Legal
POPIA Information Notice
Last updated: [Date]
1. Who we are
Midford Legal Consultants ("MLC", "we", "us") is the responsible party for purposes of the Protection of Personal Information Act 4 of 2013 ("POPIA") in respect of personal information processed in connection with our services.
Our Information Officer can be contacted at: info@midfordlegal.co.za
2. What personal information we collect
We collect personal information that is necessary to provide legal services and to comply with our obligations. This includes:
- Identity information — full name, identity number or passport number
- Contact information — email address, telephone number, postal and physical address
- Matter information — details of your legal matter, documents provided, and correspondence
- Financial information — banking details where required for trust account disbursements
- Website usage data — with your consent, analytics data via Google Analytics 4 (see our Privacy Policy)
3. Purpose of processing
We process personal information for the following purposes:
- To provide legal advice and representation
- To comply with our duties under the Legal Practice Act and the rules of the Legal Practice Council
- To comply with the Financial Intelligence Centre Act (FICA) — client identification and verification is a legal obligation
- To manage trust accounts and billing
- To communicate with you about your matter
- To comply with court orders, statutory obligations, and other legal requirements
4. Legal basis for processing
We process personal information on the basis of: (a) the performance of a contract with you or to take steps at your request prior to entering a contract; (b) compliance with a legal obligation; and (c) our legitimate interest in managing our practice and communicating with clients, where such interests are not overridden by your rights.
5. Sharing of personal information
We do not sell or rent personal information. We share personal information only where necessary to provide our services or as required by law:
- Courts, tribunals, and regulatory bodies (including the CCMA, Master of the High Court, SARS, and the Deeds Office)
- Correspondents and counsel instructed on your matter
- Our cloud service providers (Supabase for secure data storage; Vercel for hosting), who are bound by appropriate data processing agreements
- Our analytics provider (Google Analytics 4) where you have consented to analytics cookies
6. Retention
We retain client files for a minimum of five years after conclusion of a matter, in accordance with the rules of the Legal Practice Council. FICA records are retained for five years from the date of the last transaction. We review files periodically and securely destroy records that are no longer required.
7. Security
We take reasonable technical and organisational measures to protect personal information against accidental loss, unauthorised access, disclosure, alteration, or destruction. All data in our systems is encrypted in transit and at rest. Access to client files is restricted to relevant personnel.
8. Your rights
Under POPIA, you have the right to:
- Request access to personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of personal information where we are no longer required by law or legitimate interest to retain it
- Object to the processing of your personal information in certain circumstances
- Lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, contact our Information Officer at the address above.
9. Information Regulator
If you believe your personal information has been processed unlawfully, you may lodge a complaint with the Information Regulator of South Africa: inforegulator.org.za