POPI Policy


In this document, unless the context indicates otherwise, the words and expressions set out below shall have the meanings assigned to them and cognate expressions shall have a corresponding meaning, namely:
1.1 “Client” means the potential and existing clients of VDMA as the context requires;
1.2 “VDMA” means Van Der Merwe Dorning Maponya Associates Incorporated (Registration number: 2010/007329/21);
1.3 “Policy” means this POPI policy;
1.4 “POPI” means the Protection of Personal Information Act No. 4 of 2013;
1.5 “Personal Information” shall have the meaning ascribed thereto in terms of section 1 of POPI, namely: any information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to – information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person; information relating to the education or the medical, financial, criminal or employment history of the person; any identifying number, symbol, e-mail address, telephone number, location information, online identifier or other particular assignment to the person; the biometric information of the person; the personal opinions, views or preferences of the person; correspondence sent by the person that would reveal the contents of the original correspondence; the views or opinions of another individual regarding the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person; and
1.6 “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
1.6.1 the collection receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
1.6.2 dissemination by means of transmission, distribution or making available in any other form; and
1.6.3 merging, linking as well as restriction, degradation, erasure or destruction of information.


2.1 VDMA is a personal liability company duly incorporated in accordance with the laws of South Africa.
2.2 VDMA’s primary business is the rendering of legal services and conducting the business of a law firm.
2.3 This Policy deals with the manner in which VDMA processes Personal Information which is collected from its Clients and the purpose of such Processing.


3.1 VDMA collects, as part of its organisational due diligence, know your client and/or Financial Intelligence Centre Act No. 39 of 2001 procedures, documentation and/or information which includes but is not limited to:
3.1.1 organogram;
3.1.2 copy of identity document;
3.1.3 copy of valid passport;
3.1.4 contact details;
3.1.5 proof of address;
3.1.6 notice of change of registered address;
3.1.7 income tax number;
3.1.8 VAT number;
3.1.9 proof of bank account and bank account details;
3.1.10 trust deed;
3.1.11 letter of authority;
3.1.12 trustee resolution;
3.1.13 source of funds statements;
3.1.14 company registration documents;
3.1.15 company constitutional documents;
3.1.16 documentary evidence of shareholding;
3.1.17 company signatory and representative details;
3.1.18 forms amending company information; and
3.1.19 authorisation to act on behalf of a company, trust or third party.
3.2 VDMA shall endeavour to only collect and process Personal Information relating to its Clients which is adequate, relevant, and not excessive in terms of POPI and which is required by VDMA to provide the Client with the required services.
3.3 VDMA shall endeavour to inform the Client of the information which is required for VDMA to adequately render the required services to the Client and which information is optional but may still be useful to VDMA for the provision of the services.


4.1 VDMA shall only process a Client’s Personal Information if the Processing is:
4.1.1 necessary to carry out its obligations in terms of an engagement between VDMA and the Client in question;
4.1.2 consented to by the Client in question;
4.1.3 required for VDMA to comply with its obligations imposed by law;
4.1.4 necessary to protect a legitimate interest of the Client; and
4.1.5 necessary to pursue the legitimate interests of VDMA or of a third party to whom the information is supplied.
4.2 VDMA shall only use a Client’s Personal Information for the purpose for which the information was collected which purpose may include, but will not limited to, the following:
4.2.1 detection and prevention of fraud, money laundering or other prohibited practices;
4.2.2 audit and record keeping purposes;
4.2.3 litigious processes;
4.2.4 providing legal and paralegal services to Clients;
4.2.5 compliance with legal and regulatory requirements; and
4.2.6 communication with service providers and between VDMA and its Clients.


5.1 VDMA may disclose the Client’s Personal Information to any of its affiliates or third-party service providers from which the Client requires services.
5.2 VDMA undertakes to ensure that any affiliates or third-party service providers to which Personal Information is disclosed in terms of clause 5.1 above, comply with the necessary confidentiality, Processing and privacy standards set out by POPI and this Policy.
5.3 VDMA may obtain information regarding its Clients from third parties for the reasons set out in this Policy.
5.4 VDMA may disclose a Client’s Personal Information where it is required to do so in terms of law or where it is necessary to protect its rights.


6.1 VDMA shall continuously review its internal security measures and processes to prevent any loss of, damage to, or unlawful access to a Client’s Personal Information.
6.2 VDMA shall have due regard to generally accepted information security practices and procedures.
6.3 Should any data breach occur in relation to a Client’s Personal Information, VDMA shall notify the Client thereof and implement the necessary recovery procedures to retrieve such information and mitigate the effect of such data breach.


7.1 The VDMA information officer is Hazel Ann Jacobs (“Information Officer”).
7.2 The Information officer is responsible for VDMA’s compliance with POPI and ensuring the lawful Processing of Personal Information of Clients.
7.3 The details of the Information Officer and VDMA’s head office are as follows:
7.3.1 Information Officer:

Name: Hazel Ann Jacobs
Telephone Number: 010 612 0368
E-mail: hjacobs@vdmalaw.com
7.3.2 VDMA Head Office: Attention: Hazel Ann Jacobs
Physical Address: 1240 John Vorster Drive

Postal Address: 1240 John Vorster Drive
Telephone Number: 010 612 0368
E-mail: hjacobs@vdmalaw.com
Website: https://vdmalaw.com


VDMA shall put the following internal measures in place to ensure the protection of a Client’s Personal Information –
8.1 the appointment of the Information Officer;
8.2 training its staff on the provisions of POPI; and
8.3 conducting regular backups of data.


9.1 Clients have the right to access their Personal Information which is held by VDMA.
9.2 Clients have the right to request that VDMA update, correct or delete any Personal Information held by VDMA and VDMA shall endeavour to comply with the request as soon as reasonably practicable.
9.3 Should a Client object to the Processing of its Personal Information and inform VDMA thereof, VDMA shall no longer process such Personal Information unless required to do so by law.
9.4 VDMA shall request and verify the identity of the requesting party prior to giving effect to any requests made in terms of this clause 9.
9.5 All requests made by Clients in terms of this clause 9 shall be directed to the Information Officer.


By consenting to VDMA’s terms and conditions as part of its onboarding process, the Client hereby consents to the Processing of its Personal Information required for the uses as set out in this Policy, including the transfer of such Personal Information to any third parties in order for VDMA to provide the required services to its Clients.


This document is available for inspection on VDMA’s website by clicking on the following link https://vdmalaw.com/popi-policy/.


12.1 This document shall be reviewed annually by VDMA.
12.2 Notwithstanding clause 12.1, VDMA may amend this document as and when required.


13.1 In this document, unless the context requires otherwise:
13.1.1 words importing any one gender shall include the other two genders;
13.1.2 the singular shall include the plural and vice versa; and
13.1.3 a reference to natural persons shall include created entities (corporate or unincorporated) and vice versa.
13.2 In this document, the headings have been inserted for convenience only and shall not be used to assist or affect its interpretation.
13.3 Where a clause reference is referred to in this document and followed by the heading of the clause so referred, if there is any conflict between the two, the word reference to the heading shall prevail.
13.4 Words and/or expressions defined in any clause in the body of this document shall, unless the application of such words and/or expressions is specifically limited to that clause, bear the meaning so assigned to it throughout this document.
13.5 The eiusdem generis rule shall not apply and accordingly, whenever a provision is followed by the word “including” followed by specific examples, such examples shall not be construed to limit the ambit of the provision concerned.