LSA – Leon Slotow Associates – Communication Terms and Conditions

(‘LSA’ for ease of reference)

Policy in Terms of the South African Protection of the Personal Information Act, No. 3 of 2013 (‘Act’) and European Union General Data Protection Regulation (‘GDPR’) as well as the Australian Privacy Act of 1988 (‘Privacy Act’) (as is amended)





      1. By virtue of LSA’s business, it naturally from time to time comes into possession of various items classified as personal information.
      2. LSA undertakes to ensure that its employees, directors, affiliates, partners and/or clients adhere to the strictest levels of confidentiality and respect the individual’s right of privacy.
      3. LSA utilises conformity with the Act in order to concurrently comply with GDPR and the Privacy Act to the extent required by LSA in its jurisdiction.


  • Accountability


      1. To the extent that LSA gathers personal information which it provides to a third party contracted to it, LSA acts in the capacity of an Operator as is defined in the Act (a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party).
      2. To the extent that LSA can be considered to be the party processing personal information, it shall be acting in the capacity of being a Responsible Party in terms of the Act.
      3. LSA shall at all material times comply with its obligations in terms of the Act depending on its capacity in which it is acting in the circumstances.
      4. Should LSA process or store any personal information, it confirms that the processing or storage thereof shall be for the specific reason which it was processed or stored, which it deems to be adequate and relevant, and not excessive.
      5. LSA shall record all personal information processed and maintain same to the extent required in terms of the law (as may be amended from time to time).


  • Purpose


      1. The purpose of this policy is to outline LSA’s approach to the storage and processing of personal information in line with the Act. In this regard, LSA:
        1. Strives to process personal information lawfully and reasonably, and without infringing on the privacy of the owner of the personal information;
        2. Strives to ensure the protection of personal information and constitutional rights;
        3. Shall establish conditions in accordance with applicable laws that prescribe minimum threshold requirements for the lawful processing and storage of personal information;
        4. Comply with voluntary and compulsory measures, including those established by the Regulator in order to promote the protection of personal information rights;
        5. Shall only use personal information collected for the purpose of which it was collected;
        6. Shall not release data to the media or general public unless required to do so by law.


  • Storage of data


      1. All personal information received by LSA shall be stored, only where LSA in its opinion is of the view that it requires to store such personal information for the purpose of which it was collected.
      2. All personal information stored by LSA shall be on-site and/or on LSA’s secure servers (whether hosted by LSA or a trusted third party) and secured using LSA’s reasonable measures and encryption.
      3. Personal information will be retained for the period required by LSA and/or for the period required by law.
      4. LSA may store data for a longer period of time should it be of the view that personal information may be required in the future for a specific purpose. Appropriate safeguards will be put in place in terms of the Act should the need arise.
      5. Should LSA delete, erase or destroy data, such deletion/erasure/destruction shall be permanent.
      6. Only specific, vetted, persons within LSA shall:
        1. have the ability to access and review personal information provided on a “need to know basis”;
        2. be entitled to share or distribute the personal information for its specific purpose or as may be required by law.
      7. The persons within LSA who have access to personal information shall be bound by LSA’s confidentiality undertakings.
      8. LSA will use its reasonably best endeavours to ensure that the service providers it uses are trusted and reputable.


  • Unlawful disclosure of personal information


      1. Any unlawful or unintended disclosure of personal information or breach of the Act shall be immediately reported to the Regulator and dealt with in terms of the Act.
      2. Affected persons shall be notified within a reasonable time after LSA has undertaken its own internal (and where necessary, external) investigations.


  • Persons wishing to access personal information


      1. In the event that a third party wishes to access personal information stored by LSA, the third party shall request access in writing to LSA, who will act in accordance with the Act at all times.
      2. If LSA cannot comply with the third party’s request, it shall provide written reasons where possible.
      3. All requests for information shall be made in writing to LSA containing the identity of the person submitting the request, particulars as may be requested by LSA
      4. As a general rule, LSA will only disclose third party information where compelled by law or by court-authorised subpoena.


  • Information regulator


      1. In terms of the Act, the Information Regulator has been established and will be endowed with various power and authority once the Act is in effect.
      2. The Information Regulator will, amongst other things, seek to provide education on the collection and use of personal information, monitor and enforce compliance with the Act, handle complaints, conduct research, assist with the preparation of sectoral codes of conduct and generally assist with the implementation of the Act and assist the general public on information related issues, where required
      3. Any complaint in respect of any personal information processed by LSA and/or its related security companies may be referred to the relevant Information Regulator in writing.


  • Severability


Any clause which does not comply with legislation shall be considered as pro non scripto in so far that it cannot be rectified to comply with legislation or LSA’s POPI policy.



  • LSA’s website/portal users


    1. All website/portal users undertake that their log-in and password will not be disclosed to third parties and will be used solely for personal use, and that the user will take the necessary precaution of keeping such information safe.
    2. LSA shall not be liable for any security breaches occurring on its website whatsoever, including by virtue in the event of its negligence.