Privacy Notice

Disclaimer:

The information displayed on our website is provided for general information only and should not be construed as legal advice from any attorney or other representative of our firm. Professional advice should always be sought before any action is taken based on the information displayed on our website.

LGR Incorporated does not accept any responsibility for positions taken without due consultation and no person shall have any claim of any nature whatsoever arising out of, or in connection with, the contents of our website against LGR Incorporated and/or any of its directors and/or employees.

Privacy Notice:

Introduction

LGR Incorporated takes data privacy seriously. We recognise, respect and value the trust that our clients place in us when providing us with their own or their clients’ personal data. In accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), we are committed to safeguarding the privacy of all forms of personal data we may collect or receive from clients, visitors to our website and/or other individuals to whom we might provide legal and other services.

Children’s Online Privacy Protection: While this Privacy Policy is primarily governed by the laws of the Republic of South Africa, including the Protection of Personal Information Act, 2013 (“POPIA”), we are mindful of international standards. We acknowledge the principles set out in the United States’ Children’s Online Privacy Protection Act (“COPPA”), which regulates the collection of personal information from children under the age of 13.

Although COPPA does not apply directly in South Africa, our approach to children’s data aligns with its spirit. We do not knowingly collect personal information from children under the age of 13 without appropriate consent from a parent or guardian. If we become aware that such information has been collected without consent, we will take immediate steps to delete it.

Scope

Where we refer to “personal information”, it means “personal information” as defined in the Protection of Personal Information Act, 4 of 2013 (“POPIA “).
Personal information includes any information about a person that can be used to identify a person directly or indirectly. This includes identifiers like a name, an identification number, address information, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
POPI also includes the personal information of juristic persons – we will protect the personal information of juristic persons and organisations in the same manner as any other individual’s personal information.

The Personal Information we collect

We collect, amongst others, the following personal information:

Personal details, such as your name, ID number, email address, telephone numbers, addresses, employment information, etc.
Invoicing information, such as relevant payment information and VAT registration number.
Financial information, where applicable.
Legally required information, which includes any additional information that the law requires from us to verify your identity.

How we collect Personal Information

We collect personal information from third parties that might have a legitimate interest in your personal information (for this purpose, your personal information is lawfully obtained from our client for the purpose of recovering an outstanding debt).
Directly from you when you engage with us, use our website, or any of our other services, or when we request it from you.
In some instances, we collect personal information from other third parties, such as credit bureaus. We will only collect personal information this way where such information is publicly available or for legitimate business purposes.

Use of your Personal Information

We may use your personal information for any legitimate business purposes relating to our services and/or business activities. Some of the purposes for which we use your personal information include:

responding to your queries posted on our website or emailed to us,
onboarding you as a client and verifying your identity (as required by law),
providing you with our services,
referring you to other service providers with your consent,
for purposes of protecting the legitimate interest of our other clients, such as when we collect on a debt owed to our clients based on your prior contractual relationship with our client,
improving our website and services by analysing certain information collected, including cookies and other related information,
sending you information (in the form of our newsletter) and inviting you to events; and/or
complying with our regulatory or other obligations.

Marketing Consent

When you become a client, we will ask for your explicit consent to be added to our mailing list. This mailing list is used to send you important updates about our business, services, legal developments, news, and event invitations.

You may choose to opt in via email, SMS, WhatsApp, or other accessible means. You can withdraw your consent and unsubscribe at any time using the link provided in each communication or by contacting us directly.

Please note that unsubscribing from marketing communications will not affect our ability to contact you for service-related matters or administrative purposes, such as billing or support.

Sharing of your Personal Information

We will only share your personal information for purposes of providing services to you or any other legitimate business purpose relating to our business activities, including but not limited to, the protection of our, our other clients’, or your rights, complaints, or enforcing any agreement between us.

Where required for our business operations, we may share your personal information with our service providers. We only share information with service providers after we enter into an agreement with the service provider to regulate the way in which the personal information will be secured.

We may also share your personal information with third-party service providers, agents, contractors, employees, law enforcement agencies, or business affiliates, as required by law. We will only share your personal information in these instances where it is necessary for us to do so and only to the extent that your personal information is needed for such third parties to perform their obligations.

Trans-border Transfer of your Personal Information

We may transfer your information across borders for our legitimate business purposes, such as for cloud storage or the provision of services to us, including email. All information transfers will comply with the applicable laws.

Security

We do not currently respond to ‘Do Not Track’ (DNT) signals. While some web browsers may offer a DNT setting, we do not alter our data collection and usage practices in response to such signals.

We will take all reasonable steps to ensure that your personal information is protected in accordance with the Protection of Personal Information Act, 2013 (“POPIA”) and recognised international best practices.

Secure Storage of Data

Your personal and sensitive information is stored in secure, encrypted environments within South Africa, with both electronic and physical safeguards in place. We use:

Industry-standard encryption protocols.
Network and system security controls – including firewalls, intrusion detection systems, VPNs, and endpoint protection.
Physical security measures – such as restricted office access, alarm systems, and secure filing storage.

Password and Authentication Security

We follow strict password and authentication practices to protect your credentials:

User passwords are never stored in plain text.
We utilise strong, one-way cryptographic passwords.
Sensitive authentication details are not logged.
Access to systems containing personal data is protected with multi-factor authentication.

Access Control

Access to your personal information is strictly controlled and follows the principle of least privilege:

Only authorised personnel who require access to perform their duties may access your information.
We implement role-based access controls and continuous access monitoring.
Regular audits ensure compliance with our internal data protection policies.

Data Retention and Deletion

We retain personal information in compliance with the Legal Practice Act 28 of 2014, the Rules of the Legal Practice Council (“LPC Rules”), and all other applicable South African legislation. The retention period depends on the nature of the information; however, in line with statutory requirements, all such records must be kept for a minimum of seven (7) years from the date of the last entry made in the relevant book, file, register, or document.

Once the retention period expires, paper records are deleted through shredding and digital data is securely de-identified.

We may keep personal information indefinitely in a de-identified format for statistical purposes. This privacy policy also applies when we retain your personal information.

Your Right to Object under POPIA

You may, on reasonable grounds, object to us using your personal information. However, if the processing is required by law or necessary to enforce a contractual obligation (such as debt recovery), your objection may not override our legal right to process the information. If you object, we will stop using your personal information, except if the law allows us to use it and in the protection of a legitimate interest.

When a Data Subject Cannot Object

A data subject cannot object to the processing of their personal information if legislation explicitly permits such processing. In the case of debt collection, this includes:

Legal Obligation: If the processing is required to comply with a legal obligation (e.g., enforcing a contract or recovering a debt), the objection may not be upheld.
Contractual Necessity: If the data subject entered into a contract and defaulted, and the creditor lawfully transferred the debt to a collection agency, processing is permitted.
Regulatory Compliance: If the processing is necessary to comply with financial regulations or credit bureau reporting standards.

Lodging of Complaints

If you believe we are using your personal information unlawfully, please contact us first at the following contact details:

info@lgr.co.za / elouw@lgr.co.za

012 817 4600

You may also lodge a complaint to the Information Regulator of South Africa with the following contact details:

Website: https://inforegulator.org.za/complaints/
Address: Woodmead North Office Park,54 Maxwell Dr, Woodmead, Johannesburg, 2191
Contact number: 010 023 5200
Email: POPIAComplaints@inforegulator.org.za

Quality and Access to your Personal Information

We endeavour to keep your personal information accurate and up to date. You may ask us to correct any personal information that you deem inaccurate by sending an email to info@lgr.co.za.

You have the right to request us to provide you with personal information that we hold about you. You can request this by sending an email to info@lgr.co.za

Security Breach

We will report any security breach to the Information Regulator and to the individuals or organisations involved. If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal information, kindly notify us by sending an email to info@lgr.co.za, after which we shall follow our Incident Management Policy.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.