Protection of Personal Information Act

LegalCaseManager is fully committed to compliance with the Protection of Personal Information Act, 2013 (POPIA). As a platform handling sensitive legal case data, we recognise the paramount importance of data protection and privacy.

Name: LegalCaseManager

Website: legalcasemanager.co.za

Email: [email protected]

Country: Republic of South Africa

The Information Officer for LegalCaseManager can be contacted at:

Email: [email protected]

The Information Officer is responsible for encouraging compliance with POPIA, dealing with data subject requests, and working with the Information Regulator.

We process personal information on the following lawful bases under POPIA Section 11:

• Consent: You provide explicit consent when creating an account and accepting our terms
• Contract: Processing is necessary to perform our contractual obligations (providing the platform services)
• Legal obligation: We retain certain data as required by South African tax and financial legislation
• Legitimate interest: Security monitoring, fraud prevention, and platform improvement

Personal information is processed solely for:

• Providing legal case management services
• User authentication and account security
• Payment processing and billing
• AI-assisted legal analysis (anonymised data)
• Platform communication and support
• Legal and regulatory compliance

Under POPIA, you have the following rights:

• Right of Access (s23): Request confirmation of whether we hold your personal information and request a copy of it.
• Right to Correction (s24): Request correction or deletion of inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal information.
• Right to Deletion (s24): Request destruction or deletion of personal information that is no longer needed for the purpose it was collected.
• Right to Object (s11(3)): Object to the processing of your personal information on reasonable grounds.
• Right to Complain (s74): Lodge a complaint with the Information Regulator if you believe your rights have been infringed.

To exercise any right, email [email protected]. We will respond within 30 days.

Where personal information may be transferred to or processed in jurisdictions outside South Africa (e.g., cloud hosting providers), we ensure that:

• The recipient country has adequate data protection legislation, or
• The data subject has consented to the transfer, or
• The transfer is necessary for the performance of the contract, or
• Appropriate contractual safeguards are in place

All cross-border transfers comply with POPIA Section 72.

In the event of a data breach that compromises the confidentiality or integrity of personal information:

• We will notify the Information Regulator as soon as reasonably possible
• We will notify affected data subjects in writing, providing details of the breach, the information affected, and recommended protective measures
• We will document the breach, its effects, and remedial actions taken
• Notifications will be made in compliance with POPIA Section 22

We implement appropriate technical and organisational measures as required by POPIA Section 19, including:

• Encryption of data in transit and at rest
• Secure authentication with OTP verification
• Role-based access controls
• Complete audit trails for all data changes
• Strict data isolation between user accounts
• Soft-delete mechanisms to prevent accidental permanent data loss
• Regular security assessments

If you are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with: