+27 12 940 1947
Lytteltown Office Park, Building H, Shelanti Avenue, Die Hoewes
+27 10 597 7810
Unit 4, Waterfront Office Park, West Ave, Ferndale, Johannesburg, 2194
+27 10 447 3676
5 Neven Street, Modelpark, Emalahleni
+27 10 597 6652
37 Walter Sisulu Street, Middelburg, Mpumalanga
Cape Town
+27 10 449 9756
8 Kloof Street, Gardens, Cape Town
Pretoria East
+27 12 819 7901
379 Queen Crescent, Lynnwood, Pretoria, 0081



a) Cavanagh & Richards Attorneys (hereinafter referred to as “CRA, we, us, our") is sensitive to the personal nature of the information you make available to us.

b) CRA, respect your privacy and take the protection of Personal Information exceptionally serious. The purpose of this Privacy Policy is to describe the way that CRA collects, stores, uses, and protects data that can be associated with you or another specific natural or juristic person and can be used to identify you or that person (Personal Information).

c) The Protection of Personal Information Act 4 of 2013 (POPIA) describes Personal Information as information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
d) The person to whom Personal Information relates is referred to as the “data subject”.

e) By providing CRA with your Personal Information:
i. You agree to the terms of this Policy and permit CRA to process such information as set out herein; and
ii. You authorise CRA, its associates, our service providers and other third parties to process your Personal Information for the purposes stated in this Policy.

f) CRA will not use your Personal Information for any other reason than that set out in this Policy and CRA will make every attempt to protect your Personal Information that is in our possession from unauthorised disclosure, access alteration or loss.

g) This Policy applies to all external parties with whom CRA interacts, including but not limited to individual clients, representatives of client organisations, visitors to our offices, and other users of our legal and related services (hereinafter referred to as "you, your").


1.1. Where CRA needs to process your sensitive Personal Information, CRA will do so in the ordinary course of our business, for a legitimate purpose, and in accordance with POPIA.

1.2. We may process various types of Personal Information about you, as follows:

1.2.1. Identity information, which includes information concerning your name, username or similar identifier, marital status, title, occupation, interests, date of birth, gender, race and legal status, as well as copies of your identity documents, photographs, identity number, registration number and your qualifications;

1.2.2. Contact information, which includes your billing addresses, delivery addresses, e-mail addresses and telephone numbers;

1.2.3. Employer details, where you interact with CRA in your capacity as an employee of an organisation, the name, address, telephone number and email address of your employer, to the extent relevant;

1.2.4. Financial information, which includes bank account details, payment method, bank account number or credit card number, invoice records, payment records (payments made to or received from you and company information), SWIFT details, IBAN details, payment amount, payment date, details of funds which we invest and hold on your behalf for a matter, insurance information, financial statements, tax clearance certificates and VAT registration numbers;

1.2.5. Technical information, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or engage with us;

1.2.6. Usage information, which includes data relating to your visits to our website, your device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a website, and other technical communications information;

1.2.7. Location information, which includes geographical information from your access device (which is usually based on the GPS or IP location); and

1.2.8. Marketing and communications information, which includes your preferences in respect of receiving marketing information from CRA as well as our third parties, and your communication preferences.

1.3. CRA will not gather excessive information. CRA may collect more information than required for the intended purpose for future use with the necessary consent from the data subject.


2.1. We collect information either:
2.1.1. directly from the data subject;
2.1.2. throughout our relationship with you;
2.1.3. by providing legal services to you or your organisation;
2.1.4. when you make your Personal Information public;
2.1.5. by visiting or interacting with our website or our social media platforms;
2.1.6. when you interact with any third-party content or advertising on our website; or
2.1.7. when you visit our offices.

2.2. In addition to the above, CRA may create Personal Information about you such as records of your communications and interactions with us, including, but not limited to, your attendance at events or at interviews in the course of applying for a job with CRA, subscription to our newsletters and other mailings and interactions with you during the course of our digital marketing campaigns.

2.3. The source from which Personal Information was obtained, if not directly from the data subject, will be disclosed.

2.4. We do not knowingly collect Personal Information from children (under 18 years of age) without the permission of their parent or guardian. As a parent or guardian, please respect this.


3.1. The following information is compulsory Personal Information:

3.1.1. your name and surname;
3.1.2. your contact details, such as your email address and/or your telephone number.

3.2. Depending on the nature of your engagement or relationship with us, other types of Personal Information may be necessary, including:

3.2.1. financial (including bank account details, tax information);
3.2.2. names and registration numbers as contained in documents issued by the Companies and Intellectual Property Commission and the South African Revenue Service; and
3.2.3. information which may be necessary to ensure our compliance with the Financial Intelligence Centre Act, 38 of 2001.

3.3. All other Personal Information is optional. If you do not agree to share the above-mentioned compulsory Personal Information with CRA, then you will not be able to engage with us or make full use of our services and/or the features that are offered to website users, including services which are available on the website. If you do not agree to share your optional information with us, then you might not be able to engage with us fully or receive complete and accurate services from us.


4.1. CRA will process your Personal Information in the ordinary course of the business of providing legal and related services.

4.2. CRA will primarily use your Personal Information only for the purpose for which it was originally or primarily collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected.

4.3. We will use your Personal Information only for the purposes for which it was collected and agreed with you, such as:
4.3.1. to analyse, evaluate, review and collate information in order to determine legal issues and potential disputes;
4.3.2. to provide legal advice and services to you and to prepare or comment on opinions, memoranda, agreements, correspondence, reports, publications, documents relating to legal proceedings and other documents and records (whether in electronic or any other medium whatsoever);
4.3.3. in relation to matter-related documents and information, for legal research, referencing and drafting (i.e. documents are re-used for know-how purposes);
4.3.4. for confirm and verify your identity or to verify that you are an authorised user for security purposes;
4.3.5. for gather contact information;
4.3.6. for operating our business;
4.3.7. for audit and record keeping purposes;
4.3.8. for the detection and prevention of fraud, crime, money laundering or other malpractice;
4.3.9. to maintain and update our client, or potential client databases;
4.3.10. for safety and security purposes;
4.3.11. to offer you information and content which is more appropriately tailored for you as far as reasonably possible;
4.3.12. for statistical purposes;
4.3.13. to communicate with you and retain a record of our communications with you and your communications with us;
4.3.14. for internal management and management reporting purposes, including but not limited to: conducting internal audits, conducting internal investigations, implementing internal business controls, providing central processing facilities, for insurance purposes and for management reporting analysis;
4.3.15. for other activities and/or purposes which are lawful, reasonable and adequate, relevant and not excessive in relation to the provision of our services and/or the use of the website, our business activities or such other purpose for which it was collected.
4.4. Notwithstanding the aforesaid, we automatically receive and record internet usage information on our server logs from your browser, such as your internet protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information).


5.1. We will not deliberately disclose your Personal Information, whether for commercial gain or otherwise, other than with your permission, as permitted by applicable law or in the manner as set out in this Privacy Policy.

5.1.1. CRA may, where permitted or required to do so by applicable law, process your Personal Information without your knowledge or permission, if sufficient grounds of justification are present, and we will do so in accordance with the further provisions of this Privacy Policy.

5.2. CRA may disclose your Personal Information to our service providers who are involved in the delivery of services to you.

5.3. When CRA share your Personal Information with selected service providers who work on our behalf, we will ensure that appropriate protections of your Personal Information are in place with these third parties, in accordance with our obligations under the POPIA.

5.4. We may also disclose your Personal Information:
5.4.1. Where we have a duty or a right to disclose in terms of law or industry codes;
5.4.2. Where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
5.4.3. Where we believe it is necessary to protect our rights;
5.4.4. To enable us to enforce or apply our Terms and/or any Agreement you have with us;
5.4.5. To any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation);
5.4.6. To any relevant third-party provider, where our website uses third party advertising, plugins or content;
5.4.7. We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary for us to take appropriate action in relation to the matter;
5.4.8. It is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim;
5.4.9. With our employees, suppliers, consultants, contractors and agents if and to the extent that they require such Personal Information in order to process it for us and/or in the provision of services for or to us, which include know-how and research, pitching to other clients to obtain further instructions, reporting purposes (e.g. the South African Revenue Service), hosting, development and administration, technical support and other support services relating to the website or the operation of our business. We will authorise any Personal Information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality; non-disclosure and data protection provisions. The necessary legal action will be taken, their contracts terminated, or other appropriate action taken if such persons/companies fail to meet their obligations.
5.4.10. The information is used only for historical, statistical or research purposes and is not published in an identifiable form.

5.5. Unless we have your clear informed consent or the law clearly allows us in certain limited circumstances, we will not:
5.5.1. Sell or rent Personal Information;
5.5.2. Use your Personal Information for purposes that are different, unusual or unexpected in relation to the reason for collecting it in the first place; or
5.5.3. Share your Personal Information with third parties in circumstances other than the ones we have referred to above.


6.1. We may keep your Personal Information for as long as you continue to engage with us, access the website and content and/or use our products and/or services or for as long as reasonably necessary or until you contact us and ask us to destroy it.

6.2. Aside from clause 6.1 above and any other clause in this Privacy Policy, we may retain and process some or all of your Personal Information if and for as long as:

6.2.1. we are required or permitted by law, a code of conduct or a contract with you to do so;
6.2.2. we reasonably need it for lawful purposes related to the performance of our functions and activities;
6.2.3. we reasonably require it for evidentiary purposes; or
6.2.4. you agree to us retaining it for a specified further period.

6.3. To determine the appropriate retention period for Personal Information, we will consider, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. We will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.

6.4. We confirm that once the retention period has lapsed, we will destroy your Personal Information in such a manner to prevent any reproduction thereof.


7.1. CRA store your Personal Information on:

7.1.1. our premises, in the form of hard copies; or
7.1.2. the premises of third-party service providers such as document storage service providers; or
7.1.3. our servers; or
7.1.4. on the servers of our third-party service providers, such as IT systems or hosting service providers.

7.2. In the event of the scenarios contemplated in clauses 7.1.2 and 7.1.4, CRA will ensure that we have entered into written agreements with those third-party service providers governing our relationship with them that require them to secure the integrity and confidentiality of Personal Information in their possession by taking appropriate, reasonable technical and organisational measures.


8.1. You have the right to request a copy of the Personal Information CRA holds about you. To do this, simply contact us at the numbers/addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.

8.2. You also have certain rights to withdraw consent or object to us using your Personal Information under POPIA, but these rights are limited. For example, if the purpose for which your Personal Information was requested initially does not exist anymore you may request that the information may no longer be used. We can decline your request to delete the information from our records if other legislation requires us to retain the information.


9.1. The Personal Information provided to CRA should be accurate, complete and up-to-date.

9.2. Should Personal Information change, the onus is on the data subject to notify CRA of the change and provide CRA with the accurate data.


10.1. We may process your Personal Information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe for free at any time.

10.2. You may opt out of receiving direct marketing communication from us at any time by requesting us (in any manner, whether telephonically, electronically, in writing or in person) to stop providing any direct marketing communication to you. You may send your opt-out requests to annette@crlawchambers.co.za.


If this Privacy Policy or any provision in this Privacy Policy is regulated by or subject to the Consumer Protection Act, 68 of 2008, the POPIA or other laws, it is not intended that any provision of this Privacy Policy contravenes any provision of the Consumer Protection Act, POPIA or such other laws. Therefore, all provisions of this Privacy Policy must be treated as being qualified, to the extent necessary, to ensure that the provisions of the Consumer Protection Act, POPIA and such other laws are complied with.


12.1. Website usage information may be collected using “Cookies” which allows us to collect standard internet visitor usage information.

12.2. When you visit our website, we may place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law.

12.3. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We may process your Personal Information through Cookies and similar technologies, in accordance with our Cookie Policy.


13.1. We take reasonable technical and organisational measures to secure the integrity of your Personal Information and using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration and destruction.

13.2. We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.

13.3. We also create a back-up of your Personal Information for operational, business continuity and safety purposes and we have a back-up disaster recovery program.

13.4. Despite the above measures being taken when processing Personal Information, subject to the provisions of this clause 13, as far as the law allows, we will not be liable for any loss, claim and/or damage arising from any unauthorised access, disclosure, misuse, loss, alteration or destruction of your Personal Information.

13.5. We have implemented policies and procedures to address actual and suspected data breaches and undertakes to notify you and the relevant regulatory authorities of breaches in instances in which we are legally required to do so and within the period in which such notification is necessary.

13.6. In this clause, you acknowledge that you know, and you accept that technology is not absolutely secure and there is a risk that your Personal Information will not be secure when processed by means of technology. We do not promise that we can keep your Personal Information completely secure. To the maximum extent permitted by law, you will not be able to act against us if you suffer losses or damages in these circumstances.


14.1. CRA reserves the right to make amendments to this policy from time to time and will use reasonable efforts to notify data subjects of such amendments.

14.2. The current version of this policy will govern the respective rights and obligations between you and CRA each time that you access and use our website.


15.1. Our duly appointed Information Officer in terms of section 55 of the POPIA is Daniel-Ross Richards with the following contact details:
15.1.1. Email address: ross@crlawchambers.co.za
15.1.2. Contact number: (012) 940 1947


16.1. If a data subject is unsatisfied with the manner in which CRA addresses any complaint with regard to CRA’s processing of Personal Information, the data subject can contact the office of the relevant Regulator.

16.2. The complaint is to be submitted to the Information Regulator, whose contact details are:
Tel: 012 406 4818
Fax: 086 500 3351
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram