of training, feeding, or refining any artificial intelligence (AI) system, machine learning model, or large language model (LLM), without the express prior written consent of HBGSchindlers.

    3. This restriction includes, but is not limited to, the use of Website Content for:

      1. AI model training or dataset compilation;

      2. automated scraping or indexing for commercial, academic, or development purposes;

      3. derivative works or tools based on any portion of the Website Content.

    4. Exceptions are permitted only:

      1. under the limited doctrine of “fair use” or “fair dealing” as contemplated in section 12 of the Copyright Act, 98 of 1978;

      2. where the author, firm name, source link, and date of publication are clearly cited in a recognised academic referencing format, for educational or research purposes only; and

      3. with prior written permission granted by HBGSchindlers.

    5. Any unauthorised use, reproduction, scraping, or re-publication of our content – especially for AI development or commercial gain — may result in civil or criminal liability and the immediate institution of legal proceedings.

    6. To request permission for use of any material, please contact: Email: gladwin-wood@hbgschindlers.com