Privacy Policy

Effective Date: April 2026Last Updated: April 2026

1. Introduction

P A Mthembu Attorneys ("the Firm", "we", "us", or "our") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA").

By using our website, submitting enquiries, or engaging our legal services, you acknowledge that you have read and understood this Privacy Policy.

2. Responsible Party

The responsible party for the processing of your personal information is:

P A Mthembu Attorneys2 Ncondo Place, RidgesideUmhlanga Ridge, 4319KwaZulu-Natal, South Africa

Telephone: 031 140 0603Email: mthembu@mthembuinc.co.za

3. Information Officer

In terms of POPIA, the designated Information Officer for the Firm is:

Phiwa Andile MthembuEmail: mthembu@mthembuinc.co.zaTelephone: 031 140 0603

The Information Officer is responsible for ensuring compliance with POPIA and addressing any requests or complaints relating to the processing of personal information.

4. Personal Information We Collect

We may collect the following categories of personal information:

Contact Information

  • Full name
  • Email address
  • Telephone and mobile numbers
  • Physical and postal address

Professional Information

  • Employer name and occupation (where relevant to your matter)

Matter-Related Information

  • Details of your legal matter as provided by you
  • Supporting documents you submit
  • Correspondence and communications with the Firm

Technical Information

  • IP address
  • Browser type and version
  • Pages visited on our website
  • Date and time of access
  • Referring website addresses

Financial Information (where applicable to billing)

  • Banking details for payment purposes
  • Invoicing and payment history

5. How We Collect Personal Information

We collect personal information in the following ways:

  • Directly from you when you complete our contact form, send us an email, or communicate with us by telephone or in person
  • Through our client portal, LexDesk, when you upload documents or communicate with us
  • Automatically through cookies and similar technologies when you visit our website
  • From third parties such as other legal practitioners, experts, or opposing parties in the course of handling your matter (with your knowledge or as permitted by law)

6. Purpose of Processing

We process your personal information for the following purposes:

  • To respond to your enquiries and provide you with information about our services
  • To provide legal advice and representation
  • To communicate with you regarding your matter
  • To comply with our legal and regulatory obligations, including those imposed by the Legal Practice Council
  • To issue invoices and process payments
  • To improve our website and services
  • To send you updates about legal developments relevant to your matter (where you have consented)
  • To establish, exercise, or defend legal claims

We will not use your personal information for purposes other than those stated above without your consent, unless permitted or required by law.

7. Legal Basis for Processing

We process your personal information on one or more of the following legal grounds:

  • Consent: You have given us your consent to process your personal information for a specific purpose.
  • Contract: Processing is necessary to enter into or perform a contract with you, including the provision of legal services.
  • Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject.
  • Legitimate interest: Processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests.

8. Sharing of Personal Information

We may share your personal information with the following categories of recipients:

  • Courts, tribunals, and regulatory bodies in the course of litigation or regulatory proceedings
  • Opposing parties and their legal representatives as required in the conduct of your matter
  • Experts, counsel, and other professionals engaged to assist with your matter
  • Service providers who assist us with IT, hosting, payment processing, and administrative functions, subject to appropriate confidentiality agreements
  • The Legal Practice Council and other regulatory authorities as required by law

We will not sell, rent, or trade your personal information to third parties for marketing purposes.

Where we share personal information with third parties, we take reasonable steps to ensure that they are bound by confidentiality obligations and process your information in accordance with POPIA.

9. Cross-Border Transfers

We do not routinely transfer personal information outside the Republic of South Africa. Where such transfer is necessary (for example, where your matter involves foreign parties or jurisdictions), we will ensure that adequate safeguards are in place in accordance with Section 72 of POPIA.

10. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. In particular:

  • Client files: We retain client files for a minimum period of five years after the conclusion of a matter, or longer where required by law or the nature of the matter.
  • Accounting records: We retain financial records for a minimum of five years as required by the Tax Administration Act and other applicable legislation.
  • Website data: Technical data collected through cookies is retained for a period of 12 months.

After the applicable retention period, personal information is securely destroyed or de-identified.

11. Security of Personal Information

We are committed to protecting your personal information against unauthorised access, loss, destruction, or damage. We have implemented appropriate technical and organisational measures, including:

  • Secure storage of physical files in locked premises
  • Password protection and encryption for electronic files and communications
  • Access controls limiting access to personal information to authorised personnel only
  • Regular review of our security practices

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we take all reasonable steps to protect your information.

12. Your Rights Under POPIA

You have the following rights in relation to your personal information:

  • Right of access: You may request confirmation of whether we hold personal information about you and request access to that information.
  • Right to correction: You may request that we correct or update any inaccurate or incomplete personal information.
  • Right to deletion: You may request that we delete your personal information where it is no longer necessary for the purpose for which it was collected, subject to our legal obligations to retain certain records.
  • Right to object: You may object to the processing of your personal information on reasonable grounds, unless the processing is required by law.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator if you believe that your personal information has been processed in violation of POPIA.

To exercise any of these rights, please contact our Information Officer using the details provided in Section 3 above. We will respond to your request within a reasonable time and in any event within the timeframes prescribed by POPIA.

13. Direct Marketing

We will not use your personal information for direct marketing purposes without your prior consent. Where you have consented to receive marketing communications from us, you may withdraw that consent at any time by contacting us at mthembu@mthembuinc.co.za or by using the unsubscribe mechanism in any marketing communication.

14. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website traffic, and understand where our visitors come from.

What are cookies?Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device and remember certain information about your visit.

Types of cookies we use:

  • Essential cookies: These are necessary for the website to function and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences or filling in forms.
  • Analytics cookies: These allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us understand which pages are most and least popular and how visitors move around the site.

Managing cookies:You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of the website may become inaccessible or not function properly.

15. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party websites you visit.

16. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take steps to delete that information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated policy will be posted on our website with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically.

18. Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your rights, or have a complaint about how we have handled your personal information, please contact us:

P A Mthembu Attorneys2 Ncondo Place, RidgesideUmhlanga Ridge, 4319KwaZulu-Natal, South Africa

Telephone: 031 140 0603Mobile: 068 059 1390Email: mthembu@mthembuinc.co.za

19. Information Regulator

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Information Regulator:

The Information Regulator (South Africa)JD House, 27 Stiemens StreetBraamfontein, Johannesburg, 2001

P.O. Box 31533Braamfontein, Johannesburg, 2017

Telephone: 010 023 5200Email: enquiries@inforegulator.org.zaWebsite: www.inforegulator.org.za