Privacy Policy

How we collect, use, and protect your personal information

Last updated: January 15, 2025 5 min read

Table of Contents

1. Introduction

Kulungwana Accountants ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any capacity.

POPIA Compliance

This Privacy Policy is designed to comply with the Protection of Personal Information Act (POPIA) of South Africa and other applicable privacy laws. We are committed to processing your personal information lawfully, fairly, and transparently.

By using our services or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein.

2. Information We Collect

2.1 Personal Information We Collect

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, postal address
  • Business Information: Company name, job title, business address, industry
  • Financial Information: Banking details, tax information, financial statements (when providing services)
  • Identification Information: ID numbers, passport details, driver's license (as required for compliance)
  • Technical Information: IP address, browser type, device information, website usage data
  • Communication Records: Emails, phone calls, meeting notes, correspondence

2.2 How We Collect Information

We collect information through various means:

  • Directly from you when you contact us or use our services
  • Through our website and online forms
  • During meetings, consultations, and service delivery
  • From third parties (with your consent or as legally permitted)
  • Through automated technologies such as cookies and analytics tools

3. How We Use Your Information

We use your personal information for legitimate business purposes, including:

3.1 Service Delivery

  • Providing accounting, tax, audit, and advisory services
  • Preparing financial statements and reports
  • Compliance with regulatory requirements
  • Communication regarding our services

3.2 Business Operations

  • Client relationship management
  • Internal record keeping and administration
  • Quality assurance and professional development
  • Risk management and compliance monitoring

3.3 Legal and Regulatory Compliance

  • Compliance with SARS requirements and tax legislation
  • Anti-money laundering (AML) and know-your-customer (KYC) procedures
  • Professional regulatory requirements
  • Legal proceedings and dispute resolution

Lawful Basis for Processing

We process your personal information based on the following lawful grounds under POPIA:

  • Consent (where you have given explicit consent)
  • Contractual necessity (to perform our services)
  • Legal obligation (compliance with laws and regulations)
  • Legitimate interests (for business operations and service improvement)

4. Information Sharing

We may share your personal information in the following circumstances:

4.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

  • IT services and cloud computing
  • Document management and storage
  • Communication and marketing platforms
  • Professional services (legal, insurance)

4.2 Regulatory and Legal Requirements

  • SARS and other tax authorities
  • Regulatory bodies (SAICA, IRBA, JSE)
  • Law enforcement agencies (when legally required)
  • Courts and legal proceedings

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to appropriate confidentiality agreements.

Third-Party Safeguards

All third parties with whom we share your information are required to maintain appropriate security measures and use your information only for the specified purposes. We conduct due diligence on all service providers to ensure compliance with privacy requirements.

5. Data Security

We implement comprehensive security measures to protect your personal information:

5.1 Technical Safeguards

  • Encryption of data in transit and at rest
  • Secure cloud storage with access controls
  • Regular security assessments and updates
  • Firewall and intrusion detection systems
  • Multi-factor authentication for system access

5.2 Administrative Safeguards

  • Employee training on data protection and privacy
  • Access controls based on need-to-know principles
  • Regular privacy and security audits
  • Incident response and breach notification procedures

5.3 Physical Safeguards

  • Secure office premises with controlled access
  • Locked filing cabinets for physical documents
  • Clean desk policy and secure disposal procedures
  • CCTV monitoring and security systems

6. Your Rights

Under POPIA and other applicable laws, you have the following rights regarding your personal information:

6.1 Access Rights

  • Request access to your personal information we hold
  • Obtain copies of your personal information
  • Receive information about how we process your data

6.2 Correction Rights

  • Request correction of inaccurate personal information
  • Complete incomplete personal information
  • Update outdated information

6.3 Deletion Rights

  • Request deletion of personal information (subject to legal requirements)
  • Withdraw consent where processing is based on consent
  • Object to processing for direct marketing purposes

Exercising Your Rights

To exercise any of these rights, please contact our Information Officer using the details provided in the Contact section. We will respond to your request within 30 days as required by POPIA.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, subject to legal and regulatory requirements:

  • Client Records: 7 years after completion of services (as required by professional standards)
  • Tax Documents: 5 years from date of submission (SARS requirement)
  • Financial Records: 7 years (Companies Act requirement)
  • Communication Records: 3 years from last contact
  • Website Analytics: 26 months maximum

After the retention period expires, we securely dispose of or anonymize your personal information in accordance with our data disposal procedures.

8. Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience:

8.1 Types of Cookies

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Help us understand website usage
  • Preference Cookies: Remember your settings and preferences

8.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

9. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing notice during your next interaction with us

Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Information Officer:

Information Officer

Kulungwana Accountants
123 Brooklyn Road
Brooklyn, Pretoria, 0181
South Africa

Email: privacy@kulungwana.co.za
Phone: +27 12 123 4567
Fax: +27 12 123 4568

You also have the right to lodge a complaint with the Information Regulator of South Africa if you believe we have not complied with POPIA requirements.

Information Regulator:
Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za